RubyGems - encrypted_store - Versions diffs - 0.2.0 - Mend

encrypted_store 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 597b51a7a639daa48f0168cd455614d0badc530d
+  data.tar.gz: 0c3ac74f182c8825f0bf8a2cb40b5c6c1636e221
+SHA512:
+  metadata.gz: f7abe54066eb6000e60e38ac7e6bf8df46f3b5e50d6d85957b38c56436dde3221e18730a4d21a7076729e96b673f887325856b419cda5be666b02c506168db56
+  data.tar.gz: 8a280ee382d0de6e35f34bbe3b9ec683f57583bddb6a3cd823f0beb10c52e4348f3724f25344b220cb2d836172a0fb8b5c353b80944b24ab12f95a44df69d858

data/lib/generators/encrypted_store/encrypt_table/encrypt_table_generator.rb ADDED Viewed

@@ -0,0 +1,12 @@
+module Ribbon::EncryptedStore
+  module Generators
+    class EncryptTableGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+      argument :table_name, :type => :string
+      def create_migrations
+        generate "migration", "add_encrypted_store_to_#{table_name} encryption_key_id:integer encrypted_store:binary"
+      end
+    end # EncryptTableGenerator
+  end # Generators
+end # Ribbon::EncryptedStore

data/lib/generators/encrypted_store/install/install_generator.rb ADDED Viewed

@@ -0,0 +1,26 @@
+require 'rails/generators/active_record'
+module Ribbon::EncryptedStore
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+      class << self
+        def next_migration_number(*args)
+          ActiveRecord::Generators::Base.next_migration_number(*args)
+        end
+      end # Class Methods
+      source_root File.expand_path("../templates", __FILE__)
+      def create_initializer
+        copy_file "initializer.rb", "config/initializers/encrypted_store.rb"
+      end
+      def create_migrations
+        migration_template 'create_encryption_keys.rb', 'db/migrate/create_encryption_keys.rb'
+        migration_template 'create_encryption_key_salts.rb', 'db/migrate/create_encryption_key_salts.rb'
+      end
+    end # InstallEncryptedStoreGenerator
+  end # Generators
+end # Ribbon::EncryptedStore

data/lib/generators/encrypted_store/install/templates/create_encryption_key_salts.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class CreateEncryptionKeySalts < ActiveRecord::Migration
+  def change
+    create_table :encryption_key_salts do |t|
+      t.integer :encryption_key_id
+      t.binary  :salt
+      t.timestamps
+    end
+    add_index :encryption_key_salts, [:encryption_key_id, :salt], unique: true
+  end
+end

data/lib/generators/encrypted_store/install/templates/create_encryption_keys.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class CreateEncryptionKeys < ActiveRecord::Migration
+  def change
+    create_table :encryption_keys do |t|
+      t.binary  :dek
+      t.boolean :primary
+      t.timestamps
+    end
+    add_index :encryption_keys, :created_at
+  end
+end

data/lib/generators/encrypted_store/install/templates/initializer.rb ADDED Viewed

@@ -0,0 +1,6 @@
+require 'ribbon/encrypted_store'
+Ribbon::EncryptedStore.config {
+  encrypt_key { |dek| dek }
+  decrypt_key { |dek| dek }
+}

data/lib/generators/encrypted_store/upgrade/ZeroOneFive/templates/upgrade_encryption_key_salts_to_015.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class UpgradeEncryptionKeySaltsTo015 < ActiveRecord::Migration
+  def change
+    add_column :encryption_key_salts, :created_at, :datetime
+    add_column :encryption_key_salts, :updated_at, :datetime
+    add_index :encryption_key_salts, [:encryption_key_id, :salt], unique: true
+  end
+end

data/lib/generators/encrypted_store/upgrade/ZeroOneFive/templates/upgrade_encryption_keys_to_015.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class UpgradeEncryptionKeysTo015 < ActiveRecord::Migration
+  def change
+    add_column :encryption_keys, :created_at, :datetime
+    add_column :encryption_keys, :updated_at, :datetime
+    add_index :encryption_keys, :created_at
+  end
+end

data/lib/generators/encrypted_store/upgrade/ZeroOneFive/zero_one_five_generator.rb ADDED Viewed

@@ -0,0 +1,24 @@
+require 'rails/generators/active_record'
+module Ribbon::EncryptedStore
+  module Generators
+    module Upgrade
+      class ZeroOneFiveGenerator < Rails::Generators::Base
+        include Rails::Generators::Migration
+        class << self
+          def next_migration_number(*args)
+            ActiveRecord::Generators::Base.next_migration_number(*args)
+          end
+        end # Class Methods
+        source_root File.expand_path("../templates", __FILE__)
+        def create_migrations
+          migration_template 'upgrade_encryption_keys_to_015.rb', 'db/migrate/upgrade_encryption_keys_to_015.rb'
+          migration_template 'upgrade_encryption_key_salts_to_015.rb', 'db/migrate/upgrade_encryption_key_salts_to_015.rb'
+        end
+      end # ZeroOneFiveGenerator
+    end # Upgrade
+  end # Generators
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store.rb ADDED Viewed

@@ -0,0 +1,33 @@
+require 'ribbon/encrypted_store/version'
+require 'ribbon/config'
+module Ribbon
+  module EncryptedStore
+    require 'ribbon/encrypted_store/railtie' if defined?(Rails)
+    autoload(:CryptoHash, 'ribbon/encrypted_store/crypto_hash')
+    autoload(:Instance,   'ribbon/encrypted_store/instance')
+    autoload(:Errors,     'ribbon/encrypted_store/errors')
+    autoload(:Mixins,     'ribbon/encrypted_store/mixins')
+    class << self
+      def included(base)
+        if defined?(ActiveRecord) && base < ActiveRecord::Base
+          base.send(:include, Mixins::ActiveRecordMixin)
+        else
+          raise Errors::UnsupportedModelError
+        end
+      end
+      def method_missing(meth, *args, &block)
+        instance.send(meth, *args, &block)
+      end
+      def instance
+        @__instance ||= Instance.new
+      end
+    end # Class Methods
+  end # EncryptedStore
+end # Ribbon
+# Create a shortcut to the module
+EncryptedStore = Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/crypto_hash.rb ADDED Viewed

@@ -0,0 +1,150 @@
+require 'openssl'
+require 'json'
+require 'zlib'
+module Ribbon::EncryptedStore
+  class CryptoHash < Hash
+    def initialize(data={})
+      super()
+      merge!(data)
+    end
+    ##
+    # Encrypts the hash using the data encryption key and salt.
+    #
+    # Returns a blob:
+    # | Byte 0   |   Byte 1    |        Byte 2       | Bytes 3...S | Bytes S+1...E  | Bytes E+1..E+4 |
+    # ------------------------------------------------------------------------------------------------
+    # | Version  | Salt Length | Iteration Magnitude |     Salt    | Encrypted Data |     CRC32      |
+    def encrypt(dek, salt, iter_mag=10)
+      return nil if empty?
+      raise Errors::InvalidSaltSize, 'too long' if salt.bytes.length > 255
+      key, iv = _keyiv_gen(dek, salt, iter_mag)
+      encryptor = OpenSSL::Cipher::AES256.new(:CBC).encrypt
+      encryptor.key = key
+      encryptor.iv = iv
+      data_packet = _encrypted_data_header_v2(salt, iter_mag) + encryptor.update(self.to_json) + encryptor.final
+      _append_crc32(data_packet)
+    end
+    class << self
+      def decrypt(dek, data)
+        return CryptoHash.new unless data
+        salt, iter_mag, data = _split_binary_data(data)
+        key, iv = _keyiv_gen(dek, salt, iter_mag)
+        decryptor = OpenSSL::Cipher::AES256.new(:CBC).decrypt
+        decryptor.key = key
+        decryptor.iv = iv
+        new_hash = JSON.parse(decryptor.update(data) + decryptor.final)
+        new_hash = Hash[new_hash.map { |k,v| [k.to_sym, v] }]
+        CryptoHash.new(new_hash)
+      end
+      def _keyiv_gen(key, salt, iter_mag)
+        if iter_mag == -1
+          raise Errors::InvalidKeySize, 'must be exactly 256 bits' unless key.bytes.length == 32
+          raise Errors::InvalidSaltSize, 'must be exactly 128 bits' unless salt.bytes.length == 16
+          iv = salt
+        else
+          digest = OpenSSL::Digest::SHA256.new
+          key_and_iv = OpenSSL::PKCS5.pbkdf2_hmac(key, salt, 1 << iter_mag, 48, digest)
+          key = key_and_iv[0..31]
+          iv  = key_and_iv[32..-1]
+        end
+        [key, iv]
+      end
+      def _split_binary_data(encrypted_data)
+        # Split encrypted data and CRC
+        bytes = encrypted_data.bytes
+        version = bytes[0]
+        version_method = "_split_binary_data_v#{version}"
+        if respond_to?(version_method)
+          send(version_method, encrypted_data)
+        else
+          raise Errors::UnsupportedVersionError, "Unsupported encrypted data version: #{version}"
+        end
+      end
+      def _split_binary_data_v1(encrypted_data)
+        bytes = encrypted_data.bytes
+        salt_length = bytes[1]
+        salt_start_index = 2
+        salt_end_index   = salt_start_index + salt_length - 1
+        salt = bytes[salt_start_index..salt_end_index].pack('c*')
+        data = bytes[salt_end_index+1..-5].pack('c*')
+        crc = bytes[-4..-1]
+        raise Errors::ChecksumFailedError unless crc == _calc_crc32(encrypted_data[0..-5]).bytes
+        [salt, 12, data]
+      end
+      def _split_binary_data_v2(encrypted_data)
+        bytes = encrypted_data.bytes
+        salt_length = bytes[1]
+        iter_mag    = bytes[2].chr.unpack('c').first
+        salt_start_index = 3
+        salt_end_index   = salt_start_index + salt_length - 1
+        salt = bytes[salt_start_index..salt_end_index].pack('c*')
+        data = bytes[salt_end_index+1..-5].pack('c*')
+        crc = bytes[-4..-1]
+        raise Errors::ChecksumFailedError unless crc == _calc_crc32(encrypted_data[0..-5]).bytes
+        [salt, iter_mag, data]
+      end
+      def _calc_crc32(data)
+        [Zlib.crc32(data)].pack('N')
+      end
+    end # Class Methods
+    private
+    ##
+    # Generates the version 1 encrypted data header:
+    # |     Byte 0     |     Byte 1     |  Bytes 2...S
+    # ---------------------------------------------------
+    # |    Version     |   Salt Length  |     Salt
+    #
+    def _encrypted_data_header_v1(salt)
+      "\x01" + salt.bytes.length.chr + salt
+    end
+    ##
+    # Generates the version 2 encrypted data header:
+    # |     Byte 0     |     Byte 1     |         Byte 2       | Bytes 3...S
+    # ----------------------------------------------------------------------
+    # |    Version     |   Salt Length  |  Iteration Magnitude |    Salt
+    #
+    def _encrypted_data_header_v2(salt, iter_mag)
+      "\x02" + salt.bytes.length.chr + [iter_mag].pack('c') + salt
+    end
+    def _keyiv_gen(key, salt, iter_mag)
+      self.class._keyiv_gen(key, salt, iter_mag)
+    end
+    def _append_crc32(data)
+      data + _calc_crc32(data)
+    end
+    def _calc_crc32(data)
+      self.class._calc_crc32(data)
+    end
+  end # CryptoHash
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/errors.rb ADDED Viewed

@@ -0,0 +1,16 @@
+module Ribbon::EncryptedStore
+  module Errors
+    class Error < StandardError; end
+    # General Errors
+    class GeneralError < Error; end
+    class UnsupportedModelError < GeneralError; end
+    # CryptoHash Errors
+    class CryptoHashError < Error; end
+    class ChecksumFailedError < CryptoHashError; end
+    class InvalidSaltSize < CryptoHashError; end
+    class InvalidKeySize < CryptoHashError; end
+    class UnsupportedVersionError < CryptoHashError; end
+  end # Errors
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/instance.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module Ribbon::EncryptedStore
+  class Instance
+    def config(&block)
+      (@__config ||= Ribbon::Config.new).tap { |config|
+        if block_given?
+          config.define(&block)
+        end
+      }
+    end
+    ##
+    # Preloads the most recent `amount` keys.
+    def preload_keys(amount=12)
+      keys = Mixins::ActiveRecordMixin.preload_keys(amount)
+      keys.each { |k| (@_decrypted_keys ||= {})[k.id] = k.decrypted_key }
+    end
+    def decrypt_key(dek, primary=false)
+      config.decrypt_key? ? config.decrypt_key.last.call(dek, primary) : dek
+    end
+    def encrypt_key(dek, primary=false)
+      config.encrypt_key? ? config.encrypt_key.last.call(dek, primary) : dek
+    end
+    def retrieve_dek(key_model, key_id)
+      (@_decrypted_keys ||= {})[key_id] ||= key_model.find(key_id).decrypted_key
+    end
+  end # Instance
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/mixins.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Ribbon::EncryptedStore
+  module Mixins
+    autoload(:ActiveRecordMixin, 'ribbon/encrypted_store/mixins/active_record_mixin')
+  end # Mixins
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/mixins/active_record_mixin.rb ADDED Viewed

@@ -0,0 +1,108 @@
+require 'securerandom'
+module Ribbon::EncryptedStore
+  module Mixins
+    module ActiveRecordMixin
+      autoload(:EncryptionKeySalt, 'ribbon/encrypted_store/mixins/active_record_mixin/encryption_key_salt')
+      autoload(:EncryptionKey,     'ribbon/encrypted_store/mixins/active_record_mixin/encryption_key')
+      class << self
+        def included(base)
+          base.before_save(:_encrypted_store_save)
+          base.extend(ClassMethods)
+        end
+        def descendants
+          Rails.application.eager_load! if defined?(Rails) && Rails.application
+          ActiveRecord::Base.descendants.select { |model| model < Mixins::ActiveRecordMixin }
+        end
+        def descendants?
+          !descendants.empty?
+        end
+        ##
+        # Preloads the most recent `amount` keys.
+        def preload_keys(amount)
+          EncryptionKey.preload(amount) if descendants?
+        end
+      end # Module Methods
+      module ClassMethods
+        def _encrypted_store_data
+          @_encrypted_store_data ||= {}
+        end
+        def attr_encrypted(*args)
+          # Store attrs in class data
+          _encrypted_store_data[:encrypted_attributes] = args.map(&:to_sym)
+          args.each { |arg|
+            define_method(arg) { _encrypted_store_get(arg) }
+            define_method("#{arg}=") { |value| _encrypted_store_set(arg, value) }
+          }
+        end
+      end # ClassMethods
+      ##
+      # Instance Methods
+      ##
+      def reencrypt(encryption_key)
+        _crypto_hash
+        self.encryption_key_id = encryption_key.id
+        @_reencrypting = true
+      end
+      def reencrypt!(encryption_key)
+        reencrypt(encryption_key).tap { save! }
+      end
+      def _encrypted_store_data
+        self.class._encrypted_store_data
+      end
+      def _encryption_key_id
+        self.encryption_key_id ||= EncryptionKey.primary_encryption_key.id
+      end
+      def _crypto_hash
+        @_crypto_hash ||= CryptoHash.decrypt(_decrypted_key, self.encrypted_store)
+      end
+      def _decrypted_key
+        EncryptedStore.retrieve_dek(EncryptionKey, _encryption_key_id)
+      end
+      def _encrypted_store_get(field)
+        _crypto_hash[field]
+      end
+      def _encrypted_store_set(field, value)
+        attribute_will_change!(field)
+        _crypto_hash[field] = value
+      end
+      def _encrypted_store_save
+        if !(self.changed.map(&:to_sym) & _encrypted_store_data[:encrypted_attributes]).empty? || @_reencrypting
+          # Obtain a lock without overriding attribute values for this record.
+          record = self.class.unscoped { self.class.lock.find(id) } unless new_record?
+          unless @_reencrypting
+            self.encryption_key_id = record.encryption_key_id if record && record.encryption_key_id
+          end
+          iter_mag = Ribbon::EncryptedStore.config.iteration_magnitude? ?
+                     Ribbon::EncryptedStore.config.iteration_magnitude  :
+                     -1
+          @_reencrypting = false
+          self.encrypted_store = _crypto_hash.encrypt(
+            _decrypted_key,
+            EncryptionKeySalt.generate_salt(_encryption_key_id),
+            iter_mag
+          )
+        end
+      end
+    end # ActiveRecordMixin
+  end # Mixins
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb ADDED Viewed

@@ -0,0 +1,77 @@
+require 'securerandom'
+require 'base64'
+module Ribbon::EncryptedStore
+  module Mixins
+    module ActiveRecordMixin
+      class EncryptionKey < ActiveRecord::Base
+        validates_uniqueness_of :primary, if: :primary
+        class << self
+          def primary_encryption_key
+            new_key unless _has_primary?
+            where(primary: true).last || last
+          end
+          def new_key(custom_key=nil)
+            dek = custom_key || SecureRandom.random_bytes(32)
+            transaction {
+              _has_primary? && where(primary: true).first.update_attributes(primary: false)
+              _create_primary_key(dek)
+            }
+          end
+          def retire_keys(key_ids=[])
+            pkey = primary_encryption_key
+            ActiveRecordMixin.descendants.each { |model|
+              records = key_ids.empty? ? model.where("encryption_key_id != ?", pkey.id)
+                                       : model.where("encryption_key_id IN (?)", key_ids)
+              records.each { |record| record.reencrypt!(pkey) }
+            }
+            pkey
+          end
+          ##
+          # Preload the most recent `amount` keys.
+          def preload(amount)
+            primary_encryption_key # Ensure there's at least a primary key
+            order(:created_at).limit(amount)
+          end
+          def rotate_keys
+            new_key
+            retire_keys
+          end
+          def _has_primary?
+            where(primary: true).exists?
+          end
+          def _get_table_models
+            Rails.application.eager_load! if defined?(Rails) && Rails.application
+            ActiveRecord::Base.descendants
+          end
+          def _get_models_with_encrypted_store
+            _get_table_models.select { |model| model < Mixins::ActiveRecordMixin }
+          end
+          def _create_primary_key(dek)
+            self.new.tap { |key|
+              key.dek = EncryptedStore.encrypt_key(dek, true)
+              key.primary = true
+              key.save!
+            }
+          end
+        end # Class Methods
+        def decrypted_key
+          EncryptedStore.decrypt_key(self.dek, self.primary)
+        end
+      end # EncryptionKey
+    end # ActiveRecordMixin
+  end # Mixins
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key_salt.rb ADDED Viewed

@@ -0,0 +1,28 @@
+require 'securerandom'
+module Ribbon::EncryptedStore
+  module Mixins
+    module ActiveRecordMixin
+      class EncryptionKeySalt < ActiveRecord::Base
+        validates :salt, uniqueness: {scope: :encryption_key_id}
+        class << self
+          def generate_salt(encryption_key_id)
+            loop do
+              salt = SecureRandom.random_bytes(16)
+              begin
+                salt_record = self.new
+                salt_record.encryption_key_id = encryption_key_id
+                salt_record.salt = salt
+                salt_record.save!
+                return salt
+              rescue ActiveRecord::RecordNotUnique => e
+                next
+              end
+            end
+          end
+        end # Class Methods
+      end # EncryptionKeySalt
+    end # ActiveRecordMixin
+  end # Mixins
+end # Ribbon::EncryptedStore

data/lib/ribbon/encrypted_store/railtie.rb ADDED Viewed

@@ -0,0 +1,23 @@
+require 'ribbon/encrypted_store'
+require 'rails'
+require 'rails/generators'
+module Ribbon
+  module EncryptedStore
+    class Railtie < Rails::Railtie
+      railtie_name :encrypted_store
+      rake_tasks do
+        Dir[
+          File.expand_path("../../../tasks", __FILE__) + '/**/*.rake'
+        ].each { |rake_file| load rake_file }
+      end
+      generators do
+        Dir[
+          File.expand_path("../../../generators", __FILE__) + '/**/*.rb'
+        ].each { |generator| require generator }
+      end
+    end # Railtie
+  end # EncryptedStore
+end # Ribbon

data/lib/ribbon/encrypted_store/version.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Ribbon
+  module EncryptedStore
+    VERSION = '0.2.0'
+  end # EncryptedStore
+end # Ribbon

data/lib/tasks/encrypted_store.rake ADDED Viewed

@@ -0,0 +1,19 @@
+require 'ribbon/encrypted_store'
+namespace :encrypted_store do
+  task :new_key, [:custom_key] => :environment do |t, args|
+    new_key = EncryptedStore::Mixins::ActiveRecordMixin::EncryptionKey.new_key(args[:custom_key])
+    puts "Created new primary key: #{new_key.id}"
+  end
+  task :retire_keys, [:key_ids] => :environment do |t, args|
+    key_ids = (args[:key_ids] && args[:key_ids].split(" ")) || []
+    new_primary_key = EncryptedStore::Mixins::ActiveRecordMixin::EncryptionKey.retire_keys(key_ids)
+    puts "Retired key_ids: #{key_ids} and reencrypted records with primary key: #{new_primary_key.id}"
+  end
+  task :rotate_keys => :environment do |t, args|
+    new_primary_key = EncryptedStore::Mixins::ActiveRecordMixin::EncryptionKey.rotate_keys
+    puts "Retired all key_ids and reencrypted records with new primary key: #{new_primary_key.id}"
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,169 @@
+--- !ruby/object:Gem::Specification
+name: encrypted_store
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Robert Honer
+- Kayvon Ghaffari
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2015-10-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.3
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.3
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.3
+- !ruby/object:Gem::Dependency
+  name: ribbon-config
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+description: Provides the EncryptedStore mixin
+email:
+- robert@ribbonpayments.com
+- kayvon@ribbonpayments.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/generators/encrypted_store/encrypt_table/encrypt_table_generator.rb
+- lib/generators/encrypted_store/install/install_generator.rb
+- lib/generators/encrypted_store/install/templates/create_encryption_key_salts.rb
+- lib/generators/encrypted_store/install/templates/create_encryption_keys.rb
+- lib/generators/encrypted_store/install/templates/initializer.rb
+- lib/generators/encrypted_store/upgrade/ZeroOneFive/templates/upgrade_encryption_key_salts_to_015.rb
+- lib/generators/encrypted_store/upgrade/ZeroOneFive/templates/upgrade_encryption_keys_to_015.rb
+- lib/generators/encrypted_store/upgrade/ZeroOneFive/zero_one_five_generator.rb
+- lib/ribbon/encrypted_store.rb
+- lib/ribbon/encrypted_store/crypto_hash.rb
+- lib/ribbon/encrypted_store/errors.rb
+- lib/ribbon/encrypted_store/instance.rb
+- lib/ribbon/encrypted_store/mixins.rb
+- lib/ribbon/encrypted_store/mixins/active_record_mixin.rb
+- lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb
+- lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key_salt.rb
+- lib/ribbon/encrypted_store/railtie.rb
+- lib/ribbon/encrypted_store/version.rb
+- lib/tasks/encrypted_store.rake
+homepage: http://github.com/ribbon/encrypted_store
+licenses:
+- BSD
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.3
+signing_key:
+specification_version: 4
+summary: Provides the EncryptedStore mixin
+test_files: []