Top Level Namespace
Defined Under Namespace
Modules: ActiveRecord, SymmetricEncryption Classes: SymmetricEncryptionValidator
Instance Method Summary collapse
-
#encrypted ⇒ Field
Add :encrypted option for Mongoid models.
Instance Method Details
#encrypted ⇒ Field
Add :encrypted option for Mongoid models
Example:
require 'mongoid'
require 'symmetric-encryption'
# Initialize Mongoid in a standalone environment. In a Rails app this is not required
Mongoid.logger = Logger.new($stdout)
Mongoid.load!('config/mongoid.yml')
# Initialize SymmetricEncryption in a standalone environment. In a Rails app this is not required
SymmetricEncryption.load!('config/symmetric-encryption.yml', 'test')
class Person
include Mongoid::Document
field :name, :type => String
field :encrypted_social_security_number, :type => String, :encrypted => true
field :age, :type => Integer
field :encrypted_life_history, :type => String, :encrypted => {:compress => true, :random_iv => true}
end
The above document results in the following document in the Mongo collection ‘persons’:
"name" : "Joe",
"encrypted_social_security_number" : "...",
"age" : 21
"encrypted_life_history" : "...",
Symmetric Encryption creates the getters and setters to be able to work with the field in it’s unencrypted form. For example
Example:
person = Person.where(:encrypted_social_security_number => '...').first
puts "Decrypted Social Security Number is: #{person.}"
# Or is the same as
puts "Decrypted Social Security Number is: #{SymmetricEncryption.decrypt(person.)}"
# Sets the encrypted_social_security_number to encrypted version
person. = "123456789"
# Or, is equivalent to:
person. = SymmetricEncryption.encrypt("123456789")
Note: Only “String” types are currently supported for encryption
Note: Unlike attr_encrypted finders must use the encrypted field name
Invalid Example, does not work:
person = Person.where(:social_security_number => '123456789').first
Valid Example:
person = Person.where(:encrypted_social_security_number => SymmetricEncryption.encrypt('123456789')).first
Defines all the fields that are accessible on the Document For each field that is defined, a getter and setter will be added as an instance method to the Document.
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 |
# File 'lib/symmetric_encryption/mongoid.rb', line 79 Mongoid::Fields.option :encrypted do |model, field, | if != false = .is_a?(Hash) ? .dup : {} field_name = field.name decrypt_as = .delete(:decrypt_as) if decrypt_as.nil? && field_name.to_s.start_with?('encrypted_') decrypt_as = field_name.to_s['encrypted_'.length..-1] else raise "SymmetricEncryption for Mongoid. Encryption enabled for field #{field_name}. It must either start with 'encrypted_' or the option :decrypt_as must be supplied" end random_iv = .delete(:random_iv) || false compress = .delete(:compress) || false # Generate getter and setter methods model.class_eval(<<-EOS, __FILE__, __LINE__ + 1) # Set the un-encrypted field # Also updates the encrypted field with the encrypted value def #{decrypt_as}=(value) @stored_#{field_name} = ::SymmetricEncryption.encrypt(value,#{random_iv},#{compress}) self.#{field_name} = @stored_#{field_name} @#{decrypt_as} = value.freeze end # Returns the decrypted value for the encrypted field # The decrypted value is cached and is only decrypted if the encrypted value has changed # If this method is not called, then the encrypted value is never decrypted def #{decrypt_as} if @stored_#{field_name} != self.#{field_name} @#{decrypt_as} = ::SymmetricEncryption.decrypt(self.#{field_name}).freeze @stored_#{field_name} = self.#{field_name} end @#{decrypt_as} end EOS end end |