class GrapeTokenAuth::KeyGenerator
KeyGenerator
is a simple wrapper around OpenSSL's implementation of PBKDF2 It can be used to derive a number of keys for various purposes from a given secret. This lets Rails applications have a single secure secret, but avoid reusing that key in multiple incompatible contexts.
Public Class Methods
new(secret, options = {})
click to toggle source
# File lib/grape_token_auth/key_generator.rb, line 13 def initialize(secret, options = {}) @secret = secret # The default iterations are higher than required for our key derivation # uses on the off chance someone uses this for password storage @iterations = options[:iterations] || 2**16 end
Public Instance Methods
generate_key(salt, key_size = 64)
click to toggle source
Returns a derived key suitable for use. The default key_size is chosen to be compatible with the default settings OpenSSL::Digest::SHA1#block_length
# File lib/grape_token_auth/key_generator.rb, line 23 def generate_key(salt, key_size = 64) OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size) end