Class: ActiveSupport::KeyGenerator
- Defined in:
- activesupport/lib/active_support/key_generator.rb
Overview
KeyGenerator is a simple wrapper around OpenSSL’s implementation of PBKDF2 It can be used to derive a number of keys for various purposes from a given secret. This lets Rails applications have a single secure secret, but avoid reusing that key in multiple incompatible contexts.
Instance Method Summary collapse
-
#generate_key(salt, key_size = 64) ⇒ Object
Returns a derived key suitable for use.
-
#initialize(secret, options = {}) ⇒ KeyGenerator
constructor
A new instance of KeyGenerator.
Constructor Details
#initialize(secret, options = {}) ⇒ KeyGenerator
Returns a new instance of KeyGenerator.
10 11 12 13 14 15 |
# File 'activesupport/lib/active_support/key_generator.rb', line 10 def initialize(secret, = {}) @secret = secret # The default iterations are higher than required for our key derivation uses # on the off chance someone uses this for password storage @iterations = [:iterations] || 2**16 end |
Instance Method Details
#generate_key(salt, key_size = 64) ⇒ Object
Returns a derived key suitable for use. The default key_size is chosen to be compatible with the default settings of ActiveSupport::MessageVerifier. i.e. OpenSSL::Digest::SHA1#block_length
20 21 22 |
# File 'activesupport/lib/active_support/key_generator.rb', line 20 def generate_key(salt, key_size=64) OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size) end |