demarches-normaliennes/app/services/encryption_service.rb

# frozen_string_literal: true

class EncryptionService
  def initialize
    len        = ActiveSupport::MessageEncryptor.key_len
    salt       = Rails.application.secrets.encryption_service_salt
    password   = Rails.application.secrets.secret_key_base
    key        = ActiveSupport::KeyGenerator.new(password).generate_key(salt, len)
    @encryptor = ActiveSupport::MessageEncryptor.new(key)

    # Remove after all encrypted attributes have been rotated.
    legacy_key = ActiveSupport::KeyGenerator.new(password, hash_digest_class: OpenSSL::Digest::SHA1).generate_key(salt, len)
    @encryptor.rotate legacy_key
  end

  def encrypt(value)
    value.blank? ? nil : @encryptor.encrypt_and_sign(value)
  end

  def decrypt(value)
    value.blank? ? nil : @encryptor.decrypt_and_verify(value)
  end
end
chore: enable freeze string literals by comment 2024-04-29 00:17:15 +02:00			`# frozen_string_literal: true`

Feat (API Particulier): new encryption service 2021-06-10 16:52:51 +02:00			`class EncryptionService`
			`def initialize`
			`len = ActiveSupport::MessageEncryptor.key_len`
			`salt = Rails.application.secrets.encryption_service_salt`
			`password = Rails.application.secrets.secret_key_base`
			`key = ActiveSupport::KeyGenerator.new(password).generate_key(salt, len)`
			`@encryptor = ActiveSupport::MessageEncryptor.new(key)`
chore(encryption): rotate key with new default digest (SHA256) 2024-08-22 16:59:50 +02:00
			`# Remove after all encrypted attributes have been rotated.`
			`legacy_key = ActiveSupport::KeyGenerator.new(password, hash_digest_class: OpenSSL::Digest::SHA1).generate_key(salt, len)`
			`@encryptor.rotate legacy_key`
Feat (API Particulier): new encryption service 2021-06-10 16:52:51 +02:00			`end`

			`def encrypt(value)`
			`value.blank? ? nil : @encryptor.encrypt_and_sign(value)`
			`end`

			`def decrypt(value)`
			`value.blank? ? nil : @encryptor.decrypt_and_verify(value)`
			`end`
			`end`