Class: ActiveRecord::Encryption::Encryptor
- Defined in:
- activerecord/lib/active_record/encryption/encryptor.rb
Overview
An encryptor exposes the encryption API that ActiveRecord::Encryption::EncryptedAttributeType uses for encrypting and decrypting attribute values.
It interacts with a KeyProvider for getting the keys, and delegate to ActiveRecord::Encryption::Cipher the actual encryption algorithm.
Direct Known Subclasses
Instance Method Summary collapse
-
#decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {}) ⇒ Object
Decrypts a
clean_text
and returns the result as clean text. -
#encrypt(clear_text, key_provider: default_key_provider, cipher_options: {}) ⇒ Object
Encrypts
clean_text
and returns the encrypted result. -
#encrypted?(text) ⇒ Boolean
Returns whether the text is encrypted or not.
Instance Method Details
#decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {}) ⇒ Object
Decrypts a clean_text
and returns the result as clean text
Options
- :key_provider
-
Key provider to use for the encryption operation. It will default to
ActiveRecord::Encryption.key_provider
when not provided - :cipher_options
-
Cipher-specific options that will be passed to the Cipher configured in
ActiveRecord::Encryption.cipher
52 53 54 55 56 57 58 59 |
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 52 def decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {}) = (encrypted_text) keys = key_provider.decryption_keys() raise Errors::Decryption unless keys.present? uncompress_if_needed(cipher.decrypt(, key: keys.collect(&:secret), **), .headers.compressed) rescue *(ENCODING_ERRORS + DECRYPT_ERRORS) raise Errors::Decryption end |
#encrypt(clear_text, key_provider: default_key_provider, cipher_options: {}) ⇒ Object
Encrypts clean_text
and returns the encrypted result
Internally, it will:
-
Create a new ActiveRecord::Encryption::Message
-
Compress and encrypt
clean_text
as the message payload -
Serialize it with
ActiveRecord::Encryption.message_serializer
(ActiveRecord::Encryption::SafeMarshal
by default) -
Encode the result with Base 64
Options
- :key_provider
-
Key provider to use for the encryption operation. It will default to
ActiveRecord::Encryption.key_provider
when not provided. - :cipher_options
-
Cipher-specific options that will be passed to the Cipher configured in
ActiveRecord::Encryption.cipher
34 35 36 37 38 39 |
# File 'activerecord/lib/active_record/encryption/encryptor.rb', line 34 def encrypt(clear_text, key_provider: default_key_provider, cipher_options: {}) clear_text = force_encoding_if_needed(clear_text) if [:deterministic] validate_payload_type(clear_text) (clear_text, key_provider: key_provider, cipher_options: ) end |