active_record_encryption 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9369affd95f719bd5c13f2f1fbc5dd41a6a3c0f04f0b33da74d6834d6954f243
-  data.tar.gz: 1afd356f1754db7c05ced1749705bf9d56632597ee3380c1b34f96b455f631d4
+  metadata.gz: f992a2aae3e31c5c369213e30abe9cb77896e7f92ac6fcdb7674e75e20e91f8e
+  data.tar.gz: 449de2e8b89d85509650bd5c38615fa9aa93b6585fce3e1e0b8e0ddd9db73e3b
 SHA512:
-  metadata.gz: d25b721fa158761b2f43270d343386800c585e69c5b42db29b047daebefc0228d121ef7b0b8dc059049cc4a918f974b9bed8aec391e8039f3c42c9e75fc0bcef
-  data.tar.gz: 9182542eb22718dd4379afd6b757b37d994e99ccdc1c216d2c6a757991c76060bb51338164db351c5a56e1806d955761142c631fdfab54ae5ca4239ddbacaf13
+  metadata.gz: 8ee286e350bad31cefce68330445a66c25ba3bc55ab0d2d0e2af2f74c7b1ccc139a02dc1556c9f8367aa6b84e46d84d3ca28a855a0d8fa508962514c33c4f2b6
+  data.tar.gz: 3565c31c4f309bcb6d79fa44abf5bcca01195224fa6759e2b7bdeb7db4f939ed0bfa2beb9741c9cb1e1335314eca502fc3107814e80a5b46be8927e4b3b7fa6e

data/CHANGELOG.md

@@ -0,0 +1,35 @@
+## 0.2.0
+
+### New features
+
+- Find custom encryptor by `:encryption` options
+  - `encrypted_attribute(:field, :type, encryption: { encryptor: :active_support })`
+- Register your encryption
+  - `ActiveRecordEncryption::Type.register`
+- Lookup your encryption
+  - `ActiveRecordEncryption::Type.lookup`
+- Add `ActiveRecordEncryption.default_encryptor`
+- Buildin some encryption
+  - ActiveSupport
+    - `encrypted_attribute(:field, :type, encryption: { encryptor: :active_support, key: ENV['KEY'], salt: ENV['SALT'] })`
+  - AES-256-CBC
+    - `encrypted_attribute(:field, :type, encryption: { encryptor: :aes_256_cbc, key: ENV['KEY'] })`
+
+### Bug fixes
+
+- `ActiveRecordEncryption::Type#change_in_place?` Compare old value with new value.
+- `ActiveRecordEncryption::Type#cast` supports TimeWithZone
+
+### Changes
+
+- Remove `ActiveRecordEncryption.with_cipher`
+- Remove `ActiveRecordEncryption.cipher`
+- Now, base class of Encryption is `ActiveRecordEncryption::Encryptor::Base`
+
+## 0.1.1
+
+- [#1](https://github.com/alpaca-tc/active_record_encryption/pull/1) Support only binary column
+
+## 0.1.0
+
+- First release

data/README.md

@@ -1,81 +1,122 @@
-[![Build Status](https://travis-ci.org/alpaca-tc/active_record_encryption.png)](https://travis-ci.org/alpaca-tc/active_record_encryption)
-
 # ActiveRecordEncryption
 
-Decorate encrypted binary column with attribute that transparently encrypt and decrypt sensitive data.
-It uses the ActiveRecord's Attribute API, and it is a simpler implementation than other gems.
-
-## Installation
-
-Add this line to your application's Gemfile:
+Provides transparent encryption attribute for ActiveRecord. 
+You can easily encrypt and decrypt sensitive data.
 
-```ruby
-gem 'active_record_encryption'
-```
+This implementation is based on ActiveRecord's Attribute-API, and it is very simple and powerful.
 
 ## Usage
 
-### Define serialized type in application
-
-Here is an example of passing a type of object you want:
+Add definition of the encrypted attribute in your application. 
 
 ```ruby
+# app/models/post.rb
 class Post < ActiveRecord::Base
-  include ActiveRecordEncryption::EncryptedAttribute
-
   encrypted_attribute(:name, :string)
-  encrypted_attribute(:published_on, :date)
 end
+```
 
----
+That's all. This column is already enabled for transparent encryption.
 
-$ post = Post.new(name: 'Author name', published_on: Date.current)
-#=> #<Post:0x00007f92169ac158 id: nil, name: "Author name", published_on: Thu, 29 Mar 2018>
-> post.save
-DEBUG -- :    (0.1ms)  begin transaction
-DEBUG -- :   Post Create (0.1ms)  INSERT INTO "posts" ("name", "published_on") VALUES (?, ?)  [["name", "N\xFA\xDD\xC2\xB0&\xAE\x9A..."], ["published_on", "N\xFA\xDD\xX2\xB0&\xAE\x9A..."]]
-DEBUG -- :    (0.0ms)  commit transaction
+```ruby
+post = Post.create!(name: 'Baker')
+post.name #=> "Baker"
+post.name_before_type_cast #=> "ZS~\xAB\x8C\xD1\xCA\u0016\xA8\x80f@\xE8s\xB7J/\xA9\xEC/\xBDj\xDE6(Y\u007F\u0016<W\u0011\x96"
 ```
 
-### `#encrypted_attribute` options
+## Options
 
-You can pass the same arguments as [ActiveRecord::Attributes.attribute](https://apidock.com/rails/ActiveRecord/Attributes/ClassMethods/attribute)
+You can set encryption as default.
 
+```ruby
+# config/initializers/active_record_encryption.rb
+ActiveRecordEncryption.default_encryption = {
+  encryptor: :active_support,
+  key: ENV['ENCRYPTION_KEY'],
+  salt: ENV['ENCRYPTION_SALT']
+}
 ```
+
+### encrypted_attribute
+
+`.encrypted_attribute()` wrapped on `.attribute` method. and you can pass the same arguments as [ActiveRecord::Attributes.attribute](https://apidock.com/rails/ActiveRecord/Attributes/ClassMethods/attribute)
+
+```ruby
 class PointLog < ActiveRecord::Base
   encrypted_attribute(:date, :date)
   encrypted_attribute(:point, :integer, default: -> { Current.user.current_point })
   encrypted_attribute(:price, Money.new)
+  encrypted_attribute(:serialized_address, :string)
+
+  # Change encryptor
+  encrypted_attribute(:name, :field, encryption: { encryptor: :active_support, key: ENV['ENCRYPTION_KEY'], salt: ['ENCRYPTION_SALT'] })
 end
 ```
 
-### Migration
+## Supported Available Encryptors
+
+There are four supported encryptors: `:active_support`, `:aes_256_cbc`.
 
-Create or modify the table that your model uses to add a column like the following:
+- `:active_support`
+  - Encryption is performed using `ActiveSupport::MessageEncryptor`
+  - Example
+    - `encrypted_attribute(:field, :type, encryption: { encryptor: :active_support, key: SecureRandom.hex(64), salt: SecureRandom.hex(64) })`
+- `:aes_256_cbc`
+  - Encryption is performed using `OpenSSL::Cipher.new('AES-256-CBC')
+  - Example
+    - `encrypted_attribute(:field, :type, encryption: { encryptor: :active_support, key: SecureRandom.hex(64) })`
 
-**NOTE: Default limit of binary is too long. Please set limit of encrypted columns**
+## Customize encryptor
+
+You can easilly add your encryptor.
 
 ```ruby
--ActiveRecord::Schema.define do
-  create_table(:posts, force: true) do |t|
-    t.binary :name, limit: 256
-    t.binary :point, limit: 256
-    t.binary :price, limit: 256
+class YourEncryptor < ActiveRecordEncryption::Encryptor::Base
+  def initialize(key:)
+    @key = key
+  end
+
+  def encrypt(value)
+    # An encrypt method that returns the encrypted string
+  end
+
+  def decrypt(value)
+    # A decrypt method that returns the plaintext
   end
 end
+
+ActiveRecordEncryption.default_encryption = {
+  encryptor: YourEncryptor,
+  key: ENV['ENCRYPTION_KEY']
+}
+```
+
+## Secret key/salt
+
+For encryptors requiring secret keys, you can generate them.
+These values should be stored outside of your application repository for added security. 
+
+```bash
+ruby -e "require 'securerandom'; puts SecureRandom.hex(64)"`
 ```
 
-*Tips* How to calculate limit of encrypted column? - It depends on algorithm of cipher.
+### Migration
 
-## Development
+Create or modify the table that your model like the following:
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+**NOTE: Default limit of ActiveRecord's binary column is too long. Please set limit(< 0xfff) for encrypted columns.**
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+```ruby
+ActiveRecord::Schema.define do
+  create_table(:posts) do |t|
+    t.binary :name, limit: 1000
+  end
+end
+```
 
 ### Run spec
 
-```
+```bash
 bundle exec appraisal install
 bundle exec appraisal 5.0-stable rspec
 bundle exec appraisal 5.1-stable rspec
@@ -92,4 +133,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the ActiveRecord::Encryption project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/alpaca-tc/active_record_encryption/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the `ActiveRecord::Encryption` project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/alpaca-tc/active_record_encryption/blob/master/CODE_OF_CONDUCT.md).

data/lib/active_record_encryption.rb

@@ -1,25 +1,26 @@
 # frozen_string_literal: true
 
-require 'active_record'
-require 'active_support/core_ext/module/attribute_accessors_per_thread'
+require 'active_support/core_ext/module/attribute_accessors'
+require 'active_support/lazy_load_hooks'
+require 'active_record_encryption/version'
+require 'active_record_encryption/exceptions'
 
 module ActiveRecordEncryption
-  require 'active_record_encryption/version'
-  require 'active_record_encryption/serializer_with_cast'
+  mattr_accessor(:default_encryption, instance_accessor: false) do
+    { encryptor: :raw }
+  end
+end
+
+ActiveSupport.on_load(:active_record) do
   require 'active_record_encryption/type'
   require 'active_record_encryption/encryptor'
-  require 'active_record_encryption/encryptor/cipher'
   require 'active_record_encryption/encrypted_attribute'
+  require 'active_record_encryption/binary'
   require 'active_record_encryption/quoter'
-  require 'active_record_encryption/exceptions'
 
-  thread_mattr_accessor(:cipher)
+  # Register `:encryption` type
+  ActiveRecord::Type.register(:encryption, ActiveRecordEncryption::Type)
 
-  def self.with_cipher(new_cipher)
-    previous = cipher
-    self.cipher = new_cipher
-    yield
-  ensure
-    self.cipher = previous
-  end
+  # Define `.encrypted_attribute`
+  ActiveRecord::Base.include(ActiveRecordEncryption::EncryptedAttribute)
 end

data/lib/active_record_encryption/binary.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require 'stringio'
+
+module ActiveRecordEncryption
+  class Binary < ::StringIO
+    FORMATS = {
+      u_long_long: {
+        length: 8,
+        code: 'Q>'
+      },
+      long_long: {
+        length: 8,
+        code: 'q>'
+      },
+      u_int: {
+        length: 4,
+        code: 'L>'
+      },
+      int: {
+        length: 4,
+        code: 'l>'
+      },
+      u_short: {
+        length: 2,
+        code: 'S>'
+      },
+      short: {
+        length: 2,
+        code: 's>'
+      },
+      u_char: {
+        length: 1,
+        code: 'C'
+      },
+      char: {
+        length: 1,
+        code: 'c'
+      }
+    }.freeze
+
+    FORMATS.each do |format_name, format|
+      class_eval(<<-METHOD, __FILE__, __LINE__ + 1)
+        def read_#{format_name}
+          read(#{format[:length]}).unpack('#{format[:code]}')[0]
+        end
+
+        def write_#{format_name}(value)
+          write([value].pack('#{format[:code]}'))
+        end
+      METHOD
+    end
+
+    def initialize(*)
+      super
+      binmode
+    end
+
+    def write_string_255(value)
+      write_u_char(value.bytesize)
+      write(value)
+    end
+
+    def read_string_255
+      read(read_u_char)
+    end
+  end
+end

data/lib/active_record_encryption/encrypted_attribute.rb

@@ -6,18 +6,7 @@ module ActiveRecordEncryption
 
     module ClassMethods
       def encrypted_attribute(name, subtype, **options)
-        name = name.to_s
-
-        attribute(name, subtype, **options)
-        decorate_encrypted_attribute(name)
-      end
-
-      private
-
-      def decorate_encrypted_attribute(name)
-        decorate_attribute_type(name, :encrypted) do |subtype|
-          ActiveRecordEncryption::Type.new(name, subtype)
-        end
+        attribute(name, :encryption, options.merge(subtype: subtype))
       end
     end
   end

data/lib/active_record_encryption/encryptor.rb

@@ -1,29 +1,30 @@
 # frozen_string_literal: true
 
+require 'active_record_encryption/encryptor/registry'
+require 'active_record_encryption/encryptor/base'
+require 'active_record_encryption/encryptor/raw'
+require 'active_record_encryption/encryptor/active_support'
+require 'active_record_encryption/encryptor/aes_256_cbc'
+
 module ActiveRecordEncryption
   module Encryptor
-    class << self
-      def encrypt(value, cipher: ActiveRecordEncryption.cipher)
-        raise_missing_cipher_error unless cipher
-
-        string = value_to_string(value)
-        cipher.encrypt(string)
-      end
+    @registry = Registry.new
 
-      def decrypt(value, cipher: ActiveRecordEncryption.cipher)
-        raise_missing_cipher_error unless cipher
-        cipher.decrypt(value)
-      end
-
-      private
+    class << self
+      attr_reader :registry
 
-      def value_to_string(value)
-        ActiveRecordEncryption::Quoter.instance.type_cast(value)
+      # Add a new type to the registry, allowing it to be gotten through ActiveRecordEncryption::Type#lookup
+      def register(type_name, klass = nil, **options, &block)
+        registry.register(type_name, klass, **options, &block)
       end
 
-      def raise_missing_cipher_error
-        raise(ActiveRecordEncryption::MissingCipherError, 'missing cipher')
+      def lookup(*args, **kwargs)
+        registry.lookup(*args, **kwargs)
       end
     end
+
+    register(:raw, ActiveRecordEncryption::Encryptor::Raw)
+    register(:active_support, ActiveRecordEncryption::Encryptor::ActiveSupport)
+    register(:aes_256_cbc, ActiveRecordEncryption::Encryptor::Aes256Cbc)
   end
 end

data/lib/active_record_encryption/encryptor/active_support.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module ActiveRecordEncryption
+  module Encryptor
+    class ActiveSupport < Raw
+      def initialize(key:, salt:)
+        key_generator = ::ActiveSupport::KeyGenerator.new(key)
+        @encryptor = ::ActiveSupport::MessageEncryptor.new(key_generator.generate_key(salt, 32))
+      end
+
+      def encrypt(value)
+        encryptor.encrypt_and_sign(super)
+      end
+
+      def decrypt(value)
+        encryptor.decrypt_and_verify(super)
+      end
+
+      def ==(other)
+        super && encryptor == other.encryptor
+      end
+
+      protected
+
+      attr_reader :encryptor
+    end
+  end
+end

data/lib/active_record_encryption/encryptor/aes_256_cbc.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+module ActiveRecordEncryption
+  module Encryptor
+    class ActiveRecordEncryption::Encryptor::Aes256Cbc < Raw
+      def initialize(key:, encoding: Encoding::UTF_8)
+        @key = key
+        @encoding = encoding
+      end
+
+      def encrypt(value)
+        string = super.dup.force_encoding(encoding)
+        encrypted_data, iv = _encrypt(string, key)
+
+        binary = Binary.new
+        binary.write(iv) # IV is 16 byte
+        binary.write(encrypted_data)
+        binary.string
+      end
+
+      def decrypt(value)
+        binary         = Binary.new(value)
+        iv             = binary.read(16)
+        encrypted_data = binary.read
+
+        decrypted = _decrypt(encrypted_data, key, iv)
+        decrypted.force_encoding(encoding)
+      end
+
+      def ==(other)
+        super &&
+          key == other.key &&
+          encoding == other.encoding
+      end
+
+      protected
+
+      attr_reader :key, :encoding
+
+      private
+
+      def valid_encoding?(value)
+        value.valid_encoding? && value.encoding == encoding
+      end
+
+      def _encrypt(value, key)
+        raise ArgumentError, "invalid string given. #{value}" unless valid_encoding?(value)
+
+        cipher = OpenSSL::Cipher.new('AES-256-CBC')
+        cipher.encrypt
+        cipher.key = key
+        iv = cipher.random_iv # NOTE: Do not reuse IV. See more details https://stackoverflow.com/questions/3008139/why-is-using-a-non-random-iv-with-cbc-mode-a-vulnerability
+
+        result = ''.dup.tap do |buffer|
+          buffer << cipher.update(value) unless value.empty?
+          buffer << cipher.final
+        end
+
+        [result, iv]
+      end
+
+      def _decrypt(value, key, iv)
+        cipher = OpenSSL::Cipher.new('AES-256-CBC')
+        cipher.decrypt
+        cipher.key = key
+        cipher.iv = iv
+
+        ''.dup.tap do |buffer|
+          buffer << cipher.update(value)
+          buffer << cipher.final
+        end
+      end
+    end
+  end
+end

data/lib/active_record_encryption/encryptor/{cipher.rb → base.rb}

@@ -2,7 +2,10 @@
 
 module ActiveRecordEncryption
   module Encryptor
-    class Cipher
+    # Abstract interface of encryptor
+    class Base
+      def initialize(*); end
+
       def encrypt(value)
         value
       end
@@ -10,6 +13,12 @@ module ActiveRecordEncryption
       def decrypt(value)
         value
       end
+
+      def ==(other)
+        self.class == other.class
+      end
+
+      alias eql? ==
     end
   end
 end

data/lib/active_record_encryption/encryptor/raw.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module ActiveRecordEncryption
+  module Encryptor
+    # Basic base class of encryptor.
+    # Format user input to string before encryption.
+    class Raw < Base
+      def encrypt(value)
+        ActiveRecordEncryption::Quoter.instance.type_cast(super)
+      end
+    end
+  end
+end

data/lib/active_record_encryption/encryptor/registry.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module ActiveRecordEncryption
+  module Encryptor
+    class Registry
+      def initialize
+        @registrations = []
+      end
+
+      def register(encryptor_name, klass = nil, **options, &block)
+        block ||= proc { |_, *args| klass.new(*args) }
+        registrations << Registration.new(encryptor_name, block, **options)
+      end
+
+      def lookup(symbol, *args)
+        registration = find_registration(symbol, *args)
+
+        if registration
+          registration.call(self, symbol, *args)
+        else
+          raise ArgumentError, "Unknown encryptor #{symbol.inspect}"
+        end
+      end
+
+      private
+
+      attr_reader :registrations
+
+      def find_registration(symbol, *args)
+        registrations.find { |registration| registration.matches?(symbol, *args) }
+      end
+    end
+
+    class Registration
+      def initialize(name, block, **)
+        @name = name
+        @block = block
+      end
+
+      def call(_registry, *args, **kwargs)
+        if kwargs.any? # https://bugs.ruby-lang.org/issues/10856
+          block.call(*args, **kwargs)
+        else
+          block.call(*args)
+        end
+      end
+
+      def matches?(encryptor_name, *_args, **_kwargs)
+        encryptor_name == name
+      end
+
+      private
+
+      attr_reader :name, :block
+    end
+  end
+end

data/lib/active_record_encryption/exceptions.rb

@@ -2,6 +2,5 @@
 
 module ActiveRecordEncryption
   class Error < StandardError; end
-  class MissingCipherError < Error; end
   class InvalidMessage < Error; end
 end

data/lib/active_record_encryption/serializer_with_cast.rb

@@ -28,9 +28,11 @@ module ActiveRecordEncryption
     end
 
     # Backport Rails5.2
-    refine ActiveModel::Type::DateTime do
-      def serialize(value)
-        super(cast(value))
+    if ActiveRecord.gem_version < Gem::Version.create('5.2')
+      refine ActiveModel::Type::DateTime do
+        def serialize(value)
+          super(cast(value))
+        end
       end
     end
   end

data/lib/active_record_encryption/type.rb

@@ -1,15 +1,26 @@
 # frozen_string_literal: true
 
+require 'active_record_encryption/serializer_with_cast'
+
 module ActiveRecordEncryption
   class Type < ActiveRecord::Type::Value
     using(ActiveRecordEncryption::SerializerWithCast)
 
     delegate :type, :cast, to: :subtype
+    delegate :user_input_in_time_zone, to: :subtype # for ActiveRecord::AttributeMethods::TimeZoneConversion::TimeZoneConverter
 
-    def initialize(name, subtype)
-      @name = name
-      @subtype = subtype
+    def initialize(
+      subtype: default_value,
+      encryption: ActiveRecordEncryption.default_encryption.clone,
+      **options
+    )
+
+      # Lookup encryptor from options[:encryption]
+      @encryptor = build_encryptor(encryption)
       @binary = ActiveRecord::Type.lookup(:binary)
+
+      subtype = ActiveRecord::Type.lookup(subtype, **options) if subtype.is_a?(Symbol)
+      @subtype = subtype
     end
 
     def deserialize(value)
@@ -22,12 +33,34 @@ module ActiveRecordEncryption
       binary.serialize(encryptor.encrypt(serialized)) unless serialized.nil?
     end
 
+    def changed_in_place?(raw_old_value, value)
+      old_value = deserialize(raw_old_value)
+      @subtype.changed_in_place?(old_value, value)
+    end
+
     private
 
-    attr_reader :name, :subtype, :binary
+    attr_reader :subtype, :binary, :encryptor
+
+    # NOTE: `ActiveRecord::Type.default_value` is not defined in Rails 5.0
+    def default_value
+      if ActiveRecord.gem_version < Gem::Version.create('5.1.0')
+        ActiveRecord::Type::Value.new
+      else
+        ActiveRecord::Type.default_value
+      end
+    end
+
+    def build_encryptor(options)
+      encryptor = options.delete(:encryptor)
 
-    def encryptor
-      ActiveRecordEncryption::Encryptor
+      if encryptor.is_a?(Symbol)
+        ActiveRecordEncryption::Encryptor.lookup(encryptor, **options)
+      elsif encryptor.is_a?(Class)
+        encryptor.new(options)
+      else
+        encryptor
+      end
     end
   end
 end

data/lib/active_record_encryption/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ActiveRecordEncryption
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: active_record_encryption
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - alpaca-tc
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-06 00:00:00.000000000 Z
+date: 2018-06-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -80,6 +80,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: mysql2
   requirement: !ruby/object:Gem::Requirement
@@ -164,36 +178,30 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Write a longer description or delete this line.
+description: Provides transparent encryption for ActiveRecord. You can protect your
+  data with any encryption algorithm you want.
 email:
 - alpaca-tc@alpaca.tc
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".rspec"
-- ".rubocop.yml"
-- ".travis.yml"
-- Appraisals
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
-- Gemfile
-- Guardfile
 - LICENSE.txt
 - README.md
-- Rakefile
-- active_record_encryption.gemspec
-- gemfiles/5.0_stable.gemfile
-- gemfiles/5.1_stable.gemfile
-- gemfiles/5.2_stable.gemfile
 - lib/active_record_encryption.rb
+- lib/active_record_encryption/binary.rb
 - lib/active_record_encryption/encrypted_attribute.rb
 - lib/active_record_encryption/encryptor.rb
-- lib/active_record_encryption/encryptor/cipher.rb
+- lib/active_record_encryption/encryptor/active_support.rb
+- lib/active_record_encryption/encryptor/aes_256_cbc.rb
+- lib/active_record_encryption/encryptor/base.rb
+- lib/active_record_encryption/encryptor/raw.rb
+- lib/active_record_encryption/encryptor/registry.rb
 - lib/active_record_encryption/exceptions.rb
 - lib/active_record_encryption/quoter.rb
 - lib/active_record_encryption/serializer_with_cast.rb
-- lib/active_record_encryption/testing/test_cipher.rb
 - lib/active_record_encryption/type.rb
 - lib/active_record_encryption/version.rb
 homepage: https://github.com/alpaca-tc/active_record_encryption
@@ -219,5 +227,5 @@ rubyforge_project:
 rubygems_version: 2.7.3
 signing_key: 
 specification_version: 4
-summary: Write a short summary, because RubyGems requires one.
+summary: Transparent ActiveRecord encryption
 test_files: []

data/.gitignore

@@ -1,17 +0,0 @@
-/.bundle/
-/.yardoc
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-
-Gemfile.lock
-
-# rspec failure tracking
-.rspec_status
-
-/gemfiles/*.lock
-/gemfiles/**/config
-/gemfiles/.bundle

data/.rspec

@@ -1,3 +0,0 @@
---format documentation
---color
---require spec_helper

data/.rubocop.yml

@@ -1,77 +0,0 @@
-AllCops:
-  Exclude:
-    - 'bin/*'
-    - 'db/**/*'
-    - 'vendor/**/*'
-    - '**/Rakefile'
-    - '**/config.ru'
-    - 'node_modules/**/*'
-  TargetRubyVersion: 2.5
-  DisplayCopNames: true
-
-Performance:
-  Enabled: false
-
-Bundler:
-  Enabled: false
-
-Naming:
-  Enabled: false
-
-Metrics/BlockNesting:
-  Enabled: false
-
-Metrics/ClassLength:
-  Enabled: false
-
-Metrics/LineLength:
-  Enabled: false
-
-Metrics/MethodLength:
-  Enabled: false
-
-Metrics/BlockLength:
-  Enabled: false
-
-Metrics/ModuleLength:
-  Enabled: false
-
-Style/AsciiComments:
-  Enabled: false
-
-Style/BlockDelimiters:
-  Exclude:
-    - 'spec/**/*'
-
-Style/Documentation:
-  Enabled: false
-
-Style/BlockDelimiters:
-  Enabled: false
-
-Style/DoubleNegation:
-  Enabled: false
-
-Style/GuardClause:
-  Enabled: false
-
-Style/ClassAndModuleChildren:
-  Enabled: false
-
-Style/SpecialGlobalVars:
-  Enabled: false
-
-Style/NumericPredicate:
-  Enabled: false
-
-Style/Lambda:
-  Enabled: false
-
-Layout/AlignParameters:
-  EnforcedStyle: with_fixed_indentation
-
-Layout/MultilineMethodCallIndentation:
-  EnforcedStyle: indented
-
-Lint/AmbiguousRegexpLiteral:
-  Enabled: false

data/.travis.yml

@@ -1,12 +0,0 @@
-sudo: false
-language: ruby
-rvm:
-  - 2.3.6
-  - 2.4.3
-  - 2.5.0
-before_install: gem install bundler -v 1.16.1
-gemfile:
-  - gemfiles/5.0_stable.gemfile
-  - gemfiles/5.1_stable.gemfile
-  - gemfiles/5.2_stable.gemfile
-script: bundle exec rspec

data/Appraisals

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-appraise '5.0-stable' do
-  gem 'activerecord', '~> 5.0.0'
-end
-
-appraise '5.1-stable' do
-  gem 'activerecord', '~> 5.1.0'
-end
-
-appraise '5.2-stable' do
-  gem 'activerecord', git: 'https://github.com/rails/rails', branch: '5-2-stable'
-end

data/Gemfile

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-source 'https://rubygems.org'
-
-git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
-
-# Specify your gem's dependencies in activerecord_encryption.gemspec
-gemspec

data/Guardfile

@@ -1,51 +0,0 @@
-# frozen_string_literal: true
-
-guard :rspec, cmd: 'bundle exec rspec' do
-  require 'guard/rspec/dsl'
-  dsl = Guard::RSpec::Dsl.new(self)
-
-  # Feel free to open issues for suggestions and improvements
-
-  # RSpec files
-  rspec = dsl.rspec
-  watch(rspec.spec_helper) { rspec.spec_dir }
-  watch(rspec.spec_support) { rspec.spec_dir }
-  watch(rspec.spec_files)
-
-  # Ruby files
-  ruby = dsl.ruby
-  dsl.watch_spec_files_for(ruby.lib_files)
-
-  # Rails files
-  rails = dsl.rails(view_extensions: %w[erb haml slim])
-  dsl.watch_spec_files_for(rails.app_files)
-  dsl.watch_spec_files_for(rails.views)
-
-  watch(rails.controllers) do |m|
-    [
-      rspec.spec.call("routing/#{m[1]}_routing"),
-      rspec.spec.call("controllers/#{m[1]}_controller"),
-      rspec.spec.call("acceptance/#{m[1]}")
-    ]
-  end
-
-  # Rails config changes
-  watch(rails.spec_helper)     { rspec.spec_dir }
-  watch(rails.routes)          { "#{rspec.spec_dir}/routing" }
-  watch(rails.app_controller)  { "#{rspec.spec_dir}/controllers" }
-
-  # Capybara features specs
-  watch(rails.view_dirs)     { |m| rspec.spec.call("features/#{m[1]}") }
-  watch(rails.layouts)       { |m| rspec.spec.call("features/#{m[1]}") }
-
-  # Turnip features and steps
-  watch(%r{^spec/acceptance/(.+)\.feature$})
-  watch(%r{^spec/acceptance/steps/(.+)_steps\.rb$}) do |m|
-    Dir[File.join("**/#{m[1]}.feature")][0] || 'spec/acceptance'
-  end
-end
-
-guard :rubocop, all_on_start: false, cli: ['--auto-correct'] do
-  watch(/.+\.rb$/)
-  watch(%r{(?:.+/)?\.rubocop(?:_todo)?\.yml$}) { |m| File.dirname(m[0]) }
-end

data/Rakefile

@@ -1,6 +0,0 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
-
-RSpec::Core::RakeTask.new(:spec)
-
-task :default => :spec

data/active_record_encryption.gemspec

@@ -1,37 +0,0 @@
-
-# frozen_string_literal: true
-
-lib = File.expand_path('lib', __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'active_record_encryption/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = 'active_record_encryption'
-  spec.version       = ActiveRecordEncryption::VERSION
-  spec.authors       = ['alpaca-tc']
-  spec.email         = ['alpaca-tc@alpaca.tc']
-
-  spec.summary       = 'Write a short summary, because RubyGems requires one.'
-  spec.description   = 'Write a longer description or delete this line.'
-  spec.homepage      = 'https://github.com/alpaca-tc/active_record_encryption'
-  spec.license       = 'MIT'
-
-  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
-    f.match(%r{^(test|spec|features)/})
-  end
-
-  spec.require_paths = ['lib']
-
-  spec.add_dependency 'activerecord', '>= 5.0'
-
-  spec.add_development_dependency 'appraisal'
-  spec.add_development_dependency 'bundler', '~> 1.16'
-  spec.add_development_dependency 'guard-rspec'
-  spec.add_development_dependency 'guard-rubocop'
-  spec.add_development_dependency 'mysql2', '< 0.5.0'
-  spec.add_development_dependency 'pry'
-  spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'rspec'
-  spec.add_development_dependency 'rubocop'
-  spec.add_development_dependency 'sqlite3'
-end

data/gemfiles/5.0_stable.gemfile

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-# This file was generated by Appraisal
-
-source 'https://rubygems.org'
-
-gem 'activerecord', '~> 5.0.0'
-
-gemspec path: '../'

data/gemfiles/5.1_stable.gemfile

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-# This file was generated by Appraisal
-
-source 'https://rubygems.org'
-
-gem 'activerecord', '~> 5.1.0'
-
-gemspec path: '../'

data/gemfiles/5.2_stable.gemfile

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-# This file was generated by Appraisal
-
-source 'https://rubygems.org'
-
-gem 'activerecord', git: 'https://github.com/rails/rails', branch: '5-2-stable'
-
-gemspec path: '../'

data/lib/active_record_encryption/testing/test_cipher.rb

@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-require 'digest'
-
-module ActiveRecordEncryption
-  module Testing
-    class TestCipher < ActiveRecordEncryption::Encryptor::Cipher
-      attr_reader :key
-
-      def initialize(key: SecureRandom.hex)
-        @key = key
-      end
-
-      def ==(other)
-        other.is_a?(self.class) && key == other.key
-      end
-
-      def encrypt(value)
-        super("#{value}#{key}")
-      end
-
-      def decrypt(value)
-        value = value.to_s
-
-        if value.match(/#{key}$/)
-          super(value.sub(/#{key}$/, ''))
-        else
-          raise InvalidMessage, 'invalid value given'
-        end
-      end
-    end
-  end
-end