You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm currently trying to implement the gem.
It's perfectly working but during my tests, I was not able to define which version of encryption key has been used to encrypt the attribute.
Current encrypted key seems to be the current version all the time but te decryption is working with data encrypted with both version 1 and version2.
I'm also wondering what will happen if an attribute has been encrypted with version 1 and another with version 2. Is there any problem in the futur?
The text was updated successfully, but these errors were encountered:
To use a specific encryption key to encrypt data in tests, manually select the cipher to use. For example to encrypt using the version 1 key:
SymmetricEncryption.cipher(1).encrypt("hello")
There is no issue with having data encrypted with different key versions.
By default, the encrypted data includes a header that specifies which version of the key was used to encrypt the data. When the data is decrypted it will use the correct key version during decryption.
As long as that key version is still in the configuration file it will be able to decrypt data encrypted using that key.
Thank you for your answer. Your response is very clear.
One more thing, I did not find any documentation to generate several keys in development. This means I cannot test the rotation until a production deploy.
Did I miss something?
In development the keys are just stored in the clear in the config file. You can just copy the existing key, give it a different version number and swap one or two characters for testing purposes.
Hello,
I'm currently trying to implement the gem.
It's perfectly working but during my tests, I was not able to define which version of encryption key has been used to encrypt the attribute.
Current encrypted key seems to be the current version all the time but te decryption is working with data encrypted with both
version 1
andversion2
.I'm also wondering what will happen if an attribute has been encrypted with
version 1
and another withversion 2
. Is there any problem in the futur?The text was updated successfully, but these errors were encountered: