attr_encrypted_pgcrypto 1.2.1 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.travis.yml +10 -0
- data/Gemfile.lock +29 -27
- data/README.md +18 -6
- data/Rakefile +27 -0
- data/attr_encrypted_pgcrypto.gemspec +4 -3
- data/lib/attr_encrypted_pgcrypto/version.rb +1 -1
- data/spec/lib/encryptor_spec.rb +2 -2
- data/spec/log_subscriber/postgres_pgp_spec.rb +1 -1
- metadata +45 -44
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 210d81f6746ac4a1f168f8d5230709cf21976ff4
|
4
|
+
data.tar.gz: 8f3c7225ef44347a5414381fb24ce82d552944b7
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 603aa245234796ac4e6d9c49ee53801efa90ff9f2b99b6717bb01d6053ee7311c995ffb8a5fd95177e018985595a4758cbaa3b9192eee53956faad38ebb779c0
|
7
|
+
data.tar.gz: fd93ea4d826e59313e7e00247ba876e5bb6fdac894f94ce26b2309497df7256b1ac6dd3a574d4f2298230dab2423e72b12dbc8c81b001d929299e83e1f7e15ff
|
data/.travis.yml
ADDED
@@ -0,0 +1,10 @@
|
|
1
|
+
language: ruby
|
2
|
+
rvm:
|
3
|
+
- 1.9.3
|
4
|
+
- 2.0
|
5
|
+
- 2.1
|
6
|
+
before_script:
|
7
|
+
- psql -c 'CREATE DATABASE attr_encrytped_pgcrypto' -U postgres
|
8
|
+
- psql attr_encrytped_pgcrypto -c 'CREATE EXTENSION IF NOT EXISTS pgcrypto' -U postgres
|
9
|
+
- cp spec/default.database.yml spec/database.yml
|
10
|
+
|
data/Gemfile.lock
CHANGED
@@ -1,56 +1,58 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
attr_encrypted_pgcrypto (
|
4
|
+
attr_encrypted_pgcrypto (1.2.1)
|
5
5
|
activerecord (>= 3.0)
|
6
6
|
activesupport (>= 3.0)
|
7
|
-
attr_encrypted (~> 1.2
|
7
|
+
attr_encrypted (~> 1.2)
|
8
8
|
|
9
9
|
GEM
|
10
10
|
remote: https://rubygems.org/
|
11
11
|
specs:
|
12
|
-
activemodel (3.2.
|
13
|
-
activesupport (= 3.2.
|
12
|
+
activemodel (3.2.16)
|
13
|
+
activesupport (= 3.2.16)
|
14
14
|
builder (~> 3.0.0)
|
15
|
-
activerecord (3.2.
|
16
|
-
activemodel (= 3.2.
|
17
|
-
activesupport (= 3.2.
|
15
|
+
activerecord (3.2.16)
|
16
|
+
activemodel (= 3.2.16)
|
17
|
+
activesupport (= 3.2.16)
|
18
18
|
arel (~> 3.0.2)
|
19
19
|
tzinfo (~> 0.3.29)
|
20
|
-
activesupport (3.2.
|
21
|
-
i18n (~> 0.6)
|
20
|
+
activesupport (3.2.16)
|
21
|
+
i18n (~> 0.6, >= 0.6.4)
|
22
22
|
multi_json (~> 1.0)
|
23
|
-
arel (3.0.
|
24
|
-
attr_encrypted (1.
|
25
|
-
encryptor (>= 1.
|
23
|
+
arel (3.0.3)
|
24
|
+
attr_encrypted (1.3.1)
|
25
|
+
encryptor (>= 1.3.0)
|
26
26
|
builder (3.0.4)
|
27
27
|
coderay (1.0.8)
|
28
|
-
diff-lcs (1.
|
29
|
-
encryptor (1.
|
30
|
-
i18n (0.6.
|
28
|
+
diff-lcs (1.2.5)
|
29
|
+
encryptor (1.3.0)
|
30
|
+
i18n (0.6.9)
|
31
31
|
method_source (0.8.1)
|
32
|
-
multi_json (1.
|
32
|
+
multi_json (1.8.2)
|
33
33
|
pg (0.14.1)
|
34
34
|
pry (0.9.10)
|
35
35
|
coderay (~> 1.0.5)
|
36
36
|
method_source (~> 0.8)
|
37
37
|
slop (~> 3.3.1)
|
38
|
-
|
39
|
-
|
40
|
-
rspec-
|
41
|
-
rspec-
|
42
|
-
|
43
|
-
rspec-
|
44
|
-
|
45
|
-
|
38
|
+
rake (10.1.1)
|
39
|
+
rspec (2.14.1)
|
40
|
+
rspec-core (~> 2.14.0)
|
41
|
+
rspec-expectations (~> 2.14.0)
|
42
|
+
rspec-mocks (~> 2.14.0)
|
43
|
+
rspec-core (2.14.7)
|
44
|
+
rspec-expectations (2.14.5)
|
45
|
+
diff-lcs (>= 1.1.3, < 2.0)
|
46
|
+
rspec-mocks (2.14.5)
|
46
47
|
slop (3.3.3)
|
47
|
-
tzinfo (0.3.
|
48
|
+
tzinfo (0.3.38)
|
48
49
|
|
49
50
|
PLATFORMS
|
50
51
|
ruby
|
51
52
|
|
52
53
|
DEPENDENCIES
|
53
54
|
attr_encrypted_pgcrypto!
|
54
|
-
pg (~> 0.14
|
55
|
+
pg (~> 0.14)
|
55
56
|
pry
|
56
|
-
|
57
|
+
rake
|
58
|
+
rspec (~> 2.14)
|
data/README.md
CHANGED
@@ -1,5 +1,8 @@
|
|
1
1
|
# attr_encrypted_pgcrypto
|
2
2
|
|
3
|
+
[![Build Status](https://travis-ci.org/gabetax/attr_encrypted_pgcrypto.png)](https://travis-ci.org/gabetax/attr_encrypted_pgcrypto)
|
4
|
+
[![Dependency Status](https://gemnasium.com/gabetax/attr_encrypted_pgcrypto.png)](https://gemnasium.com/gabetax/attr_encrypted_pgcrypto)
|
5
|
+
|
3
6
|
A [pgcrypto](http://www.postgresql.org/docs/9.1/static/pgcrypto.html)-based [Encryptor](https://github.com/shuber/encryptor) implementation for [attr_encrypted](https://github.com/shuber/attr_encrypted). It delegates to `pgp_sym_encrypt()` and `pgp_sym_decrypt()` to provide symmetric-key encryption. It's useful if you need to:
|
4
7
|
|
5
8
|
- Access the plain text values directly from SQL without bringing the data into Ruby
|
@@ -52,6 +55,21 @@ This is an example - please don't actually embed your keys directly in your mode
|
|
52
55
|
- Your key is embedded into any SQL queries. The key itself will be automatically filtered from your Rails logs. However, make sure you are using a secured or private connection between your Rails server and your database.
|
53
56
|
- Unlike the OpenSSL algorithms used in the default Encryptor, `pgp_sym_encrypt()` uses an IV and will generate different cipher text every call. While this is more secure, you will not be able to use attr_encrypted's [find_by_ methods](https://github.com/shuber/attr_encrypted#dynamic-find_by_-and-scoped_by_-methods).
|
54
57
|
|
58
|
+
## Benchmarks
|
59
|
+
|
60
|
+
pgcrypto comes out slightly faster than the OpenSSL implementation used in the default encryptor.
|
61
|
+
|
62
|
+
```
|
63
|
+
Benchmarking 10000 calls
|
64
|
+
user system total real
|
65
|
+
pgcrypto 1.640000 1.590000 3.230000 ( 11.775697)
|
66
|
+
openssl 15.740000 0.000000 15.740000 ( 15.704010)
|
67
|
+
```
|
68
|
+
|
69
|
+
Since pgcrypto is executed in a separate process, pay attention to the 'real' column for the relevant metric.
|
70
|
+
|
71
|
+
Setup spec/database.yml and run `rake benchmark` to test the results on your own system. You may pass an optional 'count' parameter via `rake "benchmark[100000]"`.
|
72
|
+
|
55
73
|
## Compatability
|
56
74
|
|
57
75
|
Tested against:
|
@@ -65,12 +83,6 @@ Tested against:
|
|
65
83
|
|
66
84
|
The bulk of this code is a humble verbatim copy and paste job from [jmazzi's crypt_keeper gem](https://github.com/jmazzi/crypt_keeper). Thanks, Justin!
|
67
85
|
|
68
|
-
Why not just use crypt_keeper? crypt_keeper uses ActiveRecord callbacks to encrypt and decrypt, while attr\_encrypted uses accessor methods. This means:
|
69
|
-
|
70
|
-
- Your model is always dirty after a fetch
|
71
|
-
- Data is eagerly encrypted and decrypted, causing unnecessary extra queries
|
72
|
-
- If you have other callback based dependencies (e.g. papertrail) they may receive either the encrytped or plaintext version of the columns.
|
73
|
-
|
74
86
|
## Contributing
|
75
87
|
|
76
88
|
1. Fork it
|
data/Rakefile
CHANGED
@@ -4,3 +4,30 @@ RSpec::Core::RakeTask.new('spec')
|
|
4
4
|
|
5
5
|
# If you want to make this the default task
|
6
6
|
task default: :spec
|
7
|
+
|
8
|
+
desc 'Encryption Benchmark'
|
9
|
+
task :benchmark, :count do |t, args|
|
10
|
+
require './lib/attr_encrypted_pgcrypto'
|
11
|
+
require 'benchmark'
|
12
|
+
|
13
|
+
count = (args[:count] || 10000).to_i
|
14
|
+
key = 'x9IuxbAft2Q4sQIgNvG5xvYLWLe3qIoXBvr7wjmyPm4i0F84lgdv66wBcOECIDwq'
|
15
|
+
string = '123-45-6789'
|
16
|
+
config = YAML.load_file 'spec/database.yml'
|
17
|
+
::ActiveRecord::Base.establish_connection(config['postgres'])
|
18
|
+
|
19
|
+
puts "Benchmarking #{count} calls"
|
20
|
+
Benchmark.bmbm do |b|
|
21
|
+
b.report('pgcrypto') do
|
22
|
+
count.times do |i|
|
23
|
+
AttrEncryptedPgcrypto::Encryptor.encrypt "string#{i}", key: key
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
b.report('openssl') do
|
28
|
+
count.times do |i|
|
29
|
+
Encryptor.encrypt "string#{i}", key: key
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -17,11 +17,12 @@ Gem::Specification.new do |gem|
|
|
17
17
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
18
18
|
gem.require_paths = ["lib"]
|
19
19
|
|
20
|
-
gem.add_runtime_dependency 'attr_encrypted', '~> 1.2
|
20
|
+
gem.add_runtime_dependency 'attr_encrypted', '~> 1.2'
|
21
21
|
gem.add_runtime_dependency 'activerecord', '>= 3.0'
|
22
22
|
gem.add_runtime_dependency 'activesupport', '>= 3.0'
|
23
23
|
|
24
24
|
gem.add_development_dependency 'pry'
|
25
|
-
gem.add_development_dependency '
|
26
|
-
gem.add_development_dependency '
|
25
|
+
gem.add_development_dependency 'rake'
|
26
|
+
gem.add_development_dependency 'rspec', '~> 2.14'
|
27
|
+
gem.add_development_dependency 'pg', '~> 0.14'
|
27
28
|
end
|
data/spec/lib/encryptor_spec.rb
CHANGED
@@ -16,7 +16,7 @@ describe AttrEncryptedPgcrypto::Encryptor do
|
|
16
16
|
|
17
17
|
context "valid" do
|
18
18
|
it "returns cipher text" do
|
19
|
-
AttrEncryptedPgcrypto::Encryptor.encrypt(plaintext, key: key).
|
19
|
+
expect(AttrEncryptedPgcrypto::Encryptor.encrypt(plaintext, key: key)).to be_a(String)
|
20
20
|
end
|
21
21
|
end
|
22
22
|
end
|
@@ -24,7 +24,7 @@ describe AttrEncryptedPgcrypto::Encryptor do
|
|
24
24
|
describe "#decrypt" do
|
25
25
|
context "valid" do
|
26
26
|
it "returns plaintext" do
|
27
|
-
AttrEncryptedPgcrypto::Encryptor.decrypt(cipher, key: key).
|
27
|
+
expect(AttrEncryptedPgcrypto::Encryptor.decrypt(cipher, key: key)).to eq plaintext
|
28
28
|
end
|
29
29
|
end
|
30
30
|
|
@@ -15,7 +15,7 @@ module AttrEncryptedPgcrypto::LogSubscriber
|
|
15
15
|
end
|
16
16
|
|
17
17
|
it "filters pgp functions" do
|
18
|
-
subject.
|
18
|
+
expect(subject).to receive(:sql_without_postgres_pgp) do |event|
|
19
19
|
event.payload[:sql].should == output_query
|
20
20
|
end
|
21
21
|
|
metadata
CHANGED
@@ -1,112 +1,113 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: attr_encrypted_pgcrypto
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
version: 1.2.1
|
4
|
+
version: 1.3.1
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Gabe Martin-Dempesy
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date:
|
11
|
+
date: 2014-02-10 00:00:00.000000000 Z
|
13
12
|
dependencies:
|
14
13
|
- !ruby/object:Gem::Dependency
|
15
|
-
|
14
|
+
name: attr_encrypted
|
16
15
|
requirement: !ruby/object:Gem::Requirement
|
17
|
-
none: false
|
18
16
|
requirements:
|
19
17
|
- - ~>
|
20
18
|
- !ruby/object:Gem::Version
|
21
|
-
version: 1.2
|
19
|
+
version: '1.2'
|
20
|
+
type: :runtime
|
22
21
|
prerelease: false
|
23
22
|
version_requirements: !ruby/object:Gem::Requirement
|
24
|
-
none: false
|
25
23
|
requirements:
|
26
24
|
- - ~>
|
27
25
|
- !ruby/object:Gem::Version
|
28
|
-
version: 1.2
|
29
|
-
name: attr_encrypted
|
26
|
+
version: '1.2'
|
30
27
|
- !ruby/object:Gem::Dependency
|
31
|
-
|
28
|
+
name: activerecord
|
32
29
|
requirement: !ruby/object:Gem::Requirement
|
33
|
-
none: false
|
34
30
|
requirements:
|
35
|
-
- -
|
31
|
+
- - '>='
|
36
32
|
- !ruby/object:Gem::Version
|
37
33
|
version: '3.0'
|
34
|
+
type: :runtime
|
38
35
|
prerelease: false
|
39
36
|
version_requirements: !ruby/object:Gem::Requirement
|
40
|
-
none: false
|
41
37
|
requirements:
|
42
|
-
- -
|
38
|
+
- - '>='
|
43
39
|
- !ruby/object:Gem::Version
|
44
40
|
version: '3.0'
|
45
|
-
name: activerecord
|
46
41
|
- !ruby/object:Gem::Dependency
|
47
|
-
|
42
|
+
name: activesupport
|
48
43
|
requirement: !ruby/object:Gem::Requirement
|
49
|
-
none: false
|
50
44
|
requirements:
|
51
|
-
- -
|
45
|
+
- - '>='
|
52
46
|
- !ruby/object:Gem::Version
|
53
47
|
version: '3.0'
|
48
|
+
type: :runtime
|
54
49
|
prerelease: false
|
55
50
|
version_requirements: !ruby/object:Gem::Requirement
|
56
|
-
none: false
|
57
51
|
requirements:
|
58
|
-
- -
|
52
|
+
- - '>='
|
59
53
|
- !ruby/object:Gem::Version
|
60
54
|
version: '3.0'
|
61
|
-
name: activesupport
|
62
55
|
- !ruby/object:Gem::Dependency
|
63
|
-
|
56
|
+
name: pry
|
64
57
|
requirement: !ruby/object:Gem::Requirement
|
65
|
-
none: false
|
66
58
|
requirements:
|
67
|
-
- -
|
59
|
+
- - '>='
|
68
60
|
- !ruby/object:Gem::Version
|
69
61
|
version: '0'
|
62
|
+
type: :development
|
70
63
|
prerelease: false
|
71
64
|
version_requirements: !ruby/object:Gem::Requirement
|
72
|
-
none: false
|
73
65
|
requirements:
|
74
|
-
- -
|
66
|
+
- - '>='
|
75
67
|
- !ruby/object:Gem::Version
|
76
68
|
version: '0'
|
77
|
-
name: pry
|
78
69
|
- !ruby/object:Gem::Dependency
|
70
|
+
name: rake
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - '>='
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
79
76
|
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - '>='
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: rspec
|
80
85
|
requirement: !ruby/object:Gem::Requirement
|
81
|
-
none: false
|
82
86
|
requirements:
|
83
87
|
- - ~>
|
84
88
|
- !ruby/object:Gem::Version
|
85
|
-
version: 2.
|
89
|
+
version: '2.14'
|
90
|
+
type: :development
|
86
91
|
prerelease: false
|
87
92
|
version_requirements: !ruby/object:Gem::Requirement
|
88
|
-
none: false
|
89
93
|
requirements:
|
90
94
|
- - ~>
|
91
95
|
- !ruby/object:Gem::Version
|
92
|
-
version: 2.
|
93
|
-
name: rspec
|
96
|
+
version: '2.14'
|
94
97
|
- !ruby/object:Gem::Dependency
|
95
|
-
|
98
|
+
name: pg
|
96
99
|
requirement: !ruby/object:Gem::Requirement
|
97
|
-
none: false
|
98
100
|
requirements:
|
99
101
|
- - ~>
|
100
102
|
- !ruby/object:Gem::Version
|
101
|
-
version: 0.14
|
103
|
+
version: '0.14'
|
104
|
+
type: :development
|
102
105
|
prerelease: false
|
103
106
|
version_requirements: !ruby/object:Gem::Requirement
|
104
|
-
none: false
|
105
107
|
requirements:
|
106
108
|
- - ~>
|
107
109
|
- !ruby/object:Gem::Version
|
108
|
-
version: 0.14
|
109
|
-
name: pg
|
110
|
+
version: '0.14'
|
110
111
|
description: A pgcrypto based Encryptor implementation for attr_encrypted
|
111
112
|
email:
|
112
113
|
- gabe@mudbugmedia.com
|
@@ -116,6 +117,7 @@ extra_rdoc_files: []
|
|
116
117
|
files:
|
117
118
|
- .gitignore
|
118
119
|
- .rspec
|
120
|
+
- .travis.yml
|
119
121
|
- Gemfile
|
120
122
|
- Gemfile.lock
|
121
123
|
- LICENSE.txt
|
@@ -133,27 +135,26 @@ files:
|
|
133
135
|
- spec/support/active_record.rb
|
134
136
|
homepage: https://github.com/gabetax/attr_encrypted_pgcrypto
|
135
137
|
licenses: []
|
138
|
+
metadata: {}
|
136
139
|
post_install_message:
|
137
140
|
rdoc_options: []
|
138
141
|
require_paths:
|
139
142
|
- lib
|
140
143
|
required_ruby_version: !ruby/object:Gem::Requirement
|
141
|
-
none: false
|
142
144
|
requirements:
|
143
|
-
- -
|
145
|
+
- - '>='
|
144
146
|
- !ruby/object:Gem::Version
|
145
147
|
version: '0'
|
146
148
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
147
|
-
none: false
|
148
149
|
requirements:
|
149
|
-
- -
|
150
|
+
- - '>='
|
150
151
|
- !ruby/object:Gem::Version
|
151
152
|
version: '0'
|
152
153
|
requirements: []
|
153
154
|
rubyforge_project:
|
154
|
-
rubygems_version:
|
155
|
+
rubygems_version: 2.0.6
|
155
156
|
signing_key:
|
156
|
-
specification_version:
|
157
|
+
specification_version: 4
|
157
158
|
summary: A pgcrypto based Encryptor implementation for attr_encrypted
|
158
159
|
test_files:
|
159
160
|
- spec/default.database.yml
|