Sinatra: Encrypt cookies with AES-GCM

We should at least use SHA2 out of the box.

I'm sorry I didn't think of this until now :disappointed:

I'd be happy to look into this and submit a PR to upgrade the encryption.
With Rails, most of the complexity with my changes was around supporting
seamless upgrades from the now legacy encryption to this new scheme. Is
that something Sinatra would be interested in supporting?

http://michaeljcoyne.me

On May 29, 2017 2:22 AM, "Zachary Scott" notifications@github.com wrote:

I'm sorry I didn't think of this until now 😞

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/sinatra/sinatra/issues/1300#issuecomment-304549786,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAFAjwK-fxb9rWS_SLSJK1Gm2f-TMwxUks5r-g_dgaJpZM4Noyej
.

Started to look more into this and I'm little confused as to where session cookies come from for Sinatra. Do they come from rack/session/cookie code base or do they solely come from the above mentioned file?

Either way, both are just doing a HMAC for cookie security. I think introducing AES encryption would certainly be a worthwhile addition to Sinatra (and thus introduce confidential to the system). Should I be looking to create a PR against the rack session code base or against the above mentioned code base?

Would love to contribute this feature, so please advice on what the best course of action would be. Thanks!!

You're correct, cookies are handled in Sinatra base and Rack::Session::Cookie encrypts with sha1 by default. Rack::Protection::SessionHijacking adds some request properties to the session and encrypts them, so that would need some attention as well.

Thanks for the feedback. Will look into creating a PR sometime next week (as I am away in Europe at the moment). Will be great to have Sinatra and other rack apps benefit from more modern encryption!

Put together a PR for Rack::Session::Cookie. Any and all feedback or questions are welcomed!

As far as Rack::Protection::SessionHijacking goes, the use the encrypt method is no longer needed. Since the underlying session is encrypted and signed, we can just rely on the security of that. Using AES for the encrypting the session data now introduces confidentiality, thus making the SessionHijacking module even more useful. A theoretical attack cannot view the session data and would not know what to forge the stored User-Agent and Language headers to.

I can make a PR to update this module.

@mikeycgto Does that depend on your PR to Rack getting merged and released?

Yes, my changes to rack/protection/session_hijacking would require my PR for Rack to be merged before that can be merged. I made a branch for it on my sinatra fork but have yet to open a PR.

Maybe we move my changes to the cookie middleware into an independent middleware that sinatra can use directly? Getting such a major change accepted into Rack may take a long while.

@mikeycgto Yeah, I'm :+1: to rolling this out into a shim or something once it's merged.

We will probably want to support the next major rack release, whenever that is, I guess rack 3 will be a thing. But until then we should still support your encrypted cookies

Sounds good. I can take my changes to rack's cookie middleware and integrate them directly into sinatra for the short term. Will put together a PR for this soon.

Rails already does this from version 5.2:

As of Rails 5.2 encrypted cookies and sessions are protected using AES GCM encryption. This form of encryption is a type of Authenticated Encryption and couples authentication and encryption in single step while also producing shorter ciphertexts as compared to other algorithms previously used. The key for cookies encrypted with AES GCM are derived using a salt value defined by the config.action_dispatch.authenticated_encrypted_cookie_salt configuration value.

Prior to this version, encrypted cookies were secured using AES in CBC mode with HMAC using SHA1 for authentication. The keys for this type of encryption and for HMAC verification were derived via the salts defined by config.action_dispatch.encrypted_cookie_salt and config.action_dispatch.encrypted_signed_cookie_salt respectively.

There is now some movement on Rack encryption sessions here: https://github.com/rack/rack/pull/1177

Once this is merged, I would like to look into supporting encrypted cookies on Sinatra.

Thanks @mjc-gh!