40 lines
1.1 KiB
Ruby
40 lines
1.1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
|
|
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
|
|
require 'openssl'
|
|
|
|
# This module is useful for encrypting columns into the database
|
|
# For the encrypted column, store it as "text" types
|
|
|
|
# .key is stored in ENV['CYPHER_KEY']
|
|
# .iv, .auth_tag both are stored with the encrypted data
|
|
|
|
module Cypher
|
|
def self.encrypt(data)
|
|
cipher = create_cipher
|
|
cipher.encrypt
|
|
cipher.key = Base64.decode64(ENV['CYPHER_KEY'])
|
|
iv = cipher.random_iv
|
|
encrypted = cipher.update(data) + cipher.final
|
|
{ iv: Base64.encode64(iv), key: Base64.encode64(encrypted) }
|
|
end
|
|
|
|
# hash must have properties for :iv and :key
|
|
def self.decrypt(hash)
|
|
iv = Base64.decode64(hash['iv'])
|
|
encrypted = Base64.decode64(hash['key'])
|
|
decipher = create_cipher
|
|
decipher.decrypt
|
|
decipher.key = Base64.decode64(ENV['CYPHER_KEY'])
|
|
decipher.iv = iv
|
|
|
|
decipher.update(encrypted) + decipher.final
|
|
end
|
|
|
|
private
|
|
|
|
def self.create_cipher
|
|
OpenSSL::Cipher::AES256.new(:CBC)
|
|
end
|
|
end
|