Authenticated Encryption for Rails 5.2 Cookies and Sessions

With the release of Rails version 5.2, sessions and encrypted cookies are now protected with Authenticated Encryption via AES with GCM mode.

In general, Authenticated Encryption (AE) aims to provide both encryption and authentication into a single programming interface. Output from an AE cipher will contain both the resulting cipher text as well as authentication tag usually in the form of a Message Authentication Code (MAC). Authentication is needed when encrypting messages in order to avoid various attacks on the underlying encryption cipher.

Authenticated Encryption through the GCM cipher was first introduced in Rails 5.1 in PR 25874. This PR introduced support for the cipher to the ActiveSupport::MessageEncryptor class. The next minor version added AE support for sessions and cookies in PR 28132. All existing sessions and cookies encrypted with the old scheme are automatically migrated to the new scheme.

As a result encrypted cookie ciphertexts are now 30% smaller. Additionally, because encryption and authentication happen in a single step with GCM, these cookies and messages are now processed roughly 25% faster than compared to the old scheme.

Check out the ActiveSupport and ActionPack CHANGELOGs for more details!