Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix key validation bug #7

Closed
wants to merge 3 commits into from
Closed

Fix key validation bug #7

wants to merge 3 commits into from

Conversation

drewblas
Copy link

@drewblas drewblas commented Jan 12, 2017
edited
Loading

Fixes #5

  • No longer accept keys that are not in hex string format
  • No longer accept keys that are not of the correct length (64 characters hex == 256 bits raw binary)
  • Generate keys of the correct length
  • Generated keys use only secure random from OpenSSL::Random. If OpenSSL::Random is not defined, AES will no longer work (whereas it used to use an insecure key generating method)

@drewblas
Extract IV generation into
f03da7c 
This is done for two reasons:

1. There's no reason for it to be an instance method, since it does not
use the key

2. This gets us around the "hack" of creating a new AES instance with an
empty key, which breaks our validation of the key
@drewblas
Generate proper random keys
949333c 
* They are of the correct length (64 hex chars)
* They use only a secure source
* They pack and unpack correctly
* Converted the instance method to re-use the class method since key 
generation doesn't rely on any encryption state

The :base_64 format output of the random keys is very strange, because
you are base64 encoding the hex string, when the normal expectation is
you would base64 encode the raw binary. But I have left it as-is
for backwards compatibility.
@drewblas
Only allow valid keys to be used
800a327 
They must be in the proper format and length: 64 character hex string
Raising an Argument Error

Also updated all examples with using a proper key

Finally, added a CHANGELOG with the breaking changes
@drewblas
Copy link
Author

I'm giving up and closing this

@drewblas drewblas closed this Apr 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Different keys can be used to decrypt the same message
1 participant
@drewblas