From b24b19687aebaea5788d921863c67b61d501ff4c Mon Sep 17 00:00:00 2001 From: Samuel Williams Date: Thu, 13 Jun 2019 17:29:15 +1200 Subject: Use stronger ciphers in documentation This will help users pick stronger ciphers if they aren't educated about encryption gotchas. --- ext/openssl/ossl.c | 12 ++++++------ ext/openssl/ossl_cipher.c | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c index 38e650e1..6c76c8e8 100644 --- a/ext/openssl/ossl.c +++ b/ext/openssl/ossl.c @@ -635,7 +635,7 @@ static void Init_ossl_locks(void) * ahold of the key may use it unless it is encrypted. In order to securely * export a key you may export it with a pass phrase. * - * cipher = OpenSSL::Cipher.new 'AES-128-CBC' + * cipher = OpenSSL::Cipher.new 'AES-256-CBC' * pass_phrase = 'my secure pass phrase goes here' * * key_secure = key.export cipher, pass_phrase @@ -745,7 +745,7 @@ static void Init_ossl_locks(void) * using PBKDF2. PKCS #5 v2.0 recommends at least 8 bytes for the salt, * the number of iterations largely depends on the hardware being used. * - * cipher = OpenSSL::Cipher.new 'AES-128-CBC' + * cipher = OpenSSL::Cipher.new 'AES-256-CBC' * cipher.encrypt * iv = cipher.random_iv * @@ -768,7 +768,7 @@ static void Init_ossl_locks(void) * Use the same steps as before to derive the symmetric AES key, this time * setting the Cipher up for decryption. * - * cipher = OpenSSL::Cipher.new 'AES-128-CBC' + * cipher = OpenSSL::Cipher.new 'AES-256-CBC' * cipher.decrypt * cipher.iv = iv # the one generated with #random_iv * @@ -803,7 +803,7 @@ static void Init_ossl_locks(void) * * First set up the cipher for encryption * - * encryptor = OpenSSL::Cipher.new 'AES-128-CBC' + * encryptor = OpenSSL::Cipher.new 'AES-256-CBC' * encryptor.encrypt * encryptor.pkcs5_keyivgen pass_phrase, salt * @@ -816,7 +816,7 @@ static void Init_ossl_locks(void) * * Use a new Cipher instance set up for decryption * - * decryptor = OpenSSL::Cipher.new 'AES-128-CBC' + * decryptor = OpenSSL::Cipher.new 'AES-256-CBC' * decryptor.decrypt * decryptor.pkcs5_keyivgen pass_phrase, salt * @@ -904,7 +904,7 @@ static void Init_ossl_locks(void) * ca_key = OpenSSL::PKey::RSA.new 2048 * pass_phrase = 'my secure pass phrase goes here' * - * cipher = OpenSSL::Cipher.new 'AES-128-CBC' + * cipher = OpenSSL::Cipher::Cipher.new 'AES-256-CBC' * * open 'ca_key.pem', 'w', 0400 do |io| * io.write ca_key.export(cipher, pass_phrase) diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index aa336f35..93cb0ed2 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -104,7 +104,7 @@ ossl_cipher_alloc(VALUE klass) * call-seq: * Cipher.new(string) -> cipher * - * The string must be a valid cipher name like "AES-128-CBC" or "3DES". + * The string must contain a valid cipher name like "AES-256-CBC". * * A list of cipher names is available by calling OpenSSL::Cipher.ciphers. */ -- cgit v1.2.3