crypt_keeper 2.1.0 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +11 -1
- data/Appraisals +11 -0
- data/README.md +2 -2
- data/crypt_keeper.gemspec +2 -2
- data/gemfiles/activerecord_4_2.gemfile +1 -0
- data/gemfiles/activerecord_5_0.gemfile +1 -0
- data/gemfiles/activerecord_6_1.gemfile +9 -0
- data/lib/crypt_keeper/helper.rb +4 -0
- data/lib/crypt_keeper/version.rb +1 -1
- data/spec/crypt_keeper/model_spec.rb +17 -2
- data/spec/support/active_record.rb +1 -0
- metadata +10 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9607ecd6a9297094077cafed8d0f5a29624d4d68f1309630423b53442bdfba5e
|
|
4
|
+
data.tar.gz: 7f7f07056ba8990311944d6b9bc4c9977354113e7e489b6fd5a2c27b3bb39b56
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 211a89c08366409e4800fb000e7779fbc4162ce6abd43bc8fb3023984b381db2c5e5061d60668d863d42be75ea7cf3e83f751a1aa5dedf0e96891f019fe4dd04
|
|
7
|
+
data.tar.gz: 2fab3a0eed0e1fbffc65831a469d83a2e5d1ffa748c26c4e7882696de670d5c18bed078323b5e08066e1fda345094b55bde4f85ec782c3017635709eb9984464
|
data/.travis.yml
CHANGED
|
@@ -6,6 +6,7 @@ rvm:
|
|
|
6
6
|
- 2.4.5
|
|
7
7
|
- 2.5.3
|
|
8
8
|
- 2.6.4
|
|
9
|
+
- 2.7.2
|
|
9
10
|
|
|
10
11
|
gemfile:
|
|
11
12
|
- gemfiles/activerecord_4_2.gemfile
|
|
@@ -13,6 +14,8 @@ gemfile:
|
|
|
13
14
|
- gemfiles/activerecord_5_1.gemfile
|
|
14
15
|
- gemfiles/activerecord_5_2.gemfile
|
|
15
16
|
- gemfiles/activerecord_6_0.gemfile
|
|
17
|
+
- gemfiles/activerecord_6_1.gemfile
|
|
18
|
+
|
|
16
19
|
|
|
17
20
|
matrix:
|
|
18
21
|
exclude:
|
|
@@ -22,18 +25,24 @@ matrix:
|
|
|
22
25
|
gemfile: gemfiles/activerecord_5_1.gemfile
|
|
23
26
|
- rvm: 2.2.10
|
|
24
27
|
gemfile: gemfiles/activerecord_6_0.gemfile
|
|
28
|
+
- rvm: 2.2.10
|
|
29
|
+
gemfile: gemfiles/activerecord_6_1.gemfile
|
|
25
30
|
- rvm: 2.3.8
|
|
26
31
|
gemfile: gemfiles/activerecord_5_0.gemfile
|
|
27
32
|
- rvm: 2.3.8
|
|
28
33
|
gemfile: gemfiles/activerecord_5_1.gemfile
|
|
29
34
|
- rvm: 2.3.8
|
|
30
35
|
gemfile: gemfiles/activerecord_6_0.gemfile
|
|
36
|
+
- rvm: 2.3.8
|
|
37
|
+
gemfile: gemfiles/activerecord_6_1.gemfile
|
|
31
38
|
- rvm: 2.4.5
|
|
32
39
|
gemfile: gemfiles/activerecord_5_0.gemfile
|
|
33
40
|
- rvm: 2.4.5
|
|
34
41
|
gemfile: gemfiles/activerecord_5_1.gemfile
|
|
35
42
|
- rvm: 2.4.5
|
|
36
43
|
gemfile: gemfiles/activerecord_6_0.gemfile
|
|
44
|
+
- rvm: 2.4.5
|
|
45
|
+
gemfile: gemfiles/activerecord_6_1.gemfile
|
|
37
46
|
- rvm: 2.5.3
|
|
38
47
|
gemfile: gemfiles/activerecord_5_0.gemfile
|
|
39
48
|
- rvm: 2.5.3
|
|
@@ -53,7 +62,8 @@ before_script:
|
|
|
53
62
|
- psql crypt_keeper_providers -c 'CREATE EXTENSION IF NOT EXISTS pgcrypto;' -U postgres
|
|
54
63
|
- mysql -e 'CREATE DATABASE crypt_keeper_providers'
|
|
55
64
|
|
|
56
|
-
branches:
|
|
65
|
+
branches:
|
|
66
|
+
- master
|
|
57
67
|
|
|
58
68
|
notifications:
|
|
59
69
|
email:
|
data/Appraisals
CHANGED
|
@@ -2,11 +2,16 @@ appraise "activerecord_4_2" do
|
|
|
2
2
|
gem "activerecord", "~> 4.2.0"
|
|
3
3
|
gem "activesupport", "~> 4.2.0"
|
|
4
4
|
gem "sqlite3", "~> 1.3.0"
|
|
5
|
+
|
|
6
|
+
# otherwise you get "undefined method `new' for BigDecimal:Class" in Ruby 2.7
|
|
7
|
+
gem "bigdecimal", "1.3.5"
|
|
5
8
|
end
|
|
6
9
|
|
|
7
10
|
appraise "activerecord_5_0" do
|
|
8
11
|
gem "activerecord", "~> 5.0.0"
|
|
9
12
|
gem "activesupport", "~> 5.0.0"
|
|
13
|
+
|
|
14
|
+
gem "sqlite3", "~> 1.3.6"
|
|
10
15
|
end
|
|
11
16
|
|
|
12
17
|
appraise "activerecord_5_1" do
|
|
@@ -23,3 +28,9 @@ appraise "activerecord_6_0" do
|
|
|
23
28
|
gem "activerecord", "~> 6.0.0"
|
|
24
29
|
gem "activesupport", "~> 6.0.0"
|
|
25
30
|
end
|
|
31
|
+
|
|
32
|
+
appraise "activerecord_6_1" do
|
|
33
|
+
gem "activerecord", "~> 6.1.0"
|
|
34
|
+
gem "activesupport", "~> 6.1.0"
|
|
35
|
+
gem "pg", "~> 1.1"
|
|
36
|
+
end
|
data/README.md
CHANGED
|
@@ -151,10 +151,10 @@ Searching ciphertext is a complex problem that varies depending on the encryptio
|
|
|
151
151
|
* ActiveSupport's MessageEncryptor uses a random initialization vector when generating keys. The same plaintext encrypted multiple times will have different output each time for the ciphertext. Since this is the case, it is not possible to search leveraging the database. Database rows will need to be filtered in memory. It is suggested that you use a scope or ActiveRecord batches to narrow the results before seaching them.
|
|
152
152
|
|
|
153
153
|
* Mysql AES
|
|
154
|
-
|
|
154
|
+
* Surprisingly, MySQL's implementation of AES does not use a random initialization vector. The column containing the ciphertext can be indexed and searched quickly.
|
|
155
155
|
|
|
156
156
|
* PostgresSQL PGP
|
|
157
|
-
|
|
157
|
+
* PGP also uses a random initialization vector which means it generates unique output each time you encrypt plaintext. Although the database can be searched by performing row level decryption and comparing the plaintext, it will not be able to use an index. A scope or batch is suggested when searching.
|
|
158
158
|
|
|
159
159
|
## How the search interface is used
|
|
160
160
|
|
data/crypt_keeper.gemspec
CHANGED
|
@@ -18,8 +18,8 @@ Gem::Specification.new do |gem|
|
|
|
18
18
|
|
|
19
19
|
gem.post_install_message = "WARNING: CryptKeeper 2.0 contains breaking changes and may require you to reencrypt your data! Please view the README at https://github.com/jmazzi/crypt_keeper for more information."
|
|
20
20
|
|
|
21
|
-
gem.add_runtime_dependency 'activerecord', '>= 4.2', '< 6.
|
|
22
|
-
gem.add_runtime_dependency 'activesupport', '>= 4.2', '< 6.
|
|
21
|
+
gem.add_runtime_dependency 'activerecord', '>= 4.2', '< 6.2'
|
|
22
|
+
gem.add_runtime_dependency 'activesupport', '>= 4.2', '< 6.2'
|
|
23
23
|
|
|
24
24
|
gem.add_development_dependency 'rspec', '~> 3.5.0'
|
|
25
25
|
gem.add_development_dependency 'guard', '~> 2.6.1'
|
data/lib/crypt_keeper/helper.rb
CHANGED
|
@@ -12,6 +12,10 @@ module CryptKeeper
|
|
|
12
12
|
def escape_and_execute_sql(query, new_transaction: false)
|
|
13
13
|
query = ::ActiveRecord::Base.send :sanitize_sql_array, query
|
|
14
14
|
|
|
15
|
+
# force binary encoding to avoid "invalid byte sequence in UTF-8" errors
|
|
16
|
+
# when we send binary AES keys (f.ex) to the database
|
|
17
|
+
query = query.b if query.respond_to?(:b)
|
|
18
|
+
|
|
15
19
|
if CryptKeeper.silence_logs?
|
|
16
20
|
::ActiveRecord::Base.logger.silence do
|
|
17
21
|
execute_sql(query, new_transaction: new_transaction)
|
data/lib/crypt_keeper/version.rb
CHANGED
|
@@ -25,8 +25,7 @@ describe CryptKeeper::Model do
|
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
it "allows binary as a valid type" do
|
|
28
|
-
subject.crypt_keeper :
|
|
29
|
-
allow(subject.columns_hash['storage']).to receive(:type).and_return(:binary)
|
|
28
|
+
subject.crypt_keeper :storage_binary, encryptor: :fake_encryptor
|
|
30
29
|
expect(subject.new.save).to be_truthy
|
|
31
30
|
end
|
|
32
31
|
|
|
@@ -55,6 +54,7 @@ describe CryptKeeper::Model do
|
|
|
55
54
|
end
|
|
56
55
|
end
|
|
57
56
|
|
|
57
|
+
|
|
58
58
|
context "Encryption and Decryption" do
|
|
59
59
|
let(:plain_text) { 'plain_text' }
|
|
60
60
|
let(:cipher_text) { 'tooltxet_nialp' }
|
|
@@ -105,6 +105,21 @@ describe CryptKeeper::Model do
|
|
|
105
105
|
expect_any_instance_of(CryptKeeper::Provider::Encryptor).to_not receive(:decrypt)
|
|
106
106
|
subject.find(record.id).storage
|
|
107
107
|
end
|
|
108
|
+
|
|
109
|
+
context "with a binary database field" do
|
|
110
|
+
subject { create_encrypted_model :storage_binary, passphrase: 'tool', encryptor: :encryptor }
|
|
111
|
+
|
|
112
|
+
it "encrypts the data" do
|
|
113
|
+
expect_any_instance_of(CryptKeeper::Provider::Encryptor).to receive(:encrypt).with('testing')
|
|
114
|
+
subject.create!(storage_binary: 'testing')
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
it "decrypts the data" do
|
|
118
|
+
record = subject.create!(storage_binary: 'testing')
|
|
119
|
+
expect_any_instance_of(CryptKeeper::Provider::Encryptor).to receive(:decrypt).at_least(1).times.with('toolgnitset')
|
|
120
|
+
subject.find(record.id).storage_binary
|
|
121
|
+
end
|
|
122
|
+
end
|
|
108
123
|
end
|
|
109
124
|
|
|
110
125
|
context "Search" do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: crypt_keeper
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Justin Mazzi
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-04-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|
|
@@ -19,7 +19,7 @@ dependencies:
|
|
|
19
19
|
version: '4.2'
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
|
-
version: '6.
|
|
22
|
+
version: '6.2'
|
|
23
23
|
type: :runtime
|
|
24
24
|
prerelease: false
|
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -29,7 +29,7 @@ dependencies:
|
|
|
29
29
|
version: '4.2'
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: '6.
|
|
32
|
+
version: '6.2'
|
|
33
33
|
- !ruby/object:Gem::Dependency
|
|
34
34
|
name: activesupport
|
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -39,7 +39,7 @@ dependencies:
|
|
|
39
39
|
version: '4.2'
|
|
40
40
|
- - "<"
|
|
41
41
|
- !ruby/object:Gem::Version
|
|
42
|
-
version: '6.
|
|
42
|
+
version: '6.2'
|
|
43
43
|
type: :runtime
|
|
44
44
|
prerelease: false
|
|
45
45
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -49,7 +49,7 @@ dependencies:
|
|
|
49
49
|
version: '4.2'
|
|
50
50
|
- - "<"
|
|
51
51
|
- !ruby/object:Gem::Version
|
|
52
|
-
version: '6.
|
|
52
|
+
version: '6.2'
|
|
53
53
|
- !ruby/object:Gem::Dependency
|
|
54
54
|
name: rspec
|
|
55
55
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -224,6 +224,7 @@ files:
|
|
|
224
224
|
- gemfiles/activerecord_5_1.gemfile
|
|
225
225
|
- gemfiles/activerecord_5_2.gemfile
|
|
226
226
|
- gemfiles/activerecord_6_0.gemfile
|
|
227
|
+
- gemfiles/activerecord_6_1.gemfile
|
|
227
228
|
- lib/crypt_keeper.rb
|
|
228
229
|
- lib/crypt_keeper/helper.rb
|
|
229
230
|
- lib/crypt_keeper/log_subscriber/mysql_aes.rb
|
|
@@ -272,9 +273,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
272
273
|
- !ruby/object:Gem::Version
|
|
273
274
|
version: '0'
|
|
274
275
|
requirements: []
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
signing_key:
|
|
276
|
+
rubygems_version: 3.0.9
|
|
277
|
+
signing_key:
|
|
278
278
|
specification_version: 4
|
|
279
279
|
summary: Transparent ActiveRecord encryption
|
|
280
280
|
test_files:
|