blind_index 0.3.4 → 0.3.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0a5e0cf17996a671847cd6b7d9c89820c4dfa319c1f6e8c60bff430d5fdbb222
-  data.tar.gz: 82d7b94d12cd4391d48d845613a75740c0edbcb38d9d8272054b3bea58574c81
+  metadata.gz: 8f5aab7dbd2a784f6bcc2b464c14f76621c94886ec4764bc5e51f97ac74ae0d9
+  data.tar.gz: 104135feff81321860030ca46946cd5021cfb97fcc5a3953742ac61cee842cfd
 SHA512:
-  metadata.gz: ff9d3d7b14c867a1972faa2600bfec2918fee21b2c2108bfa5a358990d1fc661c2aab84cc39c1610a0064cfd6a9b0ad461c1269b4bfdc8b85414f944235d864b
-  data.tar.gz: 87f28352c529b0cb61a0b4cf050a3619234da3e21fb06b5ba36d3d605119910678947994d381bb3a1bad81716300fe184d0adf8aa73cb78a95bd93ce93a23206
+  metadata.gz: b79e2f7597a572b4732f326bde1ce82de7941ffd3e97dc609834931cacb86a59c2ae6f5cc981cda0f6827956823bd01d910b56c5092409547a539a5db010e1b8
+  data.tar.gz: ba72cc3e13bb0fdd12e3502d1657e20074af745b41bb8fcb34df495e14fbddb36c3535e450950aa3ccb935a92c9cbbdcc70c7f1eaacccaba8c3fa358a3955470

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.3.5
+
+- Added support for hex keys
+- Added `generate_key` method
+- Fixed querying with array values
+
 ## 0.3.4
 
 - Added `size` option

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2017-2018 Andrew Kane
+Copyright (c) 2017-2019 Andrew Kane
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -6,11 +6,19 @@ Designed for use with [attr_encrypted](https://github.com/attr-encrypted/attr_en
 
 Here’s a [full example](https://ankane.org/securing-user-emails-in-rails) of how to use it
 
+Check out [this post](https://ankane.org/sensitive-data-rails) for more info on securing sensitive data with Rails
+
 [![Build Status](https://travis-ci.org/ankane/blind_index.svg?branch=master)](https://travis-ci.org/ankane/blind_index)
 
 ## How It Works
 
-We use [this approach](https://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql) by Scott Arciszewski. To summarize, we compute a keyed hash of the sensitive data and store it in a column. To query, we apply the keyed hash function (PBKDF2-SHA256 by default) to the value we’re searching and then perform a database search. This results in performant queries for equality operations, while keeping the data secure from those without the key.
+We use [this approach](https://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql) by Scott Arciszewski. To summarize, we compute a keyed hash of the sensitive data and store it in a column. To query, we apply the keyed hash function to the value we’re searching and then perform a database search. This results in performant queries for exact matches. `LIKE` queries are not possible, but you can index expressions.
+
+## Leakage
+
+An important consideration in searchable encryption is leakage, which is information an attacker can gain. Blind indexing leaks that rows have the same value. If you use this for a field like last name, an attacker can use frequency analysis to predict the values. In an active attack where an attacker can control the input values, they can learn which other values in the database match.
+
+Here’s a [great article](https://blog.cryptographyengineering.com/2019/02/11/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function/) on leakage in searchable encryption. Blind indexing has the same leakage as deterministic encryption.
 
 ## Installation
 
@@ -31,26 +39,28 @@ add_column :users, :encrypted_email_bidx, :string
 add_index :users, :encrypted_email_bidx
 ```
 
-And add to your model
+Next, generate a key
 
 ```ruby
-class User < ApplicationRecord
-  blind_index :email, key: [ENV["EMAIL_BLIND_INDEX_KEY"]].pack("H*")
-end
+BlindIndex.generate_key
 ```
 
-We use an environment variable to store the key as a hex-encoded string ([dotenv](https://github.com/bkeepers/dotenv) is great for this). [Here’s an explanation](https://ankane.org/encryption-keys) of why `pack` is used. *Do not commit it to source control.* This should be different than the key you use for encryption. You can generate a key in the Rails console with:
-
-```ruby
-SecureRandom.hex(32)
-```
+Store the key with your other secrets. This is typically Rails credentials or an environment variable ([dotenv](https://github.com/bkeepers/dotenv) is great for this). Be sure to use different keys in development and production, and be sure this is different than the key you use for encryption. Keys don’t need to be hex-encoded, but it’s often easier to store them this way.
 
-For development, you can use this:
+Here’s a key you can use in development
 
 ```sh
 EMAIL_BLIND_INDEX_KEY=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
 ```
 
+Add to your model
+
+```ruby
+class User < ApplicationRecord
+  blind_index :email, key: ENV["EMAIL_BLIND_INDEX_KEY"]
+end
+```
+
 Backfill existing records
 
 ```ruby
@@ -212,8 +222,8 @@ And add to your model
 
 ```ruby
 class User < ApplicationRecord
-  blind_index :email, key: [ENV["EMAIL_BLIND_INDEX_KEY"]].pack("H*")
-  blind_index :email_v2, attribute: :email, key: [ENV["EMAIL_V2_BLIND_INDEX_KEY"]].pack("H*")
+  blind_index :email, key: ENV["EMAIL_BLIND_INDEX_KEY"]
+  blind_index :email_v2, attribute: :email, key: ENV["EMAIL_V2_BLIND_INDEX_KEY"]
 end
 ```
 
@@ -230,7 +240,7 @@ Then update your model
 
 ```ruby
 class User < ApplicationRecord
-  blind_index :email, bidx_attribute: :encrypted_email_v2_bidx, key: [ENV["EMAIL_V2_BLIND_INDEX_KEY"]].pack("H*")
+  blind_index :email, bidx_attribute: :encrypted_email_v2_bidx, key: ENV["EMAIL_V2_BLIND_INDEX_KEY"]
 
   # remove this line after dropping column
   self.ignored_columns = ["encrypted_email_bidx"]
@@ -254,6 +264,12 @@ Be sure to include the `inspect` at the end, or it won’t be encoded properly i
 
 ## Reference
 
+Set default options in an initializer with:
+
+```ruby
+BlindIndex.default_options[:algorithm] = :argon2
+```
+
 By default, blind indexes are encoded in Base64. Set a different encoding with:
 
 ```ruby

data/lib/blind_index.rb

@@ -11,16 +11,16 @@ module BlindIndex
   class << self
     attr_accessor :default_options
   end
-  self.default_options = {
-    iterations: 10000,
-    algorithm: :pbkdf2_sha256,
-    insecure_key: false,
-    encode: true,
-    cost: {}
-  }
+  self.default_options = {}
 
   def self.generate_bidx(value, key:, **options)
-    options = default_options.merge(options)
+    options = {
+      iterations: 10000,
+      algorithm: :pbkdf2_sha256,
+      insecure_key: false,
+      encode: true,
+      cost: {}
+    }.merge(default_options).merge(options)
 
     # apply expression
     value = options[:expression].call(value) if options[:expression]
@@ -35,6 +35,11 @@ module BlindIndex
 
       key = key.to_s
       unless options[:insecure_key] && algorithm == :pbkdf2_sha256
+        # decode hex key
+        if key.encoding != Encoding::BINARY && key =~ /\A[0-9a-f]{64}\z/i
+          key = [key].pack("H*")
+        end
+
         raise BlindIndex::Error, "Key must use binary encoding" if key.encoding != Encoding::BINARY
         raise BlindIndex::Error, "Key must be 32 bytes" if key.bytesize != 32
       end
@@ -90,6 +95,11 @@ module BlindIndex
       end
     end
   end
+
+  def self.generate_key
+    require "securerandom"
+    SecureRandom.hex(32)
+  end
 end
 
 ActiveSupport.on_load(:active_record) do

data/lib/blind_index/extensions.rb

@@ -7,7 +7,13 @@ module BlindIndex
         if has_blind_indexes?
           hash.each do |key, _|
             if key.respond_to?(:to_sym) && (bi = klass.blind_indexes[key.to_sym]) && !new_hash[key].is_a?(ActiveRecord::StatementCache::Substitute)
-              new_hash[bi[:bidx_attribute]] = BlindIndex.generate_bidx(new_hash.delete(key), bi)
+              value = new_hash.delete(key)
+              new_hash[bi[:bidx_attribute]] =
+                if value.is_a?(Array)
+                  value.map { |v| BlindIndex.generate_bidx(v, bi) }
+                else
+                  BlindIndex.generate_bidx(value, bi)
+                end
             end
           end
         end
@@ -30,7 +36,13 @@ module BlindIndex
         if has_blind_indexes?(klass)
           hash.each do |key, _|
             if key.respond_to?(:to_sym) && (bi = klass.blind_indexes[key.to_sym]) && !new_hash[key].is_a?(ActiveRecord::StatementCache::Substitute)
-              new_hash[bi[:bidx_attribute]] = BlindIndex.generate_bidx(new_hash.delete(key), bi)
+              value = new_hash.delete(key)
+              new_hash[bi[:bidx_attribute]] =
+                if value.is_a?(Array)
+                  value.map { |v| BlindIndex.generate_bidx(v, bi) }
+                else
+                  BlindIndex.generate_bidx(value, bi)
+                end
             end
           end
         end

data/lib/blind_index/version.rb

@@ -1,3 +1,3 @@
 module BlindIndex
-  VERSION = "0.3.4"
+  VERSION = "0.3.5"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: blind_index
 version: !ruby/object:Gem::Version
-  version: 0.3.4
+  version: 0.3.5
 platform: ruby
 authors:
 - Andrew Kane
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-12-16 00:00:00.000000000 Z
+date: 2019-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -98,16 +98,16 @@ dependencies:
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: scrypt
   requirement: !ruby/object:Gem::Requirement
@@ -182,8 +182,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Securely search encrypted database fields