class ActiveRecord::Encryption::Cipher
The algorithm used for encrypting and decrypting Message
objects.
It uses AES-256-GCM. It will generate a random IV for non deterministic encryption (default) or derive an initialization vector from the encrypted content for deterministic encryption.
See Cipher::Aes256Gcm
.
Constants
Public instance methods
Decrypt the provided Message
.
When key
is an Array, it will try all the keys raising a ActiveRecord::Encryption::Errors::Decryption
if none works.
Source code GitHub
# File activerecord/lib/active_record/encryption/cipher.rb, line 25
def decrypt(encrypted_message, key:)
try_to_decrypt_with_each(encrypted_message, keys: Array(key)).tap do |decrypted_text|
decrypted_text.force_encoding(encrypted_message.headers.encoding || DEFAULT_ENCODING)
end
end
Encrypts the provided text and return an encrypted Message
.
Source code GitHub
# File activerecord/lib/active_record/encryption/cipher.rb, line 15
def encrypt(clean_text, key:, deterministic: false)
cipher_for(key, deterministic: deterministic).encrypt(clean_text).tap do |message|
message.headers.encoding = clean_text.encoding.name unless clean_text.encoding == DEFAULT_ENCODING
end
end
Source code GitHub
# File activerecord/lib/active_record/encryption/cipher.rb, line 35
def iv_length
Aes256Gcm.iv_length
end
Source code GitHub
# File activerecord/lib/active_record/encryption/cipher.rb, line 31
def key_length
Aes256Gcm.key_length
end