Encrypting in Rails and decrypting in Salesforce

Question

I'm using the attr_encrypted gem in a Rails project and encrypting bank account numbers in a PostgreSQL database. In the database, I have two columns (encrypted_bank_account and encrypted_bank_account_iv) that are used for the encrypted data. I have this line in my payment_method model file:

attr_encrypted :account_number, key: ENV['ACCOUNT_KEY'], encode: true, encode_iv: true, algorithm: 'aes-256-cbc'

I want to be able to send this encrypted data to SalesForce, decrypt it, and store it in a SalesForce object. I'm not exactly sure how to decrypt it when it gets there and could use some advice. Thanks!

Answer 1

Have an endpoint on salesforce that takes the data and decrypts it in

// Normally this key should be stored in a protected custom setting 
// or an encrypted field on a custom object
Blob cryptoKey = Crypto.generateAesKey(256);

// Generate the data to be encrypted.
Blob data = Blob.valueOf('Test data to encrypted');
// Encrypt the data and have Salesforce.com generate the initialization vector
Blob encryptedData = Crypto.encryptWithManagedIV('AES256', cryptoKey, data);
// Decrypt the data - the first 16 bytes contain the initialization vector
Blob decryptedData = Crypto.decryptWithManagedIV('AES256', cryptoKey, encryptedData);

// Decode the decrypted data for subsequent use
String decryptedDataString = decryptedData.toString();


https://developer.salesforce.com/page/Apex_Crypto_Class