Fixes Base64 encoding of generated AES keys #37
Conversation
Prior to this change, if you selected the `:base64` format when calling `ExCrypto.generate_aes_key/2` you would get back a string that was encoded using `Base.url_encode64`. However, the url-encoding allows certain characters to be included that are not strictly base 64 characters (e.g. "-" and "_"), which prevents it from working properly when used in a context that requires strict base 64 encoding. Since the format is called `:base64` and not something like `:base64_url`, this is surprising behavior. (In particular, I was trying to send the value to [Vault](https://www.vaultproject.io) and was randomly getting back 400 errors that turned out to be happening when the generated key happened to contain the invalid characters.)
|
I saw a comment on a different PR that you (@ntrepid8) aren't sure why Travis builds aren't reporting here. Is that what the holdup on PRs is right now? If so, is there anything I can do to help get things unstuck? (GitHub did make some changes to how they integrate with various CI services a while back, which I suspect is the issue. We had the same thing happen to a bunch of repos that use CircleCI checks at work.) |
| {:aes_192, :bytes} -> rand_bytes(24) | ||
| {:aes_256, :base64} -> rand_bytes!(32) |> url_encode64 | ||
| {:aes_256, :base64} -> rand_bytes!(32) |> encode64 |
There was a problem hiding this comment.
How would you feel about adding :url_base64 as a key_format option so that both :url_base64 and :base64 are available?
There was a problem hiding this comment.
Seems reasonable to me; I'll update to support that. 👍
There was a problem hiding this comment.
Circling back; this is still on my todo list, but I've been swamped the past couple of weeks (especially with the schools closed and the family stuck in the house these days.) Will try to get to it this week.
There was a problem hiding this comment.
OK, done. Sorry it took me so long to get around to it!
|
@jwilger I think I've got the Travis stuff figured out. It should be running the builds correctly again now. |
Prior to this change, if you selected the
:base64format when callingExCrypto.generate_aes_key/2you would get back a string that wasencoded using
Base.url_encode64. However, the url-encoding allowscertain characters to be included that are not strictly base 64
characters (e.g. "-" and "_"), which prevents it from working properly
when used in a context that requires strict base 64 encoding. Since the
format is called
:base64and not something like:base64_url, this issurprising behavior.
(In particular, I was trying to send the value to
Vault and was randomly getting back 400
errors that turned out to be happening when the generated key happened
to contain the invalid characters.)