发表新帖
发表新帖

How to decrypt a Rails 5 session cookie manually?

后端 未结
关注
2 768
隐瞒了意图╮
隐瞒了意图╮ 2020-12-19 00:35

I have access to

  • config.action_dispatch.encrypted_cookie_salt
  • config.action_dispatch.encrypted_signed_cookie_salt
  • <
2条回答
  • 长情又很酷
    长情又很酷 (楼主)
    2020-12-19 00:55

    Here's a Rails 5.2 variant of @matb's answer, which handles the revised configuration, encryption and serialization:

    require 'cgi'
require 'active_support'

def verify_and_decrypt_session_cookie(cookie, secret_key_base = Rails.application.secret_key_base)
  cookie = CGI::unescape(cookie)
  salt   = 'authenticated encrypted cookie'
  encrypted_cookie_cipher = 'aes-256-gcm'
  serializer = ActiveSupport::MessageEncryptor::NullSerializer

  key_generator = ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000)
  key_len = ActiveSupport::MessageEncryptor.key_len(encrypted_cookie_cipher)
  secret = key_generator.generate_key(salt, key_len)
  encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: encrypted_cookie_cipher, serializer: serializer)

  encryptor.decrypt_and_verify(cookie)
end

    Also up at https://gist.github.com/inopinatus/e523f36b468f94cf6d34410b73fef15e.

    0 讨论(0)
 看不清?
提交回复
热议问题