method

decrypt

v8.0.0 - Show latest stable - Class: ActiveRecord::Encryption::Cipher::Aes256Gcm

decrypt(encrypted_message)

public

No documentation available.

# File activerecord/lib/active_record/encryption/cipher/aes256_gcm.rb, line 55
        def decrypt(encrypted_message)
          encrypted_data = encrypted_message.payload
          iv = encrypted_message.headers.iv
          auth_tag = encrypted_message.headers.auth_tag

          # Currently the OpenSSL bindings do not raise an error if auth_tag is
          # truncated, which would allow an attacker to easily forge it. See
          # https://github.com/ruby/openssl/issues/63
          raise ActiveRecord::Encryption::Errors::EncryptedContentIntegrity if auth_tag.nil? || auth_tag.bytes.length != 16

          cipher = OpenSSL::Cipher.new(CIPHER_TYPE)

          cipher.decrypt
          cipher.key = @secret
          cipher.iv = iv

          cipher.auth_tag = auth_tag
          cipher.auth_data = ""

          decrypted_data = encrypted_data.empty? ? encrypted_data : cipher.update(encrypted_data)
          decrypted_data << cipher.final

          decrypted_data
        rescue OpenSSL::Cipher::CipherError, TypeError, ArgumentError
          raise ActiveRecord::Encryption::Errors::Decryption
        end

decrypt

Related methods