attr_vault 0.0.8 → 0.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/attr_vault/cryptor.rb +16 -9
- data/lib/attr_vault/version.rb +1 -1
- data/spec/attr_vault_spec.rb +9 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 79953f549103ea6e7aacb9e6a16202602b97cd63
|
4
|
+
data.tar.gz: f1ae2035a82fe167289b43756c43d9aa8bce0ce5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bbfcd6f8aa8df8c3f082f2a6777c593fda49693978626e033c3848c4bdd996e41e5835d44c73b8116a7ecb8e208b4a106e117e517b0d19b9e0a2fe545766c791
|
7
|
+
data.tar.gz: 7d8b9d5126597a491ab1a5f40299c2b8f4356026b4b27b150675bc0c7183bb4e39648c96b75a80d5c13971d2728ae5d9ae36a0cd1518e24c9f5a6c36f7b99d3d
|
data/lib/attr_vault/cryptor.rb
CHANGED
@@ -2,18 +2,27 @@ require 'base64'
|
|
2
2
|
|
3
3
|
module AttrVault
|
4
4
|
module Cryptor
|
5
|
+
|
6
|
+
PARANOID = true
|
7
|
+
|
5
8
|
def self.encrypt(value, key)
|
6
9
|
return value if value.nil? || value.empty?
|
7
10
|
|
8
11
|
secret = AttrVault::Secret.new(key)
|
12
|
+
encrypted_message, iv = Encryption.encrypt(key: secret.encryption_key,
|
13
|
+
message: value)
|
14
|
+
encrypted_payload = iv + encrypted_message
|
15
|
+
mac = Encryption.hmac_digest(secret.signing_key, encrypted_payload)
|
9
16
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
17
|
+
if PARANOID
|
18
|
+
mac_again = Encryption.hmac_digest(secret.signing_key, encrypted_payload)
|
19
|
+
unless verify_signature(mac, mac_again)
|
20
|
+
raise InvalidCiphertext, "Could not reliably calculate HMAC; " +
|
21
|
+
"got #{Base64.encode64(mac)} and #{Base64.encode64(mac_again)} " +
|
22
|
+
"for the same values"
|
23
|
+
end
|
24
|
+
end
|
14
25
|
|
15
|
-
encrypted_payload = iv + encrypted_message
|
16
|
-
mac = OpenSSL::HMAC.digest('sha256', secret.signing_key, encrypted_payload)
|
17
26
|
Sequel.blob(mac + encrypted_payload)
|
18
27
|
end
|
19
28
|
|
@@ -21,10 +30,9 @@ module AttrVault
|
|
21
30
|
return encrypted if encrypted.nil? || encrypted.empty?
|
22
31
|
|
23
32
|
secret = AttrVault::Secret.new(key)
|
24
|
-
|
25
33
|
hmac, encrypted_payload = encrypted[0...32], encrypted[32..-1]
|
26
|
-
|
27
34
|
expected_hmac = Encryption.hmac_digest(secret.signing_key, encrypted_payload)
|
35
|
+
|
28
36
|
unless verify_signature(expected_hmac, hmac)
|
29
37
|
raise InvalidCiphertext,
|
30
38
|
"Expected hmac #{Base64.encode64(expected_hmac)} for this value; " +
|
@@ -32,7 +40,6 @@ module AttrVault
|
|
32
40
|
end
|
33
41
|
|
34
42
|
iv, encrypted_message = encrypted_payload[0...16], encrypted_payload[16..-1]
|
35
|
-
|
36
43
|
block_size = Encryption::AES_BLOCK_SIZE
|
37
44
|
unless (encrypted_message.size % block_size).zero?
|
38
45
|
raise InvalidCiphertext,
|
data/lib/attr_vault/version.rb
CHANGED
data/spec/attr_vault_spec.rb
CHANGED
@@ -56,6 +56,15 @@ describe AttrVault do
|
|
56
56
|
expect(s.secret_encrypted).to be_nil
|
57
57
|
end
|
58
58
|
|
59
|
+
it "sets fields to empty that were previously not empty" do
|
60
|
+
s = item.create(secret: 'joyce hatto')
|
61
|
+
s.reload
|
62
|
+
s.update(secret: '')
|
63
|
+
s.reload
|
64
|
+
expect(s.secret).to eq ''
|
65
|
+
expect(s.secret_encrypted).not_to be_nil
|
66
|
+
end
|
67
|
+
|
59
68
|
it "stores the key id" do
|
60
69
|
secret = 'it was professor plum with the wrench in the library'
|
61
70
|
s = item.create(secret: secret)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: attr_vault
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Maciek Sakrejda
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-12-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|