mongoid-encryptor
mongoid-encryptor encrypts and decrypts one or more fields in a Mongoid model.
Prerequisites
- ruby 1.9.2 or 1.9.3
- mongoid 2.0 or later
- activesupport 3.0 or later
Install
Put this line in your Gemfile:
gem 'mongoid-encryptor', :require => 'mongoid/encryptor'
Then bundle:
$ bundle
Quick Start
Set up SHA encrypted field in models like this:
class Credential
include Mongoid::Document
include Mongoid::Encryptor
field :password
encrypts :password
end
>> c = Credential.new
=> #<Credential _id: 4d6383aeb2de3cbea1000001, password: nil>
>> c.password = 'this is a secret'
=> "this is a secret"
>> c.password.encrypted?
=> false
>> c.save
=> true
>> c.password
=> "70a202166f0a78defe464d810f30b50b767cb89a"
>> c.password.encrypted?
=> true
>> c.password.cipher.salt
=> "salt"
>> c.password == 'this is a secret'
=> true
Symmetric encryption
Set up Symmetric encrypted field in models like this:
class Credential
include Mongoid::Document
include Mongoid::Encryptor
field :password
encrypts :password, :mode => :symmetric, :password => 'key'
end
>> c = Credential.new
=> #<Credential _id: 4d638b6db2de3cc2ca000001, password: nil>
>> c.password = 'this is a secret'
=> "this is a secret"
>> c.password.encrypted?
=> false
>> c.save
=> true
>> c.password
=> "y3HnNrU0HviAl3aw2sWH1KttBLsCLYP1\n"
>> c.password.encrypted?
=> true
>> c.password.cipher
=> #<EncryptedStrings::SymmetricCipher:0x000001016b1c08 @algorithm="DES-EDE3-CBC", @password="key">
>> c.password.cipher.password
=> "key"
>> c.password == 'this is a secret'
=> true
Asymmetric encryption
Set up Asymmetric encrypted field in models like this:
class Credential
include Mongoid::Document
include Mongoid::Encryptor
field :password
encrypts :password, :mode => :asymmetric,
:private_key_file => '/path/to/private_key',
:public_key_file => '/path/to/public_key'
end
>> c = Credential.new
=> #<Credential _id: 4d638ceab2de3cc3c1000001, password: nil>
>> c.password = 'this is a secret'
=> "this is a secret"
>> c.password.encrypted?
=> false
>> c.save
=> true
>> c.password
=> "ha/2EacZTmvAIHOSjFEshM+9UHUItB/wGKJ5ftClQDllA9SOBJJazTlsMS9m\nPd5W3goZbY9V2dDdNo4NgQ0e8VsG0dpcvOIrua/ye+jX3e+0ocevcnOH9PL9\n8C5P8caOD/sKlKLTI0Dr1v/6d/f0Q4UuPQyTh3d4aEWyagypWyQ=\n"
>> c.password.encrypted?
=> true
>> c.password == 'this is a secret'
=> true
You can generate keypair like this:
$ openssl genrsa -des3 -out private 1024 # generate private key
$ openssl rsa -in private -pubout -out public # generate public key
$ mv private private.bak
$ openssl rsa -in private.bak -out private # remove passphrase from private key
$ ls -l
-rw-r--r-- 1 juno staff 887 2 22 19:20 private
-rw-r--r-- 1 juno staff 963 2 22 19:19 private.bak
-rw-r--r-- 1 juno staff 272 2 22 19:19 public
Questions, Feedback
github/juno or @junya.
References
Copyright
(c) 2011 Junya Ogura. See LICENSE.txt for further details.