blind_index 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -12
- data/README.md +7 -4
- data/lib/blind_index/extensions.rb +4 -4
- data/lib/blind_index/key_generator.rb +1 -1
- data/lib/blind_index/model.rb +8 -8
- data/lib/blind_index/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2f39918c983140363af00fe1afeda800a7476a5727fd2c676c713b92222c1f35
|
|
4
|
+
data.tar.gz: b83995b7b33eddacb2988e7fdb8816a1b2fc644161114b5e191f3d9bb2de2bd2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b2d03f17acbac80b5ecf8ac1f97321f3c68b0c689db1e50d95cc81cb3769086a5d8da6f8f0386325555c8eb715d46555281e00af38804cd240cadbefa45e86a4
|
|
7
|
+
data.tar.gz: 59092061d3b415d399f1a20232d680591ccc832af79387945d23d9309062bf10a4b8105062ea277af2fa06b454cd75f9ad3d49a44dabac1a990e2856bc700849
|
data/CHANGELOG.md
CHANGED
|
@@ -1,8 +1,13 @@
|
|
|
1
|
-
## 1.0.
|
|
1
|
+
## 1.0.2 (2019-12-26)
|
|
2
|
+
|
|
3
|
+
- Fixed `OpenSSL::KDF` error on some platforms
|
|
4
|
+
- Fixed deprecation warnings in Ruby 2.7
|
|
5
|
+
|
|
6
|
+
## 1.0.1 (2019-08-16)
|
|
2
7
|
|
|
3
8
|
- Added support for Mongoid
|
|
4
9
|
|
|
5
|
-
## 1.0.0
|
|
10
|
+
## 1.0.0 (2019-07-08)
|
|
6
11
|
|
|
7
12
|
- Added support for master key
|
|
8
13
|
- Added support for Argon2id
|
|
@@ -15,56 +20,56 @@ Breaking changes
|
|
|
15
20
|
- Removed `encrypted_` prefix from columns
|
|
16
21
|
- Changed default encoding to Base64 strict
|
|
17
22
|
|
|
18
|
-
## 0.3.5
|
|
23
|
+
## 0.3.5 (2019-05-28)
|
|
19
24
|
|
|
20
25
|
- Added support for hex keys
|
|
21
26
|
- Added `generate_key` method
|
|
22
27
|
- Fixed querying with array values
|
|
23
28
|
|
|
24
|
-
## 0.3.4
|
|
29
|
+
## 0.3.4 (2018-12-16)
|
|
25
30
|
|
|
26
31
|
- Added `size` option
|
|
27
32
|
- Added sanity checks for Argon2 cost parameters
|
|
28
33
|
- Fixed ActiveRecord callback issues introduced in 0.3.3
|
|
29
34
|
|
|
30
|
-
## 0.3.3
|
|
35
|
+
## 0.3.3 (2018-11-12)
|
|
31
36
|
|
|
32
37
|
- Added support for string keys in finders
|
|
33
38
|
|
|
34
|
-
## 0.3.2
|
|
39
|
+
## 0.3.2 (2018-06-18)
|
|
35
40
|
|
|
36
41
|
- Added support for dynamic finders
|
|
37
42
|
- Added support for inherited models
|
|
38
43
|
|
|
39
|
-
## 0.3.1
|
|
44
|
+
## 0.3.1 (2018-06-04)
|
|
40
45
|
|
|
41
46
|
- Added scrypt and Argon2 algorithms
|
|
42
47
|
- Added `cost` option
|
|
43
48
|
|
|
44
|
-
## 0.3.0
|
|
49
|
+
## 0.3.0 (2018-06-03)
|
|
45
50
|
|
|
46
51
|
- Enforce secure key generation
|
|
47
52
|
- Added `encode` option
|
|
48
53
|
- Added `default_options` method
|
|
49
54
|
|
|
50
|
-
## 0.2.1
|
|
55
|
+
## 0.2.1 (2018-05-26)
|
|
51
56
|
|
|
52
57
|
- Added class method to compute blind index
|
|
53
58
|
- Fixed issue with cached statements
|
|
54
59
|
|
|
55
|
-
## 0.2.0
|
|
60
|
+
## 0.2.0 (2018-05-11)
|
|
56
61
|
|
|
57
62
|
- Added support for ActiveRecord 4.2
|
|
58
63
|
- Improved validation support when multiple blind indexes
|
|
59
64
|
- Fixed `nil` handling
|
|
60
65
|
|
|
61
|
-
## 0.1.1
|
|
66
|
+
## 0.1.1 (2018-04-09)
|
|
62
67
|
|
|
63
68
|
- Added support for ActiveRecord 5.2
|
|
64
69
|
- Added `callback` option
|
|
65
70
|
- Added support for `key` proc
|
|
66
71
|
- Fixed error inheritance
|
|
67
72
|
|
|
68
|
-
## 0.1.0
|
|
73
|
+
## 0.1.0 (2017-12-17)
|
|
69
74
|
|
|
70
75
|
- First release
|
data/README.md
CHANGED
|
@@ -16,7 +16,7 @@ We use [this approach](https://paragonie.com/blog/2017/05/building-searchable-en
|
|
|
16
16
|
|
|
17
17
|
An important consideration in searchable encryption is leakage, which is information an attacker can gain. Blind indexing leaks that rows have the same value. If you use this for a field like last name, an attacker can use frequency analysis to predict the values. In an active attack where an attacker can control the input values, they can learn which other values in the database match.
|
|
18
18
|
|
|
19
|
-
Here’s a [great article](https://blog.cryptographyengineering.com/2019/02/11/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function/) on leakage in searchable encryption. Blind indexing has the same leakage as deterministic encryption.
|
|
19
|
+
Here’s a [great article](https://blog.cryptographyengineering.com/2019/02/11/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function/) on leakage in searchable encryption. Blind indexing has the same leakage as [deterministic encryption](#alternatives).
|
|
20
20
|
|
|
21
21
|
## Installation
|
|
22
22
|
|
|
@@ -294,7 +294,10 @@ end
|
|
|
294
294
|
|
|
295
295
|
## Alternatives
|
|
296
296
|
|
|
297
|
-
One alternative to blind indexing is to use a deterministic encryption scheme, like [AES-SIV](https://github.com/miscreant/miscreant). In this approach, the encrypted data will be the same for matches.
|
|
297
|
+
One alternative to blind indexing is to use a deterministic encryption scheme, like [AES-SIV](https://github.com/miscreant/miscreant). In this approach, the encrypted data will be the same for matches. We recommend blind indexing over deterministic encryption because:
|
|
298
|
+
|
|
299
|
+
1. You can keep encryption consistent for all fields (both searchable and non-searchable)
|
|
300
|
+
2. Blind indexing supports expressions
|
|
298
301
|
|
|
299
302
|
## Upgrading
|
|
300
303
|
|
|
@@ -335,7 +338,7 @@ And add to your model
|
|
|
335
338
|
|
|
336
339
|
```ruby
|
|
337
340
|
class User < ApplicationRecord
|
|
338
|
-
blind_index :email, key: ENV["USER_EMAIL_BLIND_INDEX_KEY"], legacy: true, rotate:
|
|
341
|
+
blind_index :email, key: ENV["USER_EMAIL_BLIND_INDEX_KEY"], legacy: true, rotate: {}
|
|
339
342
|
end
|
|
340
343
|
```
|
|
341
344
|
|
|
@@ -416,5 +419,5 @@ To get started with development and testing:
|
|
|
416
419
|
git clone https://github.com/ankane/blind_index.git
|
|
417
420
|
cd blind_index
|
|
418
421
|
bundle install
|
|
419
|
-
rake test
|
|
422
|
+
bundle exec rake test
|
|
420
423
|
```
|
|
@@ -10,9 +10,9 @@ module BlindIndex
|
|
|
10
10
|
value = new_hash.delete(key)
|
|
11
11
|
new_hash[bi[:bidx_attribute]] =
|
|
12
12
|
if value.is_a?(Array)
|
|
13
|
-
value.map { |v| BlindIndex.generate_bidx(v, bi) }
|
|
13
|
+
value.map { |v| BlindIndex.generate_bidx(v, **bi) }
|
|
14
14
|
else
|
|
15
|
-
BlindIndex.generate_bidx(value, bi)
|
|
15
|
+
BlindIndex.generate_bidx(value, **bi)
|
|
16
16
|
end
|
|
17
17
|
end
|
|
18
18
|
end
|
|
@@ -64,7 +64,7 @@ module BlindIndex
|
|
|
64
64
|
if ActiveRecord::VERSION::STRING >= "5.2"
|
|
65
65
|
def build_relation(klass, attribute, value)
|
|
66
66
|
if klass.respond_to?(:blind_indexes) && (bi = klass.blind_indexes[attribute])
|
|
67
|
-
value = BlindIndex.generate_bidx(value, bi)
|
|
67
|
+
value = BlindIndex.generate_bidx(value, **bi)
|
|
68
68
|
attribute = bi[:bidx_attribute]
|
|
69
69
|
end
|
|
70
70
|
super(klass, attribute, value)
|
|
@@ -72,7 +72,7 @@ module BlindIndex
|
|
|
72
72
|
else
|
|
73
73
|
def build_relation(klass, table, attribute, value)
|
|
74
74
|
if klass.respond_to?(:blind_indexes) && (bi = klass.blind_indexes[attribute])
|
|
75
|
-
value = BlindIndex.generate_bidx(value, bi)
|
|
75
|
+
value = BlindIndex.generate_bidx(value, **bi)
|
|
76
76
|
attribute = bi[:bidx_attribute]
|
|
77
77
|
end
|
|
78
78
|
super(klass, table, attribute, value)
|
data/lib/blind_index/model.rb
CHANGED
|
@@ -61,7 +61,7 @@ module BlindIndex
|
|
|
61
61
|
)
|
|
62
62
|
|
|
63
63
|
define_singleton_method class_method_name do |value|
|
|
64
|
-
BlindIndex.generate_bidx(value, blind_indexes[name])
|
|
64
|
+
BlindIndex.generate_bidx(value, **blind_indexes[name])
|
|
65
65
|
end
|
|
66
66
|
|
|
67
67
|
define_singleton_method method_name do |value|
|
|
@@ -90,14 +90,14 @@ module BlindIndex
|
|
|
90
90
|
end
|
|
91
91
|
end
|
|
92
92
|
end
|
|
93
|
-
end
|
|
94
93
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
94
|
+
module InstanceMethods
|
|
95
|
+
def read_attribute_for_validation(key)
|
|
96
|
+
if (bi = self.class.blind_indexes[key])
|
|
97
|
+
send(bi[:attribute])
|
|
98
|
+
else
|
|
99
|
+
super
|
|
100
|
+
end
|
|
101
101
|
end
|
|
102
102
|
end
|
|
103
103
|
end
|
data/lib/blind_index/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: blind_index
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Kane
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-12-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -198,7 +198,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
198
198
|
- !ruby/object:Gem::Version
|
|
199
199
|
version: '0'
|
|
200
200
|
requirements: []
|
|
201
|
-
rubygems_version: 3.
|
|
201
|
+
rubygems_version: 3.1.2
|
|
202
202
|
signing_key:
|
|
203
203
|
specification_version: 4
|
|
204
204
|
summary: Securely search encrypted database fields
|