{"id":13493203,"url":"https://github.com/cvonkleist/encrypted_cookie","last_synced_at":"2025-03-28T11:31:55.540Z","repository":{"id":56844608,"uuid":"1427535","full_name":"cvonkleist/encrypted_cookie","owner":"cvonkleist","description":"AES-128 encrypted session cookies for Rack (and Sinatra and other frameworks).","archived":false,"fork":false,"pushed_at":"2020-03-17T12:26:38.000Z","size":59,"stargazers_count":53,"open_issues_count":5,"forks_count":14,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-03-08T11:43:12.159Z","etag":null,"topics":["gems","rack","ruby","sinatra"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cvonkleist.png","metadata":{"files":{"readme":"README.markdown","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2011-03-01T19:42:40.000Z","updated_at":"2023-01-06T10:45:09.000Z","dependencies_parsed_at":"2022-09-10T03:53:17.101Z","dependency_job_id":null,"html_url":"https://github.com/cvonkleist/encrypted_cookie","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cvonkleist%2Fencrypted_cookie","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cvonkleist%2Fencrypted_cookie/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cvonkleist%2Fencrypted_cookie/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cvonkleist%2Fencrypted_cookie/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cvonkleist","download_url":"https://codeload.github.com/cvonkleist/encrypted_cookie/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246021060,"owners_count":20710877,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gems","rack","ruby","sinatra"],"created_at":"2024-07-31T19:01:13.160Z","updated_at":"2025-03-28T11:31:55.267Z","avatar_url":"https://github.com/cvonkleist.png","language":"Ruby","funding_links":[],"categories":["Security"],"sub_categories":[],"readme":"## Encrypted session cookies for Rack (and therefore Sinatra)\n\n![Ruby](https://github.com/cvonkleist/encrypted_cookie/workflows/Ruby/badge.svg)\n\nThe `encrypted_cookie` gem provides 256-bit-AES-encrypted, tamper-proof cookies\nfor Rack through the class `Rack::Session::EncryptedCookie`.\n\n## How to use encrypted\\_cookie\n\n    $ gem install encrypted_cookie\n\nSinatra example:\n\n    require 'sinatra'\n    require 'encrypted_cookie'\n    \n    use Rack::Session::EncryptedCookie,\n      :secret =\u003e TYPE_YOUR_LONG_RANDOM_STRING_HERE*\n    \n    get '/' do\n      session[:foo] = 'bar'\n      \"session: \" + session.inspect\n    end\n\n_*_ Your `:secret` must be at least 32 bytes long and should be really random.\nDon't use a password or passphrase, generate something random (see below).\n\n## Encryption and integrity protection\n\nThe cookie is encrypted with 256-bit AES in CBC mode (with random IV).  The\nencrypted cookie is then signed with a HMAC, to prevent tampering and chosen\nciphertext attacks.  Any attempt at tampering with the cookie will reset the\nuser to `{}` (empty hash).\n\n## Generating a good secret\n\nRun this in a terminal and paste the output into your script:\n\n    $ ruby -rsecurerandom -e \"puts SecureRandom.hex(32)\"\n\n## Developing\n\nTo get the specs running:\n\n```bash\n$ cd path-to-clone\n$ gem install bundler # if not already installed\n$ bundle install\n$ bundle exec rspec\n```\n\n# Thanks\n\n- [@namelessjon](https://github.com/namelessjon) - Jon - For the massive crypto improvements!\n- [@mkristian](https://github.com/mkristian) - Christian Meier\n- [@danp](https://github.com/danp) - Dan Peterson\n- [@stmllr](https://github.com/stmllr) - Steffen Müller\n- [@andrhamm](https://github.com/andrhamm) - Andrew Hammond\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcvonkleist%2Fencrypted_cookie","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcvonkleist%2Fencrypted_cookie","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcvonkleist%2Fencrypted_cookie/lists"}