Rails implements field encryption storage and rails field Encryption

Source: Internet
Author: User
Tags crypt

Rails implements field encryption storage and rails field Encryption

Solution

Data is encrypted before being stored in the database.
The KEY is used for decryption after reading.

Implementation

ActiveSupport: MessageEncryptor is a class implemented by Rails Based on openssl encapsulation. It can be used to encrypt and decrypt an object. For example:

salt = SecureRandom.random_bytes(64)key  = ActiveSupport::KeyGenerator.new('password').generate_key(salt) # => "\x89\xE0\x156\xAC..."crypt = ActiveSupport::MessageEncryptor.new(key)            # => #<ActiveSupport::MessageEncryptor ...>encrypted_data = crypt.encrypt_and_sign('my secret data')       # => "NlFBTTMwOUV5UlA1QlNEN2xkY2d6eThYWWh..."crypt.decrypt_and_verify(encrypted_data)                # => "my secret data"

Serialize is a class method in Rails ActiveRecord. It can be used to execute how a column is stored in the database and how to handle it after it is read from the database. For example:

class User < ActiveRecord::Base serialize :preferences, Hashenduser = User.newuser.preferences = { gender: 'male', age: 18}user.save!

In addition, Rails allows custom Serizlizer, allowing developers to determine how to perform serialization and deserialization on their own. For example:

class CustomerSerializer def self.load(value)  value.to_s.blank? ? "" : JSON.parse(value) end def self.dump(value)  (value || {}).to_json endendclass User < ActiveRecord::Base serialize :preferences, CustomerSerializerend

Based on this, we can implement a serializer by ourselves, so that we can encrypt and store fields and decrypt the fields when reading them.

class EncryptedStringSerializer def self.load(value)  value.to_s.blank? ? '' : decrypt(value) end def self.dump(value)  encrypt(value || '') end private def self.encrypt(value)  encryptor.encrypt_and_sign(value) end def self.decrypt(value)  encryptor.decrypt_and_verify(value) end def self.encryptor  @encryptor ||= ActiveSupport::MessageEncryptor.new(Settings.message_encryptor_key) endendclass UserAddress < ActiveRecord::Base serialize :phone, EncryptedStringSerializer serialize :first_name, EncryptedStringSerializer serialize :last_name, EncryptedStringSerializer serialize :country, EncryptedStringSerializer serialize :state, EncryptedStringSerializer serialize :city, EncryptedStringSerializer serialize :address1, EncryptedStringSerializer serialize :address2, EncryptedStringSerializer serialize :zipcode, EncryptedStringSerializerend

Improvements

Is the KEY used for encryption and decryption too simple?
How can we smoothly transition existing data?

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.