encrypt_column 0.1.4 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 867ccb100754da73772208fdd1c9775b12bceee8
-  data.tar.gz: 52a14a63b1df23044a4f76b1d1851c0a567b557f
+  metadata.gz: 237d5b5c34a3a6891e204ae017f81bfb9416a006
+  data.tar.gz: edef2636d15185a97505c33091f461bc62f74331
 SHA512:
-  metadata.gz: 97889761d242a3dd62b38e568b3cfd6ec6d00c5274dcb8792da2c37a51d8604f23560dc88981dca42f75378300739b31b8f8be8e6ef52aac4239c1f5d0f409d8
-  data.tar.gz: 67a38152342f46531ecbb4c4eff6e96f443a208b42fc09a9b850fb12d9e6494e2b07325a0bb38c0b00543393c8f05067f64990415f8361e019a1b369f227b4b3
+  metadata.gz: 77c61337ceffb1b7e4685c4049c0cca14d66730aaac55511ebd6f8691a74dd14eaa2c30f75ee40be92b8e160a5e76775f1401ad1f0abfe1a0b6421791b72c805
+  data.tar.gz: bfc90a47db8df0537d60a9759ff6e87d6623b3c6319fd0db4a46d00f421b98b9d42b4252a9c228b89f540deec1acc209419c56cd11d6dd0d02c66cbc48089011

data/encrypt_column.gemspec

@@ -12,6 +12,23 @@ Gem::Specification.new do |spec|
   spec.summary       = %q{Easily encrypt columns in your app conditionally and with hashed values for searching}
   spec.homepage      = "https://github.com/danlherman/encrypt_column"
   spec.license       = "MIT"
+  spec.post_install_message = %q{
+
+  ##### WARNING #######
+  New BREAKING encryption algorithm used in this version of encrypt_column.
+
+  If this is not a new installation of encrypt_column, already encrypted
+  data will need to be CONVERTED using:
+
+  Decrypt.cipher(ciphertext, <old_encryption_key>)
+
+  i.e.
+  ssn = Decrypt.cipher(profile.ssn_ciphertext, ENV['ENCRYPTION_KEY'])
+  profile.update_column('ssn' ssn)
+
+  ####################
+
+  }
 
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.bindir        = "exe"

data/lib/encrypt_column/decrypt.rb

@@ -1,3 +1,4 @@
+require 'openssl'
 class Decrypt
   def self.cipher(ciphertext, key = ENV['ENCRYPTION_KEY'])
     raise 'Encryption Key Config Missing' unless key.present?
@@ -6,4 +7,18 @@ class Decrypt
     return 'ERROR: Missing encryption ciphertext' if ciphertext.nil? || ciphertext.blank?
     return 'ERROR: Wrong encryption key specified'
   end
+
+  def self.ciphertext(ciphertext, key = ENV['ENCRYPT_KEY'])
+    raise 'Encryption Key Config Missing' unless key.present?
+    return 'ERROR: Missing encryption ciphertext' if ciphertext.nil? || ciphertext.blank?
+    enciphered, iv = ciphertext.split('--', 2).map { |part| part.unpack('m')[0] }
+    decipher = OpenSSL::Cipher::AES256.new(:CBC)
+
+    decipher.decrypt
+    decipher.key = key
+    decipher.iv = iv
+
+    deciphered = decipher.update(enciphered)
+    deciphered << decipher.final
+  end
 end

data/lib/encrypt_column/encrypt.rb

@@ -1,6 +1,22 @@
+require 'openssl'
+
 class Encrypt
   def self.text(plaintext, key = ENV['ENCRYPTION_KEY'])
     return raise 'Missing Encryption Key Config' if key.nil?
     ActiveSupport::MessageEncryptor.new(key).encrypt_and_sign(plaintext)
   end
+
+  def self.plaintext(plaintext, key = ENV['ENCRYPT_KEY'])
+    return raise 'Missing Encryption Key Config' if key.nil?
+    cipher = OpenSSL::Cipher::AES256.new(:CBC)
+    iv = cipher.random_iv
+
+    cipher.encrypt
+    cipher.key = key
+    cipher.iv = iv
+
+    enciphered = cipher.update(plaintext)
+    enciphered << cipher.final
+    [enciphered, iv].map { |part| [part].pack('m').gsub(/\n/, '') }.join('--')
+  end
 end

data/lib/encrypt_column/encrypt_column.rb

@@ -8,7 +8,7 @@ module ClassMethods
     searchable = options[:searchable] || false
     encrypt_cond = options[:if] || proc { true }
     failsafe = options[:failsafe] || false
-    @@encrypt_column_key = options[:key] || ENV['ENCRYPTION_KEY']
+    @@encrypt_column_key = options[:key] || ENV['ENCRYPT_KEY']
     @@hash_salt = options[:hash_salt] || ENV['HASH_SALT']
     column = name
     column = "#{name}_ciphertext" if failsafe
@@ -17,13 +17,13 @@ module ClassMethods
     # getter
     define_method(name) do
       return read_attribute(column) unless instance_eval(&encrypt_cond)
-      Decrypt.cipher(read_attribute(column), @@encrypt_column_key)
+      Decrypt.ciphertext(read_attribute(column), @@encrypt_column_key)
     end
 
     # setter
     define_method("#{name}=") do |value|
       return write_attribute(column, value) unless instance_eval(&encrypt_cond)
-      write_attribute(column, Encrypt.text(value, @@encrypt_column_key))
+      write_attribute(column, Encrypt.plaintext(value, @@encrypt_column_key))
       write_attribute(hash_column, Hashed.val(value, @@hash_salt)) if searchable
     end
 

data/lib/encrypt_column/version.rb

@@ -1,3 +1,3 @@
 module EncryptColumn
-  VERSION = '0.1.4'.freeze
+  VERSION = '1.0.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: encrypt_column
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 1.0.0
 platform: ruby
 authors:
 - Dan Herman
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-02-18 00:00:00.000000000 Z
+date: 2017-09-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -179,7 +179,12 @@ homepage: https://github.com/danlherman/encrypt_column
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message: "\n\n  ##### WARNING #######\n  New BREAKING encryption algorithm
+  used in this version of encrypt_column.\n\n  If this is not a new installation of
+  encrypt_column, already encrypted\n  data will need to be CONVERTED using:\n\n  Decrypt.cipher(ciphertext,
+  <old_encryption_key>)\n\n  i.e.\n  ssn = Decrypt.cipher(profile.ssn_ciphertext,
+  ENV['ENCRYPTION_KEY'])\n  profile.update_column('ssn' ssn)\n\n  ####################\n\n
+  \ "
 rdoc_options: []
 require_paths:
 - lib
@@ -195,9 +200,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.6.10
 signing_key: 
 specification_version: 4
 summary: Easily encrypt columns in your app conditionally and with hashed values for
   searching
 test_files: []
+has_rdoc: