0.9.0.pre - unable to use AES encryptor with AR object when field is nil or empty-string #34

Capncavedan · 2013-04-03T12:13:07Z

I gave 0.9.0.pre a test run yesterday, and found a change in behavior from 0.8.0 in that it throws an exception when attempting to save an AR object where the crypt_keeper field is nil.

I'd previously noticed a problem with AR objects and empty strings.

Researching AES just a little bit, it seems AES cannot encrypt an empty string. I'm not sure how other projects/libraries handle it (mysql AES encryption for example works on an empty string).

I suggest we modify the AES encryptor to return nils and empty-strings as-is, like so:

      # Public: Decrypt a string
      #
      # Returns a string
      def decrypt(value)
        return nil if value.nil?
        return '' if value == ''
        ...
      end


      # Public: Encrypt a string
      #
      # Returns a string
      def encrypt(value)
        return nil if value.nil?
        return '' if value == ''
        ...
      end

I'm happy to submit a pull request for this if you agree this should happen.

The text was updated successfully, but these errors were encountered:

jmazzi · 2013-04-11T21:20:55Z

closed by #35

jmazzi closed this as completed Apr 11, 2013

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

0.9.0.pre - unable to use AES encryptor with AR object when field is nil or empty-string #34

0.9.0.pre - unable to use AES encryptor with AR object when field is nil or empty-string #34

Capncavedan commented Apr 3, 2013

jmazzi commented Apr 11, 2013

0.9.0.pre - unable to use AES encryptor with AR object when field is nil or empty-string #34

0.9.0.pre - unable to use AES encryptor with AR object when field is nil or empty-string #34

Comments

Capncavedan commented Apr 3, 2013

jmazzi commented Apr 11, 2013