如何解决OpenSSL :: Cipher :: Cipher#encrypt的弃用警告 [英] How to resolve deprecation warnings for OpenSSL::Cipher::Cipher#encrypt

问题描述

我刚刚将Mac升级到Snow Leopard，并启动了Rails环境并开始运行.唯一的区别-除了OSX-与我以前的安装不同的是，我现在正在运行ruby 1.8.7 (2008-08-11 patchlevel 72) [universal-darwin10.0](默认为Snow Leopard)而不是1.8.6.

I've just upgraded my Mac to Snow Leopard and got my Rails environment up and running. The only difference -- OSX aside -- with my previous install is that I'm now running ruby 1.8.7 (2008-08-11 patchlevel 72) [universal-darwin10.0] (Snow Leopard default) rather than 1.8.6.

我现在在运行代码时看到与OpenSSL有关的弃用警告:

I'm now seeing deprecation warnings relating to OpenSSL when I run my code:

warning: argumtents for OpenSSL::Cipher::Cipher#encrypt and OpenSSL::Cipher::Cipher#decrypt were deprecated; use OpenSSL::Cipher::Cipher#pkcs5_keyivgen to derive key and IV

我的代码示例在第4行引起这些警告(它解码了加密的字符串):

Example of my code which is causing these warnings (it decodes an encrypted string) on line 4:

1. def decrypt(data)
2.  encryptor = OpenSSL::Cipher::Cipher.new('DES-EDE3-CBC')
3.  key = "my key"
4.  encryptor.decrypt(key)
5.  text = encryptor.update(data)
6.  text << encryptor.final
7. end

我正在努力了解如何解决此问题，而Google并没有真正提供帮助.我应该尝试降级到Ruby 1.8.6(如果是的话，这样做的最佳方法是什么?)，我应该尝试只是隐藏警告(把头埋在沙子里吗?！)，或者我可以轻松地解决该问题吗?可以在代码中申请?

I'm struggling to understand how I can resolve this, and Google isn't really helping. Should I try and downgrade to Ruby 1.8.6 (and if so, what's the best way of doing this?), should I try and just hide the warnings (bury my head in the sand?!) or is there an easy fix I can apply in the code?

推荐答案

由于Ruby中的隐式类型转换，较早的Ruby允许人们以完全错误的方式使用PBE(基于密码的加密).更新的版本修复了该问题，因此警告是一件好事.

Due to the implicit type conversion in Ruby, older Ruby allows people use PBE (Password-Based Encryption) in a totally wrong way. The newer one fixes that so the warning is a good thing.

您的示例准确显示了问题所在. Triple-DES需要24字节的密钥材料(包括奇偶校验)，但是您仅提供了6个字节.您的密钥材料将被重复以弥补不足，从而导致密钥的安全性降低.

Your example shows exactly the problem. Triple-DES requires 24-byte key material (including parity) but you only provided 6 bytes. Your key material will be repeated to make up the deficit, that resulted in a less secure key.

正确的方法是使用PKCS5生成密钥和IV(初始向量)，它们使用复杂的哈希和迭代来使密钥更加安全.

The correct way to do this is to generate key and IV (initial vector) with PKCS5, which use complicated hashing and iteration to make the key much more secure.

Ruby提供以下示例代码. pass是密钥，您可以为salt使用任何硬编码值.

Ruby provides following sample code. pass is your key and you can use any hardcoded value for salt.

puts "--Encrypting--"
des = OpenSSL::Cipher::Cipher.new(alg)
des.pkcs5_keyivgen(pass, salt)
des.encrypt
cipher =  des.update(text)
cipher << des.final
puts %(encrypted text: #{cipher.inspect})
puts

puts "--Decrypting--"
des = OpenSSL::Cipher::Cipher.new(alg)
des.pkcs5_keyivgen(pass, salt)
des.decrypt
out =  des.update(cipher)
out << des.final
puts %(decrypted text: "#{out}")
puts

这篇关于如何解决OpenSSL :: Cipher :: Cipher#encrypt的弃用警告的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！