Class: ActiveRecord::Encryption::Encryptor
Relationships & Source Files | |
Extension / Inclusion / Inheritance Descendants | |
Subclasses:
|
|
Inherits: | Object |
Defined in: | activerecord/lib/active_record/encryption/encryptor.rb |
Overview
An encryptor exposes the encryption API that EncryptedAttributeType
uses for encrypting and decrypting attribute values.
It interacts with a KeyProvider
for getting the keys, and delegate to Cipher
the actual encryption algorithm.
Constant Summary
-
DECRYPT_ERRORS =
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 82[OpenSSL::Cipher::CipherError, Errors::EncryptedContentIntegrity, Errors::Decryption]
-
ENCODING_ERRORS =
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 83[EncodingError, Errors::Encoding]
-
THRESHOLD_TO_JUSTIFY_COMPRESSION =
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 84140.bytes
Class Method Summary
-
.new(compress: true) ⇒ Encryptor
constructor
Options.
Instance Attribute Summary
- #binary? ⇒ Boolean readonly
Instance Method Summary
-
#decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {})
Decrypts an
encrypted_text
and returns the result as clean text. -
#encrypt(clear_text, key_provider: default_key_provider, cipher_options: {})
Encrypts
clean_text
and returns the encrypted result. -
#encrypted?(text) ⇒ Boolean
Returns whether the text is encrypted or not.
Constructor Details
.new(compress: true) ⇒ Encryptor
Options
-
:compress
- Boolean indicating whether records should be compressed before encryption. Defaults totrue
.
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 19
def initialize(compress: true) @compress = compress end
Instance Attribute Details
#binary? ⇒ Boolean
(readonly)
[ GitHub ]
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 77
def binary? serializer.binary? end
Instance Method Details
#decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {})
Decrypts an encrypted_text
and returns the result as clean text
Options
- :key_provider
-
Key provider to use for the encryption operation. It will default to
ActiveRecord::Encryption.key_provider
when not provided - :cipher_options
-
Cipher-specific options that will be passed to the Cipher configured in
ActiveRecord::Encryption.cipher
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 60
def decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {}) = (encrypted_text) keys = key_provider.decryption_keys( ) raise Errors::Decryption unless keys.present? uncompress_if_needed(cipher.decrypt(, key: keys.collect(&:secret), ** ), .headers.compressed) rescue *(ENCODING_ERRORS + DECRYPT_ERRORS) raise Errors::Decryption end
#encrypt(clear_text, key_provider: default_key_provider, cipher_options: {})
Encrypts clean_text
and returns the encrypted result
Internally, it will:
-
Create a new
Message
-
Compress and encrypt
clean_text
as the message payload -
Serialize it with
ActiveRecord::Encryption.message_serializer
(ActiveRecord::Encryption::SafeMarshal
by default) -
Encode the result with
::ActiveRecord::Base
64
Options
- :key_provider
-
Key provider to use for the encryption operation. It will default to
ActiveRecord::Encryption.key_provider
when not provided. - :cipher_options
-
Cipher-specific options that will be passed to the Cipher configured in
ActiveRecord::Encryption.cipher
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 42
def encrypt(clear_text, key_provider: default_key_provider, cipher_options: {}) clear_text = force_encoding_if_needed(clear_text) if [:deterministic] validate_payload_type(clear_text) (clear_text, key_provider: key_provider, cipher_options: ) end
#encrypted?(text) ⇒ Boolean
Returns whether the text is encrypted or not
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 70
def encrypted?(text) (text) true rescue Errors::Encoding, *DECRYPT_ERRORS false end