encrypt_and_sign(value, **options) public

Encrypt and sign a message. We need to sign the message in order to avoid padding attacks. Reference: www.limited-entropy.com/padding-oracle-attacks/.

Options

:expires_at

The datetime at which the message expires. After this datetime, verification of the message will fail.

message = encryptor.encrypt_and_sign("hello", expires_at: Time.now.tomorrow)
encryptor.decrypt_and_verify(message) # => "hello"
# 24 hours later...
encryptor.decrypt_and_verify(message) # => nil
:expires_in

The duration for which the message is valid. After this duration has elapsed, verification of the message will fail.

message = encryptor.encrypt_and_sign("hello", expires_in: 24.hours)
encryptor.decrypt_and_verify(message) # => "hello"
# 24 hours later...
encryptor.decrypt_and_verify(message) # => nil
:purpose

The purpose of the message. If specified, the same purpose must be specified when verifying the message; otherwise, verification will fail. (See #decrypt_and_verify.)

Show source
Register or log in to add new notes.