Comments (11)
@ankane I'd be really interested in streaming encryption. Let me know if I can help.
from lockbox.
Hey @cj, sorry for the long delay. If this is still interesting, can you explain a bit about your use case? (I'm a bit hesitant to add since most of the time files fit into memory).
from lockbox.
I would love to see per user encryption based on their password (password-derived key)
from lockbox.
Hey @hovancik, can you explain more about your use case and how you'd like it to work?
from lockbox.
@ankane I would like to use so called Password Based Encryption, where usually encryption key is generated from user's password. This is usually used for that.
Example users of this are ie Firefox accounts, Lastpass master password etc.
from lockbox.
Password-based encryption should happen on the client (here's the LastPass architecture), so I'm not sure it's common to be implemented in Ruby. That being said, you can already use PBKDF2 or Argon2 (more secure) for key derivation and then pass the key to Lockbox.
from lockbox.
@ankane, Loved how easy this was to setup in an existing application - thank you.
One idea, I use pg_search in my application to search for documents and I'm unable to use the searching algorithm with the newly encrypted db columns.
Any thoughts on getting this to work with the pg_search gem or maybe gems like that one?
For example, in my model, I have:
encrypts :title, :body
blind_index :title, :body
pg_search_scope :kinda_spelled_like,
:against => [:title, :body],
:using => {
:tsearch => {
:prefix => true,
dictionary: "english"
}
}
But when I search, it says it can't find the "title" or "body" column. If I do a super basic query without using pg_search, it seems to query the table just fine - like you mentioned in your readme. But, I would like to use this pg_search gem because of the complex queries you can do with searching.
from lockbox.
Hey @sgriff44, I'm not aware of a way to do efficient searching without leaking significant information about the data. If the number of records is small, you can load all records, decrypt them, and search in memory. If it's larger, you can use an expression blind index to narrow it down, and then search in memory (this approach leaks which records have the same value of the expression).
Edit: fuzzy_match is one option for searching in memory.
from lockbox.
Just fyi, I've expanded on full text searching here: https://github.com/ankane/blind_index#like-ilike-and-full-text-searching
from lockbox.
Great gem and very easy to get set up. How about dynamic type
s for when the type is configurable based on the model instance?
encrypts :notes, type: -> { get_type }
def get_type
# this will return one of the allowed types, such as :string, :integer, :float, etc...
end
from lockbox.
Hey @eafif, sorry for the delay. I don't think it's common enough to add.
Also, moving ideas to #155.
from lockbox.
Related Issues (20)
- upsert and upsert_all support for ActiveRecord HOT 1
- Undefined method 'has_encrypted' HOT 1
- Active Record - Migrating Existing Data HOT 2
- Rotating master key gives ActiveRecord::RecordNotSaved HOT 1
- Decryption using PHP is not Working HOT 4
- Access to the unencrypted attachable when using ActiveStorage HOT 2
- [Question] - Migrating from `attr_encrypted` with `marshal: true` HOT 3
- Lockbox raises MissingAttributeError when encrypted attribute is backed by store_attribute when using select HOT 1
- `Lockbox.rotate` bypasses `default_scope` if passed a model HOT 1
- GCM-SIV HOT 1
- Devise Invalid Credentials after table name changed HOT 3
- Search in encrypted data HOT 1
- Unable to rotate encryption for fields having custom key_table HOT 2
- Idea: console1984 integration
- Missing keyword: :coder error for Rails 7.1 when using `has_encrypted :name, type: :array` HOT 3
- Corrupted strings on save + reload with multi-byte UTF-8 characters with ActionText::RichText on Rails 7.1 HOT 5
- Idea: Don't return virtual attributes in attribute methods unless the ciphertext attribute is present HOT 2
- update_all doesnt work with Lockbox after deleting old column. HOT 2
- How to force migration again.
- Use with bcrypt HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lockbox.