Home/ Questions/Q 828165
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T03:41:09+00:00

A bit of a Ruby newbie here – should be an easy question: I

  • 0

A bit of a Ruby newbie here – should be an easy question:
I want to use the encrypted_strings gem to create a password encrypted string:
(from http://rdoc.info/projects/pluginaweek/encrypted_strings)

Question is: Everything works fine, but how come I don’t need the password to decrypt the string? Say I want to store the string somewhere for a while,like the session. Is the password also stored with it? (which would seem very strange?). And no, I’m not planning on using ‘secret-key’ or any similar hack as a password.

I am planning on dynamically generating a class variable @@password using a uuid, which I don’t store other than in memory, and can change from one running of the program to the next.

Symmetric:

>> password = 'shhhh'
 => "shhhh"
 >> crypted_password = password.encrypt(:symmetric, :password => 'secret_key')
 => "qSg8vOo6QfU=\n"
  >> crypted_password.class
 => String
 >> crypted_password == 'shhhh'
 => true
 >> password = crypted_password.decrypt
 => "shhhh"
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    With a symmetric encryption scheme, you only need the same password for encryption and decryption. And from the looks of it, the password is stored in an instance variable on the encrypted string:

    >> secret = '123'
=> "123"
>> crypted = secret.encrypt(:symmetric, :password => "password")
=> "R5RVA511Nzw=\n"
>> crypted.instance_variables
=> ["@cipher"]
>> crypted.instance_variable_get("@cipher")
=> #<EncryptedStrings::SymmetricCipher:0x101192768 @password="password", @algorithm="DES-EDE3-CBC">

    So yes, if you store the crypted object as above, you’ll be storing the password as well. The goal then is to store only the string content of crypted without its instance variables. I thought that crypted.to_s or String(crypted) would accomplish this, but neither do. As a workaround, you can string interpolate it, explicitly pass it to String#new, or explicitly remove the instance variable: 

    >> "#{crypted}".instance_variables
=> []
>> String.new(crypted).instance_variables
=> []
>> crypted.send :remove_instance_variable, :@cipher
=> #<EncryptedStrings::SymmetricCipher:0x101192768 @password="password", @algorithm="DES-EDE3-CBC">
>> crypted.instance_variables
=> []

    Once you have only the string content, you can decrypt it with the password at a later point:

    >> "R5RVA511Nzw=\n".decrypt(:symmetric, :password => "password")
=> "123"
    • 0