diff options
| author | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2019-06-13 17:29:15 +1200 |
|---|---|---|
| committer | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2019-06-13 17:42:50 +1200 |
| commit | b24b19687aebaea5788d921863c67b61d501ff4c (patch) | |
| tree | bdfbd7612be604ba55c9d1d94e0d8e243c9fb37f | |
| parent | 9a0d2cb145a205094579c7defc9acddde11c7ba6 (diff) | |
| download | ruby-openssl-b24b19687aebaea5788d921863c67b61d501ff4c.tar.gz | |
Use stronger ciphers in documentation
This will help users pick stronger ciphers if they aren't educated about
encryption gotchas.
| -rw-r--r-- | ext/openssl/ossl.c | 12 | ||||
| -rw-r--r-- | ext/openssl/ossl_cipher.c | 2 |
2 files changed, 7 insertions, 7 deletions
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 38e650e1..6c76c8e8 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -635,7 +635,7 @@ static void Init_ossl_locks(void) * ahold of the key may use it unless it is encrypted. In order to securely * export a key you may export it with a pass phrase. * - * cipher = OpenSSL::Cipher.new 'AES-128-CBC' + * cipher = OpenSSL::Cipher.new 'AES-256-CBC' * pass_phrase = 'my secure pass phrase goes here' * * key_secure = key.export cipher, pass_phrase @@ -745,7 +745,7 @@ static void Init_ossl_locks(void) * using PBKDF2. PKCS #5 v2.0 recommends at least 8 bytes for the salt, * the number of iterations largely depends on the hardware being used. * - * cipher = OpenSSL::Cipher.new 'AES-128-CBC' + * cipher = OpenSSL::Cipher.new 'AES-256-CBC' * cipher.encrypt * iv = cipher.random_iv * @@ -768,7 +768,7 @@ static void Init_ossl_locks(void) * Use the same steps as before to derive the symmetric AES key, this time * setting the Cipher up for decryption. * - * cipher = OpenSSL::Cipher.new 'AES-128-CBC' + * cipher = OpenSSL::Cipher.new 'AES-256-CBC' * cipher.decrypt * cipher.iv = iv # the one generated with #random_iv * @@ -803,7 +803,7 @@ static void Init_ossl_locks(void) * * First set up the cipher for encryption * - * encryptor = OpenSSL::Cipher.new 'AES-128-CBC' + * encryptor = OpenSSL::Cipher.new 'AES-256-CBC' * encryptor.encrypt * encryptor.pkcs5_keyivgen pass_phrase, salt * @@ -816,7 +816,7 @@ static void Init_ossl_locks(void) * * Use a new Cipher instance set up for decryption * - * decryptor = OpenSSL::Cipher.new 'AES-128-CBC' + * decryptor = OpenSSL::Cipher.new 'AES-256-CBC' * decryptor.decrypt * decryptor.pkcs5_keyivgen pass_phrase, salt * @@ -904,7 +904,7 @@ static void Init_ossl_locks(void) * ca_key = OpenSSL::PKey::RSA.new 2048 * pass_phrase = 'my secure pass phrase goes here' * - * cipher = OpenSSL::Cipher.new 'AES-128-CBC' + * cipher = OpenSSL::Cipher::Cipher.new 'AES-256-CBC' * * open 'ca_key.pem', 'w', 0400 do |io| * io.write ca_key.export(cipher, pass_phrase) diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index aa336f35..93cb0ed2 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -104,7 +104,7 @@ ossl_cipher_alloc(VALUE klass) * call-seq: * Cipher.new(string) -> cipher * - * The string must be a valid cipher name like "AES-128-CBC" or "3DES". + * The string must contain a valid cipher name like "AES-256-CBC". * * A list of cipher names is available by calling OpenSSL::Cipher.ciphers. */ |