we're doing AES-256, not AES-128

ptarjan · Oct 20, 2010 · e6a7053 · e6a7053
1 parent 676963f
commit e6a7053
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/generate.php b/generate.php
@@ -23,7 +23,7 @@ function generate_signed_request($data, $secret, $encrypt=false) {
   }
 
   // always present, and always at the top level
-  $data['algorithm'] = $encrypt ? 'AES-128-CBC/SHA256' : 'HMAC-SHA256';
+  $data['algorithm'] = $encrypt ? 'AES-256-CBC/SHA256' : 'HMAC-SHA256';
   $data['issued_at'] = time();
 
   // sign it

diff --git a/sample.php b/sample.php
@@ -10,7 +10,7 @@ function parse_signed_request($input, $secret, $max_age=3600) {
   $envelope = json_decode(base64_url_decode($payload), true);
   $algorithm = $envelope['algorithm'];
 
-  if ($algorithm != 'AES-128-CBC/SHA256' && $algorithm != 'HMAC-SHA256') {
+  if ($algorithm != 'AES-256-CBC/SHA256' && $algorithm != 'HMAC-SHA256') {
     throw new Exception('Invalid request. (Unsupported algorithm.)');
   }
 

diff --git a/sample.py b/sample.py
@@ -19,7 +19,7 @@ def parse_signed_request(input, secret, max_age=3600):
     envelope = json.loads(base64_url_decode(payload))
     algorithm = envelope['algorithm']
 
-    if algorithm != 'AES-128-CBC/SHA256' and algorithm != 'HMAC-SHA256':
+    if algorithm != 'AES-256-CBC/SHA256' and algorithm != 'HMAC-SHA256':
         raise Exception('Invalid request. (Unsupported algorithm.)')
 
     if envelope['issued_at'] < time.time() - max_age:

diff --git a/sample.rb b/sample.rb
@@ -16,7 +16,7 @@ def parse_signed_request(input, secret, max_age=3600)
   algorithm = envelope['algorithm']
 
   raise 'Invalid request. (Unsupported algorithm.)' \
-    if algorithm != 'AES-128-CBC/SHA256' and algorithm != 'HMAC-SHA256'
+    if algorithm != 'AES-256-CBC/SHA256' and algorithm != 'HMAC-SHA256'
 
   raise 'Invalid request. (Too old.)' \
     if envelope['issued_at'] < Time.now.to_i - max_age