-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes Base64 encoding of generated AES keys #37
base: master
Are you sure you want to change the base?
Conversation
Prior to this change, if you selected the `:base64` format when calling `ExCrypto.generate_aes_key/2` you would get back a string that was encoded using `Base.url_encode64`. However, the url-encoding allows certain characters to be included that are not strictly base 64 characters (e.g. "-" and "_"), which prevents it from working properly when used in a context that requires strict base 64 encoding. Since the format is called `:base64` and not something like `:base64_url`, this is surprising behavior. (In particular, I was trying to send the value to [Vault](https://www.vaultproject.io) and was randomly getting back 400 errors that turned out to be happening when the generated key happened to contain the invalid characters.)
I saw a comment on a different PR that you (@ntrepid8) aren't sure why Travis builds aren't reporting here. Is that what the holdup on PRs is right now? If so, is there anything I can do to help get things unstuck? (GitHub did make some changes to how they integrate with various CI services a while back, which I suspect is the issue. We had the same thing happen to a bunch of repos that use CircleCI checks at work.) |
{:aes_192, :bytes} -> rand_bytes(24) | ||
{:aes_256, :base64} -> rand_bytes!(32) |> url_encode64 | ||
{:aes_256, :base64} -> rand_bytes!(32) |> encode64 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How would you feel about adding :url_base64
as a key_format
option so that both :url_base64
and :base64
are available?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems reasonable to me; I'll update to support that. 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Circling back; this is still on my todo list, but I've been swamped the past couple of weeks (especially with the schools closed and the family stuck in the house these days.) Will try to get to it this week.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, done. Sorry it took me so long to get around to it!
@jwilger I think I've got the Travis stuff figured out. It should be running the builds correctly again now. |
Prior to this change, if you selected the
:base64
format when callingExCrypto.generate_aes_key/2
you would get back a string that wasencoded using
Base.url_encode64
. However, the url-encoding allowscertain characters to be included that are not strictly base 64
characters (e.g. "-" and "_"), which prevents it from working properly
when used in a context that requires strict base 64 encoding. Since the
format is called
:base64
and not something like:base64_url
, this issurprising behavior.
(In particular, I was trying to send the value to
Vault and was randomly getting back 400
errors that turned out to be happening when the generated key happened
to contain the invalid characters.)