Detect encryption version of an encrypted attribute

[benebrice]

Hello,

I'm currently trying to implement the gem.
It's perfectly working but during my tests, I was not able to define which version of encryption key has been used to encrypt the attribute.
Current encrypted key seems to be the current version all the time but te decryption is working with data encrypted with both version 1 and version2.

I'm also wondering what will happen if an attribute has been encrypted with version 1 and another with version 2. Is there any problem in the futur?

[reidmorrison]

To use a specific encryption key to encrypt data in tests, manually select the cipher to use. For example to encrypt using the version 1 key:

SymmetricEncryption.cipher(1).encrypt("hello")

There is no issue with having data encrypted with different key versions.
By default, the encrypted data includes a header that specifies which version of the key was used to encrypt the data. When the data is decrypted it will use the correct key version during decryption.
As long as that key version is still in the configuration file it will be able to decrypt data encrypted using that key.

[benebrice]

Thank you for your answer. Your response is very clear.
One more thing, I did not find any documentation to generate several keys in development. This means I cannot test the rotation until a production deploy.
Did I miss something?

[reidmorrison]

In development the keys are just stored in the clear in the config file. You can just copy the existing key, give it a different version number and swap one or two characters for testing purposes.