class ActiveSupport::MessageEncryptor
def initialize(secret, sign_secret = nil, **options)
Experimental RBS support (using type sampling data from the type_fusion project).
def initialize: (String secret, ?nil sign_secret, **Hash options) -> void
This signature was generated using 1 sample from 1 application.
If you don't pass a truthy value, the default is set using
was the default in \Rails 7.0 and below.
message first, then wraps it in an envelope which is also serialized. This
Whether to use the legacy metadata serializer, which serializes the
[+:force_legacy_metadata_serializer+]
pass +true+.
Encoding with URL and Filename Safe Alphabet" in RFC 4648), you can
If you want to generate URL-safe strings (in compliance with "Base 64
which are not URL-safe. In other words, they can contain "+" and "/".
By default, MessageEncryptor generates RFC 4648 compliant strings
[+:url_safe+]
Otherwise, the default is +:marshal+.
When using \Rails, the default depends on +config.active_support.message_serializer+.
these require the +msgpack+ gem.
not supported by JSON, and may provide improved performance. However,
ActiveSupport::MessagePack, which can roundtrip some Ruby types that are
The +:message_pack+ and +:message_pack_allow_marshal+ serializers use
possible, choose a serializer that does not support +Marshal+.
attacks in cases where a message signing secret has been leaked. If
not. Beware that +Marshal+ is a potential vector for deserialization
serializers support deserializing using +Marshal+, but the others do
The +:marshal+, +:json_allow_marshal+, and +:message_pack_allow_marshal+
to migrate between serializers.
ActiveSupport::JSON, or ActiveSupport::MessagePack. This makes it easy
will serialize using +Marshal+, but can deserialize using +Marshal+,
multiple deserialization formats. For example, the +:marshal+ serializer
The preconfigured serializers include a fallback mechanism to support
+:json+, +:message_pack_allow_marshal+, +:message_pack+.
several preconfigured serializers: +:marshal+, +:json_allow_marshal+,
object that responds to +dump+ and +load+, or you can choose from
The serializer used to serialize message data. You can specify any
[+:serializer+]
'aes-256-gcm'.
Digest used for signing. Ignored when using an AEAD cipher like
[+:digest+]
Default is 'aes-256-gcm'.
Cipher to use. Can be any cipher returned by +OpenSSL::Cipher.ciphers+.
[+:cipher+]
==== Options
ActiveSupport::MessageEncryptor.new('secret', 'signature_secret')
data. Ignored when using an AEAD cipher like 'aes-256-gcm'.
MessageVerifier. This allows you to specify keys to encrypt and sign
The first additional parameter is used as the signature key for
derivation function.
key by using ActiveSupport::KeyGenerator or a similar key
bits. If you are using a user-entered secret, you can generate a suitable
the cipher key size. For the default 'aes-256-gcm' cipher, this is 256
Initialize a new MessageEncryptor. +secret+ must be at least as long as
def initialize(secret, sign_secret = nil, **options) super(**options) @secret = secret @cipher = options[:cipher] || self.class.default_cipher @aead_mode = new_cipher.authenticated? @verifier = if !@aead_mode MessageVerifier.new(sign_secret || secret, **options, serializer: NullSerializer) end end