module Rack::Protection::Encryptor

def self.encrypt_message(data, secret, auth_data = '')
  raise ArgumentError, 'data cannot be nil' if data.nil?
  cipher = OpenSSL::Cipher.new(CIPHER)
  cipher.encrypt
  cipher.key = secret[0, cipher.key_len]
  # Rely on OpenSSL for the initialization vector
  iv = cipher.random_iv
  # This must be set to properly use AES GCM for the OpenSSL module
  cipher.auth_data = auth_data
  cipher_text = cipher.update(data)
  cipher_text << cipher.final
  "#{base64_encode cipher_text}#{DELIMITER}#{base64_encode iv}#{DELIMITER}#{base64_encode cipher.auth_tag}"
end