secure_token_encrypt_uri_iv
Sets the initialization vector (IV) used for the encryption of URIs in NGINX's Secure Token module.
Description
The secure_token_encrypt_uri_iv directive specifies the initialization vector (IV) to be used in conjunction with a configured key when encrypting URIs for secure token generation. The IV is essential for ensuring the uniqueness and security of each encryption operation, preventing attacks such as replay attacks. This directive must be configured alongside the secure_token_encrypt_uri_key directive, which specifies the encryption key.
Setting the secure_token_encrypt_uri_iv requires specifying a hexadecimal value that defines the IV. The directive can be used in the http, server, or location contexts, allowing flexibility depending on the application structure. Usually, a random or unique IV should be used for each encryption to ensure security. When the directive is utilized, the generated tokens will have an additional layer of protection through encryption, which is particularly beneficial when exposing URIs to clients for accessing protected content.
Config Example
secure_token_encrypt_uri_iv 000102030405060708090a0b0c0d0e0f;
Ensure the IV is unique for each token generation to avoid security vulnerabilities.
Using an improper length for the IV may lead to errors during the encryption process.
The IV must match the encryption algorithm's block size requirements.