encrypted_cookie_store 0.2.0

data/LICENSE.txt

@@ -0,0 +1,25 @@
+Copyright (c) 2009 - 2010 Phusion
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of the Phusion nor the names of its contributors
+      may be used to endorse or promote products derived from this software
+      without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.markdown

@@ -0,0 +1,114 @@
+EncryptedCookieStore
+====================
+EncryptedCookieStore is similar to Ruby on Rails's CookieStore (it saves
+session data in a cookie), but it uses encryption so that people can't read
+what's in the session data. This makes it possible to store sensitive data
+in the session.
+
+EncryptedCookieStore is written for Rails 2.3. Other versions of Rails have
+not been tested.
+
+**Note**: This is _not_ ThinkRelevance's EncryptedCookieStore. In the Rails
+2.0 days they wrote an EncryptedCookieStore, but it seems their repository
+had gone defunct and their source code lost. This EncryptedCookieStore is
+written from scratch by Phusion.
+
+Installation and usage
+----------------------
+
+First, install it:
+
+    ./script/plugin install git://github.com/FooBarWidget/encrypted_cookie_store.git
+
+Then edit `config/initializers/session_store.rb` and set your session store to
+EncryptedCookieStore:
+
+    ActionController::Base.session_store = EncryptedCookieStore
+
+You need to set a few session options before EncryptedCookieStore is usable.
+You must set all options that CookieStore needs, plus an encryption key that
+EncryptedCookieStore needs. In `session_store.rb`:
+
+    ActionController::Base.session = {
+        # CookieStore options...
+        :key            => '_session',     # Name of the cookie which contains the session data.
+        :secret         => 'b4589cc9...',  # A secret string used to generate the checksum for
+                                           # the session data. Must be longer than 64 characters
+                                           # and be completely random.
+
+        # EncryptedCookieStore options...
+        :encryption_key => 'c306779f3...', # The encryption key. See below for notes.
+    }
+
+The encryption key *must* be a hexadecimal string of exactly 32 bytes. It
+should be entirely random, because otherwise it can make the encryption weak.
+
+You can generate a new encryption key by running `rake secret:encryption_key`.
+This command will output a random encryption key that you can then copy and
+paste into your environment.rb.
+
+Operational details
+-------------------
+Upon generating cookie data, EncryptedCookieStore generates a new, random
+initialization vector for encrypting the session data. This initialization
+vector is then encrypted with 128-bit AES in ECB mode. The session data is
+first protected with an HMAC to prevent tampering. The session data, along
+with the HMAC, are then encrypted using 256-bit AES in CFB mode with the
+generated initialization vector. This encrypted session data + HMAC are
+then stored, along with the encrypted initialization vector, into the cookie.
+
+Upon unmarshalling the cookie data, EncryptedCookieStore decrypts the
+encrypted initialization vector and use that to decrypt the encrypted
+session data + HMAC. The decrypted session data is then verified against
+the HMAC.
+
+The reason why HMAC verification occurs after decryption instead of before
+decryption is because we want to be able to detect changes to the encryption
+key and changes to the HMAC secret key, as well as migrations from CookieStore.
+Verifying after decryption allows us to automatically invalidate such old
+session cookies.
+
+EncryptedCookieStore is quite fast: it is able to marshal and unmarshal a
+simple session object 5000 times in 8.7 seconds on a MacBook Pro with a 2.4
+Ghz Intel Core 2 Duo (in battery mode). This is about 0.174 ms per
+marshal+unmarshal action. See `rake benchmark` in the EncryptedCookieStore
+sources for details.
+
+EncryptedCookieStore vs other session stores
+--------------------------------------------
+EncryptedCookieStore inherits all the benefits of CookieStore:
+
+ * It works out of the box without the need to setup a seperate data store (e.g. database table, daemon, etc).
+ * It does not require any maintenance. Old, stale sessions do not need to be manually cleaned up, as is the case with PStore and ActiveRecordStore.
+ * Compared to MemCacheStore, EncryptedCookieStore can "hold" an infinite number of sessions at any time.
+ * It can be scaled across multiple servers without any additional setup.
+ * It is fast.
+ * It is more secure than CookieStore because it allows you to store sensitive data in the session.
+
+There are of course drawbacks as well:
+
+ * It is prone to session replay attacks. These kind of attacks are explained in the [Ruby on Rails Security Guide](http://guides.rubyonrails.org/security.html#session-storage). Therefore you should never store anything along the lines of `is_admin` in the session.
+ * You can store at most a little less than 4 KB of data in the session because that's the size limit of a cookie. "A little less" because EncryptedCookieStore also stores a small amount of bookkeeping data in the cookie.
+ * Although encryption makes it more secure than CookieStore, there's still a chance that a bug in EncryptedCookieStore renders it insecure. We welcome everyone to audit this code. There's also a chance that weaknesses in AES are found in the near future which render it insecure. If you are storing *really* sensitive information in the session, e.g. social security numbers, or plans for world domination, then you should consider using ActiveRecordStore or some other server-side store.
+
+JRuby: Illegal Key Size error
+-----------------------------
+If you get this error (and your code works with MRI)...
+
+    Illegal key size
+    
+    [...]/vendor/plugins/encrypted_cookie_store/lib/encrypted_cookie_store.rb:62:in `marshal'
+
+...then it probably means you don't have the "unlimited strength" policy files
+installed for your JVM.
+[Download and install them.](http://www.ngs.ac.uk/tools/jcepolicyfiles)
+You probably have the "strong" version if they are already there.
+
+As a workaround, you can change the cipher type from 256-bit AES to 128-bit by
+inserting the following in `config/initializer/session_store.rb`:
+
+    EncryptedCookieStore.data_cipher_type = 'aes-128-cfb'.freeze  # was 256
+
+Please note that after changing to 128-bit AES, EncryptedCookieStore still
+requires a 32 bytes hexadecimal encryption key, although only half of the key
+is actually used.

data/Rakefile

@@ -0,0 +1,114 @@
+desc "Run unit tests"
+task :test do
+	sh "spec -f s -c test/*_test.rb"
+end
+
+desc "Run benchmark"
+task :benchmark do
+	$LOAD_PATH.unshift(File.expand_path("lib"))
+	require 'rubygems'
+	require 'benchmark'
+	require 'action_controller'
+	require 'encrypted_cookie_store'
+	
+	secret = "b6a30e998806a238c4bad45cc720ed55e56e50d9f00fff58552e78a20fe8262df61" <<
+		"42fcfdb0676018bb9767ed560d4a624fb7f3603b4e53c77ec189ae3853bd1"
+	encryption_key = "dd458e790c3b995e3606384c58efc53da431db892f585aa3ca2a17eabe6df75b"
+	store  = EncryptedCookieStore.new(nil, :secret => secret, :key => 'my_app',
+		:encryption_key => encryption_key)
+	object = { :hello => "world", :user_id => 1234, :is_admin => true,
+	        :shopping_cart => ["Tea x 1", "Carrots x 13", "Pocky x 20", "Pen x 4"],
+	        :session_id => "b6a30e998806a238c4bad45cc720ed55e56e50d9f00ff" }
+	count  = 50_000
+	
+	puts "Marshalling and unmarshalling #{count} times..."
+	result = Benchmark.measure do
+		count.times do
+			data = store.send(:marshal, object)
+			store.send(:unmarshal, data)
+		end
+	end
+	puts result
+	printf "%.3f ms per marshal+unmarshal action\n", result.real * 1000 / count
+end
+
+require "rubygems"
+require "rake/gempackagetask"
+require "rake/rdoctask"
+
+require "rake/testtask"
+Rake::TestTask.new do |t|
+  t.libs << "test"
+  t.test_files = FileList["test/**/*_test.rb"]
+  t.verbose = true
+end
+
+
+task :default => ["test"]
+
+# This builds the actual gem. For details of what all these options
+# mean, and other ones you can add, check the documentation here:
+#
+#   http://rubygems.org/read/chapter/20
+#
+spec = Gem::Specification.new do |s|
+
+  # Change these as appropriate
+  s.name              = "encrypted_cookie_store"
+  s.version           = "0.2.0"
+  s.summary           = "A Rails 3 version of Encrypted Cookie Store by FooBarWidget"
+  s.authors           = ["FooBarWidget", "Ben Sales"]
+  s.email             = "ben@twoism.co.uk"
+  s.homepage          = "https://github.com/FooBarWidget/encrypted_cookie_store"
+
+  s.has_rdoc          = true
+  s.extra_rdoc_files  = %w(README.markdown)
+  s.rdoc_options      = %w(--main README.markdown)
+
+  # Add any extra files to include in the gem
+  s.files             = %w(LICENSE.txt Rakefile README.markdown) + Dir.glob("{test,lib}/**/*")
+  s.require_paths     = ["lib"]
+
+  # If you want to depend on other gems, add them here, along with any
+  # relevant versions
+  # s.add_dependency("some_other_gem", "~> 0.1.0")
+
+  # If your tests use any gems, include them here
+  # s.add_development_dependency("mocha") # for example
+end
+
+# This task actually builds the gem. We also regenerate a static
+# .gemspec file, which is useful if something (i.e. GitHub) will
+# be automatically building a gem for this project. If you're not
+# using GitHub, edit as appropriate.
+#
+# To publish your gem online, install the 'gemcutter' gem; Read more 
+# about that here: http://gemcutter.org/pages/gem_docs
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.gem_spec = spec
+end
+
+desc "Build the gemspec file #{spec.name}.gemspec"
+task :gemspec do
+  file = File.dirname(__FILE__) + "/#{spec.name}.gemspec"
+  File.open(file, "w") {|f| f << spec.to_ruby }
+end
+
+# If you don't want to generate the .gemspec file, just remove this line. Reasons
+# why you might want to generate a gemspec:
+#  - using bundler with a git source
+#  - building the gem without rake (i.e. gem build blah.gemspec)
+#  - maybe others?
+task :package => :gemspec
+
+# Generate documentation
+Rake::RDocTask.new do |rd|
+  rd.main = "README.markdown"
+  rd.rdoc_files.include("README.markdown", "lib/**/*.rb")
+  rd.rdoc_dir = "rdoc"
+end
+
+desc 'Clear out RDoc and generated packages'
+task :clean => [:clobber_rdoc, :clobber_package] do
+  rm "#{spec.name}.gemspec"
+end

data/lib/encrypted_cookie_store.rb

@@ -0,0 +1,2 @@
+require 'encrypted_cookie_store/railtie'
+require 'encrypted_cookie_store/encrypted_cookie_store'

data/lib/encrypted_cookie_store/constants.rb

@@ -0,0 +1,3 @@
+module EncryptedCookieStoreConstants
+	ENCRYPTION_KEY_SIZE = 32
+end

data/lib/encrypted_cookie_store/encrypted_cookie_store.rb

@@ -0,0 +1,133 @@
+require 'openssl'
+require 'encrypted_cookie_store/constants'
+
+module EncryptedCookieStore
+  class EncryptedCookieStore < ActionDispatch::Session::CookieStore
+  	OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
+  	include EncryptedCookieStoreConstants
+	
+  	class << self
+  		attr_accessor :iv_cipher_type
+  		attr_accessor :data_cipher_type
+  	end
+	
+  	self.iv_cipher_type   = "aes-128-ecb".freeze
+  	self.data_cipher_type = "aes-256-cfb".freeze
+	
+  	def initialize(app, options = {})
+  		ensure_encryption_key_secure(options[:encryption_key])
+  		@encryption_key = unhex(options[:encryption_key]).freeze
+  		@iv_cipher      = OpenSSL::Cipher::Cipher.new(EncryptedCookieStore.iv_cipher_type)
+  		@data_cipher    = OpenSSL::Cipher::Cipher.new(EncryptedCookieStore.data_cipher_type)
+  		super(app, options)
+  	end
+	
+  private
+  	# Like ActiveSupport::MessageVerifier, but does not base64-encode data.
+  	class MessageVerifier
+  		def initialize(secret, digest = 'SHA1')
+  			@secret = secret
+  			@digest = digest
+  		end
+		
+  		def verify(signed_message)
+  			digest, data = signed_message.split("--", 2)
+  			if digest != generate_digest(data)
+  				raise ActiveSupport::MessageVerifier::InvalidSignature
+  			else
+  				Marshal.load(data)
+  			end
+  		end
+		
+  		def generate(value)
+  			data   = Marshal.dump(value)
+  			digest = generate_digest(data)
+  			"#{digest}--#{data}"
+  		end
+		
+  	private
+  		def generate_digest(data)
+  			OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(@digest), @secret, data)
+  		end
+  	end
+	
+  	def marshal(session)
+  		# We hmac-then-encrypt instead of encrypt-then-hmac so that we
+  		# can properly detect:
+  		# - changes to the encryption key or initialization vector
+  		# - a migration from the unencrypted CookieStore.
+  		#
+  		# Being able to detect these allows us to invalidate the old session data.
+		
+  		@iv_cipher.encrypt
+  		@data_cipher.encrypt
+  		@iv_cipher.key   = @encryption_key
+  		@data_cipher.key = @encryption_key
+		
+  		session_data     = super(session)
+  		iv               = @data_cipher.random_iv
+  		@data_cipher.iv  = iv
+  		encrypted_iv     = @iv_cipher.update(iv) << @iv_cipher.final
+  		encrypted_session_data = @data_cipher.update(session_data) << @data_cipher.final
+		
+  		"#{base64(encrypted_iv)}--#{base64(encrypted_session_data)}"
+  	end
+	
+  	def unmarshal(cookie)
+  		if cookie
+  			b64_encrypted_iv, b64_encrypted_session_data = cookie.split("--", 2)
+  			if b64_encrypted_iv && b64_encrypted_session_data
+  				encrypted_iv           = ActiveSupport::Base64.decode64(b64_encrypted_iv)
+  				encrypted_session_data = ActiveSupport::Base64.decode64(b64_encrypted_session_data)
+				
+  				@iv_cipher.decrypt
+  				@iv_cipher.key = @encryption_key
+  				iv = @iv_cipher.update(encrypted_iv) << @iv_cipher.final
+				
+  				@data_cipher.decrypt
+  				@data_cipher.key = @encryption_key
+  				@data_cipher.iv = iv
+  				session_data = @data_cipher.update(encrypted_session_data) << @data_cipher.final
+  				super(session_data)
+  			end
+  		else
+  			nil
+  		end
+  	rescue OpenSSLCipherError
+  		nil
+  	end
+	
+  	# To prevent users from using an insecure encryption key like "Password" we make sure that the
+  	# encryption key they've provided is at least 30 characters in length.
+          def ensure_encryption_key_secure(encryption_key)
+  		if encryption_key.blank?
+  			raise ArgumentError, "An encryption key is required for encrypting the " +
+  				"cookie session data. Please set config.action_controller.session = { " +
+  				"..., :encryption_key => \"some random string of exactly " +
+  				"#{ENCRYPTION_KEY_SIZE * 2} bytes\", ... } in config/environment.rb"
+  		end
+		
+  		if encryption_key.size != ENCRYPTION_KEY_SIZE * 2
+  			raise ArgumentError, "The EncryptedCookieStore encryption key must be a " +
+  				"hexadecimal string of exactly #{ENCRYPTION_KEY_SIZE * 2} bytes. " +
+  				"The value that you've provided, \"#{encryption_key}\", is " +
+  				"#{encryption_key.size} bytes. You could use the following (randomly " +
+  				"generated) string as encryption key: " +
+  				ActiveSupport::SecureRandom.hex(ENCRYPTION_KEY_SIZE)
+  		end
+  	end
+	
+  	def verifier_for(secret, digest)
+  		key = secret.respond_to?(:call) ? secret.call : secret
+  		MessageVerifier.new(key, digest)
+  	end
+	
+  	def base64(data)
+  		ActiveSupport::Base64.encode64s(data)
+  	end
+	
+  	def unhex(hex_data)
+  		[hex_data].pack("H*")
+  	end
+  end
+end

data/lib/encrypted_cookie_store/railtie.rb

@@ -0,0 +1,10 @@
+module EncryptedCookieStore
+  class Railtie < Rails::Railtie
+    initializer "encrypted_cookie_store_railtie.boot" do |app|
+    end
+
+    rake_tasks do
+      load 'tasks/encrypted_cookie_store.rake'
+    end
+  end
+end

data/lib/tasks/encrypted_cookie_store.rake

@@ -0,0 +1,7 @@
+namespace :secret do
+	desc "Generate an encryption key for EncryptedCookieStore that's cryptographically secure."
+	task :encryption_key do
+		require 'encrypted_cookie_store/constants'
+		puts ActiveSupport::SecureRandom.hex(EncryptedCookieStoreConstants::ENCRYPTION_KEY_SIZE)
+	end
+end

data/test/encrypted_cookie_store_test.rb

@@ -0,0 +1,84 @@
+$LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__) + "/../lib"))
+require 'rubygems'
+gem 'rails', '>= 3.0.0'
+require 'encrypted_cookie_store'
+
+describe EncryptedCookieStore do
+	SECRET = "b6a30e998806a238c4bad45cc720ed55e56e50d9f00fff58552e78a20fe8262df61" <<
+		"42fcfdb0676018bb9767ed560d4a624fb7f3603b4e53c77ec189ae3853bd1"
+	GOOD_ENCRYPTION_KEY = "dd458e790c3b995e3606384c58efc53da431db892f585aa3ca2a17eabe6df75b"
+	ANOTHER_GOOD_ENCRYPTION_KEY = "ce6a45c34607d2048d735b0a31a769de4e1512eb83c7012059a66937158a8975"
+	OBJECT = { :user_id => 123, :admin => true, :message => "hello world!" }
+	
+	def create(options = {})
+		EncryptedCookieStore.new(nil, options.reverse_merge(
+			:key => 'key',
+			:secret => SECRET
+		))
+	end
+	
+	it "checks whether an encryption key is given" do
+		lambda { create }.should raise_error(ArgumentError, /encryption key is required/)
+	end
+	
+	it "checks whether the encryption key has the correct size" do
+		encryption_key = "too small"
+		block = lambda { create(:encryption_key => encryption_key) }
+		block.should raise_error(ArgumentError, /must be a hexadecimal string of exactly \d+ bytes/)
+	end
+	
+	specify "marshalling and unmarshalling data works" do
+		data   = create(:encryption_key => GOOD_ENCRYPTION_KEY).send(:marshal, OBJECT)
+		object = create(:encryption_key => GOOD_ENCRYPTION_KEY).send(:unmarshal, data)
+		object[:user_id].should == 123
+		object[:admin].should be_true
+		object[:message].should == "hello world!"
+	end
+	
+	it "uses a different initialization vector every time data is marshalled" do
+		store  = create(:encryption_key => GOOD_ENCRYPTION_KEY)
+		data1  = store.send(:marshal, OBJECT)
+		data2  = store.send(:marshal, OBJECT)
+		data3  = store.send(:marshal, OBJECT)
+		data4  = store.send(:marshal, OBJECT)
+		data1.should_not == data2
+		data1.should_not == data3
+		data1.should_not == data4
+	end
+	
+	it "invalidates the data if the encryption key is changed" do
+		data   = create(:encryption_key => GOOD_ENCRYPTION_KEY).send(:marshal, OBJECT)
+		object = create(:encryption_key => ANOTHER_GOOD_ENCRYPTION_KEY).send(:unmarshal, data)
+		object.should be_nil
+	end
+	
+	it "invalidates the data if the IV cannot be decrypted" do
+		store = create(:encryption_key => GOOD_ENCRYPTION_KEY)
+		data  = store.send(:marshal, OBJECT)
+		iv_cipher = store.instance_variable_get(:@iv_cipher)
+		iv_cipher.should_receive(:update).and_raise(EncryptedCookieStore::OpenSSLCipherError)
+		store.send(:unmarshal, data).should be_nil
+	end
+	
+	it "invalidates the data if we just migrated from CookieStore" do
+		old_store = ActionController::Session::CookieStore.new(nil, :key => 'key', :secret => SECRET)
+		legacy_data = old_store.send(:marshal, OBJECT)
+		store = create(:encryption_key => GOOD_ENCRYPTION_KEY)
+		store.send(:unmarshal, legacy_data).should be_nil
+	end
+	
+	it "invalidates the data if it was tampered with" do
+		store = create(:encryption_key => GOOD_ENCRYPTION_KEY)
+		data = store.send(:marshal, OBJECT)
+		b64_encrypted_iv, b64_encrypted_session_data = data.split("--", 2)
+		b64_encrypted_session_data[0..1] = "AA"
+		data = "#{b64_encrypted_iv}--#{b64_encrypted_session_data}"
+		store.send(:unmarshal, data).should be_nil
+	end
+	
+	it "invalidates the data if it looks like garbage" do
+		store = create(:encryption_key => GOOD_ENCRYPTION_KEY)
+		garbage = "\202d\3477 jTf\274\360\200z\355\334N3\001\0036\321qLu\027\320\325*%:%\270D"
+		store.send(:unmarshal, garbage).should be_nil
+	end
+end

metadata

@@ -0,0 +1,77 @@
+--- !ruby/object:Gem::Specification 
+name: encrypted_cookie_store
+version: !ruby/object:Gem::Version 
+  hash: 23
+  prerelease: false
+  segments: 
+  - 0
+  - 2
+  - 0
+  version: 0.2.0
+platform: ruby
+authors: 
+- FooBarWidget
+- Ben Sales
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-01-19 00:00:00 +00:00
+default_executable: 
+dependencies: []
+
+description: 
+email: ben@twoism.co.uk
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.markdown
+files: 
+- LICENSE.txt
+- Rakefile
+- README.markdown
+- test/encrypted_cookie_store_test.rb
+- lib/encrypted_cookie_store/constants.rb
+- lib/encrypted_cookie_store/encrypted_cookie_store.rb
+- lib/encrypted_cookie_store/railtie.rb
+- lib/encrypted_cookie_store.rb
+- lib/tasks/encrypted_cookie_store.rake
+has_rdoc: true
+homepage: https://github.com/FooBarWidget/encrypted_cookie_store
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --main
+- README.markdown
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: A Rails 3 version of Encrypted Cookie Store by FooBarWidget
+test_files: []
+