Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix key validation bug #7

Closed
wants to merge 3 commits into from

Conversation

drewblas
Copy link

@drewblas drewblas commented Jan 12, 2017

Fixes #5

  • No longer accept keys that are not in hex string format
  • No longer accept keys that are not of the correct length (64 characters hex == 256 bits raw binary)
  • Generate keys of the correct length
  • Generated keys use only secure random from OpenSSL::Random. If OpenSSL::Random is not defined, AES will no longer work (whereas it used to use an insecure key generating method)

This is done for two reasons:

1. There's no reason for it to be an instance method, since it does not
use the key

2. This gets us around the "hack" of creating a new AES instance with an
empty key, which breaks our validation of the key
* They are of the correct length (64 hex chars)
* They use only a secure source
* They pack and unpack correctly
* Converted the instance method to re-use the class method since key 
generation doesn't rely on any encryption state

The :base_64 format output of the random keys is very strange, because
you are base64 encoding the hex string, when the normal expectation is
you would base64 encode the raw binary. But I have left it as-is
for backwards compatibility.
They must be in the proper format and length: 64 character hex string
Raising an Argument Error

Also updated all examples with using a proper key

Finally, added a CHANGELOG with the breaking changes
@drewblas
Copy link
Author

I'm giving up and closing this

@drewblas drewblas closed this Apr 23, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Different keys can be used to decrypt the same message
1 participant