encrypted_cookie 0.0.4 → 0.0.5

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0352358d7b487ba0caebdc794eb34832213b01a8
+  data.tar.gz: 017a9b0e14be94789516403de3e3a13c511b4445
+SHA512:
+  metadata.gz: c011384dc4191e17eec7e598b6b89b5e4c327202b9b78decb8d26dcf2f8fceb0416c8c3182b744bd17819f188f09c56dc5add8a64542d2792e9e4b8d7103935f
+  data.tar.gz: 59f8667546f117c5786e8ed9230f8757bf91cc4f012a5975440c3dce5fb18054eeda0d08ade721190a6392e95f9c8f64f7640fe5e386851a184bf220b356cdb0

data/README.markdown

@@ -1,6 +1,6 @@
 ## Encrypted session cookies for Rack (and therefore Sinatra)
 
-The `encrypted_cookie` gem provides 128-bit-AES-encrypted, tamper-proof cookies
+The `encrypted_cookie` gem provides 256-bit-AES-encrypted, tamper-proof cookies
 for Rack through the class `Rack::Session::EncryptedCookie`.
 
 ## How to use encrypted\_cookie
@@ -20,16 +20,37 @@ Sinatra example:
       "session: " + session.inspect
     end
 
-_*_ Your `:secret` must be at least 16 bytes long and should be really random.
+_*_ Your `:secret` must be at least 32 bytes long and should be really random.
+Don't use a password or passphrase, generate something random (see below).
 
 ## Encryption and integrity protection
 
-The cookie encryption method is 128-bit AES (with salt). Additionally, the
-cookies are integrity protected with Rack's built-in HMAC support, which means
-that if a user tampers with their cookie in any way, their session will
-immediately be reset to `{}` (empty hash).
+The cookie is encrypted with 256-bit AES in CBC mode (with random IV).  The
+encrypted cookie is then signed with a HMAC, to prevent tampering and chosen
+ciphertext attacks.  Any attempt at tampering with the cookie will reset the
+user to `{}` (empty hash).
 
 ## Generating a good secret
 
-    require 'openssl'
-    puts OpenSSL::Random.random_bytes(16).inspect
+Run this in a terminal and paste the output into your script:
+
+    $ ruby -rsecurerandom -e "puts SecureRandom.hex(32)"
+
+## Developing
+
+To get the specs running:
+
+```bash
+$ cd path-to-clone
+$ gem install bundler # if not already installed
+$ bundle install
+$ bundle exec rspec
+```
+
+# Thanks
+
+- [@namelessjon](https://github.com/namelessjon) - Jon - For the massive crypto improvements!
+- [@mkristian](https://github.com/mkristian) - Christian Meier
+- [@danp](https://github.com/danp) - Dan Peterson
+- [@stmllr](https://github.com/stmllr) - Steffen Müller
+- [@andrhamm](https://github.com/andrhamm) - Andrew Hammond

data/Rakefile

@@ -8,5 +8,6 @@ Echoe.new('encrypted_cookie', '0.0.4') do |p|
   p.author         = "Christian von Kleist"
   p.email          = "cvonkleist at-a-place-called gmail.com"
   p.ignore_pattern = ["tmp/*", "script/*"]
-  p.development_dependencies = []
+  p.runtime_dependencies = ["rack >=1.1 <3"]
+  p.development_dependencies = ["rack-test ~>0.6.2", "sinatra ~>1.3.4", "rspec ~>2.14.1"]
 end

data/encrypted_cookie.gemspec

@@ -1,32 +1,41 @@
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
-  s.name = %q{encrypted_cookie}
-  s.version = "0.0.4"
+  s.name = "encrypted_cookie"
+  s.version = "0.0.5"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Christian von Kleist"]
-  s.cert_chain = ["/home/cvk/.gemcert/gem-public_cert.pem"]
-  s.date = %q{2011-03-03}
-  s.description = %q{Encrypted session cookies for Rack}
-  s.email = %q{cvonkleist at-a-place-called gmail.com}
+  s.date = "2017-11-27"
+  s.description = "Encrypted session cookies for Rack"
+  s.email = "cvonkleist at-a-place-called gmail.com"
   s.extra_rdoc_files = ["README.markdown", "lib/encrypted_cookie.rb"]
-  s.files = ["Manifest", "README.markdown", "Rakefile", "encrypted_cookie.gemspec", "lib/encrypted_cookie.rb", "spec/encrypted_cookie_spec.rb"]
-  s.homepage = %q{http://github.com/cvonkleist/encrypted_cookie}
+  s.files = ["Manifest", "README.markdown", "Rakefile", "encrypted_cookie.gemspec", "lib/encrypted_cookie.rb", "lib/encrypted_cookie/encryptor.rb", "spec/encrypted_cookie_spec.rb"]
+  s.homepage = "http://github.com/cvonkleist/encrypted_cookie"
   s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Encrypted_cookie", "--main", "README.markdown"]
   s.require_paths = ["lib"]
-  s.rubyforge_project = %q{encrypted_cookie}
-  s.rubygems_version = %q{1.3.7}
-  s.signing_key = %q{/home/cvk/.gemcert/gem-private_key.pem}
-  s.summary = %q{Encrypted session cookies for Rack}
+  s.rubyforge_project = "encrypted_cookie"
+  s.rubygems_version = "2.0.3"
+  s.summary = "Encrypted session cookies for Rack"
 
   if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
-    s.specification_version = 3
+    s.specification_version = 4
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rack>, ["< 3", ">= 1.1"])
+      s.add_development_dependency(%q<rack-test>, ["~> 0.6.2"])
+      s.add_development_dependency(%q<sinatra>, ["~> 1.3.4"])
+      s.add_development_dependency(%q<rspec>, ["~> 2.14.1"])
     else
+      s.add_dependency(%q<rack>, ["< 3", ">= 1.1"])
+      s.add_dependency(%q<rack-test>, ["~> 0.6.2"])
+      s.add_dependency(%q<sinatra>, ["~> 1.3.4"])
+      s.add_dependency(%q<rspec>, ["~> 2.14.1"])
     end
   else
+    s.add_dependency(%q<rack>, ["< 3", ">= 1.1"])
+    s.add_dependency(%q<rack-test>, ["~> 0.6.2"])
+    s.add_dependency(%q<sinatra>, ["~> 1.3.4"])
+    s.add_dependency(%q<rspec>, ["~> 2.14.1"])
   end
 end

data/lib/encrypted_cookie.rb

@@ -1,15 +1,15 @@
-require 'openssl'
 require 'rack/request'
 require 'rack/response'
+require 'encrypted_cookie/encryptor'
 
 module Rack
 
   module Session
 
-    # Rack::Session::EncryptedCookie provides AES-128-encrypted, tamper-proof
+    # Rack::Session::EncryptedCookie provides AES-256-encrypted, tamper-proof
     # cookie-based session management.
     #
-    # The session is Marshal'd, HMAC'd, and encrypted.
+    # The session is Marshal'd, encrypted and HMAC'd.
     #
     # Example:
     #
@@ -19,11 +19,22 @@ module Rack
     #       :domain => 'foo.com',
     #       :path => '/',
     #       :expire_after => 2592000
+    #       :time_to_live => 600
     #
     #     All parameters are optional except :secret.
-
+    #
+    #     The default for the session time-to-live is 30 minutes. You can set
+    #     the timeout on per session base by adding the expiration time in the
+    #     session:
+    #        session[Rack::Session::EncryptedCookie::EXPIRES] = Time.now + 120
+    #
+    #     Note that you shouldn't trust the expire_after parameter in the cookie
+    #     for session expiry as that can be altered by the recipient. Instead,
+    #     use time_to_live which is server side check.
     class EncryptedCookie
 
+      EXPIRES = '_encrypted_cookie_expires_'
+
       def initialize(app, options={})
         @app = app
         @key = options[:key] || "rack.session"
@@ -31,7 +42,9 @@ module Rack
         fail "Error! A secret is required to use encrypted cookies. Do something like this:\n\nuse Rack::Session::EncryptedCookie, :secret => YOUR_VERY_LONG_VERY_RANDOM_SECRET_KEY_HERE" unless @secret
         @default_options = {:domain => nil,
           :path => "/",
+          :time_to_live => 1800,
           :expire_after => nil}.merge(options)
+        @encryptor = Encryptor.new(@secret)
       end
 
       def call(env)
@@ -42,40 +55,45 @@ module Rack
 
       private
 
+      def remove_expiration(session_data)
+        expires = session_data.delete(EXPIRES)
+        if expires and expires < Time.now
+          session_data.clear
+        end
+      end
+
       def load_session(env)
         request = Rack::Request.new(env)
+        env["rack.session.options"] = @default_options.dup
+
         session_data = request.cookies[@key]
+        session_data = @encryptor.decrypt(session_data)
+        session_data = Marshal.load(session_data)
+        remove_expiration(session_data)
 
-        if session_data
-          if session_data = decrypt(session_data)
-            session_data, digest = session_data.split("--")
-            session_data = nil unless digest == generate_hmac(session_data)
-          end
-        end
+        env["rack.session"] = session_data
+      rescue
+        env["rack.session"] = Hash.new
+      end
 
-        begin
-          session_data = session_data.unpack("m*").first
-          session_data = Marshal.load(session_data)
-          env["rack.session"] = session_data
-        rescue
-          env["rack.session"] = Hash.new
+      def add_expiration(session_data, options)
+        if options[:time_to_live] && !session_data.key?(EXPIRES)
+          expires = Time.now + options[:time_to_live]
+          session_data.merge!({EXPIRES => expires})
         end
-
-        env["rack.session.options"] = @default_options.dup
       end
 
       def commit_session(env, status, headers, body)
-        session_data = Marshal.dump(env["rack.session"])
-        session_data = [session_data].pack("m*")
+        options = env["rack.session.options"]
 
-        session_data = "#{session_data}--#{generate_hmac(session_data)}"
-
-        session_data = encrypt(session_data)
+        session_data = env["rack.session"]
+        add_expiration(session_data, options)
+        session_data = Marshal.dump(session_data)
+        session_data = @encryptor.encrypt(session_data)
 
         if session_data.size > (4096 - @key.size)
           env["rack.errors"].puts("Warning! Rack::Session::Cookie data size exceeds 4K. Content dropped.")
         else
-          options = env["rack.session.options"]
           cookie = Hash.new
           cookie[:value] = session_data
           cookie[:expires] = Time.now + options[:expire_after] unless options[:expire_after].nil?
@@ -84,38 +102,6 @@ module Rack
 
         [status, headers, body]
       end
-
-      def generate_hmac(data)
-        OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, @secret, data)
-      end
-
-      def encrypt(str)
-        aes = OpenSSL::Cipher::Cipher.new('aes-128-cbc').encrypt
-        aes.key = @secret
-        iv = OpenSSL::Random.random_bytes(aes.iv_len)
-        aes.iv = iv
-        [iv + (aes.update(str) << aes.final)].pack('m0')
-      end
-
-      # decrypts string. returns nil if an error occurs
-      #
-      # returns nil if openssl raises an error during decryption (likely
-      # someone is tampering with the session data, or the sinatra user was
-      # previously using Cookie and has just switched to EncryptedCookie), and
-      # will also return nil if the text to decrypt is too short to possibly be
-      # good aes data.
-      def decrypt(str)
-        str = str.unpack('m0').first
-        aes = OpenSSL::Cipher::Cipher.new('aes-128-cbc').decrypt
-        aes.key = @secret
-        iv = str[0, aes.iv_len]
-        aes.iv = iv
-        crypted_text = str[aes.iv_len..-1]
-        return nil if crypted_text.nil? || iv.nil?
-        aes.update(crypted_text) << aes.final
-      rescue
-        nil
-      end
     end
   end
 end

data/lib/encrypted_cookie/encryptor.rb

@@ -0,0 +1,123 @@
+require 'openssl'
+require 'rack/utils'
+module Rack
+  module Session
+    class EncryptedCookie
+      # Encrypts messages with authentication
+      #
+      # The use of authentication is essential to avoid Chosen Ciphertext
+      # Attacks.  By using this in an encrypt then MAC form, we avoid some
+      # attacks such as e.g. being used as a CBC padding oracle to decrypt
+      # the ciphertext.
+      class Encryptor
+        # Create the encryptor
+        #
+        # Pass in the secret, which should be at least 32-bytes worth of
+        # entropy, e.g. a string generated by `SecureRandom.hex(32)`.
+        # This also allows specification of the algorithm for the cipher
+        # and MAC.  But don't change that unless you're very sure.
+        def initialize(secret, cipher = 'aes-256-cbc', hmac = 'SHA256')
+          @cipher = cipher
+          @hmac   = hmac
+
+          # use the HMAC to derive two independent keys for the encryption and
+          # authentication of ciphertexts It is bad practice to use the same key
+          # for encryption and authentication.  This also allows us to use all
+          # of the entropy in a long key (e.g. 64 hex bytes) when straight
+          # assignement would could result in assigning a key with a much
+          # reduced key space.  Also, the personalisation strings further help
+          # reduce the possibility of key reuse by ensuring it should be unique
+          # to this gem, even with shared secrets.
+          @encryption_key     = hmac("EncryptedCookie Encryption",     secret)
+          @authentication_key = hmac("EncryptedCookie Authentication", secret)
+        end
+
+        # Encrypts message
+        #
+        # Returns the base64 encoded ciphertext plus IV.  In addtion, the
+        # message is prepended with a MAC code to prevent chosen ciphertext
+        # attacks.
+        def encrypt(message)
+          # encrypt the message
+          encrypted = encrypt_message(message)
+
+          [authenticate_message(encrypted) +   encrypted].pack('m0')
+        end
+
+        # decrypts base64 encoded ciphertext
+        #
+        # First, it checks the message tag and returns nil if that fails to verify.
+        # Otherwise, the data is passed on to the AES function for decryption.
+        def decrypt(ciphertext)
+          ciphertext = ciphertext.unpack('m').first
+          tag        = ciphertext[0, hmac_length]
+          ciphertext = ciphertext[hmac_length..-1]
+
+          # make sure we actually had enough data for the tag too.
+          if tag && ciphertext && verify_message(tag, ciphertext)
+            decrypt_ciphertext(ciphertext)
+          else
+            nil
+          end
+        end
+
+        private
+
+        # HMAC digest of the message using the given secret
+        def hmac(secret, message)
+          OpenSSL::HMAC.digest(@hmac, secret, message)
+        end
+
+        def hmac_length
+          OpenSSL::Digest.new(@hmac).size
+        end
+
+        # returns the message authentication tag
+        #
+        # This is computed as HMAC(authentication_key, message)
+        def authenticate_message(message)
+          hmac(@authentication_key, message)
+        end
+
+        # verifies the message
+        #
+        # This does its best to be constant time, by use of the rack secure compare
+        # function.
+        def verify_message(tag, message)
+          own_tag = authenticate_message(message)
+          Rack::Utils.secure_compare(tag, own_tag)
+        end
+
+        # Encrypt
+        #
+        # Encrypts the given message with a random IV, then returns the ciphertext
+        # with the IV prepended.
+        def encrypt_message(message)
+          aes = OpenSSL::Cipher.new(@cipher).encrypt
+          aes.key = @encryption_key
+          iv = aes.random_iv
+          aes.iv = iv
+          iv + (aes.update(message) << aes.final)
+        end
+
+        # Decrypt
+        #
+        # Pulls the IV off the front of the message and decrypts.  Catches
+        # OpenSSL errors and returns nil.  But this should never happen, as the
+        # verify method should catch all corrupted ciphertexts.
+        def decrypt_ciphertext(ciphertext)
+          aes = OpenSSL::Cipher.new(@cipher).decrypt
+          aes.key = @encryption_key
+          iv = ciphertext[0, aes.iv_len]
+          aes.iv = iv
+          crypted_text = ciphertext[aes.iv_len..-1]
+          return nil if crypted_text.nil? || iv.nil?
+          aes.update(crypted_text) << aes.final
+        rescue
+          nil
+        end
+
+      end
+    end
+  end
+end

data/spec/encrypted_cookie_spec.rb

@@ -1,20 +1,36 @@
 require 'rack/test'
-require 'sinatra'
+require 'sinatra/base'
 require 'rspec'
 require 'cgi'
-require File.dirname(__FILE__) + '/../lib/encrypted_cookie'
+require './lib/encrypted_cookie'
 
 include Rack::Session
 
+
+module Helper
+  def unpack_cookie
+    data = last_response.headers['Set-Cookie'][/rack.session=(.*?);/, 1]
+    data = data.split('--').first
+    str = CGI.unescape(data).unpack('m').first
+  end
+end
+
+
 RSpec.configure do |conf|
   conf.include Rack::Test::Methods
+  conf.include Helper
 end
 
 class EncryptedApp < Sinatra::Application
-  use Rack::Session::EncryptedCookie, :secret => 'foo' * 10
+  disable :show_exceptions
+  use Rack::Session::EncryptedCookie, :secret => 'foo' * 10, :time_to_live => 0.1
   get '/' do
     "session: " + session.inspect
   end
+  get '/timeout/:value' do
+    session[Rack::Session::EncryptedCookie::EXPIRES] = Time.now + params[:value].to_i
+    "timeout set"
+  end
   get '/set/:key/:value' do
     session[params[:key]] = params[:value]
     "all set"
@@ -23,8 +39,10 @@ end
 
 # this app has cookie integrity protection, but not encryption
 class UnencryptedApp < Sinatra::Application
+  disable :show_exceptions
   use Rack::Session::Cookie, :secret => 'foo' * 10
   get '/' do
+    session[:foo] = 'bar'
     "session: " + session.inspect
   end
 end
@@ -32,7 +50,7 @@ end
 describe EncryptedCookie do
   it 'should fail if no secret is specified' do
     lambda { EncryptedCookie.new(nil) }.should raise_error(/A secret is required/)
-    lambda { EncryptedCookie.new(nil, :secret => 'foo') }.should_not raise_error(/A secret is required/)
+    lambda { EncryptedCookie.new(nil, :secret => 'foo') }.should_not raise_error
   end
 end
 
@@ -51,18 +69,6 @@ describe EncryptedApp do
     get '/'
     last_response.body.should == 'session: {"foo"=>"bar"}'
     last_response.headers['Set-Cookie'].should_not include("BAh7AA")
-
-    data = last_response.headers['Set-Cookie'][/rack.session=(.*?);/, 1]
-    str = CGI.unescape(data).unpack('m0').first
-    aes = OpenSSL::Cipher::Cipher.new('aes-128-cbc').decrypt
-    aes.key = 'foo' * 10
-    aes.iv = str[0, aes.iv_len]
-    crypted_text = str[aes.iv_len..-1]
-
-    plaintext = (aes.update(crypted_text) << aes.final)
-    base64_marshal_data, hmac = plaintext.split('--')
-    session_hash = Marshal.load(base64_marshal_data.unpack('m0').first)
-    session_hash.should == {"foo" => "bar"}
   end
   it "should make encrypted session data that can't be decrypted with the wrong key" do
     get '/set/foo/bar'
@@ -71,12 +77,11 @@ describe EncryptedApp do
     last_response.body.should == 'session: {"foo"=>"bar"}'
     last_response.headers['Set-Cookie'].should_not include("BAh7AA")
 
-    data = last_response.headers['Set-Cookie'][/rack.session=(.*?);/, 1]
-    str = CGI.unescape(data).unpack('m0').first
-    aes = OpenSSL::Cipher::Cipher.new('aes-128-cbc').decrypt
+    data = unpack_cookie
+    aes = OpenSSL::Cipher.new('aes-128-cbc').decrypt
     aes.key = 'bar' * 10
-    iv = str[0, aes.iv_len]
-    crypted_text = str[aes.iv_len..-1]
+    iv = data[0, aes.iv_len]
+    crypted_text = data[aes.iv_len..-1]
 
     lambda { plaintext = (aes.update(crypted_text) << aes.final) }.should raise_error("bad decrypt")
   end
@@ -98,6 +103,25 @@ describe EncryptedApp do
     get '/'
     last_response.body.should == 'session: {}'
   end
+  it "should reset the session on timeout" do
+    get '/set/foo/bar'
+    last_response.body.should == 'all set'
+    get '/'
+    last_response.body.should == 'session: {"foo"=>"bar"}'
+    sleep 0.08
+    get '/'
+    last_response.body.should == 'session: {"foo"=>"bar"}'
+    sleep 0.08
+    get '/'
+    last_response.body.should == 'session: {"foo"=>"bar"}'
+    sleep 0.1
+    get '/'
+    last_response.body.should == 'session: {}'
+    get '/timeout/0'
+    last_response.body.should == 'timeout set'
+    get '/'
+    last_response.body.should == 'session: {}'
+  end
 end
 
 describe UnencryptedApp do
@@ -106,7 +130,7 @@ describe UnencryptedApp do
   end
   it "should include unencrypted marshal'd data" do
     get '/'
-    last_response.body.should == 'session: {}'
-    last_response.headers['Set-Cookie'].should include("BAh7AA")
+    cookie = Marshal.load(unpack_cookie)
+    cookie['foo'].should == 'bar'
   end
 end

metadata

@@ -1,100 +1,119 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: encrypted_cookie
-version: !ruby/object:Gem::Version 
-  hash: 23
-  prerelease: false
-  segments: 
-  - 0
-  - 0
-  - 4
-  version: 0.0.4
+version: !ruby/object:Gem::Version
+  version: 0.0.5
 platform: ruby
-authors: 
+authors:
 - Christian von Kleist
 autorequire: 
 bindir: bin
-cert_chain: 
-- |
-  -----BEGIN CERTIFICATE-----
-  MIIDNjCCAh6gAwIBAgIBADANBgkqhkiG9w0BAQUFADBBMRMwEQYDVQQDDApjdm9u
-  a2xlaXN0MRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZFgNj
-  b20wHhcNMTEwMzAxMTkzMjA0WhcNMTIwMjI5MTkzMjA0WjBBMRMwEQYDVQQDDApj
-  dm9ua2xlaXN0MRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZ
-  FgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9y1uDfBvTfKE4
-  tPGA5hbAav7pUtP8HRdBDLZOOks0+j0b1E4fUNglG4kdEBNpLk/ngVkPweUj8i5h
-  oNVNRN2oxRw/4bSikOeNS3mpIqc/muDa2aMaO3ALtC9TrOIAZMx6+bbHZa4MeHwv
-  AGAkrW8xV8FsHdD/yj3uAsEXFp6OdvCvVRQn2dRDF1nnPH62qeVPYrg+A+C/63Hn
-  +8xd428nMeO6oOdKJpjJc7sBifW6dZbxZWU+x4eoQjIWpCMVGx4mB2LhRxA8I2AZ
-  YEB4bdWLiQNLDW8BW18BALJRwSYGma6bQWeYp3BP+bYcg2Twqsj9l/byA/ad1arU
-  7toOPs9DAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
-  BBSLpCugjo/9vnQB4ne51IOzvAEqEzANBgkqhkiG9w0BAQUFAAOCAQEAjNr9nF4C
-  zVmcdovmY5ctUVhxi+iWZ6sApuEanzmZ4WL2ldAMam3vUWz9it66wN+uQuBt3HHW
-  OAFBTKpFnrxwD24ZAxnetn6bphctGW/he8GyLInBdUkhq5W/Oz+Ca6WkMy/Ofm2v
-  kN0NjJDThfqNTimd/YnyuXo0MSq6jJdv4x5g+Cd1GqIE9nJktDr+C3Bn2Kl0RU8k
-  0dJtwaemYW21gKzLDNJaREmmaEzceqCZawE52p4Ay2tMIGrZDE4lcq1TnGbM0YIN
-  tg88OxjT6gj/ANHONv3pFs0TZs/LOTlpUoIstpNKnVxkz4Xut3XUsqfCzHUOBnoC
-  DnOM3kD7rptG2g==
-  -----END CERTIFICATE-----
-
-date: 2011-03-03 00:00:00 -05:00
-default_executable: 
-dependencies: []
-
+cert_chain: []
+date: 2017-11-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.6.2
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.4
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.14.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.14.1
 description: Encrypted session cookies for Rack
 email: cvonkleist at-a-place-called gmail.com
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - README.markdown
 - lib/encrypted_cookie.rb
-files: 
+files:
 - Manifest
 - README.markdown
 - Rakefile
 - encrypted_cookie.gemspec
 - lib/encrypted_cookie.rb
+- lib/encrypted_cookie/encryptor.rb
 - spec/encrypted_cookie_spec.rb
-has_rdoc: true
 homepage: http://github.com/cvonkleist/encrypted_cookie
 licenses: []
-
+metadata: {}
 post_install_message: 
-rdoc_options: 
-- --line-numbers
-- --inline-source
-- --title
+rdoc_options:
+- "--line-numbers"
+- "--inline-source"
+- "--title"
 - Encrypted_cookie
-- --main
+- "--main"
 - README.markdown
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 11
-      segments: 
-      - 1
-      - 2
-      version: "1.2"
+    - !ruby/object:Gem::Version
+      version: '1.2'
 requirements: []
-
 rubyforge_project: encrypted_cookie
-rubygems_version: 1.3.7
+rubygems_version: 2.4.5.1
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Encrypted session cookies for Rack
 test_files: []
-