method

encrypt_and_sign

rails latest stable - Class: ActiveSupport::MessageEncryptor

encrypt_and_sign(value, **options)

public

Encrypt and sign a message. We need to sign the message in order to avoid padding attacks. Reference: www.limited-entropy.com/padding-oracle-attacks/.

Options

:expires_at

The datetime at which the message expires. After this datetime, verification of the message will fail.

message = encryptor.encrypt_and_sign("hello", expires_at: Time.now.tomorrow)
encryptor.decrypt_and_verify(message) # => "hello"
# 24 hours later...
encryptor.decrypt_and_verify(message) # => nil

:expires_in

The duration for which the message is valid. After this duration has elapsed, verification of the message will fail.

message = encryptor.encrypt_and_sign("hello", expires_in: 24.hours)
encryptor.decrypt_and_verify(message) # => "hello"
# 24 hours later...
encryptor.decrypt_and_verify(message) # => nil

:purpose

The purpose of the message. If specified, the same purpose must be specified when verifying the message; otherwise, verification will fail. (See #decrypt_and_verify.)

# File activesupport/lib/active_support/message_encryptor.rb, line 220
    def encrypt_and_sign(value, **options)
      create_message(value, **options)
    end

encrypt_and_sign

Options

Related methods