instance method `decrypt`

Ruby on Rails 7.2.3

Since v7.0.10

Available in: v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2

Compare with:

decrypt(encrypted_message)

No documentation comment.

Parameters

encrypted_message req

Source

# File activerecord/lib/active_record/encryption/cipher/aes256_gcm.rb, line 55
        def decrypt(encrypted_message)
          encrypted_data = encrypted_message.payload
          iv = encrypted_message.headers.iv
          auth_tag = encrypted_message.headers.auth_tag

          # Currently the OpenSSL bindings do not raise an error if auth_tag is
          # truncated, which would allow an attacker to easily forge it. See
          # https://github.com/ruby/openssl/issues/63
          raise ActiveRecord::Encryption::Errors::EncryptedContentIntegrity if auth_tag.nil? || auth_tag.bytes.length != 16

          cipher = OpenSSL::Cipher.new(CIPHER_TYPE)

          cipher.decrypt
          cipher.key = @secret
          cipher.iv = iv

          cipher.auth_tag = auth_tag
          cipher.auth_data = ""

          decrypted_data = encrypted_data.empty? ? encrypted_data : cipher.update(encrypted_data)
          decrypted_data << cipher.final

          decrypted_data
        rescue OpenSSL::Cipher::CipherError, TypeError, ArgumentError
          raise ActiveRecord::Encryption::Errors::Decryption
        end

Defined in activerecord/lib/active_record/encryption/cipher/aes256_gcm.rb line 55 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActiveRecord::Encryption::Cipher::Aes256Gcm

Signature

Parameters