New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New app: "key must be 32 bits". #25185

Closed
elieteyssedou opened this Issue May 28, 2016 · 29 comments

Comments

Projects
None yet
@elieteyssedou

elieteyssedou commented May 28, 2016

Steps to reproduce

Run rails s. No more... (new app)

Expected behavior

It should display my index.

Actual behavior

It fails.

Here is what is going wrong:
capture d ecran 2016-05-28 a 21 18 13

Can you help me? Don't understand at all.

System configuration

Rails version: 5.0.0.rc1

Ruby version: 2.4.0dev

@maclover7

This comment has been minimized.

Member

maclover7 commented May 28, 2016

Hmm, after some digging in some C code (💀), looks like there is a new breaking change in OpenSSL, which rejects certain values for key=, which is the bug you are running into. :(

Looking into fixes.

@Fudoshiki

This comment has been minimized.

Contributor

Fudoshiki commented Jun 21, 2016

Same issue (Rails 5.1.0.alpha1, ruby-2.4.preview1)

@bisonhubert

This comment has been minimized.

bisonhubert commented Jun 23, 2016

I was having this issue yesterday. Very frustrating. Today I tried using bundle install without the exclusion of the production environment, and the error message is no longer coming up when I view localhost:3000/users.

@jeremy

This comment has been minimized.

Member

jeremy commented Jun 27, 2016

Fixed by #25192

@jeremy jeremy closed this Jun 27, 2016

vipulnsward added a commit to vipulnsward/rails that referenced this issue Jun 28, 2016

We default to using aes-256-cbc as our verification/signing cipher. I…
…t can accept key lengths of 128, 192 or 256-bit, whereas currently we were providing twice the acceptable value.

ruby < 2.4 allowed accepting these values, as extra key bits were ignored. Since ruby/ruby@ce63526 this now has a strict checking on key length.

Default to key length 32 bytes, to match the compatible length for  aes-256-cbc

Fixes rails#25185
@elieteyssedou

This comment has been minimized.

elieteyssedou commented Jun 28, 2016

Thank you ! 👍

@slhck

This comment has been minimized.

slhck commented Jul 25, 2016

I'm still seeing this issue – freshly installed Ruby 2.4.0-dev and Rails 5.0.0.

Any idea what the problem could be?

koic added a commit to koic/rails that referenced this issue Aug 18, 2016

We default to using aes-256-cbc as our verification/signing cipher. I…
…t can accept key lengths of 128, 192 or 256-bit, whereas currently we were providing twice the acceptable value.

ruby < 2.4 allowed accepting these values, as extra key bits were ignored. Since ruby/ruby@ce63526 this now has a strict checking on key length.

Default to key length 32 bytes, to match the compatible length for  aes-256-cbc

Fixes rails#25185
@schneems

This comment has been minimized.

Member

schneems commented Sep 6, 2016

Temporary solution is to use Ruby 2.3.1. We'll need that patch to be backported to Rails 5 though before Christmas cc/ @vipulnsward

@vipulnsward

This comment has been minimized.

Member

vipulnsward commented Sep 7, 2016

It has been fixed by #25758 and backported in 15a972e

@schneems

This comment has been minimized.

Member

schneems commented Sep 7, 2016

❤️ ❤️ ❤️

@jonlumb

This comment has been minimized.

jonlumb commented Oct 3, 2016

Still experiencing this issue running Ruby 2.4.0preview2 and Rails 5.0.0.1

The "Welcome to Rails" index screen works, but problems occur as soon as I attempt to access a scaffold that I've generated.

@Marthyn

This comment has been minimized.

Marthyn commented Oct 20, 2016

Fixed it with using the master branch. But Ruby 2.4.0preview2 and Rails 5.0.0.1 definitely does not work.

@guilleiguaran

This comment has been minimized.

Member

guilleiguaran commented Oct 20, 2016

@Marthyn what about branch 5-0-stable?

ojiry added a commit to ojiry/rails that referenced this issue Nov 9, 2016

We default to using aes-256-cbc as our verification/signing cipher. I…
…t can accept key lengths of 128, 192 or 256-bit, whereas currently we were providing twice the acceptable value.

ruby < 2.4 allowed accepting these values, as extra key bits were ignored. Since ruby/ruby@ce63526 this now has a strict checking on key length.

Default to key length 32 bytes, to match the compatible length for  aes-256-cbc

Fixes rails#25185
@rafaelfranca

This comment has been minimized.

Member

rafaelfranca commented Jan 17, 2017

By your stacktrace it is 5.0.0.1

@jbae995

This comment has been minimized.

jbae995 commented Jan 18, 2017

Hey Rafael,
in the screenshots attached, at my desktop it says i am running 5.0.1, then on my unisports directory (which is the app im trying to run on the rails server) it shows 5.0.0.1. I have also tried upgrading to 5.0.1 in the unisports directory (but as shown in the screenshot, it says "success", but then when i check rails -v again, it says i have 5.0.0.1 running....

Sorry about the constant questions and Thanks for the help!

screen shot 2017-01-18 at 1 18 39 pm

screen shot 2017-01-18 at 1 16 36 pm

@cpapidas

This comment has been minimized.

cpapidas commented Feb 1, 2017

The problem is about the ruby 2.4.0, just for now if you want a quick solution use ruby 2.3.1

@kshyam

This comment has been minimized.

kshyam commented Feb 15, 2017

I have got the same issue, while updating my ruby version and rails version.
@cpapidas : Thanks for your suggestion, I thought the same and changed my ruby version form 2.4.0 to 2.3.1 and it worked fine.

iwz added a commit to iwz/rails that referenced this issue Feb 15, 2017

Fix default key length on cipher
We default to using aes-256-cbc as our verification/signing cipher.
It can accept key lengths of 128, 192 or 256-bit, whereas currently we
were providing twice the acceptable value.

ruby < 2.4 allowed accepting these values, as extra key bits were
ignored. Since ruby/ruby@ce63526 this now has a strict checking on key
length.

Default to key length 32 bytes, to match the compatible length for
aes-256-cbc

Backport to Rails 4.2.8 of fix for rails#25185

Credit to @vipulnsward

See: rails#25192

iwz added a commit to iwz/rails that referenced this issue Feb 15, 2017

Fix default key length on cipher
We default to using aes-256-cbc as our verification/signing cipher.
It can accept key lengths of 128, 192 or 256-bit, whereas currently we
were providing twice the acceptable value.

ruby < 2.4 allowed accepting these values, as extra key bits were
ignored. Since ruby/ruby@ce63526 this now has a strict checking on key
length.

Default to key length 32 bytes, to match the compatible length for
aes-256-cbc

Backport to Rails 4.2.8 of fix for rails#25185

Credit to @vipulnsward, @matthewd

See: rails#25192
See: rails#25602
@matheussilvasantos

This comment has been minimized.

matheussilvasantos commented Feb 27, 2017

I was using ruby 2.4.0p0 (2016-12-24 revision 57164) [x86_64-linux] with rails 5.0.0.1. I update rails to 5.0.1 and it is fine now.

@benoittgt

This comment has been minimized.

Contributor

benoittgt commented Mar 7, 2017

 🚴  » rails -v
Rails 4.2.8
 🚴  » ruby -v
ruby 2.4.0p0 (2016-12-24 revision 57164) [x86_64-darwin14]

Lot's of fails during tests :

      ArgumentError:
        key must be 32 bytes
      # /Users/bti/.rvm/gems/ruby-2.4.0/gems/activesupport-4.2.8/lib/active_support/message_encryptor.rb:79:in `key='
      # /Users/bti/.rvm/gems/ruby-2.4.0/gems/activesupport-4.2.8/lib/active_support/message_encryptor.rb:79:in `_encrypt'
      # /Users/bti/.rvm/gems/ruby-2.4.0/gems/activesupport-4.2.8/lib/active_support/message_encryptor.rb:60:in `encrypt_and_sign'
@benoittgt

This comment has been minimized.

Contributor

benoittgt commented Mar 7, 2017

Error is correct. We have a key size at 128. Sorry

@AlexCppns

This comment has been minimized.

AlexCppns commented Mar 22, 2017

The whole thread assumes a ruby version of 2.4.0 but we are having the problem with ruby 2.3.3 and rails 4.2.3. We truncated the key...

@benoittgt

This comment has been minimized.

Contributor

benoittgt commented Mar 22, 2017

@AlexCppns Maybe you should check #28401

@AlexCppns

This comment has been minimized.

AlexCppns commented Mar 22, 2017

@benoittgt I couldn't relate to your link, however we upgraded to ruby 2.4.0/rails 4.2.8 and with the truncation trick, our app seems to be running again... touching wood.

@codeinaire

This comment has been minimized.

codeinaire commented Apr 14, 2017

I'm not sure if this will help anyone. I was having the same error and I ran $ bundle update to update my gem files and it also updated to the latest version of rails. This fixed the problem.

@wisetara

This comment has been minimized.

wisetara commented Aug 11, 2017

One of my gems was using the encryptor gem as a dependency, and if it went above 1.3.0, this happened. Added encryptor to my Gemfile, locked it at 1.3.0, and all is good again.

Ruby 2.3.4/Rails 5.0.1 (and Rails 4.2)

rbf added a commit to basimilch/basimilch-app that referenced this issue Aug 18, 2017

seanpdoyle added a commit to thoughtbot/ember-cli-rails that referenced this issue Mar 30, 2018

seanpdoyle added a commit to thoughtbot/ember-cli-rails that referenced this issue Mar 30, 2018

AdrianCann added a commit to sophomoric/secret that referenced this issue Jul 1, 2018

Update rails to fix key error
rails/rails#25185
maclover7:
```
Hmm, after some digging in some C code (💀), looks like there is a new breaking change in OpenSSL, which rejects certain values for key=, which is the bug you are running into. :(
```

AdrianCann added a commit to sophomoric/secret that referenced this issue Jul 1, 2018

Update rails to fix key error
rails/rails#25185
maclover7:
```
Hmm, after some digging in some C code (💀), looks like there is a new breaking change in OpenSSL, which rejects certain values for key=, which is the bug you are running into. :(
```

AdrianCann added a commit to sophomoric/secret that referenced this issue Jul 1, 2018

Update rails to fix key error
rails/rails#25185
maclover7:
```
Hmm, after some digging in some C code (💀), looks like there is a new breaking change in OpenSSL, which rejects certain values for key=, which is the bug you are running into. :(
```
@rikbw

This comment has been minimized.

rikbw commented Jul 17, 2018

I still have the same issue when upgrading from ruby version 2.2.8 to 2.5.1. My rails version is 5.1.5. I have a key that has a size of 40 bytes. Is this considered an issue with rails and will this be patched in future versions or not?

@iarobinson

This comment has been minimized.

iarobinson commented Sep 20, 2018

I was experiencing this issue earlier my solution is described beneath the heading element at the bottom of this comment.

screen shot 2018-09-20 at 7 53 50 am

Rails and Ruby version:

$ ruby -v 
ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-darwin17]
$ rails -v
Rails 5.0.7

Stack trace:

activesupport (5.0.0) lib/active_support/message_encryptor.rb:72:in `key='
activesupport (5.0.0) lib/active_support/message_encryptor.rb:72:in `_encrypt'
activesupport (5.0.0) lib/active_support/message_encryptor.rb:58:in `encrypt_and_sign'
actionpack (5.0.0) lib/action_dispatch/middleware/cookies.rb:592:in `commit'
actionpack (5.0.0) lib/action_dispatch/middleware/cookies.rb:465:in `[]='
actionpack (5.0.0) lib/action_dispatch/middleware/session/cookie_store.rb:117:in `set_cookie'
rack (2.0.1) lib/rack/session/abstract/id.rb:353:in `commit_session'
rack (2.0.1) lib/rack/session/abstract/id.rb:224:in `context'
rack (2.0.1) lib/rack/session/abstract/id.rb:216:in `call'
actionpack (5.0.0) lib/action_dispatch/middleware/cookies.rb:613:in `call'
activerecord (5.0.0) lib/active_record/migration.rb:552:in `call'
actionpack (5.0.0) lib/action_dispatch/middleware/callbacks.rb:38:in `block in call'
activesupport (5.0.0) lib/active_support/callbacks.rb:97:in `__run_callbacks__'
activesupport (5.0.0) lib/active_support/callbacks.rb:750:in `_run_call_callbacks'
activesupport (5.0.0) lib/active_support/callbacks.rb:90:in `run_callbacks'
actionpack (5.0.0) lib/action_dispatch/middleware/callbacks.rb:36:in `call'
actionpack (5.0.0) lib/action_dispatch/middleware/executor.rb:12:in `call'
actionpack (5.0.0) lib/action_dispatch/middleware/remote_ip.rb:79:in `call'
actionpack (5.0.0) lib/action_dispatch/middleware/debug_exceptions.rb:49:in `call'
actionpack (5.0.0) lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
railties (5.0.0) lib/rails/rack/logger.rb:36:in `call_app'
railties (5.0.0) lib/rails/rack/logger.rb:24:in `block in call'
activesupport (5.0.0) lib/active_support/tagged_logging.rb:70:in `block in tagged'
activesupport (5.0.0) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (5.0.0) lib/active_support/tagged_logging.rb:70:in `tagged'
railties (5.0.0) lib/rails/rack/logger.rb:24:in `call'
sprockets-rails (3.1.1) lib/sprockets/rails/quiet_assets.rb:13:in `call'
actionpack (5.0.0) lib/action_dispatch/middleware/request_id.rb:24:in `call'
rack (2.0.1) lib/rack/method_override.rb:22:in `call'
rack (2.0.1) lib/rack/runtime.rb:22:in `call'
activesupport (5.0.0) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
actionpack (5.0.0) lib/action_dispatch/middleware/executor.rb:12:in `call'
actionpack (5.0.0) lib/action_dispatch/middleware/static.rb:136:in `call'
rack (2.0.1) lib/rack/sendfile.rb:111:in `call'
railties (5.0.0) lib/rails/engine.rb:522:in `call'
puma (3.6.0) lib/puma/configuration.rb:225:in `call'
puma (3.6.0) lib/puma/server.rb:578:in `handle_request'
puma (3.6.0) lib/puma/server.rb:415:in `process_client'
puma (3.6.0) lib/puma/server.rb:275:in `block in run'
puma (3.6.0) lib/puma/thread_pool.rb:116:in `block in spawn_thread'

Running bundle update was the key. I upgraded Ruby from 2.0 to 2.5.1 yesterday so that may have played a role. Here's the terminal readout of the successful update which solved the problem:

screen shot 2018-09-20 at 8 04 50 am

How I Got it Running Locally

I ran bundle install then I followed up with bundle update.

Then I reset the server (CMD+C then rails s)

After updating bundle, I forgot to restart the server and spent a few minutes researching the error needlessly. So.... restarting the server is important. 🥇

My motivation for putting this solution here is that I found this thread while seeking a solution to the error. The above conversation is helpful for understanding how problems in Rails are diagnosed. There was no specific solution for a young Rails developer like myself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment