Rails implements field encrypted storage

Time:2021-10-30

programme

Before storage, it is encrypted and then stored in the database
After reading, decrypt with key

realization

Activesupport:: messageencryptor is a class implemented by rails based on OpenSSL encapsulation. It can be used to encrypt and decrypt an object. For example:

?
1
2
3
4
5
salt = SecureRandom.random_bytes(64)
key  = ActiveSupport::KeyGenerator.new('password').generate_key(salt) # => "\x89\xE0\x156\xAC..."
crypt = ActiveSupport::MessageEncryptor.new(key)            # => #<ActiveSupport::MessageEncryptor ...>
encrypted_data = crypt.encrypt_and_sign('my secret data')       # => "NlFBTTMwOUV5UlA1QlNEN2xkY2d6eThYWWh..."
crypt.decrypt_and_verify(encrypted_data)                # => "my secret data"

Serialize is a class method in rails activerecord, which can be used to execute how to store a column in the database and how to deal with it after reading it from the database, for example:

?
1
2
3
4
5
6
7
8
9
10
class User < ActiveRecord::Base
 serialize :preferences, Hash
end
 
user = User.new
user.preferences = {
 gender: 'male',
 age: 18
}
user.save!

In addition, rails allows you to customize the serializer, enabling developers to decide how to serialize and deserialize. For example:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
class CustomerSerializer
 def self.load(value)
  value.to_s.blank? ? "" : JSON.parse(value)
 end
 
 def self.dump(value)
  (value || {}).to_json
 end
end
 
class User < ActiveRecord::Base
 serialize :preferences, CustomerSerializer
end

Based on this, we can implement a serializer ourselves, so that we can encrypt and store the fields, and decrypt them when we read them out.

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
class EncryptedStringSerializer
 def self.load(value)
  value.to_s.blank? ? '' : decrypt(value)
 end
 
 def self.dump(value)
  encrypt(value || '')
 end
 
 private
 
 def self.encrypt(value)
  encryptor.encrypt_and_sign(value)
 end
 
 def self.decrypt(value)
  encryptor.decrypt_and_verify(value)
 end
 
 def self.encryptor
  @encryptor ||= ActiveSupport::MessageEncryptor.new(Settings.message_encryptor_key)
 end
end
 
class UserAddress < ActiveRecord::Base
 serialize :phone, EncryptedStringSerializer
 serialize :first_name, EncryptedStringSerializer
 serialize :last_name, EncryptedStringSerializer
 serialize :country, EncryptedStringSerializer
 serialize :state, EncryptedStringSerializer
 serialize :city, EncryptedStringSerializer
 serialize :address1, EncryptedStringSerializer
 serialize :address2, EncryptedStringSerializer
 serialize :zipcode, EncryptedStringSerializer
end

Points that can be improved

Is the key used for encryption and decryption too simple?
How to smooth the transition for existing data?

Recommended Today

JMeter – the difference between HTTP request following redirection and automatic redirection

Automatic redirection: After httpclient receives the request, if the request contains a redirection request, httpclient can jump automatically, but only for get and head requests. If this item is checked, the “follow redirection” will be invalid; Automatic redirection can automatically turn to the final target page, but JMeter does not record the content of the […]