Class: EncryptedStrings::ShaCipher

Inherits:

Cipher

Object
Cipher
EncryptedStrings::ShaCipher

show all

Defined in:: lib/encrypted_strings/sha_cipher.rb

Overview

Encrypts a string using a Secure Hash Algorithm (SHA), specifically SHA-1.

Encrypting

To encrypt a string using an SHA cipher, the salt used to seed the algorithm must be specified. You can define the default for this value like so:

EncryptedStrings::ShaCipher.default_algorithm = 'sha512'
EncryptedStrings::ShaCipher.default_salt = 'secret'

If these configuration options are not passed in to #encrypt, then the default values will be used. You can override the default values like so:

password = 'shhhh'
password.encrypt(:sha, :salt => 'secret')  # => "ae645b35bb5dfea6c9133ac872e6adfa92a3c2bd"

Customizations

In addition to customizing the algorithm, you can further tweak how values get encrypted by defining dynamic salts and how to build the value that actually gets hashed.

For example:

password = 'shhhh'
password.encrypt(:sha,
  :salt => lambda {Time.now.to_s},
  :builder => lambda {|data, salt| "#{data}|#{salt}"}
)

The above example will generate a salt based on the current time and then use a custom builder for determining how the salt and data get concatenated to determine the value that gets hashed. This is particularly useful for providing compatibility with legacy systems.

Decrypting

SHA-encrypted strings cannot be decrypted. The only way to determine whether an unencrypted value is equal to an SHA-encrypted string is to encrypt the value with the same salt. For example,

password = 'shhhh'.encrypt(:sha, :salt => 'secret') # => "3b22cbe4acde873c3efc82681096f3ae69aff828"
input = 'shhhh'.encrypt(:sha, :salt => 'secret')    # => "3b22cbe4acde873c3efc82681096f3ae69aff828"
password == input                                   # => true

Class Attribute Summary collapse

.default_algorithm ⇒ Object

The default algorithm to use for encryption.
.default_builder ⇒ Object

The default algorithm to use for building the value that gets hashed.
.default_salt ⇒ Object

The default salt value to use during encryption.

Instance Attribute Summary collapse

#algorithm ⇒ Object

The algorithm to use for encryption/decryption.
#builder ⇒ Object

The function to use to build the value that gets hashed.
#salt ⇒ Object

The salt value to use for encryption.

Instance Method Summary collapse

#can_decrypt? ⇒ Boolean

Decryption is not supported.
#encrypt(data) ⇒ Object

Returns the encrypted value of the data.
#initialize(options = {}) ⇒ ShaCipher constructor

Creates a new cipher that uses an SHA encryption strategy.

Methods inherited from Cipher

#decrypt

Constructor Details

#initialize(options = {}) ⇒ `ShaCipher`

Creates a new cipher that uses an SHA encryption strategy.

Configuration options:

:algorithm - The hashing algorithm to use for generating the encrypted string
:salt - Specifies a method, proc or string to call to determine the random bytes used as one of the inputs for generating the encrypted string
:builder - Specifies a method or proc to call to determine the actual value that gets hashed. This takes two arguments: the data and the salt for the encryption.

Raises:

(ArgumentError)

# File 'lib/encrypted_strings/sha_cipher.rb', line 87

def initialize(options = {})
  invalid_options = options.keys - [:algorithm, :salt, :builder]
  raise ArgumentError, "Unknown key(s): #{invalid_options.join(", ")}" unless invalid_options.empty?
  
  options = {
    :algorithm => ShaCipher.default_algorithm,
    :salt => ShaCipher.default_salt,
    :builder => ShaCipher.default_builder
  }.merge(options)
  
  self.algorithm = options[:algorithm].upcase
  self.salt = salt_value(options[:salt])
  self.builder = options[:builder]
  
  super()
end

Class Attribute Details

.default_algorithm ⇒ `Object`

The default algorithm to use for encryption. Default is SHA1.


52
53
54

# File 'lib/encrypted_strings/sha_cipher.rb', line 52

def default_algorithm
  @default_algorithm
end

.default_builder ⇒ `Object`

The default algorithm to use for building the value that gets hashed. Default is lambda {|data, salt| “#{data}##salt”}.


59
60
61

# File 'lib/encrypted_strings/sha_cipher.rb', line 59

def default_builder
  @default_builder
end

.default_salt ⇒ `Object`

The default salt value to use during encryption


55
56
57

# File 'lib/encrypted_strings/sha_cipher.rb', line 55

def default_salt
  @default_salt
end

Instance Attribute Details

#algorithm ⇒ `Object`

The algorithm to use for encryption/decryption


68
69
70

# File 'lib/encrypted_strings/sha_cipher.rb', line 68

def algorithm
  @algorithm
end

#builder ⇒ `Object`

The function to use to build the value that gets hashed


74
75
76

# File 'lib/encrypted_strings/sha_cipher.rb', line 74

def builder
  @builder
end

#salt ⇒ `Object`

The salt value to use for encryption


71
72
73

# File 'lib/encrypted_strings/sha_cipher.rb', line 71

def salt
  @salt
end

Instance Method Details

#can_decrypt? ⇒ `Boolean`

Decryption is not supported

Returns:

(Boolean)


105
106
107

# File 'lib/encrypted_strings/sha_cipher.rb', line 105

def can_decrypt?
  false
end

#encrypt(data) ⇒ `Object`

Returns the encrypted value of the data


110
111
112

# File 'lib/encrypted_strings/sha_cipher.rb', line 110

def encrypt(data)
  Digest::const_get(algorithm.upcase).hexdigest(build(data, salt))
end