The algorithm used for encrypting and decrypting Message objects.

It uses AES-256-GCM. It will generate a random IV for non deterministic encryption (default) or derive an initialization vector from the encrypted content for deterministic encryption.

See Cipher::Aes256Gcm.

Namespace

Class

Methods

Constants

DEFAULT_ENCODING = Encoding::UTF_8

Instance Public methods

decrypt(encrypted_message, key:)

Decrypt the provided Message.

When key is an Array, it will try all the keys raising a ActiveRecord::Encryption::Errors::Decryption if none works.

📝 Source code 
# File activerecord/lib/active_record/encryption/cipher.rb, line 25
      def decrypt(encrypted_message, key:)
        try_to_decrypt_with_each(encrypted_message, keys: Array(key)).tap do |decrypted_text|
          decrypted_text.force_encoding(encrypted_message.headers.encoding || DEFAULT_ENCODING)
        end
      end
🔎 See on GitHub

encrypt(clean_text, key:, deterministic: false)

Encrypts the provided text and return an encrypted Message.

📝 Source code 
# File activerecord/lib/active_record/encryption/cipher.rb, line 15
      def encrypt(clean_text, key:, deterministic: false)
        cipher_for(key, deterministic: deterministic).encrypt(clean_text).tap do |message|
          message.headers.encoding = clean_text.encoding.name unless clean_text.encoding == DEFAULT_ENCODING
        end
      end
🔎 See on GitHub

iv_length()

📝 Source code 
# File activerecord/lib/active_record/encryption/cipher.rb, line 35
      def iv_length
        Aes256Gcm.iv_length
      end
🔎 See on GitHub

key_length()

📝 Source code 
# File activerecord/lib/active_record/encryption/cipher.rb, line 31
      def key_length
        Aes256Gcm.key_length
      end
🔎 See on GitHub