class ActiveSupport::KeyGenerator

key in multiple incompatible contexts.
This lets Rails applications have a single secure secret, but avoid reusing that
It can be used to derive a number of keys for various purposes from a given secret.
KeyGenerator is a simple wrapper around OpenSSL’s implementation of PBKDF2.
= Key Generator

def generate_key(salt, key_size = 64)

i.e. OpenSSL::Digest::SHA1#block_length
to be compatible with the default settings of ActiveSupport::MessageVerifier.
Returns a derived key suitable for use. The default +key_size+ is chosen
def generate_key(salt, key_size = 64)
  OpenSSL::PKCS5.pbkdf2_hmac(@secret, salt, @iterations, key_size, @hash_digest_class.new)
end

def hash_digest_class

def hash_digest_class
  @hash_digest_class ||= OpenSSL::Digest::SHA1
end

def hash_digest_class=(klass)

def hash_digest_class=(klass)
  if klass.kind_of?(Class) && klass < OpenSSL::Digest
    @hash_digest_class = klass
  else
    raise ArgumentError, "#{klass} is expected to be an OpenSSL::Digest subclass"
  end
end

def initialize(secret, options = {})

def initialize(secret, options = {})
  @secret = secret
  # The default iterations are higher than required for our key derivation uses
  # on the off chance someone uses this for password storage
  @iterations = options[:iterations] || 2**16
  # Also allow configuration here so people can use this to build a rotation
  # scheme when switching the digest class.
  @hash_digest_class = options[:hash_digest_class] || self.class.hash_digest_class
end

def inspect # :nodoc:

:nodoc:
def inspect # :nodoc:
  "#<#{self.class.name}:#{'%#016x' % (object_id << 1)}>"
end