Comments (7)
@creativetags that's not a good idea. If you implement it like this, the salt will change between instances of that model because salt will be a new value each time. The value of salt and key need to stay the same or you will not be able to decrypt the data.
You should generate the key and salt via the code I sent you earlier, then place the string values in the model.
~ ➤ ruby -e "require 'securerandom'; puts SecureRandom.hex(64)"
5e89c42dbe6c000fcdc1e32ce7cc6fc296f41baaa9282a92a080359a0cb56294b59871f93c5e9f76411cc6ee557ab6c9f0a3421cd739a7210158dc1c19d516b9
~ ➤ ruby -e "require 'securerandom'; puts SecureRandom.hex(64)"
744ca2298ee91af3320281270d9a7b55925dcd605dbe58100e11276078747ea15c10ef38008d9bb30e0d3db372d14a3a26d115d8a43a084e9f717322f8ada6be
~ ➤
class Model < ActiveRecord::Base
crypt_keeper :field,
:encryptor => :mysql_aes_new,
:key => "5e89c42dbe6c000fcdc1e32ce7cc6fc296f41baaa9282a92a080359a0cb56294b59871f93c5e9f76411cc6ee557ab6c9f0a3421cd739a7210158dc1c19d516b9"
:salt => "744ca2298ee91af3320281270d9a7b55925dcd605dbe58100e11276078747ea15c10ef38008d9bb30e0d3db372d14a3a26d115d8a43a084e9f717322f8ada6be"
end
You can pass in the salt and key using ENV variables like you demonstrated above, they values just cant change.
Encryption is model level, you should be using the same key/salt for all columns.
from crypt_keeper.
@swaps19 thanks for the suggestion! I've opened #153 to get this added, likely to land in master next week.
from crypt_keeper.
@creativetags I would recommend at least 32, the above example uses 64. Salt and key should be two distinct random strings. Here is a simple way to generate a strong key and salt.
ruby -e "require 'securerandom'; puts SecureRandom.hex(64)"
Can you explain your column question in more detail?
from crypt_keeper.
Thanks @jmazzi. By 'column' I mean attribute in the database. Here's what I'm thinking of doing:
crypt_keeper :field, :encryptor => :mysql_aes_new, :key => ENV['TOKEN_KEY'], salt: SecureRandom.hex(64)
where TOKEN_KEY is like a SECRET_TOKEN that is SecureRandom.hex(64) generated one time.
from crypt_keeper.
Ok, great. That's what I wanted to know. Thanks
from crypt_keeper.
@creativetags no problem. I should mention that the key and salt are used to create a derived passphrase using PBKDF2. That's all it's used for.
from crypt_keeper.
@jmazzi It would be great if you place this information in the readme
file itself. As many new users might face this situation.
from crypt_keeper.
Related Issues (20)
- ActiveRecord::SubclassNotFound: Invalid single-table inheritance type: Firm is not a subclass of
- Feature Request: Sorting encrypted attributes
- Failure to support encryption for :string column type HOT 3
- jamming config.active_record.verbose_query_logs = true HOT 1
- Delayed job: ActiveSupport::MessageEncryptor::InvalidMessage HOT 15
- How to use WHERE LIKE queries on encrypted fields? HOT 1
- Rails 6 support HOT 1
- Rails 6 support HOT 9
- ActiveRecord send indavlid data to database using PostgresPgp with binary column type HOT 3
- undefined method `crypt_keeper' for CryptKeeper::Model::ClassMethods:Module
- String length validation for encrypted filed? HOT 3
- Support Rails 6.1.0 HOT 5
- ActiveSupport::MessageEncryptor::InvalidMessage after upgrading from Rails 5.2.6 to 6.0.4 HOT 2
- Devise & Crypt-Keeper for same model HOT 2
- Incorrect rails 7 dependency specified in Gemspec HOT 5
- crypt_keeper re-encrypts attributes on every save HOT 1
- Cannot have multiple encryptors on one model HOT 2
- Allow rails 7.0.X HOT 3
- `decrypt_table!` fails with unencrypted data
- crypt_keeper 2.3.0 not compatible with rails 7.0.8.4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crypt_keeper.