crypt_keeper 1.1.1 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 78d7a7f1ea679f9a1542a65b537a446065c9cd27
-  data.tar.gz: 518d78e7d4a80e07faa80b9eac9c3b268e2db2c8
+SHA256:
+  metadata.gz: 9607ecd6a9297094077cafed8d0f5a29624d4d68f1309630423b53442bdfba5e
+  data.tar.gz: 7f7f07056ba8990311944d6b9bc4c9977354113e7e489b6fd5a2c27b3bb39b56
 SHA512:
-  metadata.gz: 30b9ccbea99c9ac89ee4bf4c9df73fc0b95e2ae3f65aca3e9936a95bd406d271e672e73cefa2c717a2f0c057c638ca876a238c7058da2c3ad6e3f2d2d12720cb
-  data.tar.gz: 07f33f2caca79c5be2c45f2365601e8939b5c64200fba53c00de3e70a9d6b221a68efe47aad00fc7b42003bce2c964ce68701656966149afe4b65dfc45a4e0a7
+  metadata.gz: 211a89c08366409e4800fb000e7779fbc4162ce6abd43bc8fb3023984b381db2c5e5061d60668d863d42be75ea7cf3e83f751a1aa5dedf0e96891f019fe4dd04
+  data.tar.gz: 2fab3a0eed0e1fbffc65831a469d83a2e5d1ffa748c26c4e7882696de670d5c18bed078323b5e08066e1fda345094b55bde4f85ec782c3017635709eb9984464

data/.travis.yml

@@ -1,23 +1,60 @@
 language: ruby
 
 rvm:
-  - 2.1.10
-  - 2.2.5
-  - 2.3.1
+  - 2.2.10
+  - 2.3.8
+  - 2.4.5
+  - 2.5.3
+  - 2.6.4
+  - 2.7.2
 
 gemfile:
   - gemfiles/activerecord_4_2.gemfile
+  - gemfiles/activerecord_5_0.gemfile
   - gemfiles/activerecord_5_1.gemfile
+  - gemfiles/activerecord_5_2.gemfile
+  - gemfiles/activerecord_6_0.gemfile
+  - gemfiles/activerecord_6_1.gemfile
+  
 
 matrix:
   exclude:
-    - gemfile: gemfiles/activerecord_5_1.gemfile
-      rvm: 2.1.10
+  - rvm: 2.2.10
+    gemfile: gemfiles/activerecord_5_0.gemfile
+  - rvm: 2.2.10
+    gemfile: gemfiles/activerecord_5_1.gemfile
+  - rvm: 2.2.10
+    gemfile: gemfiles/activerecord_6_0.gemfile
+  - rvm: 2.2.10
+    gemfile: gemfiles/activerecord_6_1.gemfile
+  - rvm: 2.3.8
+    gemfile: gemfiles/activerecord_5_0.gemfile
+  - rvm: 2.3.8
+    gemfile: gemfiles/activerecord_5_1.gemfile
+  - rvm: 2.3.8
+    gemfile: gemfiles/activerecord_6_0.gemfile
+  - rvm: 2.3.8
+    gemfile: gemfiles/activerecord_6_1.gemfile
+  - rvm: 2.4.5
+    gemfile: gemfiles/activerecord_5_0.gemfile
+  - rvm: 2.4.5
+    gemfile: gemfiles/activerecord_5_1.gemfile
+  - rvm: 2.4.5
+    gemfile: gemfiles/activerecord_6_0.gemfile
+  - rvm: 2.4.5
+    gemfile: gemfiles/activerecord_6_1.gemfile
+  - rvm: 2.5.3
+    gemfile: gemfiles/activerecord_5_0.gemfile
+  - rvm: 2.5.3
+    gemfile: gemfiles/activerecord_5_1.gemfile
+  - rvm: 2.6.4
+    gemfile: gemfiles/activerecord_5_0.gemfile
+  - rvm: 2.6.4
+    gemfile: gemfiles/activerecord_5_1.gemfile
 
-addons:
-  postgresql: 9.3
-
-sudo: false
+services:
+  - postgresql
+  - mysql
 
 before_script:
   - cp spec/default.database.yml spec/database.yml
@@ -25,7 +62,8 @@ before_script:
   - psql crypt_keeper_providers -c 'CREATE EXTENSION IF NOT EXISTS pgcrypto;' -U postgres
   - mysql -e 'CREATE DATABASE crypt_keeper_providers'
 
-branches: master
+branches: 
+  - master
 
 notifications:
   email:

data/Appraisals

@@ -1,9 +1,36 @@
 appraise "activerecord_4_2" do
   gem "activerecord",  "~> 4.2.0"
   gem "activesupport", "~> 4.2.0"
+  gem "sqlite3", "~> 1.3.0"
+
+  # otherwise you get "undefined method `new' for BigDecimal:Class" in Ruby 2.7
+  gem "bigdecimal", "1.3.5"
 end
 
 appraise "activerecord_5_0" do
   gem "activerecord",  "~> 5.0.0"
   gem "activesupport", "~> 5.0.0"
+
+  gem "sqlite3", "~> 1.3.6"
+end
+
+appraise "activerecord_5_1" do
+  gem "activerecord",  "~> 5.1.0"
+  gem "activesupport", "~> 5.1.0"
+end
+
+appraise "activerecord_5_2" do
+  gem "activerecord",  "~> 5.2.0"
+  gem "activesupport", "~> 5.2.0"
+end
+
+appraise "activerecord_6_0" do
+  gem "activerecord",  "~> 6.0.0"
+  gem "activesupport", "~> 6.0.0"
+end
+
+appraise "activerecord_6_1" do
+  gem "activerecord",  "~> 6.1.0"
+  gem "activesupport", "~> 6.1.0"
+  gem "pg", "~> 1.1"
 end

data/README.md

@@ -15,7 +15,7 @@ is a simple class that does 3 things.
 Note: Any options defined using `crypt_keeper` will be passed to `new` as a
 hash.
 
-You can see an AES example [here](https://github.com/jmazzi/crypt_keeper/blob/master/lib/crypt_keeper/provider/aes_new.rb).
+You can see an example [here](https://github.com/jmazzi/crypt_keeper/blob/master/lib/crypt_keeper/provider/active_support.rb).
 
 ## Why?
 
@@ -27,7 +27,7 @@ simple that *just works*.
 
 ```ruby
 class MyModel < ActiveRecord::Base
-  crypt_keeper :field, :other_field, :encryptor => :aes_new, :key => 'super_good_password', salt: 'salt'
+  crypt_keeper :field, :other_field, encryptor: :active_support, key: 'super_good_password', salt: 'salt'
 end
 
 model = MyModel.new(field: 'sometext')
@@ -47,13 +47,49 @@ expected behavior, and has its use cases. An example would be migrating from
 one type of encryption to another. Using `update_column` would allow you to
 update the content without going through the current encryptor.
 
+## Generating Keys/Salts
+
+For encryptors requiring secret keys/salts, you can generate them via
+`rails secret`:
+
+```
+rails secret
+ef209071bd76143a75eda57b99425da63ce6c2d44581d652aa4302a90dcd7d7e99cbc22091c01a19f93ea484f40b142612f9bf76de8eb2d51ff9b3eb02a7782c
+```
+
+Or manually (this is the same implementation that Rails uses):
+
+```
+ruby -e "require 'securerandom'; puts SecureRandom.hex(64)"
+```
+
+These values should be stored outside of your application repository for added
+security. For example, one could use [dotenv][] and reference them as `ENV`
+variables.
+
+```
+# .env
+CRYPT_KEEPER_KEY=75d942f3d3b3492772e0330f717eaf5e689673ea8b983475ef8f6551f6e99d280cd89972706e46b48240cc01c4d0f7df5ffa3524566b789d147ed04cc4ea4eab
+CRYPT_KEEPER_SALT=b16a153e99a5db616a861ea5a6febc64d8a758c4aef3b8c8fc6675ac9daf03f7965f16e8b4b2bdfd28ff65f5203afb8102b8f41c514c3667bb3512015b1e77e8
+```
+
+Then in your model:
+
+```ruby
+class MyModel < ActiveRecord::Base
+  crypt_keeper :field, :other_field, encryptor: :active_support, key: ENV["CRYPT_KEEPER_KEY"], salt: ENV["CRYPT_KEEPER_SALT"]
+end
+```
+
+[dotenv]: https://github.com/bkeepers/dotenv
+
 ## Encodings
 
 You can force an encoding on the plaintext before encryption and after decryption by using the `encoding` option. This is useful when dealing with multibyte strings:
 
 ```ruby
 class MyModel < ActiveRecord::Base
-  crypt_keeper :field, :other_field, :encryptor => :aes_new, :key => 'super_good_password', salt: 'salt', :encoding => 'UTF-8'
+  crypt_keeper :field, :other_field, encryptor: :active_support, key: 'super_good_password', salt: 'salt', encoding: 'UTF-8'
 end
 
 model = MyModel.new(field: 'Tromsø')
@@ -68,7 +104,7 @@ If you are working with an existing table you would like to encrypt, you must us
 
 ```ruby
 class MyExistingModel < ActiveRecord::Base
-  crypt_keeper :field, :other_field, :encryptor => :aes_new, :key => 'super_good_password', salt: 'salt'
+  crypt_keeper :field, :other_field, encryptor: :active_support, key: 'super_good_password', salt: 'salt'
 end
 
 MyExistingModel.encrypt_table!
@@ -78,10 +114,10 @@ Running `encrypt_table!` will encrypt all rows in the database using the encrypt
 
 ## Supported Available Encryptors
 
-There are four supported encryptors: `aes_new`, `mysql_aes_new`, `postgres_pgp`, `postgres_pgp_public_key`.
+There are four supported encryptors: `active_support`, `mysql_aes_new`, `postgres_pgp`, `postgres_pgp_public_key`.
 
-* [AES New](https://github.com/jmazzi/crypt_keeper/blob/master/lib/crypt_keeper/provider/aes_new.rb)
-  * Encryption is peformed using AES-256 via OpenSSL.
+* [ActiveSupport](https://github.com/jmazzi/crypt_keeper/blob/master/lib/crypt_keeper/provider/active_support.rb)
+  * Encryption is performed using [ActiveSupport::MessageEncryptor](http://api.rubyonrails.org/classes/ActiveSupport/MessageEncryptor.html)
   * Passphrases are derived using [PBKDF2](http://en.wikipedia.org/wiki/PBKDF2)
 
 * [MySQL AES New](https://github.com/jmazzi/crypt_keeper/blob/master/lib/crypt_keeper/provider/mysql_aes_new.rb)
@@ -111,14 +147,14 @@ There are four supported encryptors: `aes_new`, `mysql_aes_new`, `postgres_pgp`,
 ## Searching
 Searching ciphertext is a complex problem that varies depending on the encryption algorithm you choose. All of the bundled providers include search support, but they have some caveats.
 
-* AES
-  * The Ruby implementation of AES uses a random initialization vector. The same plaintext encrypted multiple times will have different output each time for the ciphertext. Since this is the case, it is not possible to search leveraging the database. Database rows will need to be filtered in memory. It is suggested that you use a scope or ActiveRecord batches to narrow the results before seaching them.
+* ActiveSupport::MessageEncryptor
+  * ActiveSupport's MessageEncryptor uses a random initialization vector when generating keys. The same plaintext encrypted multiple times will have different output each time for the ciphertext. Since this is the case, it is not possible to search leveraging the database. Database rows will need to be filtered in memory. It is suggested that you use a scope or ActiveRecord batches to narrow the results before seaching them.
 
 * Mysql AES
- * Surprisingly, MySQL's implementation of AES does not use a random initialization vector. The column containing the ciphertext can be indexed and searched quickly.
+  * Surprisingly, MySQL's implementation of AES does not use a random initialization vector. The column containing the ciphertext can be indexed and searched quickly.
 
 * PostgresSQL PGP
- * PGP also uses a random initialization vector which means it generates unique output each time you encrypt plaintext. Although the database can be searched by performing row level decryption and comparing the plaintext, it will not be able to use an index. A scope or batch is suggested when searching.
+  * PGP also uses a random initialization vector which means it generates unique output each time you encrypt plaintext. Although the database can be searched by performing row level decryption and comparing the plaintext, it will not be able to use an index. A scope or batch is suggested when searching.
 
 ## How the search interface is used
 
@@ -157,10 +193,35 @@ as a string or an underscored symbol
 
 ```ruby
 class MyModel < ActiveRecord::Base
-  crypt_keeper :field, :other_field, :encryptor => :my_encryptor, :key => 'super_good_password'
+  crypt_keeper :field, :other_field, encryptor: :my_encryptor, key: 'super_good_password'
 end
 ```
 
+## Migrating from CryptKeeper 1.x to 2.0
+
+CryptKeeper 2.0 removes the AES encryptor due to security issues in the
+underlying AES gem. If you were previously using the `aes_new` encryptor, you
+will need to follow these instructions to reencrypt your data.
+
+The general migration path is as follows:
+
+1. Enable maintenance mode in any live apps
+2. Backup database
+3. Decrypt tables: TableName.decrypt_table!
+4. Update to 2.0.0.rc1 in your app. Update the encryptor to use :active_support
+5. Encrypt tables: `TableName.encrypt_table!`
+6. Verify data can be decrypted: `TableName.first`
+7. Disable maintenance mode if necessary
+
+In case you experience problems, the rollback procedure is as follows:
+
+1. Enable maintenance mode
+2. Backup database again
+3. Restore first database dump, from before CryptKeeper 2.0.0.rc1
+4. Verify data can be decrypted
+5. Disable maintenance mode
+6. Let us know what happened :(
+
 ## Requirements
 
 CryptKeeper has been tested against ActiveRecord 4.2 and 5.0 using Ruby

data/crypt_keeper.gemspec

@@ -16,10 +16,10 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = CryptKeeper::VERSION
 
-  gem.add_runtime_dependency 'activerecord',  '>= 4.2', '< 5.2'
-  gem.add_runtime_dependency 'activesupport', '>= 4.2', '< 5.2'
-  gem.add_runtime_dependency 'aes',           '~> 0.5.0'
-  gem.add_runtime_dependency 'armor',         '~> 0.0.2'
+  gem.post_install_message = "WARNING: CryptKeeper 2.0 contains breaking changes and may require you to reencrypt your data! Please view the README at https://github.com/jmazzi/crypt_keeper for more information."
+
+  gem.add_runtime_dependency 'activerecord',  '>= 4.2', '< 6.2'
+  gem.add_runtime_dependency 'activesupport', '>= 4.2', '< 6.2'
 
   gem.add_development_dependency 'rspec',       '~> 3.5.0'
   gem.add_development_dependency 'guard',       '~> 2.6.1'
@@ -35,8 +35,8 @@ Gem::Specification.new do |gem|
     gem.add_development_dependency 'activerecord-jdbcpostgresql-adapter'
     gem.add_development_dependency 'activerecord-jdbcmysql-adapter'
   else
-    gem.add_development_dependency 'sqlite3'
+    gem.add_development_dependency 'sqlite3', '>= 1.3.3', '< 1.5'
     gem.add_development_dependency 'pg', '~> 0.18.0'
-    gem.add_development_dependency 'mysql2', '~> 0.3.11'
+    gem.add_development_dependency 'mysql2', '>= 0.3.13', '< 0.6.0'
   end
 end

data/gemfiles/activerecord_4_2.gemfile

@@ -4,5 +4,7 @@ source "https://rubygems.org"
 
 gem "activerecord", "~> 4.2.0"
 gem "activesupport", "~> 4.2.0"
+gem "sqlite3", "~> 1.3.0"
+gem "bigdecimal", "1.3.5"
 
 gemspec :path => "../"

data/gemfiles/activerecord_5_0.gemfile

@@ -0,0 +1,9 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 5.0.0"
+gem "activesupport", "~> 5.0.0"
+gem "sqlite3", "~> 1.3.6"
+
+gemspec :path => "../"

data/gemfiles/activerecord_5_1.gemfile

@@ -2,7 +2,7 @@
 
 source "https://rubygems.org"
 
-gem "activerecord", "~> 5.1"
-gem "activesupport", "~> 5.1"
+gem "activerecord", "~> 5.1.0"
+gem "activesupport", "~> 5.1.0"
 
 gemspec :path => "../"

data/gemfiles/activerecord_5_2.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 5.2.0"
+gem "activesupport", "~> 5.2.0"
+
+gemspec :path => "../"

data/gemfiles/activerecord_6_0.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 6.0.0"
+gem "activesupport", "~> 6.0.0"
+
+gemspec :path => "../"

data/gemfiles/activerecord_6_1.gemfile

@@ -0,0 +1,9 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "activerecord", "~> 6.1.0"
+gem "activesupport", "~> 6.1.0"
+gem "pg", "~> 1.1"
+
+gemspec :path => "../"

data/lib/crypt_keeper.rb

@@ -4,7 +4,7 @@ require 'crypt_keeper/version'
 require 'crypt_keeper/model'
 require 'crypt_keeper/helper'
 require 'crypt_keeper/provider/base'
-require 'crypt_keeper/provider/aes_new'
+require 'crypt_keeper/provider/active_support'
 require 'crypt_keeper/provider/mysql_aes_new'
 require 'crypt_keeper/provider/postgres_base'
 require 'crypt_keeper/provider/postgres_pgp'

data/lib/crypt_keeper/helper.rb

@@ -12,6 +12,10 @@ module CryptKeeper
       def escape_and_execute_sql(query, new_transaction: false)
         query = ::ActiveRecord::Base.send :sanitize_sql_array, query
 
+        # force binary encoding to avoid "invalid byte sequence in UTF-8" errors
+        # when we send binary AES keys (f.ex) to the database
+        query = query.b if query.respond_to?(:b)
+
         if CryptKeeper.silence_logs?
           ::ActiveRecord::Base.logger.silence do
             execute_sql(query, new_transaction: new_transaction)
@@ -39,10 +43,84 @@ module CryptKeeper
     end
 
     module DigestPassphrase
+      # Private: Hash algorithm to use when generating a PBKDF2 passphrase.
+      #
+      # Returns a String.
+      HASH_ALGORITHM = "sha512".freeze
+
+      # Private: Iterations to use when generating a PBKDF2 passphrase.
+      #
+      # Returns a String.
+      ITERATIONS = 5000
+
+      private_constant :HASH_ALGORITHM, :ITERATIONS
+
+      # Public: Iterations to use to generate digest passphrase.
+      #
+      # Returns a String.
+      mattr_accessor :iterations do
+        if iter = ENV["ARMOR_ITER"]
+          warn :ARMOR_ITER unless iter == ITERATIONS
+          Integer(iter)
+        else
+          ITERATIONS
+        end
+      end
+
+      # Public: Generates a hex passphrase using the given key and salt.
+      #
+      # key  - Encryption key
+      # salt - Encryption salt
+      #
+      # Returns a String.
       def digest_passphrase(key, salt)
-        raise ArgumentError.new("Missing :key") if key.blank?
+        raise ArgumentError.new("Missing :key")  if key.blank?
         raise ArgumentError.new("Missing :salt") if salt.blank?
-        ::Armor.digest(key, salt)
+
+        require "openssl"
+
+        digest = OpenSSL::Digest.new(hash_algorithm)
+
+        hmac = OpenSSL::PKCS5.pbkdf2_hmac(
+          key,
+          salt,
+          iterations,
+          digest.digest_length,
+          digest
+        )
+
+        hmac.unpack("H*").first
+      end
+
+      private
+
+      # Private: Hash algorithm to use for digest passphrase.
+      #
+      # Returns a String.
+      def hash_algorithm
+        if hash = ENV["ARMOR_HASH"]
+          warn :ARMOR_HASH unless hash == HASH_ALGORITHM
+          hash
+        else
+          HASH_ALGORITHM
+        end
+      end
+
+      # Private: Warns about the deprecated ENV vars used with the Armor gem.
+      #
+      # key - The ENV variable name
+      #
+      # Returns a String.
+      def warn(key)
+        require "active_support/deprecation"
+
+        ActiveSupport::Deprecation.warn <<-MSG.squish
+          CryptKeeper no longer uses the Armor gem to generate passphrases for
+          MySQL AES encryption. Your installation is using a non-standard
+          value for `ENV["#{key}"]` which affects the way passphrases are
+          generated. You will need to re-encrypt your data with this variable
+          removed prior to CryptKeeper v3.0.0.
+        MSG
       end
     end
   end

data/lib/crypt_keeper/model.rb

@@ -3,7 +3,7 @@ require 'active_support/core_ext/array/extract_options'
 
 module CryptKeeper
   module Model
-    extend ActiveSupport::Concern
+    extend ::ActiveSupport::Concern
 
     # Public: Ensures that each field exist and is of type text. This prevents
     # encrypted data from being truncated.

data/lib/crypt_keeper/provider/active_support.rb

@@ -0,0 +1,51 @@
+require "active_support/message_encryptor"
+
+module CryptKeeper
+  module Provider
+    class ActiveSupport < Base
+      attr_reader :encryptor
+
+      # Public: Initializes the encryptor
+      #
+      # options - A hash, :key and :salt are required
+      #
+      # Returns nothing.
+      def initialize(options = {})
+        key  = options.fetch(:key)
+        salt = options.fetch(:salt)
+
+        @encryptor = ::ActiveSupport::MessageEncryptor.new \
+          ::ActiveSupport::KeyGenerator.new(key).generate_key(salt, 32)
+      end
+
+      # Public: Encrypts a string
+      #
+      # value - Plaintext value
+      #
+      # Returns an encrypted string
+      def encrypt(value)
+        encryptor.encrypt_and_sign(value)
+      end
+
+      # Public: Decrypts a string
+      #
+      # value - Cipher text
+      #
+      # Returns a plaintext string
+      def decrypt(value)
+        encryptor.decrypt_and_verify(value)
+      end
+
+      # Public: Searches the table
+      #
+      # records  - ActiveRecord::Relation
+      # field    - Field name to match
+      # criteria - Value to match
+      #
+      # Returns an Enumerable
+      def search(records, field, criteria)
+        records.select { |record| record[field] == criteria }
+      end
+    end
+  end
+end

data/lib/crypt_keeper/provider/mysql_aes_new.rb

@@ -12,7 +12,7 @@ module CryptKeeper
       #
       #  options - A hash, :key and :salt are required
       def initialize(options = {})
-        ActiveSupport.run_load_hooks(:crypt_keeper_mysql_aes_log, self)
+        ::ActiveSupport.run_load_hooks(:crypt_keeper_mysql_aes_log, self)
         @key = digest_passphrase(options[:key], options[:salt])
       end
 

data/lib/crypt_keeper/provider/postgres_pgp.rb

@@ -8,7 +8,7 @@ module CryptKeeper
       #
       #  options - A hash, :key is required
       def initialize(options = {})
-        ActiveSupport.run_load_hooks(:crypt_keeper_postgres_pgp_log, self)
+        ::ActiveSupport.run_load_hooks(:crypt_keeper_postgres_pgp_log, self)
 
         @key = options.fetch(:key) do
           raise ArgumentError, "Missing :key"
@@ -42,8 +42,14 @@ module CryptKeeper
       end
 
       def search(records, field, criteria)
-        records.where("(pgp_sym_decrypt(cast(\"#{field}\" AS bytea), ?) = ?)",
-          key, criteria)
+        if criteria.present?
+          records
+            .where.not("TRIM(BOTH FROM #{field}) = ?", "")
+            .where("(pgp_sym_decrypt(cast(\"#{field}\" AS bytea), ?) = ?)",
+                   key, criteria)
+        else
+          records.where(field => criteria)
+        end
       end
 
       private

data/lib/crypt_keeper/provider/postgres_pgp_public_key.rb

@@ -4,7 +4,7 @@ module CryptKeeper
       attr_accessor :key
 
       def initialize(options = {})
-        ActiveSupport.run_load_hooks(:crypt_keeper_postgres_pgp_log, self)
+        ::ActiveSupport.run_load_hooks(:crypt_keeper_postgres_pgp_log, self)
 
         @key = options.fetch(:key) do
           raise ArgumentError, "Missing :key"

data/lib/crypt_keeper/version.rb

@@ -1,3 +1,3 @@
 module CryptKeeper
-  VERSION = "1.1.1"
+  VERSION = "2.2.0"
 end

data/spec/crypt_keeper/helper_spec.rb

@@ -0,0 +1,94 @@
+require "spec_helper"
+
+describe CryptKeeper::Helper::DigestPassphrase do
+  # gem "armor"
+  # require "armor"
+  #
+  # 10.times.with_index(1).map do |_, i|
+  #   hash = { key: SecureRandom.hex(64), salt: SecureRandom.hex(64) }
+  #   hash[:armor] = Armor.digest(h[:key], h[:salt])
+  #   hash
+  # end
+  let :armor_passphrases do
+    [
+      {
+        key: "c458da1abe465b15563e0f72e567594ca760214f2d11c668c6c0b923c8b5cc972b167410da6290feef3cc652a03d46f9ead9ce6da4cd197b4f66dd40f234aabc",
+        salt: "978279087fe82fd33b295df2ca38ae719d93c73d154110f9cd9e6c1859cd1525af1a9f9c25768b4bd7cfe6ce6fcd473d5f702c67fb5552369aeb7b5ab9c0573c",
+        armor: "2493abd50731ffbd80129bd9f2b77bcbffbb42a44f0e263668f9cf5f3d1804e1f9a56a9c85856be87b21b72a8b09aa21e111a646edae4a14b651019a73074066"
+      },
+      {
+        key: "3d4dd8193cf4c0ecaac0f3a1502a1e21a9bad969c97ace34399a4829a3457b56aa598b60a3031b6a10961e1558c7147d3895ec522eba0283a962bd82c6f558ef",
+        salt: "f5e7225b5add4a81e93773d543246ba2f7052e65f5adb651f8f47ba129e71053e04839db2ffb5b491223f589b2c74d4440b2c07d41e064df940aa433591a37b1",
+        armor: "1e9386895b6d33fed5caf24c6db598df888354ad2605679181d7e2b7c4b59611579d2b1a4e72b834f230848dd715a0b7e37280f2304a2fc78c6f5037a0ef3e9c"
+      },
+      {
+        key: "2d19e58724b7bb62d6129e2af692854919daeb6cf477c1e5dd5f8c846dbae3768baaaa8ba79d39c765b88b68d510f3b2fb59389af5f99c68c2e77620fe610393",
+        salt: "a96bfc08af98c063e0f9b3e6498d90a33cf279d12d38d6f5aabd6b7691d5ed25346bc2e9cfee1c98b8cea243b7e79ad69e281800207ea022007dc42e2f49dce3",
+        armor: "e86340f12e833d8cc722249f7190184562d4b7b27755ca3ece1950cf9158629536b16609406f230902f6f15c15afa652c35c0b0239c90167efd438b1e1233fd1"
+      },
+      {
+        key: "e78715a772f930027b0e6353e3be578ebc8fd5631401be9e723f747e03f3bed90cb051fa25024e8179e8fc3c65072d74eee92a636e5c2fa89f61f3f1dc2d043b",
+        salt: "536d128ba1f2453040d31eaddb87d1b1d2ac157f2ec7f6d2ef530a5ae01f19afea43cae3ca5783440c90decc9cedf78ec6aad474b2e67637abd640dc9d8b1665",
+        armor: "96c617786de65bda0d287851a189d50b56a14f3fccc72886943609e0644a593c4d51221d93f10287a79becb3f8f26322413c5c4e65a1e6564b4da55d1f175402"
+      },
+      {
+        key: "941e93a03156121bf565d62d9fadfc5f56ec5ecfc274a5ad1298d358419b8e18b5e4c4b17426ae031676e11633f875a5e3e39e50a4b08685427a72ab6289e465",
+        salt: "114b89e478b19e5e0d4df10b1914892a7434fdd0857bbb236bb21d9d8fae03b5401b1a53d64390ffa18fc74bc80139a8f216eb6a0c79155bcd89955a36be0322",
+        armor: "ead4be935420a772cc2c2637229431ee093ebcadb1f432d394eeca45515c4b74b732eec76c6d8aff33f0aafd33cab7e2d967796a271d3e8a10be5655d1025708"
+      },
+      {
+        key: "c7c7dbd592beb79178cdbbd45f91654a40c44fd632de0d89398dc1f0c8b241210b8db538a3cb3699796323fc1c54877c3df959e94bf5765fafd03c05fb4d4d7f",
+        salt: "1cd67ceaf2c1635eda3d1bbea60f228fd95d59c59a34624b4abf6846a2ae774f359a48695e6a9df5aef34f42dcfa69ad6dbd5be1e7190b050e0c58f5a0ff0cce",
+        armor: "387c92c591510bf56677a4de231065d271c6553c8b75a1a1710bb4a7c1404a527e5cbd9f0b812eedc162e5bd5dae4e11e9b5f3782eb4fd4616e2725fa98093e4"
+      },
+      {
+        key: "6fa240131e1aaf2214dc4a5f52709721c078ef8cb4aba1ab926650b202cfeb8db90acaebb0109667613768be3e0af1decf739c108861aa5ac55248bd307e8cbe",
+        salt: "de1d28b96bf570bcc8c26949d1d9f4c03b30f4d2e7799df3d4f981384b731f15b5494095cb6bd8d71f374d1bde10b6f9048bb6eb6a763af74af6b70a8320e651",
+        armor: "e9b72ed9330477421c63d38a3dfe056fa5ee5d2097af6f024b4452df6010e2563daca906b7ec49c04071973c49cc010f41b5c4503e691d2bc2066a5ff9766be5"
+      },
+      {
+        key: "2accf78dc18db506512c5aa36b6d50950ec98473873fe75a2fd6322883346a02d77f014f9fd5e02d1d3ab34e4c46e93bb17b5d2436f76ec13fade56cdb97ce04",
+        salt: "e1ee82d540543beda0a6f8c362e2890665a5b6cdfcb115bf4af3808ac49e43e7ca286d7fc4921f6ad5344a1b082db2e47913cd4616b23e0299f45c09487c65dc",
+        armor: "ad84346e9bec6885902390f7a45d674e48b53481400d7008b45780c2677f3a93635c6000b2760ccee184839edb2bd2b34914dc70f322005e58216e013d73cdeb"
+      },
+      {
+        key: "05e3508b0f4a1116fadbbd04a6c4c0a38c29724c76d7c406313813300cefbf9dbe426c28f65ca7297927707abaa4788572b1b9835a421d8699f29096055bc156",
+        salt: "371380fde21244493ec04928154c6af685d16e4a7feeb79b5916b484d485f3137eb30ebffdd0bebd77f86a2f092155e798acc0dac91b1704244614b0940da88e",
+        armor: "d573f9bb1ed0f7dac9a4f087abe7400cb366cda2877ed8c1660bd6dd2b96533f1210883079921a35fa09339d5f84fbe8b4977a6621e783ee5c3ac85e80b3685c"
+      },
+      {
+        key: "9dd15dc718b7ae4a87652e51b64aa545b6b6f26726e76fb0c45ec256be9359318d68e94858b0d782ba8505201c1b7a604492ba831ad0e93185fc5ccffbc7007d",
+        salt: "971bc4fada6fdc5ba3484d7a2ef34a4a2c9f7cc7e8c67d00fc2c774b2db2ef3a4f81c4bc4977055248256fe68f1525fa2f8673d56b41a5e15aae45b68d7f6fc6",
+        armor: "3d9d44881595a083efae99e710bd1fe68321152ac61e2d225974d5e2c2d4ae24849cc7b0f7f9af325fb4aa20524d12565e9e4c36cad91f9165df3af2f4692a07"
+      }
+    ]
+  end
+
+  let :example_key do
+    "ff17f8eeeb25e8647cda72fc577b1e9f3f68f6f18997efcdb043f171ad93949b39150b886d4866230add5a0ef6285b37c20bca5194a4dc76ae8845ed88ccb2db"
+  end
+
+  let :example_salt do
+    "8f273e1ffae67cf5582dd5fcec9d7f99e996861a985e502aa1283088a27d9fdda63869007474ef689381f10ea4f8f5e9e72255a9e47304cd80fbfafd414d77a7"
+  end
+
+  let :example_passphrase do
+    "01096fb7199ac8051d24a350204df61a0ab5b7c6bc393a3325d5dc686de39df7084d7cab12065eb06f2e09f4bc5b6a3851ce459e7eca47088fd9d1bf1d9f35b5"
+  end
+
+  let :encryptor do
+    Class.new do
+      include CryptKeeper::Helper::DigestPassphrase
+    end.new
+  end
+
+  it "returns passphrases that are backwards compatible with Armor" do
+    armor_passphrases.each do |ex|
+      expect(encryptor.digest_passphrase(ex[:key], ex[:salt])).to eq(ex[:armor])
+    end
+  end
+
+  it "generates a passphrase from key/salt" do
+    expect(encryptor.digest_passphrase(example_key, example_salt)).to eq(example_passphrase)
+  end
+end

data/spec/crypt_keeper/model_spec.rb

@@ -25,8 +25,7 @@ describe CryptKeeper::Model do
       end
 
       it "allows binary as a valid type" do
-        subject.crypt_keeper :storage, encryptor: :fake_encryptor
-        allow(subject.columns_hash['storage']).to receive(:type).and_return(:binary)
+        subject.crypt_keeper :storage_binary, encryptor: :fake_encryptor
         expect(subject.new.save).to be_truthy
       end
 
@@ -55,6 +54,7 @@ describe CryptKeeper::Model do
     end
   end
 
+  
   context "Encryption and Decryption" do
     let(:plain_text) { 'plain_text' }
     let(:cipher_text) { 'tooltxet_nialp' }
@@ -105,6 +105,21 @@ describe CryptKeeper::Model do
       expect_any_instance_of(CryptKeeper::Provider::Encryptor).to_not receive(:decrypt)
       subject.find(record.id).storage
     end
+
+    context "with a binary database field" do
+       subject { create_encrypted_model :storage_binary, passphrase: 'tool', encryptor: :encryptor }
+
+      it "encrypts the data" do
+        expect_any_instance_of(CryptKeeper::Provider::Encryptor).to receive(:encrypt).with('testing')
+        subject.create!(storage_binary: 'testing')
+      end
+
+      it "decrypts the data" do
+        record = subject.create!(storage_binary: 'testing')
+        expect_any_instance_of(CryptKeeper::Provider::Encryptor).to receive(:decrypt).at_least(1).times.with('toolgnitset')
+        subject.find(record.id).storage_binary
+      end
+    end
   end
 
   context "Search" do
@@ -120,7 +135,7 @@ describe CryptKeeper::Model do
   end
 
   context "Encodings" do
-    subject { create_encrypted_model :storage, key: 'tool', salt: 'salt', encryptor: :aes_new, encoding: 'utf-8' }
+    subject { create_encrypted_model :storage, key: 'tool', salt: 'salt', encryptor: :active_support, encoding: 'utf-8' }
 
     it "forces the encoding on decrypt" do
       record = subject.create!(storage: 'Tromsø')
@@ -137,7 +152,7 @@ describe CryptKeeper::Model do
   end
 
   context "Initial Table Encryption" do
-    subject { create_encrypted_model :storage, key: 'tool', salt: 'salt', encryptor: :aes_new }
+    subject { create_encrypted_model :storage, key: 'tool', salt: 'salt', encryptor: :active_support }
 
     before do
       subject.delete_all
@@ -146,14 +161,14 @@ describe CryptKeeper::Model do
     end
 
     it "encrypts the table" do
-      expect { subject.first(5).map(&:storage) }.to raise_error(OpenSSL::Cipher::CipherError)
+      expect { subject.first(5).map(&:storage) }.to raise_error(ActiveSupport::MessageVerifier::InvalidSignature)
       subject.encrypt_table!
       expect { subject.first(5).map(&:storage) }.not_to raise_error
     end
   end
 
   context "Table Decryption (Reverse of Initial Table Encryption)" do
-    subject { create_encrypted_model :storage, key: 'tool', salt: 'salt', encryptor: :aes_new }
+    subject { create_encrypted_model :storage, key: 'tool', salt: 'salt', encryptor: :active_support }
     let!(:storage_entries) { 5.times.map { |i| "testing#{i}" } }
 
     before do
@@ -168,7 +183,7 @@ describe CryptKeeper::Model do
   end
 
   context "Missing Attributes" do
-    subject { create_encrypted_model :storage, key: 'tool', salt: 'salt', encryptor: :aes_new, encoding: 'utf-8' }
+    subject { create_encrypted_model :storage, key: 'tool', salt: 'salt', encryptor: :active_support, encoding: 'utf-8' }
 
     it "doesn't attempt decryption of missing attributes" do
       subject.create!(storage: 'blah')

data/spec/crypt_keeper/provider/active_support_spec.rb

@@ -0,0 +1,37 @@
+require 'spec_helper'
+
+describe CryptKeeper::Provider::ActiveSupport do
+  subject { described_class.new(key: 'cake', salt: 'salt') }
+
+  let :plaintext do
+    "string"
+  end
+
+  let :encrypted do
+    subject.encrypt plaintext
+  end
+
+  let :decrypted do
+    subject.decrypt encrypted
+  end
+
+  describe "#encrypt" do
+    specify { expect(encrypted).to_not eq(plaintext) }
+    specify { expect(encrypted).to_not be_blank }
+  end
+
+  describe "#decrypt" do
+    specify { expect(decrypted).to eq(plaintext) }
+    specify { expect(decrypted).to_not be_blank }
+  end
+
+  describe "#search" do
+    let :records do
+      [{ name: 'Bob' }, { name: 'Tim' }]
+    end
+
+    it "finds the matching record" do
+      expect(subject.search(records, :name, 'Bob')).to eql([records.first])
+    end
+  end
+end

data/spec/crypt_keeper/provider/mysql_aes_new_spec.rb

@@ -7,14 +7,16 @@ describe CryptKeeper::Provider::MysqlAesNew do
 
   # MySQL stores AES encrypted strings in binary which you can't paste
   # into a spec :). This is a Base64 encoded string of 'test' AES encrypted
-  # by AES_ENCRYPT()
+  # by AES_ENCRYPT():
+  #
+  #   SELECT TO_BASE64(AES_ENCRYPT('test', 'cd9c9275c80ccaec820f988edafd92bd0403d2055aed2b7094f569bc5314b88720c155f7f377addc35eff90c8bd11c34d5daaab5051c3435d2f5ad0c09d4b43e'));
   let(:cipher_text) do
-    "fBN8i7bx/DGAA4NJ4EWi0A=="
+    "qlwlvp6+otN1qnchZ48zNQ=="
   end
 
   subject { described_class.new key: ENCRYPTION_PASSWORD, salt: 'salt' }
 
-  specify { expect(subject.key).to eq("825e8c5e8ca394818b307b22b8cb7d3df2735e9c1e5838b476e7719135a4f499f2133022c1a0e8597c9ac1507b0f0c44328a40049f9704fab3598c5dec120724") }
+  specify { expect(subject.key).to eq("cd9c9275c80ccaec820f988edafd92bd0403d2055aed2b7094f569bc5314b88720c155f7f377addc35eff90c8bd11c34d5daaab5051c3435d2f5ad0c09d4b43e") }
 
   describe "#initialize" do
     specify { expect { described_class.new }.to raise_error(ArgumentError, "Missing :key") }

data/spec/crypt_keeper/provider/postgres_pgp_spec.rb

@@ -64,6 +64,42 @@ describe CryptKeeper::Provider::PostgresPgp do
       match = subject.create!(storage: 'blah')
       expect(subject.search_by_plaintext(:storage, 'blah').first).to eq(match)
     end
+
+    it "successfully accesses result when the data has empty strings and nil" do
+      subject.create!(storage: nil)
+      subject.create!(storage: '')
+      subject.create!(storage: '   ')
+      match = subject.create!(storage: 'blah')
+
+      results = subject.search_by_plaintext(:storage, 'blah')
+
+      expect(results).to match_array([match])
+    end
+
+    it "finds an empty string" do
+      subject.create!(storage: nil)
+      subject.create!(storage: 'blah')
+      match = subject.create!(storage: '')
+
+      expect(subject.search_by_plaintext(:storage, '')).to match_array([match])
+    end
+
+    it "finds the empty string with the right number of spaces" do
+      subject.create!(storage: '')
+      match = subject.create!(storage: '   ')
+
+      results = subject.search_by_plaintext(:storage, '   ')
+
+      expect(results).to match_array([match])
+    end
+
+    it "finds nil results" do
+      subject.create!(storage: '')
+      subject.create!(storage: 'blah')
+      match = subject.create!(storage: nil)
+
+      expect(subject.search_by_plaintext(:storage, nil)).to match_array([match])
+    end
   end
 
   describe "Custom pgcrypto options" do

data/spec/spec_helper.rb

@@ -1,4 +1,3 @@
-ENV['ARMOR_ITER'] ||= "10"
 ENV['CRYPT_KEEPER_IGNORE_LEGACY_DEPRECATION'] = "true"
 require 'coveralls'
 Coveralls.wear!
@@ -15,7 +14,11 @@ RSpec.configure do |config|
   config.filter_run :focus
 
   config.after :each do
-    ActiveRecord::Base.descendants.each do |model|
+    descendants = ActiveRecord::Base.descendants.delete_if do |descendant|
+      descendant.to_s.include?("SchemaMigration")
+    end
+
+    descendants.each do |model|
       model.method(:delete_all).call
     end
   end

data/spec/support/active_record.rb

@@ -18,6 +18,7 @@ module CryptKeeper
           create_table :sensitive_data, :force => true do |t|
             t.column :name, :string
             t.column :storage, :text
+            t.column :storage_binary, :binary
             t.column :secret, :text
           end
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: crypt_keeper
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 2.2.0
 platform: ruby
 authors:
 - Justin Mazzi
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-06-22 00:00:00.000000000 Z
+date: 2021-04-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -19,7 +19,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -39,7 +39,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5.2'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -49,35 +49,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5.2'
-- !ruby/object:Gem::Dependency
-  name: aes
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.5.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.5.0
-- !ruby/object:Gem::Dependency
-  name: armor
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.0.2
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.0.2
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -182,14 +154,20 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.3
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.3
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -208,16 +186,22 @@ dependencies:
   name: mysql2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.13
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 0.3.11
+        version: 0.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.13
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 0.3.11
+        version: 0.6.0
 description: Transparent ActiveRecord encryption
 email:
 - jmazzi@gmail.com
@@ -236,23 +220,28 @@ files:
 - Rakefile
 - crypt_keeper.gemspec
 - gemfiles/activerecord_4_2.gemfile
+- gemfiles/activerecord_5_0.gemfile
 - gemfiles/activerecord_5_1.gemfile
+- gemfiles/activerecord_5_2.gemfile
+- gemfiles/activerecord_6_0.gemfile
+- gemfiles/activerecord_6_1.gemfile
 - lib/crypt_keeper.rb
 - lib/crypt_keeper/helper.rb
 - lib/crypt_keeper/log_subscriber/mysql_aes.rb
 - lib/crypt_keeper/log_subscriber/postgres_pgp.rb
 - lib/crypt_keeper/model.rb
-- lib/crypt_keeper/provider/aes_new.rb
+- lib/crypt_keeper/provider/active_support.rb
 - lib/crypt_keeper/provider/base.rb
 - lib/crypt_keeper/provider/mysql_aes_new.rb
 - lib/crypt_keeper/provider/postgres_base.rb
 - lib/crypt_keeper/provider/postgres_pgp.rb
 - lib/crypt_keeper/provider/postgres_pgp_public_key.rb
 - lib/crypt_keeper/version.rb
+- spec/crypt_keeper/helper_spec.rb
 - spec/crypt_keeper/log_subscriber/mysql_aes_spec.rb
 - spec/crypt_keeper/log_subscriber/postgres_pgp_spec.rb
 - spec/crypt_keeper/model_spec.rb
-- spec/crypt_keeper/provider/aes_new_spec.rb
+- spec/crypt_keeper/provider/active_support_spec.rb
 - spec/crypt_keeper/provider/mysql_aes_new_spec.rb
 - spec/crypt_keeper/provider/postgres_pgp_public_key_spec.rb
 - spec/crypt_keeper/provider/postgres_pgp_spec.rb
@@ -267,7 +256,9 @@ homepage: http://jmazzi.github.com/crypt_keeper/
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message: 'WARNING: CryptKeeper 2.0 contains breaking changes and may
+  require you to reencrypt your data! Please view the README at https://github.com/jmazzi/crypt_keeper
+  for more information.'
 rdoc_options: []
 require_paths:
 - lib
@@ -282,16 +273,16 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.11
-signing_key: 
+rubygems_version: 3.0.9
+signing_key:
 specification_version: 4
 summary: Transparent ActiveRecord encryption
 test_files:
+- spec/crypt_keeper/helper_spec.rb
 - spec/crypt_keeper/log_subscriber/mysql_aes_spec.rb
 - spec/crypt_keeper/log_subscriber/postgres_pgp_spec.rb
 - spec/crypt_keeper/model_spec.rb
-- spec/crypt_keeper/provider/aes_new_spec.rb
+- spec/crypt_keeper/provider/active_support_spec.rb
 - spec/crypt_keeper/provider/mysql_aes_new_spec.rb
 - spec/crypt_keeper/provider/postgres_pgp_public_key_spec.rb
 - spec/crypt_keeper/provider/postgres_pgp_spec.rb

data/lib/crypt_keeper/provider/aes_new.rb

@@ -1,53 +0,0 @@
-require 'aes'
-require 'armor'
-
-module CryptKeeper
-  module Provider
-    class AesNew < Base
-      include CryptKeeper::Helper::DigestPassphrase
-
-      # Public: The encryption key
-      attr_accessor :key
-
-      # Public: Initializes the class
-      #
-      #   options - A hash of options. :key and :salt are required
-      def initialize(options = {})
-        @key = digest_passphrase(options[:key], options[:salt])
-      end
-
-      # Public: Encrypt a string
-      #
-      # Note: nil and empty strings are not encryptable with AES.
-      # When they are encountered, the orignal value is returned.
-      # Otherwise, returns the encrypted string
-      #
-      # Returns a String
-      def encrypt(value)
-        AES.encrypt(value, key)
-      end
-
-      # Public: Decrypt a string
-      #
-      # Note: nil and empty strings are not encryptable with AES (and thus cannot be decrypted).
-      # When they are encountered, the orignal value is returned.
-      # Otherwise, returns the decrypted string
-      #
-      # Returns a String
-      def decrypt(value)
-        AES.decrypt(value, key)
-      end
-
-      # Public: Search for a record
-      #
-      # record   - An ActiveRecord collection
-      # field    - The field to search
-      # criteria - A string to search with
-      #
-      # Returns an Enumerable
-      def search(records, field, criteria)
-        records.select { |record| record[field] == criteria }
-      end
-    end
-  end
-end

data/spec/crypt_keeper/provider/aes_new_spec.rb

@@ -1,41 +0,0 @@
-require 'spec_helper'
-
-describe CryptKeeper::Provider::AesNew do
-  subject { described_class.new(key: 'cake', salt: 'salt') }
-
-  describe "#initialize" do
-    let(:digested_key) do
-      ::Armor.digest('cake', 'salt')
-    end
-
-    specify { expect(subject.key).to eq(digested_key) }
-    specify { expect { described_class.new }.to raise_error(ArgumentError, "Missing :key") }
-  end
-
-  describe "#encrypt" do
-    let(:encrypted) do
-      subject.encrypt 'string'
-    end
-
-    specify { expect(encrypted).to_not eq('string') }
-    specify { expect(encrypted).to_not be_blank }
-  end
-
-  describe "#decrypt" do
-    let(:decrypted) do
-      subject.decrypt "V02ebRU2wLk25AizasROVg==$kE+IpRaUNdBfYqR+WjMqvA=="
-    end
-
-    specify { expect(decrypted).to eq('string') }
-  end
-
-  describe "#search" do
-    let(:records) do
-      [{ name: 'Bob' }, { name: 'Tim' }]
-    end
-
-    it "finds the matching record" do
-      expect(subject.search(records, :name, 'Bob')).to eql([records.first])
-    end
-  end
-end