Class: Sorcery::CryptoProviders::AES256

Inherits:
Object
  • Object
show all
Defined in:
lib/sorcery/crypto_providers/aes256.rb

Overview

This encryption method is reversible if you have the supplied key. So in order to use this encryption method you must supply it with a key first. In an initializer, or before your application initializes, you should do the following:

Sorcery::Model::ConfigAES256.key = "my 32 bytes long key"

My final comment is that this is a strong encryption method, but its main weakness is that its reversible. If you do not need to reverse the hash then you should consider Sha512 or BCrypt instead.

Keep your key in a safe place, some even say the key should be stored on a separate server. This won’t hurt performance because the only time it will try and access the key on the separate server is during initialization, which only happens once. The reasoning behind this is if someone does compromise your server they won’t have the key also. Basically, you don’t want to store the key with the lock.

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.key=(value) ⇒ Object (writeonly)

Sets the attribute key

Parameters:

  • value

    the value to set the attribute key to.



22
23
24
# File 'lib/sorcery/crypto_providers/aes256.rb', line 22

def key=(value)
  @key = value
end

Class Method Details

.decrypt(crypted) ⇒ Object



36
37
38
39
40
# File 'lib/sorcery/crypto_providers/aes256.rb', line 36

def decrypt(crypted)
  aes.decrypt
  aes.key = @key
  (aes.update(crypted.unpack('m').first) + aes.final)
end

.encrypt(*tokens) ⇒ Object



24
25
26
27
28
# File 'lib/sorcery/crypto_providers/aes256.rb', line 24

def encrypt(*tokens)
  aes.encrypt
  aes.key = @key
  [aes.update(tokens.join) + aes.final].pack('m').chomp
end

.matches?(crypted, *tokens) ⇒ Boolean

Returns:

  • (Boolean)


30
31
32
33
34
# File 'lib/sorcery/crypto_providers/aes256.rb', line 30

def matches?(crypted, *tokens)
  decrypt(crypted) == tokens.join
rescue OpenSSL::Cipher::CipherError
  false
end