RubyGems - encrypted_store - Versions diffs - 0.2.0 - Mend

encrypted_store 0.2.0

Files changed (21) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 597b51a7a639daa48f0168cd455614d0badc530d
+  data.tar.gz: 0c3ac74f182c8825f0bf8a2cb40b5c6c1636e221
+SHA512:
+  metadata.gz: f7abe54066eb6000e60e38ac7e6bf8df46f3b5e50d6d85957b38c56436dde3221e18730a4d21a7076729e96b673f887325856b419cda5be666b02c506168db56
+  data.tar.gz: 8a280ee382d0de6e35f34bbe3b9ec683f57583bddb6a3cd823f0beb10c52e4348f3724f25344b220cb2d836172a0fb8b5c353b80944b24ab12f95a44df69d858

data/lib/generators/encrypted_store/encrypt_table/encrypt_table_generator.rb ADDED Viewed

@@ -0,0 +1,12 @@
+module Ribbon::EncryptedStore
+  module Generators
+    class EncryptTableGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+      argument :table_name, :type => :string
+      def create_migrations
+        generate "migration", "add_encrypted_store_to_#{table_name} encryption_key_id:integer encrypted_store:binary"
+      end
+    end # EncryptTableGenerator
+  end # Generators
+end # Ribbon::EncryptedStore

data/lib/generators/encrypted_store/install/install_generator.rb ADDED Viewed

@@ -0,0 +1,26 @@
+require 'rails/generators/active_record'
+module Ribbon::EncryptedStore
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+      class << self
+        def next_migration_number(*args)
+          ActiveRecord::Generators::Base.next_migration_number(*args)
+        end
+      end # Class Methods
+      source_root File.expand_path("../templates", __FILE__)
+      def create_initializer
+        copy_file "initializer.rb", "config/initializers/encrypted_store.rb"
+      end
+      def create_migrations
+        migration_template 'create_encryption_keys.rb', 'db/migrate/create_encryption_keys.rb'
+        migration_template 'create_encryption_key_salts.rb', 'db/migrate/create_encryption_key_salts.rb'
+      end
+    end # InstallEncryptedStoreGenerator
+  end # Generators
+end # Ribbon::EncryptedStore

data/lib/generators/encrypted_store/install/templates/create_encryption_key_salts.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class CreateEncryptionKeySalts < ActiveRecord::Migration
+  def change
+    create_table :encryption_key_salts do |t|
+      t.integer :encryption_key_id
+      t.binary  :salt
+      t.timestamps
+    end
+    add_index :encryption_key_salts, [:encryption_key_id, :salt], unique: true
+  end
+end

data/lib/generators/encrypted_store/install/templates/create_encryption_keys.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class CreateEncryptionKeys < ActiveRecord::Migration
+  def change
+    create_table :encryption_keys do |t|
+      t.binary  :dek
+      t.boolean :primary
+      t.timestamps
+    end
+    add_index :encryption_keys, :created_at
+  end
+end

data/lib/generators/encrypted_store/install/templates/initializer.rb ADDED Viewed

@@ -0,0 +1,6 @@
+require 'ribbon/encrypted_store'
+Ribbon::EncryptedStore.config {
+  encrypt_key { |dek| dek }
+  decrypt_key { |dek| dek }
+}

data/lib/generators/encrypted_store/upgrade/ZeroOneFive/templates/upgrade_encryption_key_salts_to_015.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class UpgradeEncryptionKeySaltsTo015 < ActiveRecord::Migration
+  def change
+    add_column :encryption_key_salts, :created_at, :datetime
+    add_column :encryption_key_salts, :updated_at, :datetime
+    add_index :encryption_key_salts, [:encryption_key_id, :salt], unique: true
+  end
+end

data/lib/generators/encrypted_store/upgrade/ZeroOneFive/templates/upgrade_encryption_keys_to_015.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class UpgradeEncryptionKeysTo015 < ActiveRecord::Migration
+  def change
+    add_column :encryption_keys, :created_at, :datetime
+    add_column :encryption_keys, :updated_at, :datetime
+    add_index :encryption_keys, :created_at
+  end
+end

data/lib/generators/encrypted_store/upgrade/ZeroOneFive/zero_one_five_generator.rb ADDED Viewed

@@ -0,0 +1,24 @@
+require 'rails/generators/active_record'
+module Ribbon::EncryptedStore
+  module Generators
+    module Upgrade
+      class ZeroOneFiveGenerator < Rails::Generators::Base
+        include Rails::Generators::Migration
+        class << self
+          def next_migration_number(*args)
+            ActiveRecord::Generators::Base.next_migration_number(*args)
+          end
+        end # Class Methods
+        source_root File.expand_path("../templates", __FILE__)
+        def create_migrations
+          migration_template 'upgrade_encryption_keys_to_015.rb', 'db/migrate/upgrade_encryption_keys_to_015.rb'
+          migration_template 'upgrade_encryption_key_salts_to_015.rb', 'db/migrate/upgrade_encryption_key_salts_to_015.rb'
+        end
+      end # ZeroOneFiveGenerator
+    end # Upgrade
+  end # Generators
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store.rb ADDED Viewed

@@ -0,0 +1,33 @@
+require 'ribbon/encrypted_store/version'
+require 'ribbon/config'
+module Ribbon
+  module EncryptedStore
+    require 'ribbon/encrypted_store/railtie' if defined?(Rails)
+    autoload(:CryptoHash, 'ribbon/encrypted_store/crypto_hash')
+    autoload(:Instance,   'ribbon/encrypted_store/instance')
+    autoload(:Errors,     'ribbon/encrypted_store/errors')
+    autoload(:Mixins,     'ribbon/encrypted_store/mixins')
+    class << self
+      def included(base)
+        if defined?(ActiveRecord) && base < ActiveRecord::Base
+          base.send(:include, Mixins::ActiveRecordMixin)
+        else
+          raise Errors::UnsupportedModelError
+        end
+      end
+      def method_missing(meth, *args, &block)
+        instance.send(meth, *args, &block)
+      end
+      def instance
+        @__instance ||= Instance.new
+      end
+    end # Class Methods
+  end # EncryptedStore
+end # Ribbon
+# Create a shortcut to the module
+EncryptedStore = Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/crypto_hash.rb ADDED Viewed

@@ -0,0 +1,150 @@
+require 'openssl'
+require 'json'
+require 'zlib'
+module Ribbon::EncryptedStore
+  class CryptoHash < Hash
+    def initialize(data={})
+      super()
+      merge!(data)
+    end
+    ##
+    # Encrypts the hash using the data encryption key and salt.
+    #
+    # Returns a blob:
+    # | Byte 0   |   Byte 1    |        Byte 2       | Bytes 3...S | Bytes S+1...E  | Bytes E+1..E+4 |
+    # ------------------------------------------------------------------------------------------------
+    # | Version  | Salt Length | Iteration Magnitude |     Salt    | Encrypted Data |     CRC32      |
+    def encrypt(dek, salt, iter_mag=10)
+      return nil if empty?
+      raise Errors::InvalidSaltSize, 'too long' if salt.bytes.length > 255
+      key, iv = _keyiv_gen(dek, salt, iter_mag)
+      encryptor = OpenSSL::Cipher::AES256.new(:CBC).encrypt
+      encryptor.key = key
+      encryptor.iv = iv
+      data_packet = _encrypted_data_header_v2(salt, iter_mag) + encryptor.update(self.to_json) + encryptor.final
+      _append_crc32(data_packet)
+    end
+    class << self
+      def decrypt(dek, data)
+        return CryptoHash.new unless data
+        salt, iter_mag, data = _split_binary_data(data)
+        key, iv = _keyiv_gen(dek, salt, iter_mag)
+        decryptor = OpenSSL::Cipher::AES256.new(:CBC).decrypt
+        decryptor.key = key
+        decryptor.iv = iv
+        new_hash = JSON.parse(decryptor.update(data) + decryptor.final)
+        new_hash = Hash[new_hash.map { |k,v| [k.to_sym, v] }]
+        CryptoHash.new(new_hash)
+      end
+      def _keyiv_gen(key, salt, iter_mag)
+        if iter_mag == -1
+          raise Errors::InvalidKeySize, 'must be exactly 256 bits' unless key.bytes.length == 32
+          raise Errors::InvalidSaltSize, 'must be exactly 128 bits' unless salt.bytes.length == 16
+          iv = salt
+        else
+          digest = OpenSSL::Digest::SHA256.new
+          key_and_iv = OpenSSL::PKCS5.pbkdf2_hmac(key, salt, 1 << iter_mag, 48, digest)
+          key = key_and_iv[0..31]
+          iv  = key_and_iv[32..-1]
+        end
+        [key, iv]
+      end
+      def _split_binary_data(encrypted_data)
+        # Split encrypted data and CRC
+        bytes = encrypted_data.bytes
+        version = bytes[0]
+        version_method = "_split_binary_data_v#{version}"
+        if respond_to?(version_method)
+          send(version_method, encrypted_data)
+        else
+          raise Errors::UnsupportedVersionError, "Unsupported encrypted data version: #{version}"
+        end
+      end
+      def _split_binary_data_v1(encrypted_data)
+        bytes = encrypted_data.bytes
+        salt_length = bytes[1]
+        salt_start_index = 2
+        salt_end_index   = salt_start_index + salt_length - 1
+        salt = bytes[salt_start_index..salt_end_index].pack('c*')
+        data = bytes[salt_end_index+1..-5].pack('c*')
+        crc = bytes[-4..-1]
+        raise Errors::ChecksumFailedError unless crc == _calc_crc32(encrypted_data[0..-5]).bytes
+        [salt, 12, data]
+      end
+      def _split_binary_data_v2(encrypted_data)
+        bytes = encrypted_data.bytes
+        salt_length = bytes[1]
+        iter_mag    = bytes[2].chr.unpack('c').first
+        salt_start_index = 3
+        salt_end_index   = salt_start_index + salt_length - 1
+        salt = bytes[salt_start_index..salt_end_index].pack('c*')
+        data = bytes[salt_end_index+1..-5].pack('c*')
+        crc = bytes[-4..-1]
+        raise Errors::ChecksumFailedError unless crc == _calc_crc32(encrypted_data[0..-5]).bytes
+        [salt, iter_mag, data]
+      end
+      def _calc_crc32(data)
+        [Zlib.crc32(data)].pack('N')
+      end
+    end # Class Methods
+    private
+    ##
+    # Generates the version 1 encrypted data header:
+    # |     Byte 0     |     Byte 1     |  Bytes 2...S
+    # ---------------------------------------------------
+    # |    Version     |   Salt Length  |     Salt
+    #
+    def _encrypted_data_header_v1(salt)
+      "\x01" + salt.bytes.length.chr + salt
+    end
+    ##
+    # Generates the version 2 encrypted data header:
+    # |     Byte 0     |     Byte 1     |         Byte 2       | Bytes 3...S
+    # ----------------------------------------------------------------------
+    # |    Version     |   Salt Length  |  Iteration Magnitude |    Salt
+    #
+    def _encrypted_data_header_v2(salt, iter_mag)
+      "\x02" + salt.bytes.length.chr + [iter_mag].pack('c') + salt
+    end
+    def _keyiv_gen(key, salt, iter_mag)
+      self.class._keyiv_gen(key, salt, iter_mag)
+    end
+    def _append_crc32(data)
+      data + _calc_crc32(data)
+    end
+    def _calc_crc32(data)
+      self.class._calc_crc32(data)
+    end
+  end # CryptoHash
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/errors.rb ADDED Viewed

@@ -0,0 +1,16 @@
+module Ribbon::EncryptedStore
+  module Errors
+    class Error < StandardError; end
+    # General Errors
+    class GeneralError < Error; end
+    class UnsupportedModelError < GeneralError; end
+    # CryptoHash Errors
+    class CryptoHashError < Error; end
+    class ChecksumFailedError < CryptoHashError; end
+    class InvalidSaltSize < CryptoHashError; end
+    class InvalidKeySize < CryptoHashError; end
+    class UnsupportedVersionError < CryptoHashError; end
+  end # Errors
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/instance.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module Ribbon::EncryptedStore
+  class Instance
+    def config(&block)
+      (@__config ||= Ribbon::Config.new).tap { |config|
+        if block_given?
+          config.define(&block)
+        end
+      }
+    end
+    ##
+    # Preloads the most recent `amount` keys.
+    def preload_keys(amount=12)
+      keys = Mixins::ActiveRecordMixin.preload_keys(amount)
+      keys.each { |k| (@_decrypted_keys ||= {})[k.id] = k.decrypted_key }
+    end
+    def decrypt_key(dek, primary=false)
+      config.decrypt_key? ? config.decrypt_key.last.call(dek, primary) : dek
+    end
+    def encrypt_key(dek, primary=false)
+      config.encrypt_key? ? config.encrypt_key.last.call(dek, primary) : dek
+    end
+    def retrieve_dek(key_model, key_id)
+      (@_decrypted_keys ||= {})[key_id] ||= key_model.find(key_id).decrypted_key
+    end
+  end # Instance
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/mixins.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Ribbon::EncryptedStore
+  module Mixins
+    autoload(:ActiveRecordMixin, 'ribbon/encrypted_store/mixins/active_record_mixin')
+  end # Mixins
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/mixins/active_record_mixin.rb ADDED Viewed

@@ -0,0 +1,108 @@
+require 'securerandom'
+module Ribbon::EncryptedStore
+  module Mixins
+    module ActiveRecordMixin
+      autoload(:EncryptionKeySalt, 'ribbon/encrypted_store/mixins/active_record_mixin/encryption_key_salt')
+      autoload(:EncryptionKey,     'ribbon/encrypted_store/mixins/active_record_mixin/encryption_key')
+      class << self
+        def included(base)
+          base.before_save(:_encrypted_store_save)
+          base.extend(ClassMethods)
+        end
+        def descendants
+          Rails.application.eager_load! if defined?(Rails) && Rails.application
+          ActiveRecord::Base.descendants.select { |model| model < Mixins::ActiveRecordMixin }
+        end
+        def descendants?
+          !descendants.empty?
+        end
+        ##
+        # Preloads the most recent `amount` keys.
+        def preload_keys(amount)
+          EncryptionKey.preload(amount) if descendants?
+        end
+      end # Module Methods
+      module ClassMethods
+        def _encrypted_store_data
+          @_encrypted_store_data ||= {}
+        end
+        def attr_encrypted(*args)
+          # Store attrs in class data
+          _encrypted_store_data[:encrypted_attributes] = args.map(&:to_sym)
+          args.each { |arg|
+            define_method(arg) { _encrypted_store_get(arg) }
+            define_method("#{arg}=") { |value| _encrypted_store_set(arg, value) }
+          }
+        end
+      end # ClassMethods
+      ##
+      # Instance Methods
+      ##
+      def reencrypt(encryption_key)
+        _crypto_hash
+        self.encryption_key_id = encryption_key.id
+        @_reencrypting = true
+      end
+      def reencrypt!(encryption_key)
+        reencrypt(encryption_key).tap { save! }
+      end
+      def _encrypted_store_data
+        self.class._encrypted_store_data
+      end
+      def _encryption_key_id
+        self.encryption_key_id ||= EncryptionKey.primary_encryption_key.id
+      end
+      def _crypto_hash
+        @_crypto_hash ||= CryptoHash.decrypt(_decrypted_key, self.encrypted_store)
+      end
+      def _decrypted_key
+        EncryptedStore.retrieve_dek(EncryptionKey, _encryption_key_id)
+      end
+      def _encrypted_store_get(field)
+        _crypto_hash[field]
+      end
+      def _encrypted_store_set(field, value)
+        attribute_will_change!(field)
+        _crypto_hash[field] = value
+      end
+      def _encrypted_store_save
+        if !(self.changed.map(&:to_sym) & _encrypted_store_data[:encrypted_attributes]).empty? || @_reencrypting
+          # Obtain a lock without overriding attribute values for this record.
+          record = self.class.unscoped { self.class.lock.find(id) } unless new_record?
+          unless @_reencrypting
+            self.encryption_key_id = record.encryption_key_id if record && record.encryption_key_id
+          end
+          iter_mag = Ribbon::EncryptedStore.config.iteration_magnitude? ?
+                     Ribbon::EncryptedStore.config.iteration_magnitude  :
+                     -1
+          @_reencrypting = false
+          self.encrypted_store = _crypto_hash.encrypt(
+            _decrypted_key,
+            EncryptionKeySalt.generate_salt(_encryption_key_id),
+            iter_mag
+          )
+        end
+      end
+    end # ActiveRecordMixin
+  end # Mixins
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb ADDED Viewed

@@ -0,0 +1,77 @@
+require 'securerandom'
+require 'base64'
+module Ribbon::EncryptedStore
+  module Mixins
+    module ActiveRecordMixin
+      class EncryptionKey < ActiveRecord::Base
+        validates_uniqueness_of :primary, if: :primary
+        class << self
+          def primary_encryption_key
+            new_key unless _has_primary?
+            where(primary: true).last || last
+          end
+          def new_key(custom_key=nil)
+            dek = custom_key || SecureRandom.random_bytes(32)
+            transaction {
+              _has_primary? && where(primary: true).first.update_attributes(primary: false)
+              _create_primary_key(dek)
+            }
+          end
+          def retire_keys(key_ids=[])
+            pkey = primary_encryption_key
+            ActiveRecordMixin.descendants.each { |model|
+              records = key_ids.empty? ? model.where("encryption_key_id != ?", pkey.id)
+                                       : model.where("encryption_key_id IN (?)", key_ids)
+              records.each { |record| record.reencrypt!(pkey) }
+            }
+            pkey
+          end
+          ##
+          # Preload the most recent `amount` keys.
+          def preload(amount)
+            primary_encryption_key # Ensure there's at least a primary key
+            order(:created_at).limit(amount)
+          end
+          def rotate_keys
+            new_key
+            retire_keys
+          end
+          def _has_primary?
+            where(primary: true).exists?
+          end
+          def _get_table_models
+            Rails.application.eager_load! if defined?(Rails) && Rails.application
+            ActiveRecord::Base.descendants
+          end
+          def _get_models_with_encrypted_store
+            _get_table_models.select { |model| model < Mixins::ActiveRecordMixin }
+          end
+          def _create_primary_key(dek)
+            self.new.tap { |key|
+              key.dek = EncryptedStore.encrypt_key(dek, true)
+              key.primary = true
+              key.save!
+            }
+          end
+        end # Class Methods
+        def decrypted_key
+          EncryptedStore.decrypt_key(self.dek, self.primary)
+        end
+      end # EncryptionKey
+    end # ActiveRecordMixin
+  end # Mixins
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key_salt.rb ADDED Viewed

@@ -0,0 +1,28 @@
+require 'securerandom'
+module Ribbon::EncryptedStore
+  module Mixins
+    module ActiveRecordMixin
+      class EncryptionKeySalt < ActiveRecord::Base
+        validates :salt, uniqueness: {scope: :encryption_key_id}
+        class << self
+          def generate_salt(encryption_key_id)
+            loop do
+              salt = SecureRandom.random_bytes(16)
+              begin
+                salt_record = self.new
+                salt_record.encryption_key_id = encryption_key_id
+                salt_record.salt = salt
+                salt_record.save!
+                return salt
+              rescue ActiveRecord::RecordNotUnique => e
+                next
+              end
+            end
+          end
+        end # Class Methods
+      end # EncryptionKeySalt
+    end # ActiveRecordMixin
+  end # Mixins
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/railtie.rb ADDED Viewed

@@ -0,0 +1,23 @@
+require 'ribbon/encrypted_store'
+require 'rails'
+require 'rails/generators'
+module Ribbon
+  module EncryptedStore
+    class Railtie < Rails::Railtie
+      railtie_name :encrypted_store
+      rake_tasks do
+        Dir[
+          File.expand_path("../../../tasks", __FILE__) + '/**/*.rake'
+        ].each { |rake_file| load rake_file }
+      end
+      generators do
+        Dir[
+          File.expand_path("../../../generators", __FILE__) + '/**/*.rb'
+        ].each { |generator| require generator }
+      end
+    end # Railtie
+  end # EncryptedStore
+end # Ribbon

data/lib/ribbon/encrypted_store/version.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Ribbon
+  module EncryptedStore
+    VERSION = '0.2.0'
+  end # EncryptedStore
+end # Ribbon

data/lib/tasks/encrypted_store.rake ADDED Viewed

@@ -0,0 +1,19 @@
+require 'ribbon/encrypted_store'
+namespace :encrypted_store do
+  task :new_key, [:custom_key] => :environment do |t, args|
+    new_key = EncryptedStore::Mixins::ActiveRecordMixin::EncryptionKey.new_key(args[:custom_key])
+    puts "Created new primary key: #{new_key.id}"
+  end
+  task :retire_keys, [:key_ids] => :environment do |t, args|
+    key_ids = (args[:key_ids] && args[:key_ids].split(" ")) || []
+    new_primary_key = EncryptedStore::Mixins::ActiveRecordMixin::EncryptionKey.retire_keys(key_ids)
+    puts "Retired key_ids: #{key_ids} and reencrypted records with primary key: #{new_primary_key.id}"
+  end
+  task :rotate_keys => :environment do |t, args|
+    new_primary_key = EncryptedStore::Mixins::ActiveRecordMixin::EncryptionKey.rotate_keys
+    puts "Retired all key_ids and reencrypted records with new primary key: #{new_primary_key.id}"
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,169 @@
+--- !ruby/object:Gem::Specification
+name: encrypted_store
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Robert Honer
+- Kayvon Ghaffari
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2015-10-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.3
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.3
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.3
+- !ruby/object:Gem::Dependency
+  name: ribbon-config
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+description: Provides the EncryptedStore mixin
+email:
+- robert@ribbonpayments.com
+- kayvon@ribbonpayments.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/generators/encrypted_store/encrypt_table/encrypt_table_generator.rb
+- lib/generators/encrypted_store/install/install_generator.rb
+- lib/generators/encrypted_store/install/templates/create_encryption_key_salts.rb
+- lib/generators/encrypted_store/install/templates/create_encryption_keys.rb
+- lib/generators/encrypted_store/install/templates/initializer.rb
+- lib/generators/encrypted_store/upgrade/ZeroOneFive/templates/upgrade_encryption_key_salts_to_015.rb
+- lib/generators/encrypted_store/upgrade/ZeroOneFive/templates/upgrade_encryption_keys_to_015.rb
+- lib/generators/encrypted_store/upgrade/ZeroOneFive/zero_one_five_generator.rb
+- lib/ribbon/encrypted_store.rb
+- lib/ribbon/encrypted_store/crypto_hash.rb
+- lib/ribbon/encrypted_store/errors.rb
+- lib/ribbon/encrypted_store/instance.rb
+- lib/ribbon/encrypted_store/mixins.rb
+- lib/ribbon/encrypted_store/mixins/active_record_mixin.rb
+- lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb
+- lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key_salt.rb
+- lib/ribbon/encrypted_store/railtie.rb
+- lib/ribbon/encrypted_store/version.rb
+- lib/tasks/encrypted_store.rake
+homepage: http://github.com/ribbon/encrypted_store
+licenses:
+- BSD
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.3
+signing_key:
+specification_version: 4
+summary: Provides the EncryptedStore mixin
+test_files: []