A Rubygem to secure the file uploaded by encrypting the file later on decrypting when needed. Completely secure and depends on Ruby 2.0.0 OpenSSL::Cipher and OpenSSL::PKCS5
You can find a Sample application with usage here.
OpenSSL::Cipher
Provides symmetric algorithms for encryption and decryption.
OpenSSL::PKCS5
Provides password-based encryption functionality based on PKCS#5.
Add the gem to the Gemfile:
gem 'carrierwave_encrypter_decrypter'
bundle install
Start off by trigerring the installer
rails g ced:install
This will create a initializer carrierwave_encrypter_decrypter
create config/initializers/carrierwave_encrypter_decrypter.rb
and a carrierwave_encrypter_decrypter.yml
create config/carrierwave_encrypter_decrypter.yml
the above will be used when you have the encryption_type
as pkcs5
.
The Gem support 2 ways OpenSSL::Cipher and OpenSSL::PKCS5
if you want to go with standard encryption in your config/initializers/carrierwave_encrypter_decrypter.rb
select
Carrierwave::EncrypterDecrypter.configure do |config|
config.encryption_type = :aes
config.key_size = 256
end
if you want to go with password based encrption (pkcs5) in your config/initializers/carrierwave_encrypter_decrypter.rb
select
Carrierwave::EncrypterDecrypter.configure do |config|
config.encryption_type = :pkcs5
config.key_size = 256
end
Note: Make sure you have the password set in config/carrierwave_encrypter_decrypter.yml
Now in your Uploader for eg app/uploaders/avatar_uploader.rb
add the after store callback
class AvatarUploader < CarrierWave::Uploader::Base
after :store, :encrypt_file
def encrypt_file(file)
Carrierwave::EncrypterDecrypter::Uploader.encrypt(self)
end
end
Now create the migration on the model on which your uploader is mounted
rails g migration add_iv_and_key_to_users iv:binary key:binary
rake db:migrate
File Encryption
The File encryption will happen with Carrierwave::EncrypterDecrypter::Uploader.encrypt(self)
once the file is uploaded you will find it with a extendion of .enc
File Decryption
The File Decryption will happen with
Carrierwave::EncrypterDecrypter::Downloader.decrypt(model,mounted_as: :avatar)
Where Model
is the model on which the uploader is mounted. The Encrypted file will be decrypted in the same folder.
Eg Controller
def download
#This will decrpyt the file first
Carrierwave::EncrypterDecrypter::Downloader.decrypt(@user, mounted_as: :avatar)
file_path = @user.avatar.path
File.open(file_path, 'r') do |f|
send_data f.read, type: MIME::Types.type_for(file_path).first.content_type,disposition: :inline,:filename => File.basename(file_path)
end
#This is to remove the decrypted file after transfer
File.unlink(file_path)
end
The gem itself is released under the MIT license
🙏