module Sequel::Plugins::ColumnEncryption::ClassMethods

Attributes

column_encryption_metadata[R]

A hash with column symbol keys and ColumnEncryptionMetadata values for each encrypted column.

Private Instance Methods

_encrypt_column(column, opts) { |dsl| ... } click to toggle source

Setup encryption for the given column.

    # File lib/sequel/plugins/column_encryption.rb
610 def _encrypt_column(column, opts)
611   cryptor ||= if block_given?
612     dsl = ColumnDSL.new
613     yield dsl
614     Cryptor.new(dsl.keys)
615   else
616     column_encryption_cryptor
617   end
618 
619   encrypt_method, search_prefixes_method, search_type = case searchable = opts[:searchable]
620   when nil, false
621     [:encrypt, nil, Cryptor::NOT_SEARCHABLE] 
622   when true
623     [:searchable_encrypt, :search_prefixes, Cryptor::SEARCHABLE] 
624   when :case_insensitive
625     [:case_insensitive_searchable_encrypt, :lowercase_search_prefixes, Cryptor::LOWERCASE_SEARCHABLE] 
626   else
627     raise Error, "invalid :searchable option for encrypted column: #{searchable.inspect}"
628   end
629 
630   if searchable && opts[:search_both]
631     search_prefixes_method = :regular_and_lowercase_search_prefixes
632   end
633 
634   # Setup the callables used in the metadata.
635   encryptor = cryptor.method(encrypt_method)
636   decryptor = cryptor.method(:decrypt)
637   data_searcher = cryptor.method(search_prefixes_method) if search_prefixes_method
638   key_searcher = lambda{cryptor.current_key_prefix(search_type)}
639 
640   if format = opts[:format]
641     if format.is_a?(Symbol)
642       unless format = Sequel.synchronize{Serialization::REGISTERED_FORMATS[format]}
643         raise(Error, "Unsupported serialization format: #{format} (valid formats: #{Sequel.synchronize{Serialization::REGISTERED_FORMATS.keys}.inspect})")
644       end
645     end
646 
647     # If a custom serialization format is used, override the
648     # callables to handle serialization and deserialization.
649     serializer, deserializer = format
650     enc, dec, data_s = encryptor, decryptor, data_searcher
651     encryptor = lambda do |data|
652       enc.call(serializer.call(data))
653     end
654     decryptor = lambda do |data|
655       deserializer.call(dec.call(data))
656     end
657     data_searcher = lambda do |data|
658       data_s.call(serializer.call(data))
659     end
660   end
661 
662   # Setup the setter and getter methods to do encryption and decryption using
663   # the serialization plugin.
664   serialize_attributes([encryptor, decryptor], column)
665 
666   column_encryption_metadata[column] = ColumnEncryptionMetadata.new(encryptor, decryptor, data_searcher, key_searcher).freeze
667 
668   nil
669 end
column_encryption_cryptor() click to toggle source

The default Cryptor to use for encrypted columns. This is only overridden if per-column keys are used.

    # File lib/sequel/plugins/column_encryption.rb
605 def column_encryption_cryptor
606   @column_encryption_cryptor ||= Cryptor.new(@column_encryption_keys)
607 end