README.md in blind_index-0.3.0 vs README.md in blind_index-0.3.2

- old
+ new

@@ -40,11 +40,11 @@ attr_encrypted :email, key: [ENV["EMAIL_ENCRYPTION_KEY"]].pack("H*") blind_index :email, key: [ENV["EMAIL_BLIND_INDEX_KEY"]].pack("H*") end ``` -We use environment variables to store the keys ([dotenv](https://github.com/bkeepers/dotenv) is great for this). *Do not commit them to source control.* Generate one key for encryption and one key for hashing. You can generate keys in the Rails console with: +We use environment variables to store the keys as hex-encoded strings ([dotenv](https://github.com/bkeepers/dotenv) is great for this). *Do not commit them to source control.* Generate one key for encryption and one key for hashing. You can generate keys in the Rails console with: ```ruby SecureRandom.hex(32) ``` @@ -141,35 +141,46 @@ end ``` The default is `10000`. Changing this value requires you to recompute the blind index. - ### scrypt -:warning: *Not production ready yet* - Add [scrypt](https://github.com/pbhogan/scrypt) to your Gemfile and use: ```ruby class User < ApplicationRecord blind_index :email, algorithm: :scrypt, ... end ``` -### Argon2 +Set the cost parameters with: -:warning: *Not production ready yet* +```ruby +class User < ApplicationRecord + blind_index :email, algorithm: :scrypt, cost: {n: 4096, r: 8, p: 1}, ... +end +``` +### Argon2 + Add [argon2](https://github.com/technion/ruby-argon2) to your Gemfile and use: ```ruby class User < ApplicationRecord blind_index :email, algorithm: :argon2, ... end ``` +Set the cost parameters with: + +```ruby +class User < ApplicationRecord + blind_index :email, algorithm: :argon2, cost: {t: 3, m: 12}, ... +end +``` + ## Reference By default, blind indexes are encoded in Base64. Set a different encoding with: ```ruby @@ -192,10 +203,18 @@ ```ruby SecureRandom.hex(32) ``` -Set the new key and recompute the blind index. +Update your model to convert the hex key to binary. + +```ruby +class User < ApplicationRecord + blind_index :email, key: [ENV["EMAIL_BLIND_INDEX_KEY"]].pack("H*") +end +``` + +And recompute the blind index. ```ruby User.find_each do |user| user.compute_email_bidx user.save!