KeyGenerator
is a simple wrapper around OpenSSL's implementation of PBKDF2. It can be used to derive a number of keys for various purposes from a given secret. This lets Rails applications have a single secure secret, but avoid reusing that key in multiple incompatible contexts.
Methods
Class Public methods
hash_digest_class() Link
hash_digest_class=(klass) Link
new(secret, options = {}) Link
# File activesupport/lib/active_support/key_generator.rb, line 26 def initialize(secret, options = {}) @secret = secret # The default iterations are higher than required for our key derivation uses # on the off chance someone uses this for password storage @iterations = options[:iterations] || 2**16 # Also allow configuration here so people can use this to build a rotation # scheme when switching the digest class. @hash_digest_class = options[:hash_digest_class] || self.class.hash_digest_class end
Instance Public methods
generate_key(salt, key_size = 64) Link
Returns a derived key suitable for use. The default key_size is chosen to be compatible with the default settings of ActiveSupport::MessageVerifier
. i.e. OpenSSL::Digest::SHA1#block_length