Key must be 32 bytes and OpenSSL::Cipher::CipherError

[Uysim]

After I upgrade my ruby to 2.5.1. I got and errors key must be 32 bytes. I fixed it by

attr_encrypted :ssn, key: SecureRandom.random_bytes(32)

Then I got an error with OpenSSL::Cipher::CipherError. I think this may be related to my existing data.

Am I right? How to resolve it?

[CHTJonas]

SecureRandom.random_bytes(32) will generate a new value of the key each time, so previously encrypted data won't be able to be decrypted since now the key is totally different!

What you want to do is generate that key once, then store it in a ENV variable or a file somewhere on disk. You can then have the same key each time and you'll avoid the cipher errors you're getting.

[Uysim]

@CHTJonas I use the same key for every record. But my question is not like that. My question is about upgrade to ruby 2.5.1. You need to have 32 bytes key. In that case you have to generate new key with 32 bytes. After that you have got an error OpenSSL::Cipher::CipherError. This is because of before you upgrade you use different key without 32 bytes.

Note: The example above just tell you. I need to generate 32 bytes when upgrade Ruby. I use ENV anyway.

[jholton]

Try truncating your existing keys to 32 bytes (characters). OpenSSL in Ruby 2.3 just truncated it to 32 bytes. Now, in Ruby 2.4 and up it throws an error, so if you manually truncate your existing key to 32 bytes/characters you should be good.

To be sure, save some data with the old key and Ruby 2.3. Then switch to the new key and Ruby 2.5 and make sure you can decrypt it.

[tochi]

@Uysim

This may be helpful.

#258 (comment)