edge badge

KeyGenerator is a simple wrapper around OpenSSL's implementation of PBKDF2. It can be used to derive a number of keys for various purposes from a given secret. This lets Rails applications have a single secure secret, but avoid reusing that key in multiple incompatible contexts.

Class Public methods
new(secret, options = {})
# File activesupport/lib/active_support/key_generator.rb, line 10
def initialize(secret, options = {})
  @secret = secret
  # The default iterations are higher than required for our key derivation uses
  # on the off chance someone uses this for password storage
  @iterations = options[:iterations] || 2**16
Instance Public methods
generate_key(salt, key_size=32)

Returns a derived key suitable for use. The default key_size is chosen to be compatible with the acceptable key length of aes-256-cbc, the default cipher.

# File activesupport/lib/active_support/key_generator.rb, line 19
def generate_key(salt, key_size=32)
  OpenSSL::PKCS5.pbkdf2_hmac_sha1(@secret, salt, @iterations, key_size)