Unable to require the use of random_iv by default for encryption
SpComb opened this issue · 3 comments
It should be possible to have SymmetricEncryption
use encrypt(random_iv: true)
by default, rather than having to enable it for each and every use of field :encrypted_foo, encrypted: { random_iv: true}
/ SymmetricEncryption.encrypt(foo, random_iv: true)
. IMO it would be better to explicitly use random_iv: false
for those special cases where you specifically want the encrypted values to be indexable, and you are wiling to consciously accept that security tradeoff... rather than the current model where you risk forgetting to enable it in some usages.
Currently, it is possible to configure a SymmetricEncryption.cipher = SymmetricEncryption::Cipher.new(cipher_name: 'aes-256-cbc', key: ..., always_add_header: true)
without supplying any iv: ...
, but this means that the OpenSSL::Cipher
ends up using a default IV of all zeroes if you forget to pass random_iv: true
. This could be considered a security weakness, and IMO any attempt to encrypt without either using a random IV or explicitly specifying an IV should raise an error instead. This could be an optional "strict" mode?
Feel free to submit a PR
I really like this capability, so clean and easy to use. Would you mind if I make a few changes to make it easier to use, and possibly make it the recommended approach for Rails 5 and above? Would also like to make random_iv: true
the default with this interface.
I agree about making the IV mandatory. I should have made that breaking change with v4, may have to wait for v5 😞
The new attribute type interface defaults to random_iv: true
. We can now also change the global setting to change the default to random_iv: true
for all encryption apis.
SymmetricEncryption.randomize_iv = true