cryptor 0.0.0 → 0.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6d16ee7c972557dd058f1dde956dc26468745945
-  data.tar.gz: 4a565ea41bdc11b9f82f016a9a1baa6312e8eaeb
+  metadata.gz: 28c23ac85c838a1017c2298d7237cba2f4a4cce2
+  data.tar.gz: 7176ba9550de9958c17cfebfdec784f66f236b5c
 SHA512:
-  metadata.gz: b1db40bfb00bad3f7c56afe50f6eac57c5f8cab5bb7f1c35385a25bfbecc550da573f953f6b88a92a0cbb3cf4b1db2d49f2e8ca533f8a96c9de555c426e36333
-  data.tar.gz: cfc0a795458ea5a03f58a02dd8b6aa4a80e7726d642a84f0132bf25428b3023305e4c95ad2ec0b032a43c050b1afb255e8e33a9deb59eed7c00e086fc5ee5ca8
+  metadata.gz: 82907137a69c2f33963ea311ec7e9c8a632d4f91b4313b354bb69ec2b654c53c80906f9b57e8afcbe96b5f8fc6b17fab4baab48f12331d0e8db9437226b46485
+  data.tar.gz: 85e14622245d730c9ec036644a5f5c32f9f7d6bfcbb19c4e8060dab4bc3eab4864af79d56dcbdc0913057facb8df4dfc61677cdab6092928149f08268c3cd01f

data/.rubocop.yml

@@ -1,2 +1,5 @@
 LineLength:
-  Max: 99
+  Max: 100
+
+Encoding:
+  Enabled: false

data/.travis.yml

@@ -1,7 +1,7 @@
 rvm:
   - 1.9.3
   - 2.0.0
-  - 2.1.1
+  - 2.1.2
   - ruby-head
   - jruby
   - jruby-head

data/CHANGES.md

@@ -0,0 +1,3 @@
+0.0.1 (2014-06-05)
+------------------
+* Happy Snow day!

data/Gemfile

@@ -1,4 +1,12 @@
 source 'https://rubygems.org'
 
+group :development do
+  gem 'guard-rspec'
+end
+
+group :test do
+  gem 'coveralls', require: false
+end
+
 # Specify your gem's dependencies in cryptor.gemspec
 gemspec

data/Guardfile

@@ -0,0 +1,6 @@
+guard :rspec do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})    { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb') { "spec" }
+end
+

data/README.md

@@ -1,6 +1,10 @@
 ![CRYPTAUR](https://raw.githubusercontent.com/cryptosphere/cryptor/master/cryptosaur.png)
 Cryptor
 =======
+[![Gem Version](https://badge.fury.io/rb/cryptor.png)](http://badge.fury.io/rb/cryptor)
+[![Build Status](https://travis-ci.org/cryptosphere/cryptor.png?branch=master)](https://travis-ci.org/cryptosphere/cryptor)
+[![Code Climate](https://codeclimate.com/github/cryptosphere/cryptor.png)](https://codeclimate.com/github/cryptosphere/cryptor)
+[![Coverage Status](https://coveralls.io/repos/cryptosphere/cryptor/badge.png?branch=master)](https://coveralls.io/r/cryptosphere/cryptor?branch=master)
 
 A safe Ruby encryption library, designed to support features like multiple
 active encryption keys and key rotation.
@@ -10,14 +14,19 @@ remains untamered with, even when it's in the hands of an attacker.
 
 Cryptor supports two backends:
 
-* [ActiveSupport::MessageEncryptor] (Rails 4+): a bespoke authenticated
+* [RbNaCl::SimpleBox]: (default) authenticated symmetric encryption based on
+  XSalsa20+Poly1305 from [libsodium].
+* [ActiveSupport::MessageEncryptor]: (Rails 4+) a bespoke authenticated
   encryption scheme provided by Rails, based on AES-CBC and HMAC.
-* [RbNaCl::SimpleBox]: authenticated symmetric encryption based on
-  XSalsa20+Poly1305 from libsodium.
+
+Cryptor uses the experimental [ORDO v0 message format][ordo] for serializing
+encrypted messages.
 
 [authenticated encryption]: https://en.wikipedia.org/wiki/Authenticated_encryption
-[ActiveSupport::MessageEncryptor]: http://api.rubyonrails.org/classes/ActiveSupport/MessageEncryptor.html
 [RbNaCl::SimpleBox]: https://github.com/cryptosphere/rbnacl/wiki/SimpleBox
+[libsodium]: https://github.com/jedisct1/libsodium/
+[ActiveSupport::MessageEncryptor]: http://api.rubyonrails.org/classes/ActiveSupport/MessageEncryptor.html
+[ordo]: https://github.com/cryptosphere/ordo/wiki/Message-Format
 
 ## Installation
 
@@ -35,7 +44,99 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+To begin with, you must select a backend:
+
+### RbNaCl (recommended)
+
+RbNaCl is a Ruby FFI binding to libsodium, a portable state-of-the-art
+cryptography library.
+
+To use Cryptor with RbNaCl, add the following to your Gemfile:
+
+```ruby
+gem 'rbnacl-libsodium'
+```
+
+And in your Ruby program, require the following:
+
+```ruby
+require 'cryptor'
+require 'cryptor/ciphers/xsalsa20poly1305'
+```
+
+### Rails (ActiveSupport::MessageEncryptor)
+
+Cryptor can use ActiveSupport 4.0+'s `MessageEncryptor` class to encrypt
+messages. This scheme uses AES-256 in CBC mode for encryption and HMAC-SHA1
+to provide ciphertext integrity.
+
+This option is only recommended if you have some compliance issues which
+mandate the use of NIST ciphers or if you have problems installing
+the rbnacl-libsodium gem or libsodium library for some reason.
+
+To use Cryptor with ActiveSupport::MessageEncryptor, require the following
+from a Rails 4.0+ app or other app with ActiveSupport 4.0+ bundled:
+
+```ruby
+require 'cryptor'
+require 'cryptor/ciphers/message_encryptor'
+```
+
+### Authenticated Symmetric Encryption
+
+To encrypt data with Cryptor, you must first make a secret key to encrypt it
+under. Use the following for RbNaCl:
+
+```ruby
+# Make a RbNaCl secret key
+secret_key = Cryptor::SymmetricEncryption.random_key(:xsalsa20poly1305)
+```
+
+or the following for ActiveSupport::MessageEncryptor:
+
+```ruby
+# Make an ActiveSupport secret key
+secret_key = Cryptor::SymmetricEncryption.random_key(:message_encryptor)
+```
+
+Inspecting a secret key looks like this:
+
+```
+#<Cryptor::SecretKey:0x81438830 cipher=xsalsa20poly1305 fingerprint=ni:///sha-256;Wy8hx4...>
+```
+
+You can't actually see the secret key itself by calling `#inspect` or `#to_s`.
+This is to prevent accidentally logging the secret key. Instead you can only
+see the key's fingerprint, which is given as a [RFC 6920] hash URI of the secret
+key's [ORDO secret URI].
+
+To obtain the secret URI, use the `#to_secret_uri` method, which returns a string:
+
+```ruby
+"secret.key:///xsalsa20poly1305;0saB1tfgKWDh_bX0oAquLWgAq-6yjG1u04mP-CtQG-4"
+```
+
+This string can be saved somewhere secret and safe then later loaded and passed into
+`Cryptor::SymmetricEncryption.new`:
+
+```ruby
+cryptor = Cryptor::SymmetricEncryption.new("secret.key:///xsalsa20poly1305;0saB...")
+```
+
+After this, you can encrypt with the `#encrypt` method:
+
+```ruby
+ciphertext = cryptor.encrypt(plaintext)
+```
+
+and decrypt with the `#decrypt` method:
+
+```ruby
+decrypted = cryptor.decrypt(ciphertext)
+```
+
+[RFC 6920]: http://tools.ietf.org/html/rfc6920
+[ORDO secret URI]: https://github.com/cryptosphere/ordo/wiki/URI-Registry
 
 ## Contributing
 

data/Rakefile

@@ -2,4 +2,4 @@ require 'bundler/gem_tasks'
 
 Dir[File.expand_path('../tasks/**/*.rake', __FILE__)].each { |task| load task }
 
-task default: :rubocop
+task default: %w(spec rubocop)

data/cryptor.gemspec

@@ -19,9 +19,11 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(/^(test|spec|features)\//)
   spec.require_paths = ['lib']
 
-  spec.add_runtime_dependency 'rbnacl-libsodium'
+  spec.add_runtime_dependency 'ordo', '>= 0.0.1'
 
-  spec.add_development_dependency 'bundler', '~> 1.6'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rbnacl-libsodium'
+  spec.add_development_dependency 'activesupport', '>= 4.0.0'
 end

data/lib/cryptor.rb

@@ -1,6 +1,6 @@
 require 'cryptor/version'
 
-# An easy-to-use library for real-world Ruby cryptography
-module Cryptor
-  # Your code goes here...
-end
+require 'cryptor/cipher'
+require 'cryptor/encoding'
+require 'cryptor/secret_key'
+require 'cryptor/symmetric_encryption'

data/lib/cryptor/cipher.rb

@@ -0,0 +1,37 @@
+module Cryptor
+  # Base class of all Cryptor ciphers
+  class Cipher
+    REGISTRY = {}
+
+    attr_reader :algorithm, :key_bytes
+
+    def self.register(algorithm, options = {})
+      REGISTRY[algorithm.to_s] ||= new(algorithm, options)
+    end
+
+    def self.[](algorithm)
+      REGISTRY[algorithm.to_s] || fail(ArgumentError, "no such cipher: #{algorithm}")
+    end
+
+    def initialize(algorithm, options = {})
+      @algorithm = algorithm
+      @key_bytes = options[:key_bytes] || fail(ArgumentError, 'key_bytes not specified')
+    end
+
+    def random_key
+      SecretKey.random_key(self)
+    end
+
+    def encrypt(_key, _plaintext)
+      #:nocov:
+      fail NotImplementedError, "'encrypt' method has not been implemented"
+      #:nocov:
+    end
+
+    def decrypt(_key, _ciphertext)
+      #:nocov:
+      fail NotImplementedError, "'decrypt' method has not been implemented"
+      #:nocov:
+    end
+  end
+end

data/lib/cryptor/ciphers/message_encryptor.rb

@@ -0,0 +1,46 @@
+require 'active_support/message_encryptor'
+require 'active_support/message_verifier'
+
+require 'cryptor/cipher'
+
+module Cryptor
+  module Ciphers
+    # MessageEncryptor is a bespoke authenticated encryption scheme invented
+    # by rails-core. It uses AES-256-CBC and HMAC-SHA1 in an encrypt-then-MAC
+    # scheme with a wacky and wild semiconstant-time MAC comparison.
+
+    # Cryptor enforces the usage of independent keys for AES encryption and HMAC
+    # by mandating a 64-byte key (using 32-bytes for AES and 32-bytes for HMAC).
+    #
+    # This scheme is probably safe to use, but less interoperable and more
+    # poorly designed than xsalsa20poly1305 from RbNaCl. It does, however,
+    # work using only ActiveSupport and the Ruby OpenSSL extension as
+    # dependencies, and should be available anywhere.
+    #
+    # For the time being, this scheme is only supported for ActiveSupport 4.0+
+    # although support for earlier versions of ActiveSupport should be
+    # possible.
+    class MessageEncryptor < Cipher
+      SERIALIZER = ActiveSupport::MessageEncryptor::NullSerializer
+      KEY_BYTES  = 64
+
+      register :message_encryptor, key_bytes: KEY_BYTES
+
+      def encrypt(key, plaintext)
+        encryptor(key).encrypt_and_sign(plaintext)
+      end
+
+      def decrypt(key, ciphertext)
+        encryptor(key).decrypt_and_verify(ciphertext)
+      end
+
+      private
+
+      def encryptor(key)
+        fail ArgumentError, "wrong key size: #{key.bytesize}" unless key.bytesize == KEY_BYTES
+        encryption_key, hmac_key = key[0, 32], key[32, 32]
+        ActiveSupport::MessageEncryptor.new(encryption_key, hmac_key, serializer: SERIALIZER)
+      end
+    end
+  end
+end

data/lib/cryptor/ciphers/xsalsa20poly1305.rb

@@ -0,0 +1,26 @@
+require 'rbnacl/libsodium'
+
+require 'cryptor/cipher'
+
+module Cryptor
+  module Ciphers
+    # XSalsa20+Poly1305 authenticated stream cipher
+    class XSalsa20Poly1305 < Cipher
+      register :xsalsa20poly1305, key_bytes: RbNaCl::SecretBoxes::XSalsa20Poly1305.key_bytes
+
+      def encrypt(key, plaintext)
+        box(key).encrypt(plaintext)
+      end
+
+      def decrypt(key, ciphertext)
+        box(key).decrypt(ciphertext)
+      end
+
+      private
+
+      def box(key)
+        RbNaCl::SimpleBox.new(RbNaCl::SecretBoxes::XSalsa20Poly1305.new(key))
+      end
+    end
+  end
+end

data/lib/cryptor/encoding.rb

@@ -0,0 +1,27 @@
+require 'base64'
+
+module Cryptor
+  # Encode and parse strings in "URL-safe" Base64 format
+  module Encoding
+    module_function
+
+    # Encode a string in unpadded URL-safe Base64
+    #
+    # @param string [String] arbitrary string to be encoded
+    # @return [String] URL-safe Base64 encoded string (sans '=' padding)
+    def encode(string)
+      Base64.urlsafe_encode64(string).sub(/=*$/, '')
+    end
+
+    # Decode an unpadded URL-safe Base64 string
+    #
+    # @param string [String] URL-safe Base64 string to be decoded (sans '=' padding)
+    # @return [String] decoded string
+    def decode(string)
+      padding_size  = string.bytesize % 4
+      padded_string =  padding_size > 0 ? string + '=' * (4 - padding_size) : string
+
+      Base64.urlsafe_decode64(padded_string)
+    end
+  end
+end

data/lib/cryptor/secret_key.rb

@@ -0,0 +1,83 @@
+require 'base64'
+require 'digest/sha2'
+
+module Cryptor
+  # Secret key used to encrypt plaintexts
+  class SecretKey
+    attr_reader :cipher
+
+    # Generate a random secret key
+    #
+    # @param [Cryptor::Cipher, Symbol] Cryptor::Cipher or algorithm name as a symbol
+    #
+    # @return [Cryptor::SecretKey] new secret key object
+    def self.random_key(cipher)
+      cipher = Cryptor::Cipher[cipher] if cipher.is_a? Symbol
+      fail ArgumentError, "invalid cipher: #{cipher.inspect}" unless cipher.is_a? Cryptor::Cipher
+      bytes  = RbNaCl::Random.random_bytes(cipher.key_bytes)
+      base64 = Cryptor::Encoding.encode(bytes)
+
+      new "secret.key:///#{cipher.algorithm};#{base64}"
+    end
+
+    # Create a new SecretKey object from a URI
+    #
+    # @param [#to_s] uri representing a secret key
+    #
+    # @raise [ArgumentError] on invalid URIs
+    #
+    # @return [Cryptor::SecretKey] new secret key object
+    def initialize(uri_string)
+      uri = URI.parse(uri_string.to_s)
+      fail ArgumentError, "invalid scheme: #{uri.scheme}" unless uri.scheme == 'secret.key'
+
+      components = uri.path.match(/^\/([^;]+);(.+)$/)
+      fail ArgumentError, "couldn't parse cipher name from secret URI" unless components
+
+      @cipher     = Cryptor::Cipher[components[1]]
+      @secret_key = Cryptor::Encoding.decode(components[2])
+    end
+
+    # Serialize SecretKey object to a URI
+    #
+    # @return [String] serialized URI representing the key
+    def to_secret_uri
+      "secret.key:///#{@cipher.algorithm};#{Cryptor::Encoding.encode(@secret_key)}"
+    end
+
+    # Fingerprint of this key's secret URI
+    #
+    # @return [String] fingerprint as a ni:// URL
+    def fingerprint
+      digest = Digest::SHA256.digest(to_secret_uri)
+      "ni:///sha-256;#{Cryptor::Encoding.encode(digest)}"
+    end
+
+    # Encrypt a plaintext under this key
+    #
+    # @param [String] plaintext string to be encrypted
+    #
+    # @return [String] ciphertext encrypted under this key
+    def encrypt(plaintext)
+      @cipher.encrypt(@secret_key, plaintext)
+    end
+
+    # Decrypt ciphertext using this key
+    #
+    # @param [String] ciphertext string to be decrypted
+    #
+    # @return [String] plaintext decrypted from the given ciphertext
+    def decrypt(ciphertext)
+      @cipher.decrypt(@secret_key, ciphertext)
+    end
+
+    # Inspect this key
+    #
+    # @return [String] a string representing this key
+    def inspect
+      "#<#{self.class}:0x#{object_id.to_s(16)} " \
+      "cipher=#{cipher.algorithm} " \
+      "fingerprint=#{fingerprint}>"
+    end
+  end
+end

data/lib/cryptor/symmetric_encryption.rb

@@ -0,0 +1,51 @@
+require 'ordo'
+
+require 'cryptor/version'
+require 'cryptor/cipher'
+
+module Cryptor
+  # Easy-to-use authenticated symmetric encryption
+  class SymmetricEncryption
+    def self.random_key(cipher)
+      Cipher[cipher].random_key
+    end
+
+    def initialize(key)
+      @key = key
+    end
+
+    def encrypt(plaintext)
+      ciphertext = @key.encrypt(plaintext)
+      base64     = Base64.strict_encode64(ciphertext)
+
+      ORDO::Message.new(
+        base64,
+        'Cipher'                    => @key.cipher.algorithm,
+        'Content-Length'            => base64.bytesize,
+        'Content-Transfer-Encoding' => 'base64',
+        'Key-Fingerprint'           => @key.fingerprint
+      ).to_string
+    end
+
+    def decrypt(ciphertext)
+      message     = ORDO::Message.parse(ciphertext)
+      fingerprint = message['Key-Fingerprint']
+
+      fail ArgumentError, "no key configured for: #{fingerprint}" if @key.fingerprint != fingerprint
+
+      @key.decrypt decode(message)
+    end
+
+    private
+
+    def decode(message)
+      encoding = message['Content-Transfer-Encoding']
+
+      case encoding
+      when 'base64' then Base64.strict_decode64(message.body)
+      when 'binary' then message.body
+      else fail ArgumentError, "invalid message encoding: #{encoding}"
+      end
+    end
+  end
+end

data/lib/cryptor/version.rb

@@ -1,4 +1,4 @@
 # An easy-to-use library for real-world Ruby cryptography
 module Cryptor
-  VERSION = '0.0.0'
+  VERSION = '0.0.1'
 end

data/spec/cryptor/secret_key_spec.rb

@@ -0,0 +1,38 @@
+require 'spec_helper'
+
+describe Cryptor::SecretKey do
+  let(:algorithm)  { :BassOmatic }
+  let(:key_bytes)  { 42 }
+  let(:cipher)     { Cryptor::Cipher.new(algorithm, key_bytes: key_bytes) }
+  let(:secret_key) { "\xBA\x55" }
+  let(:secret_uri) { "secret.key:///#{algorithm};#{Cryptor::Encoding.encode(secret_key)}" }
+
+  before do
+    allow(Cryptor::Cipher).to receive(:[]).and_return(cipher)
+  end
+
+  subject { described_class.new(secret_uri) }
+
+  it 'generates random keys' do
+    expect(described_class.random_key(algorithm)).to be_a described_class
+  end
+
+  it 'serializes to a URI' do
+    expect(subject.to_secret_uri).to eq secret_uri
+  end
+
+  it 'serializes to a key fingerprint' do
+    expect(URI(subject.fingerprint).scheme).to eq 'ni'
+  end
+
+  it 'inspects without revealing the secret key' do
+    expect(subject.inspect).not_to include(secret_key)
+    expect(subject.inspect).not_to include(Cryptor::Encoding.encode(secret_key))
+  end
+
+  it 'raises ArgumentError if given a bogus URI' do
+    expect do
+      described_class.new('http://www.google.com/')
+    end.to raise_exception(ArgumentError)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+require 'json'
+require 'coveralls'
+Coveralls.wear!
+
+require 'bundler/setup'
+require 'cryptor'

data/spec/symmetric_encryption_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper'
+
+describe Cryptor::SymmetricEncryption do
+  let(:plaintext) { 'THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE' }
+  subject { described_class.new(secret_key) }
+
+  context 'xsalsa20poly1305' do
+    require 'cryptor/ciphers/xsalsa20poly1305'
+
+    let(:secret_key) { described_class.random_key(:xsalsa20poly1305) }
+
+    it 'encrypts and decrypts' do
+      ciphertext = subject.encrypt(plaintext)
+      expect(subject.decrypt(ciphertext)).to eq plaintext
+    end
+  end
+
+  context 'message_encryptor' do
+    require 'cryptor/ciphers/message_encryptor'
+
+    let(:secret_key) { described_class.random_key(:message_encryptor) }
+
+    it 'encrypts and decrypts' do
+      ciphertext = subject.encrypt(plaintext)
+      expect(subject.decrypt(ciphertext)).to eq plaintext
+    end
+  end
+end

data/tasks/rspec.rake

@@ -0,0 +1,8 @@
+gem 'rspec'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new
+
+RSpec::Core::RakeTask.new(:rcov) do |task|
+  task.rcov = true
+end

data/tasks/rubocop.rake

@@ -1,3 +1,3 @@
 require 'rubocop/rake_task'
 
-Rubocop::RakeTask.new
+RuboCop::RakeTask.new

metadata

@@ -1,45 +1,59 @@
 --- !ruby/object:Gem::Specification
 name: cryptor
 version: !ruby/object:Gem::Version
-  version: 0.0.0
+  version: 0.0.1
 platform: ruby
 authors:
 - Tony Arcieri
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-17 00:00:00.000000000 Z
+date: 2014-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rbnacl-libsodium
+  name: ordo
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.0.1
   type: :runtime
   prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.0.1
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -53,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: rbnacl-libsodium
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -66,6 +80,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
 description: A safe Ruby encryption library, designed to support features likemultiple
   active encryption keys and key rotation
 email:
@@ -78,14 +106,26 @@ files:
 - ".rspec"
 - ".rubocop.yml"
 - ".travis.yml"
+- CHANGES.md
 - Gemfile
+- Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - cryptor.gemspec
 - cryptosaur.png
 - lib/cryptor.rb
+- lib/cryptor/cipher.rb
+- lib/cryptor/ciphers/message_encryptor.rb
+- lib/cryptor/ciphers/xsalsa20poly1305.rb
+- lib/cryptor/encoding.rb
+- lib/cryptor/secret_key.rb
+- lib/cryptor/symmetric_encryption.rb
 - lib/cryptor/version.rb
+- spec/cryptor/secret_key_spec.rb
+- spec/spec_helper.rb
+- spec/symmetric_encryption_spec.rb
+- tasks/rspec.rake
 - tasks/rubocop.rake
 homepage: https://github.com/cryptosphere/cryptor
 licenses:
@@ -111,4 +151,7 @@ rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: An easy-to-use library for real-world Ruby cryptography
-test_files: []
+test_files:
+- spec/cryptor/secret_key_spec.rb
+- spec/spec_helper.rb
+- spec/symmetric_encryption_spec.rb