37 lines
949 B
Ruby
37 lines
949 B
Ruby
require 'openssl'
|
|
|
|
# This module is useful for encrypting columns into the database
|
|
# For the encrypted column, store it as "text" types
|
|
|
|
# .key is stored in ENV['CYPHER_KEY']
|
|
# .iv, .auth_tag both are stored with the encrypted data
|
|
|
|
module Cypher
|
|
|
|
def self.encrypt(data)
|
|
cipher = create_cipher
|
|
cipher.encrypt
|
|
cipher.key = Base64.decode64(ENV['CYPHER_KEY'])
|
|
iv = cipher.random_iv
|
|
encrypted = cipher.update(data) + cipher.final
|
|
return {iv: Base64.encode64(iv), key: Base64.encode64(encrypted)}
|
|
end
|
|
|
|
# hash must have properties for :iv and :key
|
|
def self.decrypt(hash)
|
|
iv, encrypted = [Base64.decode64(hash['iv']), Base64.decode64(hash['key'])]
|
|
decipher = create_cipher
|
|
decipher.decrypt
|
|
decipher.key = Base64.decode64(ENV['CYPHER_KEY'])
|
|
decipher.iv = iv
|
|
|
|
return decipher.update(encrypted) + decipher.final
|
|
end
|
|
|
|
private
|
|
|
|
def self.create_cipher
|
|
OpenSSL::Cipher::AES256.new(:CBC)
|
|
end
|
|
|
|
end
|