module Sequel::Plugins::ColumnEncryption::ClassMethods

Attributes

column_encryption_metadata[R]

A hash with column symbol keys and ColumnEncryptionMetadata values for each encrypted column.

Private Instance Methods

_encrypt_column(column, opts) { || ... } click to toggle source

Setup encryption for the given column.

    # File lib/sequel/plugins/column_encryption.rb
631 def _encrypt_column(column, opts)
632   cryptor ||= if defined?(yield)
633     dsl = ColumnDSL.new
634     yield dsl
635     Cryptor.new(dsl.keys)
636   else
637     column_encryption_cryptor
638   end
639 
640   encrypt_method, search_prefixes_method, search_type = case searchable = opts[:searchable]
641   when nil, false
642     [:encrypt, nil, Cryptor::NOT_SEARCHABLE] 
643   when true
644     [:searchable_encrypt, :search_prefixes, Cryptor::SEARCHABLE] 
645   when :case_insensitive
646     [:case_insensitive_searchable_encrypt, :lowercase_search_prefixes, Cryptor::LOWERCASE_SEARCHABLE] 
647   else
648     raise Error, "invalid :searchable option for encrypted column: #{searchable.inspect}"
649   end
650 
651   if searchable && opts[:search_both]
652     search_prefixes_method = :regular_and_lowercase_search_prefixes
653   end
654 
655   # Setup the callables used in the metadata.
656   encryptor = cryptor.method(encrypt_method)
657   decryptor = cryptor.method(:decrypt)
658   data_searcher = cryptor.method(search_prefixes_method) if search_prefixes_method
659   key_searcher = lambda{cryptor.current_key_prefix(search_type)}
660 
661   if format = opts[:format]
662     if format.is_a?(Symbol)
663       unless format = Sequel.synchronize{Serialization::REGISTERED_FORMATS[format]}
664         raise(Error, "Unsupported serialization format: #{format} (valid formats: #{Sequel.synchronize{Serialization::REGISTERED_FORMATS.keys}.inspect})")
665       end
666     end
667 
668     # If a custom serialization format is used, override the
669     # callables to handle serialization and deserialization.
670     serializer, deserializer = format
671     enc, dec, data_s = encryptor, decryptor, data_searcher
672     encryptor = lambda do |data|
673       enc.call(serializer.call(data))
674     end
675     decryptor = lambda do |data|
676       deserializer.call(dec.call(data))
677     end
678     data_searcher = lambda do |data|
679       data_s.call(serializer.call(data))
680     end
681   end
682 
683   # Setup the setter and getter methods to do encryption and decryption using
684   # the serialization plugin.
685   serialize_attributes([encryptor, decryptor], column)
686 
687   column_encryption_metadata[column] = ColumnEncryptionMetadata.new(encryptor, decryptor, data_searcher, key_searcher).freeze
688 
689   nil
690 end
column_encryption_cryptor() click to toggle source

The default Cryptor to use for encrypted columns. This is only overridden if per-column keys are used.

    # File lib/sequel/plugins/column_encryption.rb
626 def column_encryption_cryptor
627   @column_encryption_cryptor ||= Cryptor.new(@column_encryption_keys)
628 end