encrypt_column 0.1.4 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/encrypt_column.gemspec +17 -0
- data/lib/encrypt_column/decrypt.rb +15 -0
- data/lib/encrypt_column/encrypt.rb +16 -0
- data/lib/encrypt_column/encrypt_column.rb +3 -3
- data/lib/encrypt_column/version.rb +1 -1
- metadata +10 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 237d5b5c34a3a6891e204ae017f81bfb9416a006
|
4
|
+
data.tar.gz: edef2636d15185a97505c33091f461bc62f74331
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 77c61337ceffb1b7e4685c4049c0cca14d66730aaac55511ebd6f8691a74dd14eaa2c30f75ee40be92b8e160a5e76775f1401ad1f0abfe1a0b6421791b72c805
|
7
|
+
data.tar.gz: bfc90a47db8df0537d60a9759ff6e87d6623b3c6319fd0db4a46d00f421b98b9d42b4252a9c228b89f540deec1acc209419c56cd11d6dd0d02c66cbc48089011
|
data/encrypt_column.gemspec
CHANGED
@@ -12,6 +12,23 @@ Gem::Specification.new do |spec|
|
|
12
12
|
spec.summary = %q{Easily encrypt columns in your app conditionally and with hashed values for searching}
|
13
13
|
spec.homepage = "https://github.com/danlherman/encrypt_column"
|
14
14
|
spec.license = "MIT"
|
15
|
+
spec.post_install_message = %q{
|
16
|
+
|
17
|
+
##### WARNING #######
|
18
|
+
New BREAKING encryption algorithm used in this version of encrypt_column.
|
19
|
+
|
20
|
+
If this is not a new installation of encrypt_column, already encrypted
|
21
|
+
data will need to be CONVERTED using:
|
22
|
+
|
23
|
+
Decrypt.cipher(ciphertext, <old_encryption_key>)
|
24
|
+
|
25
|
+
i.e.
|
26
|
+
ssn = Decrypt.cipher(profile.ssn_ciphertext, ENV['ENCRYPTION_KEY'])
|
27
|
+
profile.update_column('ssn' ssn)
|
28
|
+
|
29
|
+
####################
|
30
|
+
|
31
|
+
}
|
15
32
|
|
16
33
|
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
17
34
|
spec.bindir = "exe"
|
@@ -1,3 +1,4 @@
|
|
1
|
+
require 'openssl'
|
1
2
|
class Decrypt
|
2
3
|
def self.cipher(ciphertext, key = ENV['ENCRYPTION_KEY'])
|
3
4
|
raise 'Encryption Key Config Missing' unless key.present?
|
@@ -6,4 +7,18 @@ class Decrypt
|
|
6
7
|
return 'ERROR: Missing encryption ciphertext' if ciphertext.nil? || ciphertext.blank?
|
7
8
|
return 'ERROR: Wrong encryption key specified'
|
8
9
|
end
|
10
|
+
|
11
|
+
def self.ciphertext(ciphertext, key = ENV['ENCRYPT_KEY'])
|
12
|
+
raise 'Encryption Key Config Missing' unless key.present?
|
13
|
+
return 'ERROR: Missing encryption ciphertext' if ciphertext.nil? || ciphertext.blank?
|
14
|
+
enciphered, iv = ciphertext.split('--', 2).map { |part| part.unpack('m')[0] }
|
15
|
+
decipher = OpenSSL::Cipher::AES256.new(:CBC)
|
16
|
+
|
17
|
+
decipher.decrypt
|
18
|
+
decipher.key = key
|
19
|
+
decipher.iv = iv
|
20
|
+
|
21
|
+
deciphered = decipher.update(enciphered)
|
22
|
+
deciphered << decipher.final
|
23
|
+
end
|
9
24
|
end
|
@@ -1,6 +1,22 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
|
1
3
|
class Encrypt
|
2
4
|
def self.text(plaintext, key = ENV['ENCRYPTION_KEY'])
|
3
5
|
return raise 'Missing Encryption Key Config' if key.nil?
|
4
6
|
ActiveSupport::MessageEncryptor.new(key).encrypt_and_sign(plaintext)
|
5
7
|
end
|
8
|
+
|
9
|
+
def self.plaintext(plaintext, key = ENV['ENCRYPT_KEY'])
|
10
|
+
return raise 'Missing Encryption Key Config' if key.nil?
|
11
|
+
cipher = OpenSSL::Cipher::AES256.new(:CBC)
|
12
|
+
iv = cipher.random_iv
|
13
|
+
|
14
|
+
cipher.encrypt
|
15
|
+
cipher.key = key
|
16
|
+
cipher.iv = iv
|
17
|
+
|
18
|
+
enciphered = cipher.update(plaintext)
|
19
|
+
enciphered << cipher.final
|
20
|
+
[enciphered, iv].map { |part| [part].pack('m').gsub(/\n/, '') }.join('--')
|
21
|
+
end
|
6
22
|
end
|
@@ -8,7 +8,7 @@ module ClassMethods
|
|
8
8
|
searchable = options[:searchable] || false
|
9
9
|
encrypt_cond = options[:if] || proc { true }
|
10
10
|
failsafe = options[:failsafe] || false
|
11
|
-
@@encrypt_column_key = options[:key] || ENV['
|
11
|
+
@@encrypt_column_key = options[:key] || ENV['ENCRYPT_KEY']
|
12
12
|
@@hash_salt = options[:hash_salt] || ENV['HASH_SALT']
|
13
13
|
column = name
|
14
14
|
column = "#{name}_ciphertext" if failsafe
|
@@ -17,13 +17,13 @@ module ClassMethods
|
|
17
17
|
# getter
|
18
18
|
define_method(name) do
|
19
19
|
return read_attribute(column) unless instance_eval(&encrypt_cond)
|
20
|
-
Decrypt.
|
20
|
+
Decrypt.ciphertext(read_attribute(column), @@encrypt_column_key)
|
21
21
|
end
|
22
22
|
|
23
23
|
# setter
|
24
24
|
define_method("#{name}=") do |value|
|
25
25
|
return write_attribute(column, value) unless instance_eval(&encrypt_cond)
|
26
|
-
write_attribute(column, Encrypt.
|
26
|
+
write_attribute(column, Encrypt.plaintext(value, @@encrypt_column_key))
|
27
27
|
write_attribute(hash_column, Hashed.val(value, @@hash_salt)) if searchable
|
28
28
|
end
|
29
29
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: encrypt_column
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dan Herman
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-09-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -179,7 +179,12 @@ homepage: https://github.com/danlherman/encrypt_column
|
|
179
179
|
licenses:
|
180
180
|
- MIT
|
181
181
|
metadata: {}
|
182
|
-
post_install_message:
|
182
|
+
post_install_message: "\n\n ##### WARNING #######\n New BREAKING encryption algorithm
|
183
|
+
used in this version of encrypt_column.\n\n If this is not a new installation of
|
184
|
+
encrypt_column, already encrypted\n data will need to be CONVERTED using:\n\n Decrypt.cipher(ciphertext,
|
185
|
+
<old_encryption_key>)\n\n i.e.\n ssn = Decrypt.cipher(profile.ssn_ciphertext,
|
186
|
+
ENV['ENCRYPTION_KEY'])\n profile.update_column('ssn' ssn)\n\n ####################\n\n
|
187
|
+
\ "
|
183
188
|
rdoc_options: []
|
184
189
|
require_paths:
|
185
190
|
- lib
|
@@ -195,9 +200,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
195
200
|
version: '0'
|
196
201
|
requirements: []
|
197
202
|
rubyforge_project:
|
198
|
-
rubygems_version: 2.
|
203
|
+
rubygems_version: 2.6.10
|
199
204
|
signing_key:
|
200
205
|
specification_version: 4
|
201
206
|
summary: Easily encrypt columns in your app conditionally and with hashed values for
|
202
207
|
searching
|
203
208
|
test_files: []
|
209
|
+
has_rdoc:
|