diff options
| author | Assain <assainjaleel20@gmail.com> | 2017-06-03 01:21:10 +0530 |
|---|---|---|
| committer | Assain <assainjaleel20@gmail.com> | 2017-06-12 00:29:16 +0530 |
| commit | 7440bf44baea53de950093ebf9ee4e8a3ed71066 (patch) | |
| tree | 18f3fd9748a64e06da43e59812e128b738785f5d /activesupport/lib/active_support/message_encryptor.rb | |
| parent | d1d39710cc4c525ab8f515eba70cb9ab4134fc64 (diff) | |
| download | rails-7440bf44baea53de950093ebf9ee4e8a3ed71066.tar.gz rails-7440bf44baea53de950093ebf9ee4e8a3ed71066.tar.bz2 rails-7440bf44baea53de950093ebf9ee4e8a3ed71066.zip | |
set message_encryptor default cipher to aes-256-gcm
- Introduce a method to select default cipher, and maintain backward compatibility
Diffstat (limited to 'activesupport/lib/active_support/message_encryptor.rb')
| -rw-r--r-- | activesupport/lib/active_support/message_encryptor.rb | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb index 726e1464ad..a24c557f1d 100644 --- a/activesupport/lib/active_support/message_encryptor.rb +++ b/activesupport/lib/active_support/message_encryptor.rb @@ -19,7 +19,17 @@ module ActiveSupport # encrypted_data = crypt.encrypt_and_sign('my secret data') # => "NlFBTTMwOUV5UlA1QlNEN2xkY2d6eThYWWh..." # crypt.decrypt_and_verify(encrypted_data) # => "my secret data" class MessageEncryptor - DEFAULT_CIPHER = "aes-256-cbc" + class << self + attr_accessor :use_authenticated_message_encryption #:nodoc: + + def default_cipher #:nodoc: + if use_authenticated_message_encryption + "aes-256-gcm" + else + "aes-256-cbc" + end + end + end module NullSerializer #:nodoc: def self.load(value) @@ -45,7 +55,7 @@ module ActiveSupport OpenSSLCipherError = OpenSSL::Cipher::CipherError # Initialize a new MessageEncryptor. +secret+ must be at least as long as - # the cipher key size. For the default 'aes-256-cbc' cipher, this is 256 + # the cipher key size. For the default 'aes-256-gcm' cipher, this is 256 # bits. If you are using a user-entered secret, you can generate a suitable # key by using <tt>ActiveSupport::KeyGenerator</tt> or a similar key # derivation function. @@ -66,7 +76,7 @@ module ActiveSupport sign_secret = signature_key_or_options.first @secret = secret @sign_secret = sign_secret - @cipher = options[:cipher] || DEFAULT_CIPHER + @cipher = options[:cipher] || self.class.default_cipher @digest = options[:digest] || "SHA1" unless aead_mode? @verifier = resolve_verifier @serializer = options[:serializer] || Marshal @@ -85,7 +95,7 @@ module ActiveSupport end # Given a cipher, returns the key length of the cipher to help generate the key of desired size - def self.key_len(cipher = DEFAULT_CIPHER) + def self.key_len(cipher = default_cipher) OpenSSL::Cipher.new(cipher).key_len end |