Class: EncryptedStrings::ShaCipher

Inherits:
Cipher
  • Object
show all
Defined in:
lib/encrypted_strings/sha_cipher.rb

Overview

Encrypts a string using a Secure Hash Algorithm (SHA), specifically SHA-1.

Encrypting

To encrypt a string using an SHA cipher, the salt used to seed the algorithm must be specified. You can define the default for this value like so:

EncryptedStrings::ShaCipher.default_algorithm = 'sha512'
EncryptedStrings::ShaCipher.default_salt = 'secret'

If these configuration options are not passed in to #encrypt, then the default values will be used. You can override the default values like so:

password = 'shhhh'
password.encrypt(:sha, :salt => 'secret')  # => "ae645b35bb5dfea6c9133ac872e6adfa92a3c2bd"

Customizations

In addition to customizing the algorithm, you can further tweak how values get encrypted by defining dynamic salts and how to build the value that actually gets hashed.

For example:

password = 'shhhh'
password.encrypt(:sha,
  :salt => lambda {Time.now.to_s},
  :builder => lambda {|data, salt| "#{data}|#{salt}"}
)

The above example will generate a salt based on the current time and then use a custom builder for determining how the salt and data get concatenated to determine the value that gets hashed. This is particularly useful for providing compatibility with legacy systems.

Decrypting

SHA-encrypted strings cannot be decrypted. The only way to determine whether an unencrypted value is equal to an SHA-encrypted string is to encrypt the value with the same salt. For example,

password = 'shhhh'.encrypt(:sha, :salt => 'secret') # => "3b22cbe4acde873c3efc82681096f3ae69aff828"
input = 'shhhh'.encrypt(:sha, :salt => 'secret')    # => "3b22cbe4acde873c3efc82681096f3ae69aff828"
password == input                                   # => true

Class Attribute Summary collapse

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Cipher

#decrypt

Constructor Details

#initialize(options = {}) ⇒ ShaCipher

Creates a new cipher that uses an SHA encryption strategy.

Configuration options:

  • :algorithm - The hashing algorithm to use for generating the encrypted string

  • :salt - Specifies a method, proc or string to call to determine the random bytes used as one of the inputs for generating the encrypted string

  • :builder - Specifies a method or proc to call to determine the actual value that gets hashed. This takes two arguments: the data and the salt for the encryption.

Raises:

  • (ArgumentError)

87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# File 'lib/encrypted_strings/sha_cipher.rb', line 87

def initialize(options = {})
  invalid_options = options.keys - [:algorithm, :salt, :builder]
  raise ArgumentError, "Unknown key(s): #{invalid_options.join(", ")}" unless invalid_options.empty?
  
  options = {
    :algorithm => ShaCipher.default_algorithm,
    :salt => ShaCipher.default_salt,
    :builder => ShaCipher.default_builder
  }.merge(options)
  
  self.algorithm = options[:algorithm].upcase
  self.salt = salt_value(options[:salt])
  self.builder = options[:builder]
  
  super()
end

Class Attribute Details

.default_algorithmObject

The default algorithm to use for encryption. Default is SHA1.


52
53
54
# File 'lib/encrypted_strings/sha_cipher.rb', line 52

def default_algorithm
  @default_algorithm
end

.default_builderObject

The default algorithm to use for building the value that gets hashed. Default is lambda {|data, salt| “#{data}##salt”}.


59
60
61
# File 'lib/encrypted_strings/sha_cipher.rb', line 59

def default_builder
  @default_builder
end

.default_saltObject

The default salt value to use during encryption


55
56
57
# File 'lib/encrypted_strings/sha_cipher.rb', line 55

def default_salt
  @default_salt
end

Instance Attribute Details

#algorithmObject

The algorithm to use for encryption/decryption


68
69
70
# File 'lib/encrypted_strings/sha_cipher.rb', line 68

def algorithm
  @algorithm
end

#builderObject

The function to use to build the value that gets hashed


74
75
76
# File 'lib/encrypted_strings/sha_cipher.rb', line 74

def builder
  @builder
end

#saltObject

The salt value to use for encryption


71
72
73
# File 'lib/encrypted_strings/sha_cipher.rb', line 71

def salt
  @salt
end

Instance Method Details

#can_decrypt?Boolean

Decryption is not supported

Returns:

  • (Boolean)

105
106
107
# File 'lib/encrypted_strings/sha_cipher.rb', line 105

def can_decrypt?
  false
end

#encrypt(data) ⇒ Object

Returns the encrypted value of the data


110
111
112
# File 'lib/encrypted_strings/sha_cipher.rb', line 110

def encrypt(data)
  Digest::const_get(algorithm.upcase).hexdigest(build(data, salt))
end