attr_cipher 1.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 00b32ff728220c366f964a0305a33a5b1c8216e1
+  data.tar.gz: fcf407ad3d80e9533649b0910147d7d5ea8c5d1d
+SHA512:
+  metadata.gz: 516fc8a442a58f34795447dd56f3f01cc8eed3d4bd7cf5cec96331de37f3b63eaeeac34bd6851fc1a51e20c34700478628a94538660d64e834fc36e6617c8ed9
+  data.tar.gz: 1a6437ac77c47f4a991d7c237cf04c86faaa9b61b726426dcf9728b47839c633ddf6edcfa5a9f9f77feac60c8c8f267e3e2e08196d1dde642172f825258761e3

data/CHANGELOG.md

@@ -0,0 +1,4 @@
+# Change Log
+
+##v1.0.0
+- Initial release.

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2017 Brightcommerce, Inc. All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,125 @@
+[![Gem Version](https://badge.fury.io/rb/attr_cipher.svg)](https://badge.fury.io/rb/attr_cipher)
+[![Build Status](https://travis-ci.org/brightcommerce/attr_cipher.svg?branch=master)](https://travis-ci.org/brightcommerce/attr_cipher)
+[![codecov.io](https://codecov.io/github/brightcommerce/attr_cipher/coverage.svg?branch=master)](https://codecov.io/github/brightcommerce/attr_cipher?branch=master)
+[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/brightcommerce/attr_cipher/pulls)
+
+# AttrCipher
+
+[**AttrCipher**](https://github.com/brightcommerce/attr_cipher) provides functionality to store encrypted attributes in ActiveRecord models. Values are encrypted and decrypted transparently.
+
+Using the same secret for both encryption of plaintext and decryption of ciphertext, **AttrCipher** uses a method that is known as a symmetric-key algorithm, specifically the Advanced Encryption Standard Cipher-Block Chaining algorithm with a 256bit key (AES-256-CBC). However, you can provide your own cipher algorithm to **AttrCipher**, if you prefer. As a side note, 256bit AES is what the United States government uses to encrypt information at the Top Secret level.
+
+## Installation
+
+To install add the following line to your `Gemfile`:
+
+``` ruby
+gem 'attr_cipher'
+```
+
+And run `bundle install`.
+
+## Dependencies
+
+Runtime:
+- activerecord (>= 4.2.6, < 5.2.0)
+- activesupport (>= 4.2.6, < 5.2.0)
+
+Development/Test:
+- rake (~> 10.5)
+- rspec (~> 3.4)
+- sqlite3 (~> 1.3)
+- simplecov (~> 0.11.2)
+- factory_girl (~> 4.5)
+
+## Compatibility
+
+Tested with Ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-darwin15] against ActiveRecord 5.0.0 on macOS Sierra 10.12.4 (16E195).
+
+**AttrCipher** uses OpenSSL to perform the cipher.
+
+## Usage
+
+**AttrCipher** uses a global secret by default and it must be at least 100 characters or more. You can set the secret by setting `AttrCipher.secret`; (e.g. `$ openssl rand -hex 50`).
+
+```ruby
+AttrCipher.secret = ENV['SECRET_KEY']
+```
+
+You can also set the secret on a per attribute basis.
+
+```ruby
+class User
+  attr_cipher :api_key, secret: ENV['USER_API_KEY_SECRET']
+end
+```
+
+Attributes to be encrypted are declared using the `attr_cipher` class method in your model:
+
+```ruby
+ActiveRecord::Schema.define do
+  create_table :users do |t|
+    t.text :security_question
+    t.text :security_answer_cipher
+  end
+end
+
+class User < ActiveRecord::Base
+  attr_cipher :security_answer
+end
+```
+
+**AttrCipher** automatically creates the `#security_answer` getter and `#security_answer=` setter. The getter authomatically decrypts the return value. The setter encrypts the value provided and stores it in the `security_answer_cipher` column.
+CustomCipher
+If you don't want to use the AES-256-CBC cipher, you can provide your own cipher module. Define an object that responds to `encrypt(secret, value)` and `decrypt(secret, value)`:
+
+```ruby
+module CustomCipher
+  def self.encrypt(secret, value)
+    value.to_s.reverse
+  end
+  def self.decrypt(secret, value)
+    value.to_s.reverse
+  end
+end
+```
+
+Then pass the custom cipher module to the `cipher` option of the `attr_cipher` class method:
+
+```ruby
+class User < ActiveRecord::Base
+  attr_cipher :api_key, cipher: CustomCipher
+end
+```
+
+## Tests
+
+Tests are written using Rspec, FactoryGirl and Sqlite3. There are 13 examples with 100% code coverage.
+
+To run the tests, execute the default rake task:
+
+``` bash
+bundle exec rake
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+## Credit
+
+I would like to thank [Nando Vieira](http://nandovieira.com/) for his [encrypt_attr](https://github.com/fnando/encrypt_attr) gem which provided a lot of the inspiration and framework for **AttrCipher**.
+
+This gem was written and is maintained by [Jurgen Jocubeit](https://github.com/JurgenJocubeit), CEO and President Brightcommerce, Inc.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+
+## Copyright
+
+Copyright 2017 Brightcommerce, Inc.

data/lib/attr_cipher/attr_cipher.rb

@@ -0,0 +1,56 @@
+require 'active_record'
+require 'active_support/all'
+
+module AttrCipher
+  extend ActiveSupport::Concern
+
+  class << self
+    attr_accessor :cipher
+    attr_reader :secret
+  end
+
+  def self.secret=(value)
+    validate_secret(value.to_s)
+    @secret = value.to_s
+  end
+
+  def self.validate_secret(value)
+    if value.size < 100
+      offending_line = caller.reject { |entry|
+        entry.include?(__dir__) || entry.include?("forwardable.rb")
+      }.first[/^(.*?:\d+)/, 1]
+      warn "[attr_cipher] secret must have at least 100 characters (called from #{offending_line})"
+    end
+  end
+
+  self.cipher = Cipher
+  self.secret = ''
+
+  module ClassMethods
+    def attr_cipher(*args, secret: AttrCipher.secret, cipher: AttrCipher.cipher)
+      AttrCipher.validate_secret(secret)
+      args.each do |attribute|
+        define_cipher_attribute(attribute, secret, cipher)
+      end
+    end
+
+    private
+
+    def define_cipher_attribute(attribute, secret, cipher)
+      define_method attribute do
+        value = instance_variable_get("@#{attribute}")
+        cipher_value = send("#{attribute}_cipher") unless value
+        value = cipher.decrypt(secret, cipher_value) if cipher_value
+        instance_variable_set("@#{attribute}", value)
+      end
+
+      define_method "#{attribute}=" do |value|
+        instance_variable_set("@#{attribute}", value)
+        send("#{attribute}_cipher=", nil)
+        send("#{attribute}_cipher=", cipher.encrypt(secret, value)) if value && value != ""
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.send :include, AttrCipher

data/lib/attr_cipher/cipher.rb

@@ -0,0 +1,47 @@
+require 'base64'
+require 'digest/sha2'
+require 'openssl'
+
+module AttrCipher
+  class Cipher
+    ALGORITHM = "AES-256-CBC".freeze
+
+    attr_reader :secret
+
+    def initialize(secret)
+      @secret = secret
+    end
+
+    def cipher(mode, value)
+      cipher = OpenSSL::Cipher.new(ALGORITHM).public_send(mode)
+      digest = Digest::SHA256.digest(@secret)
+      cipher.key = digest
+      cipher.iv = digest[0...cipher.iv_len]
+      cipher.update(value) + cipher.final
+    end
+
+    def decode(value)
+      Base64.decode64(value)
+    end
+
+    def decrypt(value)
+      cipher(:decrypt, decode(value))
+    end
+
+    def encode(value)
+      Base64.encode64(value).chomp
+    end
+
+    def encrypt(value)
+      encode(cipher(:encrypt, value))
+    end
+
+    def self.decrypt(secret, value)
+      new(secret).decrypt(value)
+    end
+
+    def self.encrypt(secret, value)
+      new(secret).encrypt(value)
+    end
+  end
+end

data/lib/attr_cipher/version.rb

@@ -0,0 +1,11 @@
+module AttrCipher
+  module VERSION
+    MAJOR = 1
+    MINOR = 1
+    TINY  = 0
+    PRE   = nil
+    STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
+    SUMMARY = "AttrCipher v#{STRING}"
+    DESCRIPTION = "Provides functionality to store encrypted attributes using AES-256-CBC."
+  end
+end

data/lib/attr_cipher.rb

@@ -0,0 +1,3 @@
+require 'attr_cipher/version'
+require 'attr_cipher/cipher'
+require 'attr_cipher/attr_cipher'

metadata

@@ -0,0 +1,162 @@
+--- !ruby/object:Gem::Specification
+name: attr_cipher
+version: !ruby/object:Gem::Version
+  version: 1.1.0
+platform: ruby
+authors:
+- Jurgen Jocubeit
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-04-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 5.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 5.2.0
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 5.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.2.6
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 5.2.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.5'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: factory_girl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.5'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.11.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.11.2
+description: Provides functionality to store encrypted attributes using AES-256-CBC.
+email:
+- support@brightcommerce.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- MIT-LICENSE
+- README.md
+- lib/attr_cipher.rb
+- lib/attr_cipher/attr_cipher.rb
+- lib/attr_cipher/cipher.rb
+- lib/attr_cipher/version.rb
+homepage: https://github.com/brightcommerce/attr_cipher
+licenses:
+- MIT
+metadata:
+  copyright: Copyright 2017 Brightcommerce, Inc.
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: AttrCipher v1.1.0
+test_files: []