ActiveSupport::KeyGenerator (original) (raw)

Key Generator

KeyGenerator is a simple wrapper around OpenSSL’s implementation of PBKDF2. It can be used to derive a number of keys for various purposes from a given secret. This lets Rails applications have a single secure secret, but avoid reusing that key in multiple incompatible contexts.

Methods

G

• generate_key

H

• hash_digest_class,
• hash_digest_class=

N

• new

Class Public methods

hash_digest_class()Link

Source: show | on GitHub

def hash_digest_class @hash_digest_class ||= OpenSSL::Digest::SHA1 end

hash_digest_class=(klass)Link

Source: show | on GitHub

def hash_digest_class=(klass) if klass.kind_of?(Class) && klass < OpenSSL::Digest @hash_digest_class = klass else raise ArgumentError, "#{klass} is expected to be an OpenSSL::Digest subclass" end end

new(secret, options = {})Link

Source: show | on GitHub

def initialize(secret, options = {}) @secret = secret

@iterations = options[:iterations] || 2**16

@hash_digest_class = options[:hash_digest_class] || self.class.hash_digest_class end

Instance Public methods

generate_key(salt, key_size = 64)Link

Returns a derived key suitable for use. The default key_size is chosen to be compatible with the default settings of ActiveSupport::MessageVerifier. i.e. OpenSSL::Digest::SHA1#block_length

Source: show | on GitHub

def generate_key(salt, key_size = 64) OpenSSL::PKCS5.pbkdf2_hmac(@secret, salt, @iterations, key_size, @hash_digest_class.new) end