class Cryptor::SymmetricEncryption::Ciphers::MessageEncryptor

Cryptor enforces the usage of independent keys for AES encryption and HMAC by mandating a 64-byte key (using 32-bytes for AES and 32-bytes for HMAC).

This scheme is probably safe to use, but less interoperable and more poorly designed than xsalsa20poly1305 from RbNaCl. It does, however, work using only ActiveSupport and the Ruby OpenSSL extension as dependencies, and should be available anywhere.

For the time being, this scheme is only supported for ActiveSupport 4.0+ although support for earlier versions of ActiveSupport should be possible.

Constants

KEY_BYTES
SERIALIZER

Public Instance Methods

decrypt(key, ciphertext) click to toggle source
# File lib/cryptor/symmetric_encryption/ciphers/message_encryptor.rb, line 34
def decrypt(key, ciphertext)
  encryptor(key).decrypt_and_verify(ciphertext)
rescue ActiveSupport::MessageVerifier::InvalidSignature => ex
  raise CorruptedMessageError, ex.to_s
end
encrypt(key, plaintext) click to toggle source
# File lib/cryptor/symmetric_encryption/ciphers/message_encryptor.rb, line 30
def encrypt(key, plaintext)
  encryptor(key).encrypt_and_sign(plaintext)
end

Private Instance Methods

encryptor(key) click to toggle source
# File lib/cryptor/symmetric_encryption/ciphers/message_encryptor.rb, line 42
def encryptor(key)
  fail ArgumentError, "wrong key size: #{key.bytesize}" unless key.bytesize == KEY_BYTES
  encryption_key, hmac_key = key[0, 32], key[32, 32]
  ActiveSupport::MessageEncryptor.new(encryption_key, hmac_key, serializer: SERIALIZER)
end