Bloomberg
Bloomberg

Reputation: 2367

attr_encrypted gem not working in rails 6

I was using attr_encrypted (1.3.3) in rails 4.1 in User model with following details

attr_encrypted :email, :key => 'some_key'

After upgrading the application to rails 6 attr_encrypted bumped to attr_encrypted (3.1.0) which uses encryptor (~> 3.0.0)

in the encryptor (~> 3.0.0) new validation has been introduced

raise ArgumentError.new("key must be #{cipher.key_len} bytes or longer") if options[:key].bytesize < cipher.key_len

which raises ArgumentError (key must be 32 bytes or longer) exception for my existing key

How can I attr_encrypted gem with rails 6 without breaking user functionality?

Upvotes: 2

Views: 1501

Answers (2)

Bloomberg
Bloomberg

Reputation: 2367

To use the old behaviour in the application of attr-encrypted gem you have to use some more parameters

Before:

attr_encrypted :email, :key => 'some_key'

Now:

attr_encrypted :email, key: 'some_key', algorithm: 'aes-256-cbc', mode: :single_iv_and_salt, insecure_mode: true

If you have a key less than 32 bytes

insecure_mode: true

will allow you to use shorter key.

Upvotes: 2

Sergii K
Sergii K

Reputation: 855

That was a breaking change in version 2.0 of this gem. Default algorithm now "aes-256-gcm". More details here https://github.com/attr-encrypted/attr_encrypted#the-algorithm-option

Upvotes: 1

Related Questions