class ActiveRecord::Encryption::Cipher::Aes256Gcm

def decrypt(encrypted_message)

def decrypt(encrypted_message)
  encrypted_data = encrypted_message.payload
  iv = encrypted_message.headers.iv
  auth_tag = encrypted_message.headers.auth_tag
  # Currently the OpenSSL bindings do not raise an error if auth_tag is
  # truncated, which would allow an attacker to easily forge it. See
  # https://github.com/ruby/openssl/issues/63
  raise ActiveRecord::Encryption::Errors::EncryptedContentIntegrity if auth_tag.nil? || auth_tag.bytes.length != 16
  cipher = OpenSSL::Cipher.new(CIPHER_TYPE)
  cipher.decrypt
  cipher.key = @secret
  cipher.iv = iv
  cipher.auth_tag = auth_tag
  cipher.auth_data = ""
  decrypted_data = encrypted_data.empty? ? encrypted_data : cipher.update(encrypted_data)
  decrypted_data << cipher.final
  decrypted_data
rescue OpenSSL::Cipher::CipherError, TypeError, ArgumentError
  raise ActiveRecord::Encryption::Errors::Decryption
end

Instance Methods

# decrypt
# encrypt
# generate_deterministic_iv
# generate_iv
# initialize
# inspect
# iv_length
# key_length

Modules

Classes

class ActiveRecord::Encryption::Cipher::Aes256Gcm

def decrypt(encrypted_message)

Instance Methods