An encryptor exposes the encryption API that ActiveRecord::Encryption::EncryptedAttributeType
uses for encrypting and decrypting attribute values.
It interacts with a KeyProvider
for getting the keys, and delegate to ActiveRecord::Encryption::Cipher
the actual encryption algorithm.
Methods
Constants
DECRYPT_ERRORS | = | [OpenSSL::Cipher::CipherError, Errors::EncryptedContentIntegrity, Errors::Decryption] |
ENCODING_ERRORS | = | [EncodingError, Errors::Encoding] |
THRESHOLD_TO_JUSTIFY_COMPRESSION | = | 140.bytes |
Class Public methods
new(compress: true)
Options
-
:compress
- Boolean indicating whether records should be compressed before encryption. Defaults totrue
.
📝 Source code
# File activerecord/lib/active_record/encryption/encryptor.rb, line 19
def initialize(compress: true)
@compress = compress
end
🔎 See on GitHub
Instance Public methods
binary?()
📝 Source code
# File activerecord/lib/active_record/encryption/encryptor.rb, line 77
def binary?
serializer.binary?
end
🔎 See on GitHub
decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {})
Decrypts an encrypted_text
and returns the result as clean text
Options
📝 Source code
# File activerecord/lib/active_record/encryption/encryptor.rb, line 60
def decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {})
message = deserialize_message(encrypted_text)
keys = key_provider.decryption_keys(message)
raise Errors::Decryption unless keys.present?
uncompress_if_needed(cipher.decrypt(message, key: keys.collect(&:secret), **cipher_options), message.headers.compressed)
rescue *(ENCODING_ERRORS + DECRYPT_ERRORS)
raise Errors::Decryption
end
🔎 See on GitHub
encrypt(clear_text, key_provider: default_key_provider, cipher_options: {})
Encrypts clean_text
and returns the encrypted result
Internally, it will:
-
Create a new
ActiveRecord::Encryption::Message
-
Compress and encrypt
clean_text
as the message payload -
Serialize it with
ActiveRecord::Encryption.message_serializer
(ActiveRecord::Encryption::SafeMarshal
by default) -
Encode the result with
Base
64
Options
📝 Source code
# File activerecord/lib/active_record/encryption/encryptor.rb, line 42
def encrypt(clear_text, key_provider: default_key_provider, cipher_options: {})
clear_text = force_encoding_if_needed(clear_text) if cipher_options[:deterministic]
validate_payload_type(clear_text)
serialize_message build_encrypted_message(clear_text, key_provider: key_provider, cipher_options: cipher_options)
end
🔎 See on GitHub
encrypted?(text)
Returns whether the text is encrypted or not
📝 Source code
# File activerecord/lib/active_record/encryption/encryptor.rb, line 70
def encrypted?(text)
deserialize_message(text)
true
rescue Errors::Encoding, *DECRYPT_ERRORS
false
end
🔎 See on GitHub