class Cryptor::SymmetricEncryption::Ciphers::MessageEncryptor
Cryptor
enforces the usage of independent keys for AES encryption and HMAC by mandating a 64-byte key (using 32-bytes for AES and 32-bytes for HMAC).
This scheme is probably safe to use, but less interoperable and more poorly designed than xsalsa20poly1305 from RbNaCl. It does, however, work using only ActiveSupport and the Ruby OpenSSL extension as dependencies, and should be available anywhere.
For the time being, this scheme is only supported for ActiveSupport 4.0+ although support for earlier versions of ActiveSupport should be possible.
Constants
- KEY_BYTES
- SERIALIZER
Public Instance Methods
decrypt(key, ciphertext)
click to toggle source
# File lib/cryptor/symmetric_encryption/ciphers/message_encryptor.rb, line 34 def decrypt(key, ciphertext) encryptor(key).decrypt_and_verify(ciphertext) rescue ActiveSupport::MessageVerifier::InvalidSignature => ex raise CorruptedMessageError, ex.to_s end
encrypt(key, plaintext)
click to toggle source
# File lib/cryptor/symmetric_encryption/ciphers/message_encryptor.rb, line 30 def encrypt(key, plaintext) encryptor(key).encrypt_and_sign(plaintext) end
Private Instance Methods
encryptor(key)
click to toggle source
# File lib/cryptor/symmetric_encryption/ciphers/message_encryptor.rb, line 42 def encryptor(key) fail ArgumentError, "wrong key size: #{key.bytesize}" unless key.bytesize == KEY_BYTES encryption_key, hmac_key = key[0, 32], key[32, 32] ActiveSupport::MessageEncryptor.new(encryption_key, hmac_key, serializer: SERIALIZER) end