Method: ActiveRecord::Encryption::Cipher::Aes256Gcm#encrypt

Defined in:
activerecord/lib/active_record/encryption/cipher/aes256_gcm.rb

#encrypt(clear_text) ⇒ Object 



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'activerecord/lib/active_record/encryption/cipher/aes256_gcm.rb', line 34

def encrypt(clear_text)
  # This code is extracted from +ActiveSupport::MessageEncryptor+. Not using it directly because we want to control
  # the message format and only serialize things once at the +ActiveRecord::Encryption::Message+ level. Also, this
  # cipher is prepared to deal with deterministic/non deterministic encryption modes.

  cipher = OpenSSL::Cipher.new(CIPHER_TYPE)
  cipher.encrypt
  cipher.key = @secret

  iv = generate_iv(cipher, clear_text)
  cipher.iv = iv

  encrypted_data = clear_text.empty? ? clear_text.dup : cipher.update(clear_text)
  encrypted_data << cipher.final

  ActiveRecord::Encryption::Message.new(payload: encrypted_data).tap do |message|
    message.headers.iv = iv
    message.headers.auth_tag = cipher.auth_tag
  end
end