Class Rails::SecretKeyGenerator
In: vendor/rails/railties/lib/rails_generator/secret_key_generator.rb
Parent: Object

A class for creating random secret keys. This class will do its best to create a random secret key that‘s as secure as possible, using whatever methods are available on the current platform. For example:

  generator = Rails::SecretKeyGenerator("some unique identifier, such as the application name")
  generator.generate_secret     # => "f3f1be90053fa851... (some long string)"

Methods

Constants

GENERATORS = [ :secure_random, :win32_api, :urandom, :openssl, :prng ].freeze

Public Class methods

[Source]

    # File vendor/rails/railties/lib/rails_generator/secret_key_generator.rb, line 11
11:     def initialize(identifier)
12:       @identifier = identifier
13:     end

Public Instance methods

Generate a random secret key with the best possible method available on the current platform.

[Source]

    # File vendor/rails/railties/lib/rails_generator/secret_key_generator.rb, line 17
17:     def generate_secret
18:       generator = GENERATORS.find do |g|
19:         self.class.send("supports_#{g}?")
20:       end
21:       send("generate_secret_with_#{generator}")
22:     end

Generate a random secret key with OpenSSL. If OpenSSL is not already loaded, then this method will attempt to load it. LoadError will be raised if that fails.

[Source]

    # File vendor/rails/railties/lib/rails_generator/secret_key_generator.rb, line 67
67:     def generate_secret_with_openssl
68:       require 'openssl'
69:       if !File.exist?("/dev/urandom")
70:         # OpenSSL transparently seeds the random number generator with
71:         # data from /dev/urandom. On platforms where that is not
72:         # available, such as Windows, we have to provide OpenSSL with
73:         # our own seed. Unfortunately there's no way to provide a
74:         # secure seed without OS support, so we'll have to do with
75:         # rand() and Time.now.usec().
76:         OpenSSL::Random.seed(rand(0).to_s + Time.now.usec.to_s)
77:       end
78:       data = OpenSSL::BN.rand(2048, -1, false).to_s
79: 
80:       if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000
81:         OpenSSL::Digest::SHA512.new(data).hexdigest
82:       else
83:         generate_secret_with_prng
84:       end
85:     end

Generate a random secret key with Ruby‘s pseudo random number generator, as well as some environment information.

This is the least cryptographically secure way to generate a secret key, and should be avoided whenever possible.

[Source]

     # File vendor/rails/railties/lib/rails_generator/secret_key_generator.rb, line 98
 98:     def generate_secret_with_prng
 99:       require 'digest/sha2'
100:       sha = Digest::SHA2.new(512)
101:       now = Time.now
102:       sha << now.to_s
103:       sha << String(now.usec)
104:       sha << String(rand(0))
105:       sha << String($$)
106:       sha << @identifier
107:       return sha.hexdigest
108:     end

Generate a random secret key with Ruby 1.9‘s SecureRandom module. Raises LoadError if the current Ruby version does not support SecureRandom.

[Source]

    # File vendor/rails/railties/lib/rails_generator/secret_key_generator.rb, line 59
59:     def generate_secret_with_secure_random
60:       require 'securerandom'
61:       return SecureRandom.hex(64)
62:     end

Generate a random secret key with /dev/urandom. Raises SystemCallError on failure.

[Source]

    # File vendor/rails/railties/lib/rails_generator/secret_key_generator.rb, line 89
89:     def generate_secret_with_urandom
90:       return File.read("/dev/urandom", 64).unpack("H*")[0]
91:     end

Generate a random secret key by using the Win32 API. Raises LoadError if the current platform cannot make use of the Win32 API. Raises SystemCallError if some other error occured.

[Source]

    # File vendor/rails/railties/lib/rails_generator/secret_key_generator.rb, line 27
27:     def generate_secret_with_win32_api
28:       # Following code is based on David Garamond's GUID library for Ruby.
29:       require 'Win32API'
30: 
31:       crypt_acquire_context = Win32API.new("advapi32", "CryptAcquireContext",
32:                                            'PPPII', 'L')
33:       crypt_gen_random = Win32API.new("advapi32", "CryptGenRandom",
34:                                       'LIP', 'L')
35:       crypt_release_context = Win32API.new("advapi32", "CryptReleaseContext",
36:                                          'LI', 'L')
37:       prov_rsa_full       = 1
38:       crypt_verifycontext = 0xF0000000
39: 
40:       hProvStr = " " * 4
41:       if crypt_acquire_context.call(hProvStr, nil, nil, prov_rsa_full,
42:                                     crypt_verifycontext) == 0
43:         raise SystemCallError, "CryptAcquireContext failed: #{lastWin32ErrorMessage}"
44:       end
45:       hProv, = hProvStr.unpack('L')
46:       bytes = " " * 64
47:       if crypt_gen_random.call(hProv, bytes.size, bytes) == 0
48:         raise SystemCallError, "CryptGenRandom failed: #{lastWin32ErrorMessage}"
49:       end
50:       if crypt_release_context.call(hProv, 0) == 0
51:         raise SystemCallError, "CryptReleaseContext failed: #{lastWin32ErrorMessage}"
52:       end
53:       bytes.unpack("H*")[0]
54:     end

[Validate]