module CryptKeeper::Helper::DigestPassphrase

Constants

HASH_ALGORITHM

Private: Hash algorithm to use when generating a PBKDF2 passphrase.

Returns a String.

ITERATIONS

Private: Iterations to use when generating a PBKDF2 passphrase.

Returns a String.

Public Instance Methods

digest_passphrase(key, salt) click to toggle source

Public: Generates a hex passphrase using the given key and salt.

key - Encryption key salt - Encryption salt

Returns a String.

# File lib/crypt_keeper/helper.rb, line 76
def digest_passphrase(key, salt)
  raise ArgumentError.new("Missing :key")  if key.blank?
  raise ArgumentError.new("Missing :salt") if salt.blank?

  require "openssl"

  digest = OpenSSL::Digest.new(hash_algorithm)

  hmac = OpenSSL::PKCS5.pbkdf2_hmac(
    key,
    salt,
    iterations,
    digest.digest_length,
    digest
  )

  hmac.unpack("H*").first
end

Private Instance Methods

hash_algorithm() click to toggle source

Private: Hash algorithm to use for digest passphrase.

Returns a String.

# File lib/crypt_keeper/helper.rb, line 100
def hash_algorithm
  if hash = ENV["ARMOR_HASH"]
    warn :ARMOR_HASH unless hash == HASH_ALGORITHM
    hash
  else
    HASH_ALGORITHM
  end
end
warn(key) click to toggle source

Private: Warns about the deprecated ENV vars used with the Armor gem.

key - The ENV variable name

Returns a String.

# File lib/crypt_keeper/helper.rb, line 114
      def warn(key)
        require "active_support/deprecation"

        ActiveSupport::Deprecation.warn <<-MSG.squish
          CryptKeeper no longer uses the Armor gem to generate passphrases for
          MySQL AES encryption. Your installation is using a non-standard
          value for `ENV["#{key}"]` which affects the way passphrases are
          generated. You will need to re-encrypt your data with this variable
          removed prior to CryptKeeper v3.0.0.
        MSG
      end