Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Probably a WIP?
Since keys are truncated, ruby 2.4 doesn't accept keys greater than their lenghts.
Maybe we could:
DEFAULT_CIPHER = 'aes-256-cbc' def self.key_length(cipher = DEFAULT_CIPHER) OpenSSL::Cipher.new(cipher).key_length end
That way, we can leave the truncation up to the caller, but still encapsulate the knowledge of the target key length (and the default cipher). I don't anticipate us changing those, for pretty much the same reasons this is needing careful handling now: we'd break existing uses. But it still seems neater to avoid spreading locally-arbitrary integers around the place.
@vipulnsward sorry, I missed the most important piece of information
So then the cookie store (and the tests) can do:
secret = key_generator.generate_key(request.encrypted_cookie_salt || '')[0, ActiveSupport::MessageEncryptor.key_length] sign_secret = ... @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
Slightly verbose, but no mention of AES or 32.
(Still only a suggestion... just clarifying my previous meaning.)
Since keys are truncated, ruby 2.4 doesn't accept keys greater than their lenghts. keys of same value but different lenght and greater than key size of cipher, produce the same results as reproduced at https://gist.github.com/rhenium/b81355fe816dcfae459cc5eadfc4f6f9 Since our default cipher is 'aes-256-cbc', key length for which is 32 bytes, limit the length of key being passed to Encryptor to 32 bytes. This continues to support backwards compat with any existing signed data, already encrupted and signed with 32+ byte keys. Also fixes the passing of this value in multiple tests.