Comments (3)
Just my observation that upgrading to Ruby 2.4 breaks this gem with the following error:
OpenSSL::OpenSSLError:
password must be at least 4 bytes
The line of code that breaks is lock.rb:49
# Using a blank password in OpenSSL::PKey::RSA.new prevents reading
# the private key if the file is a key pair
public_key = get_rsa_key(@public_key,"")
The double quotes is a hard coded 'password', and that is the field that is expected to be 4 bytes or longer. There does not seem to be any way to configure this or force it to use a 4 byte (or longer) password, without monkey patching the gem.
Are you aware of any alternatives to this library, @ehannes , especially those which would allow us to continue using the current data in our database without a tedious decrypt/re-encrypt migration?
from strongbox.
I've noticed that the master branch is being updated, but there are no new releases since 2015. I am not sure about the status of the gem. Is it being mantained?
from strongbox.
I would say no since no maintainer has answered this question in 1,5 year :(
from strongbox.
Related Issues (20)
- Cannot visit Strongbox::Lock - error HOT 4
- dynamic :public_key and :private_key HOT 4
- "stack level too deep" With Database Migration HOT 10
- Encoding::CompatibilityError HOT 1
- Allow empty encryption field HOT 2
- Tags for Releases HOT 2
- Per-Compnay encryption settings
- Travis-CI HOT 3
- Using strongbox with NSS HOT 1
- Format validations failing HOT 1
- Ciphertexts are unauthenticated HOT 6
- Default PKCS#1 v1.5 padding leaks information
- How to avoid storing private key by re-generating it HOT 1
- Decrypt Data Offline HOT 3
- Validation before encryption? HOT 3
- string contains null byte HOT 2
- Changelog HOT 1
- OpenSSL::PKey::RSAError: padding check failed
- Validate uniqueness is possible? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from strongbox.