attr_encrypted gem not working in rails 6

Question

I was using attr_encrypted (1.3.3) in rails 4.1 in User model with following details

attr_encrypted :email, :key => 'some_key'

After upgrading the application to rails 6 attr_encrypted bumped to attr_encrypted (3.1.0) which uses encryptor (~> 3.0.0)

in the encryptor (~> 3.0.0) new validation has been introduced

raise ArgumentError.new("key must be #{cipher.key_len} bytes or longer") if options[:key].bytesize < cipher.key_len

which raises ArgumentError (key must be 32 bytes or longer) exception for my existing key

How can I attr_encrypted gem with rails 6 without breaking user functionality?

score 2 · Answer 1 · answered May 10 '20 at 21:17

To use the old behaviour in the application of attr-encrypted gem you have to use some more parameters

Before:

attr_encrypted :email, :key => 'some_key'

Now:

attr_encrypted :email, key: 'some_key', algorithm: 'aes-256-cbc', mode: :single_iv_and_salt, insecure_mode: true

If you have a key less than 32 bytes

insecure_mode: true

will allow you to use shorter key.

score 1 · Answer 2 · answered May 10 '20 at 13:53

1

That was a breaking change in version 2.0 of this gem. Default algorithm now "aes-256-gcm". More details here https://github.com/attr-encrypted/attr_encrypted#the-algorithm-option

answered May 10 '20 at 13:53

Sergii K

does that mean i have to change the "key: " won't it break the user_authentication with existing keys? – Bloomberg May 10 '20 at 19:15

2 Answers2