Class: ActiveRecord::Encryption::Encryptor
Relationships & Source Files | |
Extension / Inclusion / Inheritance Descendants | |
Subclasses:
|
|
Inherits: | Object |
Defined in: | activerecord/lib/active_record/encryption/encryptor.rb |
Overview
An encryptor exposes the encryption API that EncryptedAttributeType
uses for encrypting and decrypting attribute values.
It interacts with a KeyProvider
for getting the keys, and delegate to Cipher
the actual encryption algorithm.
Constant Summary
-
DECRYPT_ERRORS =
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 70[OpenSSL::Cipher::CipherError, Errors::EncryptedContentIntegrity, Errors::Decryption]
-
ENCODING_ERRORS =
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 71[EncodingError, Errors::Encoding]
-
THRESHOLD_TO_JUSTIFY_COMPRESSION =
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 72140.bytes
Instance Method Summary
-
#decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {})
Decrypts a
clean_text
and returns the result as clean text. -
#encrypt(clear_text, key_provider: default_key_provider, cipher_options: {})
Encrypts
clean_text
and returns the encrypted result. -
#encrypted?(text) ⇒ Boolean
Returns whether the text is encrypted or not.
Instance Method Details
#decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {})
Decrypts a clean_text
and returns the result as clean text
Options
- :key_provider
-
Key provider to use for the encryption operation. It will default to
ActiveRecord::Encryption.key_provider
when not provided - :cipher_options
-
Cipher-specific options that will be passed to the Cipher configured in
ActiveRecord::Encryption.cipher
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 52
def decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {}) = (encrypted_text) keys = key_provider.decryption_keys( ) raise Errors::Decryption unless keys.present? uncompress_if_needed(cipher.decrypt(, key: keys.collect(&:secret), ** ), .headers.compressed) rescue *(ENCODING_ERRORS + DECRYPT_ERRORS) raise Errors::Decryption end
#encrypt(clear_text, key_provider: default_key_provider, cipher_options: {})
Encrypts clean_text
and returns the encrypted result
Internally, it will:
-
Create a new
Message
-
Compress and encrypt
clean_text
as the message payload -
Serialize it with
ActiveRecord::Encryption.message_serializer
(ActiveRecord::Encryption::SafeMarshal
by default) -
Encode the result with
::ActiveRecord::Base
64
Options
- :key_provider
-
Key provider to use for the encryption operation. It will default to
ActiveRecord::Encryption.key_provider
when not provided. - :cipher_options
-
Cipher-specific options that will be passed to the Cipher configured in
ActiveRecord::Encryption.cipher
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 34
def encrypt(clear_text, key_provider: default_key_provider, cipher_options: {}) clear_text = force_encoding_if_needed(clear_text) if [:deterministic] validate_payload_type(clear_text) (clear_text, key_provider: key_provider, cipher_options: ) end
#encrypted?(text) ⇒ Boolean
Returns whether the text is encrypted or not
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 62
def encrypted?(text) (text) true rescue Errors::Encoding, *DECRYPT_ERRORS false end