Previously, Strongbox, my gem for using Public Key Encryption with ActiveRecord, allowed only one key pair for encrypting all of the records for a given ActiveRecord model. I’ve had a number of requests to make it possible to dynamically choose the keys on a per record basic and version 0.6.0 adds this feature.
The values of
:key_pair can be in one of the following formats:
A string containing path to a file. This is the default interpretation of a string.
A string contanting a key in PEM format, needs to match this the regex
/^-+BEGIN .* KEY-+$/
1 2 3
A symbol naming a method to call. Can return any of the other valid key formats.
1 2 3
An instance of
OpenSSL::PKey::RSA. Must be unlocked to be used as the private key.
1 2 3 4
Using this, you can automatically create per record public keys:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
Important Caveat -
Currently, Strongbox encrypts the attribute as soon as it’s assigned (this will change in version 1.0). The means that the public key must be available before the attribute is assigned, hence the use of
after_initialize to generate the key pair. Even so, this will fail if you do something like:
because the attributes are set before
after_initialize is called.
Instead, use something like:
1 2 3
Version 1.0 will allow you to control when the encryption occurs, making this less of an issue.