跳至内容 跳至搜索

密钥生成器

KeyGenerator 是 OpenSSL 的 PBKDF2 实现的简单包装器。它可以用于从给定密钥中推导出多个密钥以用于各种目的。这使得 Rails 应用程序可以拥有一个安全的秘密,但避免在多个不兼容的上下文中重复使用该密钥。

方法
G
H
N

类公共方法

hash_digest_class()

来源: 显示 | 在 GitHub 上

# File activesupport/lib/active_support/key_generator.rb, line 23
def hash_digest_class
  @hash_digest_class ||= OpenSSL::Digest::SHA1
end

hash_digest_class=(klass)

来源: 显示 | 在 GitHub 上

# File activesupport/lib/active_support/key_generator.rb, line 15
def hash_digest_class=(klass)
  if klass.kind_of?(Class) && klass < OpenSSL::Digest
    @hash_digest_class = klass
  else
    raise ArgumentError, "#{klass} is expected to be an OpenSSL::Digest subclass"
  end
end

new(secret, options = {})

来源: 显示 | 在 GitHub 上

# File activesupport/lib/active_support/key_generator.rb, line 28
def initialize(secret, options = {})
  @secret = secret
  # The default iterations are higher than required for our key derivation uses
  # on the off chance someone uses this for password storage
  @iterations = options[:iterations] || 2**16
  # Also allow configuration here so people can use this to build a rotation
  # scheme when switching the digest class.
  @hash_digest_class = options[:hash_digest_class] || self.class.hash_digest_class
end

实例公共方法

generate_key(salt, key_size = 64)

返回一个合适的派生密钥。默认的 key_size 被选择为与 ActiveSupport::MessageVerifier 的默认设置兼容。即 OpenSSL::Digest::SHA1#block_length

来源: 显示 | 在 GitHub 上

# File activesupport/lib/active_support/key_generator.rb, line 41
def generate_key(salt, key_size = 64)
  OpenSSL::PKCS5.pbkdf2_hmac(@secret, salt, @iterations, key_size, @hash_digest_class.new)
end