Class: Devise::KeyGenerator

Inherits:

Object

• Object
• Devise::KeyGenerator

Defined in:

lib/devise/token_generator.rb

Overview

KeyGenerator is a simple wrapper around OpenSSL’s implementation of PBKDF2 It can be used to derive a number of keys for various purposes from a given secret. This lets Rails applications have a single secure secret, but avoid reusing that key in multiple incompatible contexts.

Instance Method Summary

• #generate_key(salt, key_size = 64) ⇒ Object

  Returns a derived key suitable for use.

• #initialize(secret, options = {}) ⇒ KeyGenerator constructor

  A new instance of KeyGenerator.

Constructor Details

#initialize(secret, options = {}) ⇒ KeyGenerator

Returns a new instance of KeyGenerator.

# File 'lib/devise/token_generator.rb', line 39

def initialize(secret, options = {})
  @secret = secret
  # The default iterations are higher than required for our key derivation uses
  # on the off chance someone uses this for password storage
  @iterations = options[:iterations] || 2**16
end

Instance Method Details

#generate_key(salt, key_size = 64) ⇒ Object

Returns a derived key suitable for use. The default key_size is chosen to be compatible with the default settings of ActiveSupport::MessageVerifier. i.e. OpenSSL::Digest::SHA1#block_length

# File 'lib/devise/token_generator.rb', line 49

def generate_key(salt, key_size=64)
  OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size)
end