Project

rack_encrypted_cookie

0.0
No commit activity in last 3 years
No release in over 3 years
rack_encrypted_cookietonytonyjan/rack_encrypted_cookieHomepageDocumentationSource CodeBug TrackerWiki
Rack middleware for signed encrypted session cookie. It's fully compatible with Rack::Session::Cookie, not only safe but also easy to use
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
8,081
Stars
4
Forks
2
Watchers
4
 Releases
Current version
1.0.0
Total releases
3
First release
2016-12-05
Latest release
2016-12-11
 Issues
Open Issues
0
Closed Issues
1
Total Issues
1
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
1
Merged Pull Requests
0
Pull Request Acceptance Rate
0%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2017-03-17
Reverse Dependencies
0

 Dependencies

Development

minitest
>= 0
rake
>= 0
rubocop
>= 0

Runtime

coder_decorator
>= 1.0.2
rack
>= 0
 Project Readme

Rack::Session::EncryptedCookie Build Status

Installation

gem install rack_encrypted_cookie

Usage

In your project, replace Rack::Session::Cookie with Rack::Session::EncryptedCookie, and it will just work. Rack::Session::EncryptedCookie is FULLY COMPATIBLE with Rack::Session::Cookie, even accepts all options.

Minimal Example

require 'rack/session/encrypted_cookie'

app = lambda do |env|
  session = env['rack.session']
  session[:count] ||= 0
  session[:count] += 1
  [200, {}, [session[:count].to_s]]
end

app = Rack::Builder.app(app) do
  use Rack::Session::EncryptedCookie, secret: 'secret_key_base'
end

Rack::Handler::WEBrick.run app

Options

option default
:salt 'encrypted cookie'
:signed_salt 'signed encrypted cookie'
:iterations 1024
:key_size 32
:cipher 'AES-256-CBC'

A list of supported algorithms can be obtained by

puts OpenSSL::Cipher.ciphers

How it works

In Rack::Session::Cookie, the :secret option is used for signing, while Rack::Session::EncryptedCookie treats it as a secrete key base, which is used to generate derived keys (one for signing, another for encryption) using PBKDF2 with an SHA1-based HMAC.

Cookie Structure

Rack::Session::EncryptedCookie

+-------------------------- uri encode -------------------------+
| +----------------------- base64 ------------+      +-- hex -+ |
| | +------- base64 ------+      +- base64 -+ |      |        | |
| | | +-- AES-256-CBC --+ |      |          | |      |        | |
| | | |     marshal     | | "--" |    iv    | | "--" |  hmac  | |
| | | +-----------------+ |      |          | |      |        | |
| | +---------------------+      +----------+ |      |        | |
| +-------------------------------------------+      +--------+ |
+---------------------------------------------------------------+

Rack::Session::Cookie

+--------- uri encode ----------+
| +-- base64 -+      +-- hex -+ |
| |  marshal  | "--" |  hmac  | |
| +-----------+      +--------+ |
+-------------------------------+

TODO

  • Support AEAD cipher like 'aes-256-gcm'