ActiveRecord::Encryption::Encryptor

An encryptor exposes the encryption API that ActiveRecord::Encryption::EncryptedAttributeType uses for encrypting and decrypting attribute values.

It interacts with a KeyProvider for getting the keys, and delegate to ActiveRecord::Encryption::Cipher the actual encryption algorithm.

Methods

D

decrypt

E

encrypt,
encrypted?

Constants

DECRYPT_ERRORS	=	[OpenSSL::Cipher::CipherError, Errors::EncryptedContentIntegrity, Errors::Decryption]

ENCODING_ERRORS	=	[EncodingError, Errors::Encoding]

THRESHOLD_TO_JUSTIFY_COMPRESSION	=	140.bytes

Instance Public methods

decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {}) Link

Decrypts a clean_text and returns the result as clean text

Options

:key_provider: Key provider to use for the encryption operation. It will default to ActiveRecord::Encryption.key_provider when not provided
:cipher_options: Cipher-specific options that will be passed to the Cipher configured in ActiveRecord::Encryption.cipher

Source: show

# File activerecord/lib/active_record/encryption/encryptor.rb, line 52
def decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {})
  message = deserialize_message(encrypted_text)
  keys = key_provider.decryption_keys(message)
  raise Errors::Decryption unless keys.present?
  uncompress_if_needed(cipher.decrypt(message, key: keys.collect(&:secret), **cipher_options), message.headers.compressed)
rescue *(ENCODING_ERRORS + DECRYPT_ERRORS)
  raise Errors::Decryption
end

encrypt(clear_text, key_provider: default_key_provider, cipher_options: {}) Link

Encrypts clean_text and returns the encrypted result

Internally, it will:

Create a new ActiveRecord::Encryption::Message
Compress and encrypt clean_text as the message payload
Serialize it with ActiveRecord::Encryption.message_serializer (ActiveRecord::Encryption::SafeMarshal by default)
Encode the result with Base 64

Options

:key_provider: Key provider to use for the encryption operation. It will default to ActiveRecord::Encryption.key_provider when not provided.
:cipher_options: Cipher-specific options that will be passed to the Cipher configured in ActiveRecord::Encryption.cipher

Source: show

# File activerecord/lib/active_record/encryption/encryptor.rb, line 34
def encrypt(clear_text, key_provider: default_key_provider, cipher_options: {})
  clear_text = force_encoding_if_needed(clear_text) if cipher_options[:deterministic]

  validate_payload_type(clear_text)
  serialize_message build_encrypted_message(clear_text, key_provider: key_provider, cipher_options: cipher_options)
end

encrypted?(text) Link

Returns whether the text is encrypted or not

Source: show

# File activerecord/lib/active_record/encryption/encryptor.rb, line 62
def encrypted?(text)
  deserialize_message(text)
  true
rescue Errors::Encoding, *DECRYPT_ERRORS
  false
end

Class ActiveRecord::Encryption::Encryptor < Object

Constants

Instance Public methods

decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {}) Link

Options

encrypt(clear_text, key_provider: default_key_provider, cipher_options: {}) Link

Options

encrypted?(text) Link