encrypt_column 0.1.4 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/encrypt_column.gemspec +17 -0
- data/lib/encrypt_column/decrypt.rb +15 -0
- data/lib/encrypt_column/encrypt.rb +16 -0
- data/lib/encrypt_column/encrypt_column.rb +3 -3
- data/lib/encrypt_column/version.rb +1 -1
- metadata +10 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 237d5b5c34a3a6891e204ae017f81bfb9416a006
|
|
4
|
+
data.tar.gz: edef2636d15185a97505c33091f461bc62f74331
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 77c61337ceffb1b7e4685c4049c0cca14d66730aaac55511ebd6f8691a74dd14eaa2c30f75ee40be92b8e160a5e76775f1401ad1f0abfe1a0b6421791b72c805
|
|
7
|
+
data.tar.gz: bfc90a47db8df0537d60a9759ff6e87d6623b3c6319fd0db4a46d00f421b98b9d42b4252a9c228b89f540deec1acc209419c56cd11d6dd0d02c66cbc48089011
|
data/encrypt_column.gemspec
CHANGED
|
@@ -12,6 +12,23 @@ Gem::Specification.new do |spec|
|
|
|
12
12
|
spec.summary = %q{Easily encrypt columns in your app conditionally and with hashed values for searching}
|
|
13
13
|
spec.homepage = "https://github.com/danlherman/encrypt_column"
|
|
14
14
|
spec.license = "MIT"
|
|
15
|
+
spec.post_install_message = %q{
|
|
16
|
+
|
|
17
|
+
##### WARNING #######
|
|
18
|
+
New BREAKING encryption algorithm used in this version of encrypt_column.
|
|
19
|
+
|
|
20
|
+
If this is not a new installation of encrypt_column, already encrypted
|
|
21
|
+
data will need to be CONVERTED using:
|
|
22
|
+
|
|
23
|
+
Decrypt.cipher(ciphertext, <old_encryption_key>)
|
|
24
|
+
|
|
25
|
+
i.e.
|
|
26
|
+
ssn = Decrypt.cipher(profile.ssn_ciphertext, ENV['ENCRYPTION_KEY'])
|
|
27
|
+
profile.update_column('ssn' ssn)
|
|
28
|
+
|
|
29
|
+
####################
|
|
30
|
+
|
|
31
|
+
}
|
|
15
32
|
|
|
16
33
|
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
|
17
34
|
spec.bindir = "exe"
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
require 'openssl'
|
|
1
2
|
class Decrypt
|
|
2
3
|
def self.cipher(ciphertext, key = ENV['ENCRYPTION_KEY'])
|
|
3
4
|
raise 'Encryption Key Config Missing' unless key.present?
|
|
@@ -6,4 +7,18 @@ class Decrypt
|
|
|
6
7
|
return 'ERROR: Missing encryption ciphertext' if ciphertext.nil? || ciphertext.blank?
|
|
7
8
|
return 'ERROR: Wrong encryption key specified'
|
|
8
9
|
end
|
|
10
|
+
|
|
11
|
+
def self.ciphertext(ciphertext, key = ENV['ENCRYPT_KEY'])
|
|
12
|
+
raise 'Encryption Key Config Missing' unless key.present?
|
|
13
|
+
return 'ERROR: Missing encryption ciphertext' if ciphertext.nil? || ciphertext.blank?
|
|
14
|
+
enciphered, iv = ciphertext.split('--', 2).map { |part| part.unpack('m')[0] }
|
|
15
|
+
decipher = OpenSSL::Cipher::AES256.new(:CBC)
|
|
16
|
+
|
|
17
|
+
decipher.decrypt
|
|
18
|
+
decipher.key = key
|
|
19
|
+
decipher.iv = iv
|
|
20
|
+
|
|
21
|
+
deciphered = decipher.update(enciphered)
|
|
22
|
+
deciphered << decipher.final
|
|
23
|
+
end
|
|
9
24
|
end
|
|
@@ -1,6 +1,22 @@
|
|
|
1
|
+
require 'openssl'
|
|
2
|
+
|
|
1
3
|
class Encrypt
|
|
2
4
|
def self.text(plaintext, key = ENV['ENCRYPTION_KEY'])
|
|
3
5
|
return raise 'Missing Encryption Key Config' if key.nil?
|
|
4
6
|
ActiveSupport::MessageEncryptor.new(key).encrypt_and_sign(plaintext)
|
|
5
7
|
end
|
|
8
|
+
|
|
9
|
+
def self.plaintext(plaintext, key = ENV['ENCRYPT_KEY'])
|
|
10
|
+
return raise 'Missing Encryption Key Config' if key.nil?
|
|
11
|
+
cipher = OpenSSL::Cipher::AES256.new(:CBC)
|
|
12
|
+
iv = cipher.random_iv
|
|
13
|
+
|
|
14
|
+
cipher.encrypt
|
|
15
|
+
cipher.key = key
|
|
16
|
+
cipher.iv = iv
|
|
17
|
+
|
|
18
|
+
enciphered = cipher.update(plaintext)
|
|
19
|
+
enciphered << cipher.final
|
|
20
|
+
[enciphered, iv].map { |part| [part].pack('m').gsub(/\n/, '') }.join('--')
|
|
21
|
+
end
|
|
6
22
|
end
|
|
@@ -8,7 +8,7 @@ module ClassMethods
|
|
|
8
8
|
searchable = options[:searchable] || false
|
|
9
9
|
encrypt_cond = options[:if] || proc { true }
|
|
10
10
|
failsafe = options[:failsafe] || false
|
|
11
|
-
@@encrypt_column_key = options[:key] || ENV['
|
|
11
|
+
@@encrypt_column_key = options[:key] || ENV['ENCRYPT_KEY']
|
|
12
12
|
@@hash_salt = options[:hash_salt] || ENV['HASH_SALT']
|
|
13
13
|
column = name
|
|
14
14
|
column = "#{name}_ciphertext" if failsafe
|
|
@@ -17,13 +17,13 @@ module ClassMethods
|
|
|
17
17
|
# getter
|
|
18
18
|
define_method(name) do
|
|
19
19
|
return read_attribute(column) unless instance_eval(&encrypt_cond)
|
|
20
|
-
Decrypt.
|
|
20
|
+
Decrypt.ciphertext(read_attribute(column), @@encrypt_column_key)
|
|
21
21
|
end
|
|
22
22
|
|
|
23
23
|
# setter
|
|
24
24
|
define_method("#{name}=") do |value|
|
|
25
25
|
return write_attribute(column, value) unless instance_eval(&encrypt_cond)
|
|
26
|
-
write_attribute(column, Encrypt.
|
|
26
|
+
write_attribute(column, Encrypt.plaintext(value, @@encrypt_column_key))
|
|
27
27
|
write_attribute(hash_column, Hashed.val(value, @@hash_salt)) if searchable
|
|
28
28
|
end
|
|
29
29
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: encrypt_column
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dan Herman
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-09-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -179,7 +179,12 @@ homepage: https://github.com/danlherman/encrypt_column
|
|
|
179
179
|
licenses:
|
|
180
180
|
- MIT
|
|
181
181
|
metadata: {}
|
|
182
|
-
post_install_message:
|
|
182
|
+
post_install_message: "\n\n ##### WARNING #######\n New BREAKING encryption algorithm
|
|
183
|
+
used in this version of encrypt_column.\n\n If this is not a new installation of
|
|
184
|
+
encrypt_column, already encrypted\n data will need to be CONVERTED using:\n\n Decrypt.cipher(ciphertext,
|
|
185
|
+
<old_encryption_key>)\n\n i.e.\n ssn = Decrypt.cipher(profile.ssn_ciphertext,
|
|
186
|
+
ENV['ENCRYPTION_KEY'])\n profile.update_column('ssn' ssn)\n\n ####################\n\n
|
|
187
|
+
\ "
|
|
183
188
|
rdoc_options: []
|
|
184
189
|
require_paths:
|
|
185
190
|
- lib
|
|
@@ -195,9 +200,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
195
200
|
version: '0'
|
|
196
201
|
requirements: []
|
|
197
202
|
rubyforge_project:
|
|
198
|
-
rubygems_version: 2.
|
|
203
|
+
rubygems_version: 2.6.10
|
|
199
204
|
signing_key:
|
|
200
205
|
specification_version: 4
|
|
201
206
|
summary: Easily encrypt columns in your app conditionally and with hashed values for
|
|
202
207
|
searching
|
|
203
208
|
test_files: []
|
|
209
|
+
has_rdoc:
|