crypt_keeper 0.0.1

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+spec/debug.log

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in lee_loo.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,19 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+guard 'rspec', version: 2, fail_fast: true, all_on_start: false, all_after_pass: false do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/lib/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+
+  # Rails example
+  watch(%r{^app/(.+)\.rb$})                           { |m| "spec/#{m[1]}_spec.rb" }
+  watch(%r{^app/(.*)(\.erb|\.haml)$})                 { |m| "spec/#{m[1]}#{m[2]}_spec.rb" }
+  watch(%r{^app/controllers/(.+)_(controller)\.rb$})  { |m| ["spec/routing/#{m[1]}_routing_spec.rb", "spec/#{m[2]}s/#{m[1]}_#{m[2]}_spec.rb", "spec/acceptance/#{m[1]}_spec.rb"] }
+  watch(%r{^spec/support/(.+)\.rb$})                  { "spec" }
+  watch('config/routes.rb')                           { "spec/routing" }
+  watch('app/controllers/application_controller.rb')  { "spec/controllers" }
+  # Capybara request specs
+  watch(%r{^app/views/(.+)/.*\.(erb|haml)$})          { |m| "spec/requests/#{m[1]}_spec.rb" }
+end
+

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Justin Mazzi
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,57 @@
+# CryptKeeper
+
+Provides transparent encryption for ActiveRecord. It is encryption agnostic. 
+You can guard your data with any encryption algorithm you want. All you need
+is a simple class that does 3 things.
+
+1. Takes a hash argument for `initialize`
+2. Provides an `encrypt` method that returns the encrypted string
+3. Provides a `decrypt` method that returns the plaintext
+
+Use can see an AES example here [here](https://github.com/jmazzi/crypt_keeper_providers/blob/master/lib/crypt_keeper_providers/aes.rb)
+
+## Why?
+
+The options available were either too complicated under the hood or had weird 
+edge cases that made the library hard to use. I wanted to write something
+simple that *just works*.
+
+## Usage
+
+```ruby
+
+class MyModel < ActiveRecord::Base
+  crypt_keeper :field, :other_field, encryptor: Aes, passphrase: 'super_good_password'
+end
+
+model = MyModel.new(field: 'sometext')
+model.save! #=> Your data is now encrypted
+model.field #=> 'sometext'
+
+```
+
+It works with all persistences methods: `update_attribute`, `update_attributes`,
+and save.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'crypt_keeper'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install crypt_keeper
+
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,8 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new :spec
+Bundler::GemHelper.install_tasks
+
+task :default => [:spec]

data/crypt_keeper.gemspec

@@ -0,0 +1,31 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/crypt_keeper/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Justin Mazzi"]
+  gem.email         = ["jmazzi@gmail.com"]
+  gem.description   = %q{Transparent encryption for ActiveRecord that isn't over-engineered}
+  gem.summary       = gem.description
+  gem.homepage      = ""
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "crypt_keeper"
+  gem.require_paths = ["lib"]
+  gem.version       = CryptKeeper::VERSION
+
+  gem.add_runtime_dependency 'activerecord', '>= 3.0'
+  gem.add_runtime_dependency 'activesupport', '>= 3.0'
+  gem.add_runtime_dependency 'crypt_keeper_providers', '~> 0.0.1'
+
+  gem.add_development_dependency 'rspec', '~> 2.10.0'
+  gem.add_development_dependency 'guard', '~> 1.2.0'
+  gem.add_development_dependency 'guard-rspec', '~> 1.1.0'
+  gem.add_development_dependency 'sqlite3'
+  gem.add_development_dependency 'rake', '~> 0.9.2.2'
+  if RUBY_PLATFORM == 'java'
+    gem.add_development_dependency 'jruby-openssl', '~> 0.7.7'
+    gem.add_development_dependency 'activerecord-jdbcsqlite3-adapter'
+  end
+end

data/lib/crypt_keeper/model.rb

@@ -0,0 +1,95 @@
+require 'active_support/concern'
+require 'active_support/core_ext/array/extract_options'
+
+module CryptKeeper
+  module Model
+    extend ActiveSupport::Concern
+
+    private
+
+    # Private: Encrypt each crypt_keeper_fields
+    def before_save_encrypt
+      crypt_keeper_fields.each do |field|
+        self[field] = self.class.encrypt read_attribute(field)
+      end
+    end
+
+    # Private: Decrypt each crypt_keeper_fields
+    def after_save_decrypt
+      crypt_keeper_fields.each do |field|
+        self[field] = self.class.decrypt read_attribute(field)
+      end
+    end
+
+    module ClassMethods
+      # Public: Setup fields for encryption
+      #
+      #   args - An array of fields to encrypt. The last argument should be
+      #   a hash of options. Note, an :encryptor is required. This should be
+      #   a class that takes a hash for initialize and provides an encrypt
+      #   and decrypt method.
+      #
+      # Example
+      #
+      #   class MyModel < ActiveRecord::Base
+      #     crypt_keeper :field, :other_field, encryptor: Aes, passphrase: 'super_good_password'
+      #   end
+      #
+      def crypt_keeper(*args)
+        class_attribute :crypt_keeper_options
+        class_attribute :crypt_keeper_fields
+        class_attribute :crypt_keeper_encryptor
+
+        self.crypt_keeper_options   = args.extract_options!
+        self.crypt_keeper_encryptor = crypt_keeper_options.delete(:encryptor)
+        self.crypt_keeper_fields    = args
+
+        ensure_valid_encryptor!
+        define_crypt_keeper_callbacks
+      end
+
+      # Public: Encrypts a string with the encryptor
+      def encrypt(value)
+        encryptor.encrypt value
+      end
+
+      # Public: Decrypts a string with the encryptor
+      def decrypt(value)
+        encryptor.decrypt value
+      end
+
+      private
+
+      # Private: An instance of the encryptor class
+      def encryptor
+        crypt_keeper_encryptor.new(crypt_keeper_options)
+      end
+
+      # Private: Ensure that the encryptor responds to new
+      def ensure_valid_encryptor!
+        unless crypt_keeper_encryptor.respond_to?(:new)
+          raise "You must specify an encryption class `crypt_keeper encryptor: EncryptionClass`"
+        end
+      end
+
+      # Private: Define callbacks for encryption
+      def define_crypt_keeper_callbacks
+        after_save :after_save_decrypt
+        after_find :after_save_decrypt
+        before_save :before_save_encrypt
+
+        crypt_keeper_fields.each do |field|
+          ensure_field_is_encryptable! field
+        end
+      end
+
+      # Private: Ensures that each field is of type text. This prevents
+      # encrypted data from being truncated
+      def ensure_field_is_encryptable!(field)
+        unless columns_hash["#{field}"].type == :text
+          raise ArgumentError, ":#{field} must be of type 'text' to be used for encryption"
+        end
+      end
+    end
+  end
+end

data/lib/crypt_keeper/version.rb

@@ -0,0 +1,3 @@
+module CryptKeeper
+  VERSION = "0.0.1"
+end

data/lib/crypt_keeper.rb

@@ -0,0 +1,10 @@
+require 'crypt_keeper/version'
+require 'crypt_keeper/model'
+require 'active_record'
+
+module CryptKeeper
+end
+
+ActiveSupport.on_load(:active_record) do
+  include CryptKeeper::Model
+end

data/spec/model_spec.rb

@@ -0,0 +1,86 @@
+require 'spec_helper'
+
+module CryptKeeper
+  describe Model do
+    subject { SensitiveData }
+    let(:encryptor) do
+      mock('Encryptor').tap do |m|
+        m.stub :new
+      end
+    end
+
+    describe "#crypt_keeper" do
+      context "Fields" do
+        it "should set the fields" do
+          subject.crypt_keeper :storage, :secret, encryptor: encryptor
+          subject.crypt_keeper_fields.should == [:storage, :secret]
+        end
+
+        it "should raise an exception with wrong field type" do
+          msg = ":name must be of type 'text' to be used for encryption"
+          expect { subject.crypt_keeper :name, encryptor: encryptor }.to raise_error(ArgumentError, msg)
+        end
+      end
+
+      context "Options" do
+        it "should set the options" do
+          subject.crypt_keeper :storage, :secret, key1: 1, key2: 2, encryptor: encryptor
+          subject.crypt_keeper_options.should == { key1: 1, key2: 2  }
+        end
+      end
+    end
+
+    context "Encryption" do
+      let(:encryptor) do
+        Class.new do
+          def initialize(options = {})
+            @passphrase = options[:passphrase]
+          end
+
+          def encrypt(data)
+            @passphrase + data.reverse
+          end
+
+          def decrypt(data)
+            data.sub(/^#{@passphrase}/, '').reverse
+          end
+        end
+      end
+
+      let(:plain_text) { 'plain_text' }
+      let(:cipher_text) { 'tooltxet_nialp' }
+
+      before do
+        SensitiveData.crypt_keeper :storage, passphrase: 'tool', encryptor: encryptor
+      end
+
+      subject { SensitiveData.new }
+
+      describe "#encrypt" do
+        it "should encrypt the data" do
+          subject.storage = plain_text
+          subject.stub :after_save_decrypt
+          subject.save!
+          subject.storage.should == cipher_text
+        end
+      end
+
+      describe "#decrypt" do
+        it "should decrypt the data" do
+          subject.storage = cipher_text
+          subject.stub :before_save_encrypt
+          subject.save!
+          subject.storage.should == plain_text
+        end
+      end
+
+      describe "Encrypt & Decrypt" do
+        it "should encrypt and decrypt the data" do
+          subject.storage = plain_text
+          subject.save!
+          subject.storage.should == plain_text
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+require 'crypt_keeper'
+
+SPEC_ROOT = Pathname.new File.expand_path File.dirname __FILE__
+Dir[SPEC_ROOT.join('support/*.rb')].each{|f| require f }
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+end

data/spec/support/active_record.rb

@@ -0,0 +1,16 @@
+require 'active_record'
+require 'logger'
+
+ActiveRecord::Base.establish_connection(:adapter => 'sqlite3', :database => ':memory:')
+ActiveRecord::Base.logger       = Logger.new SPEC_ROOT.join('debug.log').to_s
+ActiveRecord::Migration.verbose = false
+
+ActiveRecord::Schema.define do
+  create_table :sensitive_data, :force => true do |t|
+    t.column :name, :string
+    t.column :storage, :text
+    t.column :secret, :text
+  end
+end
+
+class SensitiveData < ActiveRecord::Base; end

metadata

@@ -0,0 +1,156 @@
+--- !ruby/object:Gem::Specification
+name: crypt_keeper
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Justin Mazzi
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-07-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: &21832080 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *21832080
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: &21831560 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *21831560
+- !ruby/object:Gem::Dependency
+  name: crypt_keeper_providers
+  requirement: &21830520 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: *21830520
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &21829560 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.10.0
+  type: :development
+  prerelease: false
+  version_requirements: *21829560
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: &21828940 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+  type: :development
+  prerelease: false
+  version_requirements: *21828940
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: &21828360 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  type: :development
+  prerelease: false
+  version_requirements: *21828360
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: &21827660 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *21827660
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &21826720 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.2.2
+  type: :development
+  prerelease: false
+  version_requirements: *21826720
+description: Transparent encryption for ActiveRecord that isn't over-engineered
+email:
+- jmazzi@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- Guardfile
+- LICENSE
+- README.md
+- Rakefile
+- crypt_keeper.gemspec
+- lib/crypt_keeper.rb
+- lib/crypt_keeper/model.rb
+- lib/crypt_keeper/version.rb
+- spec/model_spec.rb
+- spec/spec_helper.rb
+- spec/support/active_record.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -2444194484857167545
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -2444194484857167545
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.11
+signing_key: 
+specification_version: 3
+summary: Transparent encryption for ActiveRecord that isn't over-engineered
+test_files:
+- spec/model_spec.rb
+- spec/spec_helper.rb
+- spec/support/active_record.rb