Class: Phronomy::StateStore::Encryptor::ActiveSupport

Inherits:

Base

• Object
• Base
• Phronomy::StateStore::Encryptor::ActiveSupport

Defined in:

lib/phronomy/state_store/encryptor/active_support.rb

Overview

Encryptor backed by ActiveSupport::MessageEncryptor.

Requires the +activesupport+ gem to be available in the host application. Does NOT require rails — any Ruby project that depends on activesupport can use this adapter.

Examples:

encryptor = Phronomy::StateStore::Encryptor::ActiveSupport.new(
  secret_key_base: ENV.fetch("SECRET_KEY_BASE")
)
store = Phronomy::StateStore::ActiveRecord.new(
  model_class: PhronomyState,
  encryptor: encryptor
)

Instance Method Summary

• #decrypt(ciphertext) ⇒ String

  Decrypts and verifies the ciphertext.

• #encrypt(plaintext) ⇒ String

  Encrypts the plaintext using AES-256-GCM.

• #initialize(secret_key_base:, cipher: "aes-256-gcm") ⇒ ActiveSupport constructor

  A new instance of ActiveSupport.

Constructor Details

#initialize(secret_key_base:, cipher: "aes-256-gcm") ⇒ ActiveSupport

Returns a new instance of ActiveSupport.

Parameters:

• secret_key_base (String) —

  secret used to derive the encryption key. Must be at least 30 random bytes (use +SecureRandom.hex(64)+ to generate).

• cipher (String) (defaults to: "aes-256-gcm") —

  OpenSSL cipher name (default: "aes-256-gcm").

Raises:

• (LoadError) —

  when activesupport is not available.

# File 'lib/phronomy/state_store/encryptor/active_support.rb', line 25

def initialize(secret_key_base:, cipher: "aes-256-gcm")
  require "active_support/message_encryptor"
  key = ::ActiveSupport::KeyGenerator.new(secret_key_base)
    .generate_key("phronomy state store", 32)
  @encryptor = ::ActiveSupport::MessageEncryptor.new(key, cipher: cipher)
end

Instance Method Details

#decrypt(ciphertext) ⇒ String

Decrypts and verifies the ciphertext.

Parameters:

• ciphertext (String)

Returns:

• (String) —

  the original plaintext

Raises:

• (ActiveSupport::MessageEncryptor::InvalidMessage) —

  on tampered data

# File 'lib/phronomy/state_store/encryptor/active_support.rb', line 43

def decrypt(ciphertext)
  @encryptor.decrypt_and_verify(ciphertext)
end

#encrypt(plaintext) ⇒ String

Encrypts the plaintext using AES-256-GCM.

Parameters:

• plaintext (String)

Returns:

• (String) —

  Base64-encoded authenticated ciphertext

# File 'lib/phronomy/state_store/encryptor/active_support.rb', line 35

def encrypt(plaintext)
  @encryptor.encrypt_and_sign(plaintext)
end