Class: ActiveRecord::Encryption::Encryptor

Inherits:
Object
  • Object
show all
Defined in:
lib/active_record/encryption/encryptor.rb

Overview

An encryptor exposes the encryption API that ActiveRecord::Encryption::EncryptedAttributeType uses for encrypting and decrypting attribute values.

It interacts with a KeyProvider for getting the keys, and delegate to ActiveRecord::Encryption::Cipher the actual encryption algorithm.

Direct Known Subclasses

EncryptingOnlyEncryptor

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(compress: true, compressor: nil) ⇒ Encryptor

Options

:compress

Boolean indicating whether records should be compressed before encryption. Defaults to true.

:compressor

The compressor to use. It must respond to deflate and inflate. If not provided, will default to ActiveRecord::Encryption.config.compressor, which itself defaults to Zlib.



27
28
29
30
 
# File 'lib/active_record/encryption/encryptor.rb', line 27

def initialize(compress: true, compressor: nil)
  @compress = compress
  @compressor = compressor || ActiveRecord::Encryption.config.compressor
end

Instance Attribute Details

#compressorObject (readonly)

The compressor to use for compressing the payload.



15
16
17
 
# File 'lib/active_record/encryption/encryptor.rb', line 15

def compressor
  @compressor
end

Instance Method Details

#binary?Boolean

Returns:

  • (Boolean) 


86
87
88
 
# File 'lib/active_record/encryption/encryptor.rb', line 86

def binary?
  serializer.binary?
end

#compress?Boolean

:nodoc:

Returns:

  • (Boolean) 


90
91
92
 
# File 'lib/active_record/encryption/encryptor.rb', line 90

def compress? # :nodoc:
  @compress
end

#decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {}) ⇒ Object

Decrypts an encrypted_text and returns the result as clean text.

Options

:key_provider

Key provider to use for the encryption operation. It will default to ActiveRecord::Encryption.key_provider when not provided.

:cipher_options

Cipher-specific options that will be passed to the Cipher configured in ActiveRecord::Encryption.cipher.



69
70
71
72
73
74
75
76
 
# File 'lib/active_record/encryption/encryptor.rb', line 69

def decrypt(encrypted_text, key_provider: default_key_provider, cipher_options: {})
  message = deserialize_message(encrypted_text)
  keys = key_provider.decryption_keys(message)
  raise Errors::Decryption unless keys.present?
  uncompress_if_needed(cipher.decrypt(message, key: keys.collect(&:secret), **cipher_options), message.headers.compressed)
rescue *(ENCODING_ERRORS + DECRYPT_ERRORS)
  raise Errors::Decryption
end

#encrypt(clear_text, key_provider: default_key_provider, cipher_options: {}) ⇒ Object

Encrypts clean_text and returns the encrypted result.

Internally, it will:

  1. Create a new ActiveRecord::Encryption::Message.

  2. Compress and encrypt clean_text as the message payload.

  3. Serialize it with ActiveRecord::Encryption.message_serializer (ActiveRecord::Encryption::SafeMarshal by default).

  4. Encode the result with Base64.

Options

:key_provider

Key provider to use for the encryption operation. It will default to ActiveRecord::Encryption.key_provider when not provided.

:cipher_options

Cipher-specific options that will be passed to the Cipher configured in ActiveRecord::Encryption.cipher.



51
52
53
54
55
56
 
# File 'lib/active_record/encryption/encryptor.rb', line 51

def encrypt(clear_text, key_provider: default_key_provider, cipher_options: {})
  clear_text = force_encoding_if_needed(clear_text) if cipher_options[:deterministic]

  validate_payload_type(clear_text)
  serialize_message build_encrypted_message(clear_text, key_provider: key_provider, cipher_options: cipher_options)
end

#encrypted?(text) ⇒ Boolean

Returns whether the text is encrypted or not.

Returns:

  • (Boolean) 


79
80
81
82
83
84
 
# File 'lib/active_record/encryption/encryptor.rb', line 79

def encrypted?(text)
  deserialize_message(text)
  true
rescue Errors::Encoding, *DECRYPT_ERRORS
  false
end