Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

mongoid-encryptor encrypts and decrypts one or more fields in a Mongoid model.

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 lib
Octocat-spinner-32 spec
Octocat-spinner-32 .gitignore
Octocat-spinner-32 .rspec
Octocat-spinner-32 .travis.yml
Octocat-spinner-32 CHANGELOG.md
Octocat-spinner-32 Gemfile
Octocat-spinner-32 LICENSE
Octocat-spinner-32 README.md
Octocat-spinner-32 Rakefile
Octocat-spinner-32 mongoid-encryptor.gemspec
README.md

mongoid-encryptor

Build Status

mongoid-encryptor encrypts and decrypts one or more fields in a Mongoid model.

Prerequisites

  • ruby 1.9.2 or 1.9.3
  • mongoid 2.0 or later
  • activesupport 3.0 or later

Install

Put this line in your Gemfile:

gem 'mongoid-encryptor', :require => 'mongoid/encryptor'

Then bundle:

$ bundle

Quick Start

Set up SHA encrypted field in models like this:

class Credential
  include Mongoid::Document
  include Mongoid::Encryptor
  field :password
  encrypts :password
end

>> c = Credential.new
=> #<Credential _id: 4d6383aeb2de3cbea1000001, password: nil>
>> c.password = 'this is a secret'
=> "this is a secret"
>> c.password.encrypted?
=> false
>> c.save
=> true

>> c.password
=> "70a202166f0a78defe464d810f30b50b767cb89a"
>> c.password.encrypted?
=> true
>> c.password.cipher.salt
=> "salt"
>> c.password == 'this is a secret'
=> true

Symmetric encryption

Set up Symmetric encrypted field in models like this:

class Credential
  include Mongoid::Document
  include Mongoid::Encryptor
  field :password
  encrypts :password, :mode => :symmetric, :password => 'key'
end

>> c = Credential.new
=> #<Credential _id: 4d638b6db2de3cc2ca000001, password: nil>
>> c.password = 'this is a secret'
=> "this is a secret"
>> c.password.encrypted?
=> false
>> c.save
=> true

>> c.password
=> "y3HnNrU0HviAl3aw2sWH1KttBLsCLYP1\n"
>> c.password.encrypted?
=> true
>> c.password.cipher
=> #<EncryptedStrings::SymmetricCipher:0x000001016b1c08 @algorithm="DES-EDE3-CBC", @password="key">
>> c.password.cipher.password
=> "key"
>> c.password == 'this is a secret'
=> true

Asymmetric encryption

Set up Asymmetric encrypted field in models like this:

class Credential
  include Mongoid::Document
  include Mongoid::Encryptor
  field :password
  encrypts :password, :mode => :asymmetric,
    :private_key_file => '/path/to/private_key',
    :public_key_file => '/path/to/public_key'
end

>> c = Credential.new
=> #<Credential _id: 4d638ceab2de3cc3c1000001, password: nil>
>> c.password = 'this is a secret'
=> "this is a secret"
>> c.password.encrypted?
=> false
>> c.save
=> true

>> c.password
=> "ha/2EacZTmvAIHOSjFEshM+9UHUItB/wGKJ5ftClQDllA9SOBJJazTlsMS9m\nPd5W3goZbY9V2dDdNo4NgQ0e8VsG0dpcvOIrua/ye+jX3e+0ocevcnOH9PL9\n8C5P8caOD/sKlKLTI0Dr1v/6d/f0Q4UuPQyTh3d4aEWyagypWyQ=\n"
>> c.password.encrypted?
=> true
>> c.password == 'this is a secret'
=> true

You can generate keypair like this:

$ openssl genrsa -des3 -out private 1024  # generate private key
$ openssl rsa -in private -pubout -out public  # generate public key
$ mv private private.bak
$ openssl rsa -in private.bak -out private  # remove passphrase from private key
$ ls -l
-rw-r--r--   1 juno  staff   887  2 22 19:20 private
-rw-r--r--   1 juno  staff   963  2 22 19:19 private.bak
-rw-r--r--   1 juno  staff   272  2 22 19:19 public

Questions, Feedback

github/juno or @junya.

References

Copyright

(c) 2011 Junya Ogura. See LICENSE.txt for further details.

Something went wrong with that request. Please try again.