encryption_accessor 0.0.1

data/Manifest

@@ -0,0 +1,6 @@
+README
+Rakefile
+lib/aes_crypt.rb
+lib/encryption_accessor.rb
+tasks/encryption_accessor.rake
+Manifest

data/README

@@ -0,0 +1,58 @@
+= encryption_accessor
+
+This is a gem for allowing encryption of data (using AES256) from the Ruby side, with a dead simple API and accessor methods.
+
+== Usage
+
+Let's say you have a model User and your data is stored as plain text. To encrypt that data you have to do the following:
+
+  class User < ActiveRecord::Base
+    ..
+    encryption_accessor :first_name, :last_name, :password
+    ..
+  end
+
+By adding this declaration, now the User model has created a couple of new methods for you (and also modified the existing standard accessors) for each field, such us: first_name_encrypt!, first_name_decrypt!, first_name_encrypred .. and the same for last_name and password.
+
+Then, you can encrypt your fields of records already stored on the database, as the following example suggests:
+
+  > u = User.find(1)
+  > u.first_name_encrypt!
+  > u.last_name_encrypt!
+  > u.password_encrypt!
+  > u.save(false)
+
+Your data is now encrypted!
+
+For new data, it's even simpler, as the old accessors has been redefined, look at this:
+
+  > u = User.create(:first_name => 'Marcelo', :last_name => 'Giorgi')
+
+That's it! The data is stored encrypted. You can test it:
+
+  > u.first_name
+  => 'Marcelo'
+  > u.first_name_encrypted
+  => "57626921e35fa400b2ab3227abbfb98a"
+
+Also it's important to notice that I didn't overwrite any finder methods. So if you want to query for an encrypted value you should do the following:
+
+  > u = User.find_by_first_name_and_last_name(AESCrypt.encrypt('Marcelo'), AESCrypt.encrypt('Giorgi'))
+  => #<User id: 1, first_name: "57626921e35fa400b2ab3227abbfb98a", last_name: "bc0059af127f097175f3aa5795841922", .. password: ...>
+
+That's all I have to say. Let me know if it helps :)
+
+== TODO
+
+* Add specs !!
+* Add more flexibility for another algorithms.
+
+== License
+
+Copyright (c) 2010 Marcelo Giorgi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,16 @@
+require 'rubygems'
+require 'echoe'
+
+# PACKAGING ============================================================
+
+Echoe.new('encryption_accessor', '0.0.1') do |p|
+  p.description = "Accessor's to encrypt/decrypt fields when data is stored encrypted on DB"
+  p.url = 'https://github.com/marklazz/encryption_accessor'
+  p.author = 'Marcelo Giorgi'
+  p.email = 'marklazz.uy@gmail.com'
+  p.ignore_pattern = [ 'tmp/*', 'script/*', '*.sh' ]
+  p.runtime_dependencies = []
+  p.development_dependencies = [ 'spec' ]
+end
+
+Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].sort.each { |ext| load ext }

data/encryption_accessor.gemspec

@@ -0,0 +1,33 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{encryption_accessor}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Marcelo Giorgi"]
+  s.date = %q{2011-02-18}
+  s.description = %q{Accessor's to encrypt/decrypt fields when data is stored encrypted on DB}
+  s.email = %q{marklazz.uy@gmail.com}
+  s.extra_rdoc_files = ["README", "lib/aes_crypt.rb", "lib/encryption_accessor.rb", "tasks/encryption_accessor.rake"]
+  s.files = ["README", "Rakefile", "lib/aes_crypt.rb", "lib/encryption_accessor.rb", "tasks/encryption_accessor.rake", "Manifest", "encryption_accessor.gemspec"]
+  s.homepage = %q{https://github.com/marklazz/encryption_accessor}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Encryption_accessor", "--main", "README"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{encryption_accessor}
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Accessor's to encrypt/decrypt fields when data is stored encrypted on DB}
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<spec>, [">= 0"])
+    else
+      s.add_dependency(%q<spec>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<spec>, [">= 0"])
+  end
+end

data/lib/aes_crypt.rb

@@ -0,0 +1,51 @@
+# encoding: UTF-8
+
+require 'openssl'
+require 'digest/sha1'
+
+module AESCrypt
+  extend self
+
+  ALGORITHM = "AES-256-CBC"
+  SECRET = "add-your-way-eliasonmedia-02-10-2011"
+  ENCODE_DIRECTIVE = 'H*'
+
+  # ALGORITHM = "AES-256-ECB"
+  # Decrypts a block of data (encrypted_data) given an encryption key
+  # and an initialization vector (iv).  Keys, iv's, and the data 
+  # returned are all binary strings.  Cipher_type should be
+  # "AES-256-CBC", "AES-256-ECB", or any of the cipher types
+  # supported by OpenSSL.  Pass nil for the iv if the encryption type
+  # doesn't use iv's (like ECB).
+  #:return: => String
+  #:arg: encrypted_data => String 
+  #:arg: key => String
+  #:arg: iv => String
+  #:arg: cipher_type => String
+  def decrypt(encrypted_data, key = SECRET, iv = nil, cipher_type = ALGORITHM)
+    aes = OpenSSL::Cipher::Cipher.new(cipher_type)
+    aes.decrypt
+    aes.key = key
+    aes.iv = iv if iv != nil
+    aes.update([encrypted_data].pack(ENCODE_DIRECTIVE)) + aes.final
+  end
+
+  # Encrypts a block of data given an encryption key and an 
+  # initialization vector (iv).  Keys, iv's, and the data returned 
+  # are all binary strings.  Cipher_type should be "AES-256-CBC",
+  # "AES-256-ECB", or any of the cipher types supported by OpenSSL.  
+  # Pass nil for the iv if the encryption type doesn't use iv's (like
+  # ECB).
+  #:return: => String
+  #:arg: data => String 
+  #:arg: key => String
+  #:arg: iv => String
+  #:arg: cipher_type => String
+  def encrypt(data, key = SECRET, iv = nil, cipher_type = ALGORITHM)
+    aes = OpenSSL::Cipher::Cipher.new(cipher_type)
+    aes.encrypt
+    aes.key = key
+    aes.iv = iv if iv != nil
+    (aes.update(data) + aes.final).unpack(ENCODE_DIRECTIVE)[0]
+  end
+end

data/lib/encryption_accessor.rb

@@ -0,0 +1,61 @@
+module EncryptionAccessor
+
+  VERSION = '0.0.1'
+
+  def self.included(base)
+    base.extend ClassMethods
+  end
+
+  module ClassMethods
+
+    def encryption_accessor(*fields)
+      fields.each do |field|
+        force_implement_field_setter!(field)
+
+        define_method(:"#{field}_with_encryption=") do |value|
+          self.send(:"#{field}_without_encryption=", value)
+          write_attribute(:"#{field}", AESCrypt.encrypt(read_attribute(:"#{field}"))) unless value.nil?
+        end
+
+        self.send :alias_method_chain, :"#{field}=", :encryption
+
+        define_method(:"#{field}_decrypt") do
+          blob_value = self.read_attribute(:"#{field}")
+          return if blob_value.nil?
+          AESCrypt.decrypt(blob_value)
+        end
+
+        define_method(:"#{field}") do
+          self.send(:"#{field}_decrypt")
+        end
+
+        define_method(:"#{field}_encrypted") do
+          self.attributes["#{field}"]
+        end
+        define_method(:"#{field}") do
+          self.send(:"#{field}_decrypt")
+        end
+        define_method(:"#{field}_encrypt!") do
+          self.send(:"#{field}_with_encryption=", self.attributes["#{field}"])
+        end
+        define_method(:"#{field}_decrypt!") do
+          self.send(:"#{field}=", self.send(:"#{field}_decrypt"))
+        end
+      end
+    end
+
+    private
+
+    def force_implement_field_setter!(field)
+      new.send("#{field}=", nil)
+    end
+  end
+end
+
+module ActiveRecord
+  class Base
+   class << self
+     include EncryptionAccessor
+    end
+  end
+end

data/tasks/encryption_accessor.rake

@@ -0,0 +1,147 @@
+require 'rake/clean'
+require 'fileutils'
+require 'date'
+require 'spec/rake/spectask'
+require 'mocha'
+require 'hanna/rdoctask'
+
+# Removes spec task defiened in dependency gems
+module Rake
+  def self.remove_task(task_name)
+    Rake.application.instance_variable_get('@tasks').delete(task_name.to_s)
+  end
+end
+Rake.remove_task 'spec'
+
+def source_version
+  line = File.read('lib/encryption_accessor.rb')[/^\s*VERSION = .*/]
+  line.match(/.*VERSION = '(.*)'/)[1]
+end
+
+# SPECS ===============================================================
+
+desc 'Run mysql, sqlite, and postgresql tests by default'
+task :default => :spec
+
+desc 'Run mysql, sqlite, and postgresql tests'
+task :spec do
+  tasks = defined?(JRUBY_VERSION) ?
+    %w(spec_jdbcmysql spec_jdbcpostgresql) :
+    %w(spec_mysql spec_postgresql)
+  run_without_aborting(*tasks)
+end
+
+def run_without_aborting(*tasks)
+  errors = []
+
+  tasks.each do |task|
+    begin
+      Rake::Task[task].invoke
+    rescue Exception
+      errors << task
+    end
+  end
+
+  abort "Errors running #{errors.join(', ')}" if errors.any?
+end
+
+task :default => :spec
+
+for adapter in %w( mysql postgresql )
+
+  Spec::Rake::SpecTask.new("spec_#{adapter}") do |t|
+    t.spec_opts = ['--color']
+    t.rcov = false
+    if adapter =~ /jdbc/
+      t.libs << "spec/connections/jdbc_#{adapter}"
+    else
+      t.libs << "spec/connections/#{adapter}"
+    end
+      t.spec_files = FileList[ 'spec/cases/**/*_spec.rb', 'spec/lib/**/*_spec.rb' ]
+    end
+
+  namespace adapter do
+    #task "spec_#{adapter}" => [ "rebuild_#{adapter}_databases" ]
+    task :spec => "spec_#{adapter}"
+  end
+end
+
+# DB ==================================================================
+# CREATE USER yaml_conditions
+MYSQL_DB_USER = 'yaml_conditions'
+
+namespace :mysql do
+  desc 'Build the MySQL test databases'
+  task :build_databases do
+    %x( echo "create DATABASE yaml_conditions_db DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_unicode_ci " | mysql --user=#{MYSQL_DB_USER})
+  end
+
+  desc 'Drop the MySQL test databases'
+  task :drop_databases do
+    %x( mysqladmin -u#{MYSQL_DB_USER} -f drop yaml_conditions_db )
+  end
+
+  desc 'Rebuild the MySQL test databases'
+  task :rebuild_databases => [:drop_databases, :build_databases]
+end
+
+task :build_mysql_databases => 'mysql:build_databases'
+task :drop_mysql_databases => 'mysql:drop_databases'
+task :rebuild_mysql_databases => 'mysql:rebuild_databases'
+
+
+namespace :postgresql do
+  desc 'Build the PostgreSQL test databases'
+  task :build_databases do
+    %x( createdb -E UTF8 yaml_conditions_db )
+  end
+
+  desc 'Drop the PostgreSQL test databases'
+  task :drop_databases do
+    %x( dropdb yaml_conditions_db )
+  end
+
+  desc 'Rebuild the PostgreSQL test databases'
+  task :rebuild_databases => [:drop_databases, :build_databases]
+end
+
+task :build_postgresql_databases => 'postgresql:build_databases'
+task :drop_postgresql_databases => 'postgresql:drop_databases'
+task :rebuild_postgresql_databases => 'postgresql:rebuild_databases'
+
+# Rcov ================================================================
+namespace :spec do
+  desc 'Mesures test coverage'
+  task :coverage do
+    rm_f "coverage"
+    rcov = "rcov --text-summary -Ilib"
+    system("#{rcov} --no-html --no-color spec/lib/*_spec.rb")
+  end
+end
+
+# Website =============================================================
+# Building docs requires HAML and the hanna gem:
+#   gem install mislav-hanna --source=http://gems.github.com
+
+desc 'Generate RDoc under doc/api'
+task 'doc'     => ['doc:api']
+
+task 'doc:api' => ['doc/api/index.html']
+
+file 'doc/api/index.html' => FileList['lib/**/*.rb','README.rdoc'] do |f|
+  require 'rbconfig'
+  hanna = RbConfig::CONFIG['ruby_install_name'].sub('ruby', 'hanna')
+  rb_files = f.prerequisites
+  sh((<<-end).gsub(/\s+/, ' '))
+    #{hanna}
+      --charset utf8
+      --fmt html
+      --inline-source
+      --line-numbers
+      --main README.rdoc
+      --op doc/api
+      --title 'RTT API Documentation'
+      #{rb_files.join(' ')}
+  end
+end
+CLEAN.include 'doc/api'

metadata

@@ -0,0 +1,95 @@
+--- !ruby/object:Gem::Specification 
+name: encryption_accessor
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Marcelo Giorgi
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-02-18 00:00:00 -02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: spec
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id001
+description: Accessor's to encrypt/decrypt fields when data is stored encrypted on DB
+email: marklazz.uy@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+- lib/aes_crypt.rb
+- lib/encryption_accessor.rb
+- tasks/encryption_accessor.rake
+files: 
+- README
+- Rakefile
+- lib/aes_crypt.rb
+- lib/encryption_accessor.rb
+- tasks/encryption_accessor.rake
+- Manifest
+- encryption_accessor.gemspec
+has_rdoc: true
+homepage: https://github.com/marklazz/encryption_accessor
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --line-numbers
+- --inline-source
+- --title
+- Encryption_accessor
+- --main
+- README
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 11
+      segments: 
+      - 1
+      - 2
+      version: "1.2"
+requirements: []
+
+rubyforge_project: encryption_accessor
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Accessor's to encrypt/decrypt fields when data is stored encrypted on DB
+test_files: []
+