方案
存儲前,加密后再存儲到數(shù)據(jù)庫
讀取后�����,利用 KEY 進行解密
實現(xiàn)
ActiveSupport::MessageEncryptor 是 Rails 基于 openssl 封裝實現(xiàn)的一個類�,可用于對一個對象進行加密、解密操作��。例如:
salt = SecureRandom.random_bytes(64)
key = ActiveSupport::KeyGenerator.new('password').generate_key(salt) # => "\x89\xE0\x156\xAC..."
crypt = ActiveSupport::MessageEncryptor.new(key) # => #ActiveSupport::MessageEncryptor ...>
encrypted_data = crypt.encrypt_and_sign('my secret data') # => "NlFBTTMwOUV5UlA1QlNEN2xkY2d6eThYWWh..."
crypt.decrypt_and_verify(encrypted_data) # => "my secret data"
serialize 是 Rails ActiveRecord 里的一個類方法����,可用于執(zhí)行一個 column 如何存儲到數(shù)據(jù)庫,以及從數(shù)據(jù)庫讀取出來后要如何處理�,例如:
class User ActiveRecord::Base
serialize :preferences, Hash
end
user = User.new
user.preferences = {
gender: 'male',
age: 18
}
user.save!
另外,Rails 還允許自定義 Serizlizer��,使得開發(fā)者能夠自行決定如何做進行序列化和反序列化。例如:
class CustomerSerializer
def self.load(value)
value.to_s.blank? ? "" : JSON.parse(value)
end
def self.dump(value)
(value || {}).to_json
end
end
class User ActiveRecord::Base
serialize :preferences, CustomerSerializer
end
基于此�,我們可以自己實現(xiàn)一個 serializer,使得我們能夠進行對字段進行加密存儲���,同時讀取出來時能夠自行進行解密�����。
class EncryptedStringSerializer
def self.load(value)
value.to_s.blank? ? '' : decrypt(value)
end
def self.dump(value)
encrypt(value || '')
end
private
def self.encrypt(value)
encryptor.encrypt_and_sign(value)
end
def self.decrypt(value)
encryptor.decrypt_and_verify(value)
end
def self.encryptor
@encryptor ||= ActiveSupport::MessageEncryptor.new(Settings.message_encryptor_key)
end
end
class UserAddress ActiveRecord::Base
serialize :phone, EncryptedStringSerializer
serialize :first_name, EncryptedStringSerializer
serialize :last_name, EncryptedStringSerializer
serialize :country, EncryptedStringSerializer
serialize :state, EncryptedStringSerializer
serialize :city, EncryptedStringSerializer
serialize :address1, EncryptedStringSerializer
serialize :address2, EncryptedStringSerializer
serialize :zipcode, EncryptedStringSerializer
end
可以改進的點
加解密用的 KEY 是否過于簡單�?
針對現(xiàn)有數(shù)據(jù)����,如何平滑過渡�?
