The algorithm used for encrypting and decrypting Message objects.

It uses AES-256-GCM. It will generate a random IV for non deterministic encryption (default) or derive an initialization vector from the encrypted content for deterministic encryption.

See Cipher::Aes256Gcm.

Namespace

Class

Methods

Constants

DEFAULT_ENCODING = Encoding::UTF_8
 

Instance Public methods

decrypt(encrypted_message, key:)

Decrypt the provided Message.

When key is an Array, it will try all the keys raising a ActiveRecord::Encryption::Errors::Decryption if none works.

# File activerecord/lib/active_record/encryption/cipher.rb, line 25
def decrypt(encrypted_message, key:)
  try_to_decrypt_with_each(encrypted_message, keys: Array(key)).tap do |decrypted_text|
    decrypted_text.force_encoding(encrypted_message.headers.encoding || DEFAULT_ENCODING)
  end
end

encrypt(clean_text, key:, deterministic: false)

Encrypts the provided text and return an encrypted Message.

# File activerecord/lib/active_record/encryption/cipher.rb, line 15
def encrypt(clean_text, key:, deterministic: false)
  cipher_for(key, deterministic: deterministic).encrypt(clean_text).tap do |message|
    message.headers.encoding = clean_text.encoding.name unless clean_text.encoding == DEFAULT_ENCODING
  end
end

iv_length()

# File activerecord/lib/active_record/encryption/cipher.rb, line 35
def iv_length
  Aes256Gcm.iv_length
end

key_length()

# File activerecord/lib/active_record/encryption/cipher.rb, line 31
def key_length
  Aes256Gcm.key_length
end