encrypted-attributes 0.0.1

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Chris Lowder
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,11 @@
+[![Build Status](https://secure.travis-ci.org/clowder/encrypted-attributes.png)](http://travis-ci.org/clowder/encrypted-attributes)
+
+# EncryptedColumn
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/lib/encrypted-attributes.rb

@@ -0,0 +1,10 @@
+$:.unshift File.dirname(__FILE__)
+
+require 'simple_aes'
+require 'encrypted_attributes'
+
+if defined?(Rails)
+  if Gem::Requirement.new('~> 3.0.0').satisfied_by? Gem::Version.new(Rails.version)
+    require 'lograge/railtie'
+  end
+end

data/lib/encrypted_attributes.rb

@@ -0,0 +1,27 @@
+module EncryptedAttributes
+  def self.extended(base)
+    ar_version = Gem::Version.new(ActiveRecord::VERSION::STRING)
+
+    if Gem::Requirement.new('~> 2.3.0').satisfied_by? ar_version
+      require 'encrypted_attributes/ar_23'
+      base.send :extend, AR23
+    elsif Gem::Requirement.new('~> 3.2.0').satisfied_by? ar_version
+      require 'encrypted_attributes/ar_32'
+      base.send :extend, AR32
+    else
+      fail "Unsupported version of ActiveRecord."
+    end
+  end
+
+  def self.encrypt(value)
+    @encrypter.encrypt(value)
+  end
+
+  def self.decrypt(value)
+    @encrypter.decrypt(value)
+  end
+
+  def self.setup(attrs={})
+    @encrypter = SimpleAES.new(:key => attrs.fetch(:key), :iv => attrs.fetch(:iv))
+  end
+end

data/lib/simple_aes.rb

@@ -0,0 +1,28 @@
+require 'openssl'
+
+class SimpleAES
+  attr_reader :cipher, :key, :iv
+
+  def initialize(args={})
+    @key    = args.fetch(:key)
+    @iv     = args.fetch(:iv)
+    @cipher = args[:cypher] || 'AES-128-CBC'
+  end
+
+  def decrypt(encrypted_data)
+    encrypted_data = Array(encrypted_data).pack('H*')
+    aes = OpenSSL::Cipher::Cipher.new(cipher)
+    aes.decrypt
+    aes.key = key
+    aes.iv = iv
+    aes.update(encrypted_data) + aes.final
+  end
+
+  def encrypt(data)
+    aes = OpenSSL::Cipher::Cipher.new(cipher)
+    aes.encrypt
+    aes.key = key
+    aes.iv = iv
+    (aes.update(data) + aes.final).unpack('H*').first
+  end
+end

data/spec/encrypted_attributes_spec.rb

@@ -0,0 +1,91 @@
+require 'spec_helper'
+
+describe EncryptedAttributes do
+  let(:key) { 'e0cfe841f51d29c0e0a1c51391ca04a6' }
+  let(:iv)  { '7b94eae611106dc190b10f40e2d0fde0' }
+
+  let(:encrypto_class) {
+    Class.new(ActiveRecord::Base) do
+      self.table_name = 'encrypto'
+      extend EncryptedAttributes
+    end
+  }
+
+  let(:serialized_encrypto_class) {
+    Class.new(ActiveRecord::Base) do
+      self.table_name = 'encrypto'
+      extend EncryptedAttributes
+      serialize :description
+      encrypt :description
+    end
+  }
+
+  let(:strict_serialized_encrypto_class) {
+    Class.new(ActiveRecord::Base) do
+      self.table_name = 'encrypto'
+      extend EncryptedAttributes
+      serialize :description, Hash
+      encrypt :description
+    end
+  }
+
+  before(:all) do
+    EncryptedAttributes.setup(:key => key, :iv => iv)
+  end
+
+  it "allows you to specify the columns to be encrypted" do
+    encrypto_class.encrypt(:description)
+    encrypto_class.encrypted_attributes.should == ['description']
+  end
+
+  it "doesn't blow up if the encryption target is nil" do
+    foo = serialized_encrypto_class.new
+    foo.description = nil
+    foo.save!
+
+    serialized_encrypto_class.last.description.should be_nil
+  end
+
+  it "encrypts the data in the database" do
+    encrypto_class.encrypt(:description)
+    encrypto_class.create(:description => 'this is hidden')
+
+    raw_data = ActiveRecord::Base.connection.execute('SELECT * FROM encrypto').each(:symbolize_keys => true, :as => :hash) { |r| r }
+    raw_data[0][:description].should == 'e7bbb4d93712a6edb759ebf947000bdb'
+  end
+
+  it "decrypts the data from the database" do
+    encrypto_class.encrypt(:description)
+    encrypto_class.create(:description => 'this is hidden')
+
+    encrypto_class.last.description.should == 'this is hidden'
+  end
+
+  it "works on serialized columns too" do
+    serialized_encrypto_class.create(:description => { :foo => 'bar', :baz => 'bat' })
+
+    encrypto = serialized_encrypto_class.last
+    encrypto.description.should == { :foo => 'bar', :baz => 'bat' }
+    encrypto.description = { :foo => "This is my fancy class" }
+    encrypto.save
+
+    serialized_encrypto_class.last.description.should == { :foo => 'This is my fancy class' }
+  end
+
+  it "shoulsn't break serialized columns with type enforement" do
+    expect {
+      encrypto = serialized_encrypto_class.new
+      encrypto.description = { :foo => "This is my fancy class" }
+      encrypto.save!
+    }.not_to raise_error
+  end
+
+  it "makes it impossible to mutate encrypted serialized objects" do
+    expect {
+      serialized_encrypto_class.create(:description => { :foo => 'bar', :baz => 'bat' })
+
+      encrypto = serialized_encrypto_class.last
+      encrypto.description[:foo] = "This is my fancy class"
+    }.to raise_error(RuntimeError)
+  end
+end

data/spec/simple_aes_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+describe SimpleAES do
+  let(:key)     { 'e0cfe841f51d29c0e0a1c51391ca04a6' }
+  let(:iv)      { '7b94eae611106dc190b10f40e2d0fde0' }
+
+  it "allows you to simply encrypt data" do
+    encrypted = SimpleAES.new(:key => key, :iv => iv).encrypt('foo bar')
+    encrypted.should == '99ea4886246cb6ad15c236a2e5935af2'
+  end
+
+  it "allows you to decrypt data" do
+    message = '5e3a1d405c66f4541a0618bb9e428db9'
+    SimpleAES.new(:key => key, :iv => iv).decrypt(message).should == 'you got it!'
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,41 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+
+require 'rubygems'
+require 'bundler'
+require 'ostruct'
+require 'pry'
+Bundler.require(:default, :test)
+
+ActiveRecord::Base.establish_connection({
+  :adapter  => 'mysql2',
+  :host     => 'localhost',
+  :database => 'encrypted_attributes_test',
+  :username => 'root',
+  :encoding => 'utf8'
+})
+
+class CreateSchema < ActiveRecord::Migration
+  def self.up
+    create_table :encrypto do |t|
+      t.binary :description
+    end
+  end
+
+  def self.down
+    drop_table :encrypto
+  end
+end
+
+RSpec.configure do |config|
+  config.before(:suite) do
+    CreateSchema.up
+  end
+
+  config.after(:each) do
+    ActiveRecord::Base.connection.execute('TRUNCATE encrypto')
+  end
+
+  config.after(:suite) do
+    CreateSchema.down
+  end
+end

metadata

@@ -0,0 +1,105 @@
+--- !ruby/object:Gem::Specification
+name: encrypted-attributes
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Chris Lowder
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-09-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ! 'AES encrypted attributes with Rails. Behaves similarly to Rails''s
+  #serialize and works for versions 2.3.x & 3.2.x.'
+email:
+- clowder@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/encrypted-attributes.rb
+- lib/encrypted_attributes.rb
+- lib/simple_aes.rb
+- spec/encrypted_attributes_spec.rb
+- spec/simple_aes_spec.rb
+- spec/spec_helper.rb
+- README.md
+- LICENSE
+homepage: http://github.com/clowder/encrypted-attributes
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: AES encrypted attributes with Rails.
+test_files:
+- spec/encrypted_attributes_spec.rb
+- spec/simple_aes_spec.rb
+- spec/spec_helper.rb