Open moritzploss opened 4 years ago
nelsonic
commented
4 years ago @moritzploss thanks for opening this issue and your great feedback, your observation is spot-on.
Yes, the dump and load functions will handle encryption and decryption for us.
If you have time, please create a Pull Request to update the instructions/code to reflect this.
(if not, don't worry, just the fact that you've opened this issue is awesome!) ☀️
moritzploss
commented
4 years ago Great, I'll give it a go (hopefully soon)
moritzploss
commented
4 years ago So far I found that if the EncryptedField should be self-contained, the key_id would need to be accessible in EncryptedField.load/1 (and therefore in AES.decrypt/1).
One way to achieve this would be to get rid of the key_id field in the User schema and just store the ID as part of the encrypted binary. (I think this is also safer in case we make partial updates to a database entry).
So to encrypt:
Before
def encrypt(plaintext) do
iv = :crypto.strong_rand_bytes(16) # create random Initialisation Vector
key = get_key() # get the *latest* key in the list of encryption keys
{ciphertext, tag} =
:crypto.block_encrypt(:aes_gcm, key, iv, {@aad, to_string(plaintext), 16})
iv <> tag <> ciphertext # "return" iv with the cipher tag & ciphertext
endAfter
def encrypt(plaintext) do
iv = :crypto.strong_rand_bytes(16)
key = get_key() # get latest key
key_id = get_key_id() # get latest ID; can be more elegant, but you get the idea
{ciphertext, tag} =
:crypto.block_encrypt(:aes_gcm, key, iv, {@aad, plaintext, 16})
iv <> tag <> <<key_id::unsigned-big-integer-32>> <> ciphertext
endAnd to decrypt:
Before
def decrypt(ciphertext) do
<<iv::binary-16, tag::binary-16, ciphertext::binary>> = ciphertext
:crypto.block_decrypt(:aes_gcm, get_key(), iv, {@aad, ciphertext, tag})
endAfter
def decrypt(ciphertext) do
<<iv::binary-16, tag::binary-16, key_id::unsigned-big-integer-32, ciphertext::binary>>
= ciphertext
:crypto.block_decrypt(:aes_gcm, get_key(key_id), iv, {@aad, ciphertext, tag})
endWith that we could get rid of all the explicit encryption code in the User schema, as well as AES.encrypt/2, AES.decrypt/2 and EncryptedField.load/2.
I don't know, do you think this is going in the right direction?
nelsonic
commented
4 years ago @moritzploss yeah, looking good so far. 👍
First of all, thanks for this great tutorial! I learned a lot following along!
After going through the code several times, I'm wondering why we would need to explicitly encrypt/decrypt field values of our custom
EncryptedFieldtype before saving them in the database. Isn't that why we define our custom Ecto Types to begin with, so that we don't need to encrypt/decrypt values manually and explicitly, but rather leave these tasks to the callbacks that we define?For example, we use this function to explicitly encrypt the name and email field before insertion:
From what I understand, both the
emailandnamefield are using our customEncryptedFieldEcto type, and therefore thedumpcallback defined inEncryption.EncryptedFieldwill be called just before the data is inserted into the database, encrypting the field values before saving them.Similarly, we're explictly calling
EncryptedField.loadon the retrieved value inUser.one/0:I guess we need this function so that we can explicitly specify the
key_id, but doesn't that mean that we're encrypting the value twice before inserting it into the database (once implicitly, once explicitly), and decrypting it twice (once implicitly, once explicitly) when retrieving it?Thanks again for putting this tutorial together!