ezcrypto2 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 0605d0037e14a9c4c90c59f13ba42a66fd988dea4610c89ee115b25c6196a3a8
4
+ data.tar.gz: eae330b6ccba774f84d06e1cf3123d7270a2e5c8aa9239cd6e358b82ca97191d
5
+ SHA512:
6
+ metadata.gz: 8e23e38fdc84f1690b3bc41fe432da9a21de626d96f76bed4f4bc0063c765574450f37b59d5bf31bc36c4d075c4fe2188acee73b2ed894752816f1eefb623f43
7
+ data.tar.gz: a228da02cc313c84b1582c396609906cb4896fc241ef5df320817557b8e8a18af4de03a021cb3b08819ef75b76315e2d239f5d526aae791f73dca3992190aaff
data/CHANGELOG ADDED
@@ -0,0 +1,85 @@
1
+ 0.7.2 March, 2009 support for base64 encrypted attributes in ActiveCrypto (Micah Wedemeyer)
2
+
3
+ 0.7 September 12th, 2006 PKYP services support
4
+
5
+ Marking the release of http://pkyp.org a new no nonsense Public Key directory, this allows you register your public keys and certificates on a public server. If you have web applications with certificates or public keys you can point your users at http://pkyp.org/{key.digest} for more info about a certificate.
6
+
7
+ Register a public key or certificate at PKYP with the new method register_with_pkyp like this:
8
+
9
+ signer=EzCrypto::Signer.generate
10
+ signer.verifier.register_with_pkyp
11
+
12
+ If you have the public key or certificate digest you can fetch the full public key or certificate like this:
13
+
14
+ verifier=EzCrypto::Verifier.from_pkyp "e93e18114cbefaaa89fda908b09df63d3662879a"
15
+ verifier.verify sig, request_text
16
+
17
+ This allows a simpler way of transfering certificates. The idea of including certificates with every request is not really necessary in an online world. For example you could pass the digest in a HTTP header for a REST web services request.
18
+
19
+ 0.6.2 August 15th, 2006 Trust something release
20
+
21
+ Now comes complete with a fairly trusted list of root certs as extracted from Apple's keystore. With the addition of CACerts and GoDaddy SSL Certs (Buy from http://widecert.net). If you feel any important ones are missing let me know.
22
+
23
+ You can create a trust store from this with TrustStore.default_trusted. Note many of these CA's are useless and you shouldn't really trust them, but this makes it easy to emulate the browsers support.
24
+
25
+ 0.6.1 August 14th, 2006 Subject!=Issuer bug fix
26
+
27
+ I discovered a not so little bug in the certificate handling. The issuer method of the Certificate mistakenly returned the subject.
28
+
29
+ 0.6 August 10th, 2006 Certified PKI release
30
+
31
+ Finally I have had a good reason http://www.tractis.com to add Digital Signature support to EzCrypto. We have support for RSA and DSA private and public keys as well as basic X509 certificate support. All in typical EzCrypto simple Ruby like methods.
32
+
33
+ KNOWN PROBLEM. The DSA Signer.public_key method has some sort of problem but will be fixed for 0.6.1.
34
+
35
+ 0.5 July 19th, 2006 Good citizen release
36
+
37
+ I have cleaned up the ActiveCrypto namespaces. It now does not use ActiveRecord::Crypto, but ActiveCrypto::*, if you have called stuff directly please update your code.
38
+
39
+ The reason for this is to really be a good citizen in the world of rails and not unnecessarily pollute the ActiveRecord name space.
40
+
41
+ I have also created much more thorough unit tests and refactored some things that did not work in version 0.4 that the world thankfully did not see.
42
+
43
+ 0.4 Flawed internal release
44
+
45
+ 0.3 February 25th, 2006 new encrypted file support by Dirk (dirk.barnikel@gmx.de) Thanks Dirk.
46
+
47
+ * Added test case for the file-related stuff. file-stuff
48
+ seems to work fine
49
+
50
+ * Replaced hard coded IO buffersize (512) with class attribute
51
+ Key#block_size and default value.
52
+
53
+ * Modification to create {De,En}crypters only via the factory methods
54
+ Key#{de,en}crypter.
55
+
56
+ * Added Key#{de,en}crypt_file methods that take a file and de- or encrypts it.
57
+
58
+ * The methods are implemented to call the cipher with small chunks of data (512 bytes) to keep memory usage low.
59
+
60
+ * By default, the original file is first overwritten and then removed.
61
+
62
+ * This overwrite is not really safe but should make it harder to restore the data of the removed file from the filesystem.
63
+
64
+ * Added Key#{store,load} methods that read and write Key data to/from files.
65
+
66
+ * Added Key#safe_{create,delete,read} methods to encapsulate the handling of files inside EzCrypto.
67
+
68
+ 0.2.2 January 4th, 2006 Bug fixes and unit tests for active_crypto
69
+
70
+ There were some serious problems with ActiveCrypto's support for having keys in associated classes. I also added unit tests to active_crypto. The support code was brutaly stolen from Rick Olson's acts_as_paranoid library. Unfortunately I disabled the schema stuff for now, but will add it in the next release, which hopefully is soon.
71
+
72
+ 0.2.1 November 2nd, 2005 New method in KeyHolder
73
+
74
+ Added set_encoded_key(enc) to KeyHolder for setting a key with the Base64 encoded keyvalue.
75
+
76
+ 0.2 October 30th, 2005 Ruby on Rails integration
77
+
78
+ As promised I have now included my first version of ActiveCrypto the crypto layer for ActiveRecord and Ruby on Rails.
79
+
80
+ 0.1.1 August 27, 2005 Minor fixes
81
+
82
+ Thanks to Jason Vasquez mugatu at mugfu dot com for noticing that Key#to_s
83
+ called the nonexistent encoded method.
84
+
85
+ I also made a few slight changes to the documentation.
data/MIT-LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ Copyright (c) 2004 David Heinemeier Hansson
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21
+
data/README.rdoc ADDED
@@ -0,0 +1,152 @@
1
+ = EzCrypto - Easy to use Crypto for Ruby
2
+
3
+ EzCrypto is an easy to use wrapper around the poorly documented OpenSSL ruby library.
4
+
5
+ == Features
6
+
7
+ * Defaults to AES 128 CBC
8
+ * Will use the systems OpenSSL library for transparent hardware crypto support
9
+ * Single class object oriented access to most commonly used features
10
+ * Ruby like
11
+
12
+ == Installation
13
+
14
+ Download it from here:
15
+
16
+ http://rubyforge.org/frs/?group_id=755
17
+
18
+ or install it via Ruby Gems:
19
+
20
+ gem install ezcrypto
21
+
22
+ == Simple examples
23
+
24
+ ==== To encrypt:
25
+
26
+ Generate a key using a password and a salt. Use the keys encrypt method to encrypt a strings worth of data:
27
+
28
+ @key=EzCrypto::Key.with_password "password", "system salt"
29
+ @encrypted=@key.encrypt "Top secret should not be revealed"
30
+
31
+ ==== To decrypt:
32
+
33
+ Same procedure as encrypt. Generate a key using a password and a salt. Use the keys decrypt method to decrypt a strings worth of data:
34
+
35
+ @key=EzCrypto::Key.with_password "password", "system salt"
36
+ @key.decrypt @encrypted
37
+
38
+ ==== One liners:
39
+
40
+ These simple examples use one line each:
41
+
42
+ @encrypted=EzCrypto::Key.encrypt_with_password "password", @salt,"Top secret should not be revealed"
43
+
44
+ EzCrypto::Key.decrypt_with_password "password", @salt,@encrypted
45
+
46
+ == Keys
47
+
48
+ The only class you need to know for most uses og EzCrypto is the Key class. You don't need understand ciphers or the encryption life cycle.
49
+
50
+ ==== Generating a random key
51
+
52
+ The most secure type of key is the randomly generated key:
53
+
54
+ @key=EzCrypto::Key.generate
55
+
56
+ ==== Initializing a key with raw key data
57
+
58
+ If you already have a key from some other source, you simply have to call the constructor with the raw data:
59
+
60
+ @key=EzCrypto::Key.new @binarykey
61
+
62
+ ==== Initializing a Key with a Base64 encoded key
63
+
64
+ As seen above you can create a key from a password. This should be used if you don't want the key to be stored on disk for example:
65
+
66
+ @key=EzCrypto::Key.with_password "Secret password"
67
+
68
+ ==== Initializing a Key with a Base64 encoded key
69
+
70
+ If you already have a key from some other source in the popular Base64 encoded format, you use the decode class method:
71
+
72
+ @key=EzCrypto::Key.decode @binarykey
73
+
74
+ ==== Exporting the key
75
+
76
+ To export or save a key use the encode method (or to_s) method for a Base64 encoded key or raw as the raw binary data.
77
+
78
+ puts @key.encode
79
+ puts @key.raw
80
+
81
+ The raw method could be used for storing in a database using a tinyblob column.
82
+
83
+ == Encryption and Decryption
84
+
85
+ EzCrypto is optimized for simple encryption and decryption of strings. There are encrypt/decrypt pairs for normal binary use as well as for Base64 encoded use.
86
+
87
+ ==== Regular raw use
88
+
89
+ Assuming you have generated a key using one of the above methods:
90
+
91
+ @encrypted=@key.encrypt("clear text")
92
+ @decrypted=@key.decrypt(@encrypted)
93
+ assert "clear text", @decrypted
94
+
95
+ ==== Base64 encoded use
96
+
97
+ This uses the encrypt64 and decrypt64 methods. Otherwise it is all the same:
98
+
99
+ @encrypted=@key.encrypt64("clear text")
100
+ @decrypted=@key.decrypt64(@encrypted)
101
+ assert "clear text", @decrypted
102
+
103
+ == FAQ
104
+
105
+ === What algorithm does this use?
106
+
107
+ It uses as the default algorithm the AES 128 bit standard. This is a very fast and highly secure algorithm specified as the national standard in the US. For more information see:
108
+
109
+ http://en.wikipedia.org/wiki/AES
110
+
111
+ === Only 128 bits. Is that enough?
112
+
113
+ While it might sound like more would make it more secure, there is really no real security advantage for most commercial applications to use more than 128 bit AES.
114
+
115
+ === What is Base64 encoding?
116
+
117
+ This is the most efficient and commonly used encoding scheme for binary data. This is used amongst other things for email attachments. It is also very common to use it for encrypted data.
118
+
119
+ === What is a Salt?
120
+
121
+ A salt is just a piece of data we hash in with the password to create the key. If it is a server based application you could use store a salt within your source file. The salt must be the same for both encryption and decryption.
122
+
123
+
124
+ == License
125
+
126
+ EzCrypto and ActionCrypto is released under the MIT license.
127
+
128
+
129
+ == Support
130
+
131
+ To contact the author, send mail to pelle@stakeventures.com
132
+
133
+ Also see my blogs at:
134
+ http://stakeventures.com and
135
+ http://blog.extraeagle.com
136
+
137
+ This project was based on code used in my projects Agree2, WideWord and WideBlog.
138
+
139
+ Agree2 lets you create legal business agreements instantly.
140
+
141
+ https://agree2.com
142
+
143
+ WideWord lets you collaboratively write and share documents that remain 100% encrypted on the server. Only you have the keys:
144
+
145
+ http://wideword.net
146
+
147
+ WideBlog is a secure private blogging system designed for private project blogs. It uses the same encryption technology as WideWord and is very easy to use:
148
+
149
+ http://wideblog.net
150
+
151
+
152
+ (C) 2005-2009 Pelle Braendgaard
@@ -0,0 +1,122 @@
1
+ = ActiveCrypto - Easy to use Crypto for Ruby on Rails
2
+
3
+ ActiveCrypto is based on EzCrypto and provides application oriented crypto support for Ruby on Rails applications.
4
+
5
+ == Features
6
+
7
+ * Transparent encryption/decryption
8
+ * Ruby on Rails like domain language
9
+
10
+ == Installation
11
+
12
+ Download it from here:
13
+
14
+ http://rubyforge.org/frs/?group_id=755
15
+
16
+ or install it via Ruby Gems:
17
+
18
+ gem install ezruby
19
+
20
+
21
+ == Simple examples
22
+
23
+ ==== A simple encrypted class
24
+
25
+ You specify in your class which fields are encrypted:
26
+
27
+ class Document < ActiveRecord::Base
28
+ encrypt :title,:body
29
+ end
30
+
31
+ Two encrypt it you need to enter a key. For ease of use there is a method called enter_password which sets the key based on a password of your choice.
32
+
33
+ doc=Document.new
34
+ doc.enter_password "This stuff is secret man!!!"
35
+ doc.title="Plan to take over the world"
36
+ doc.body="Write apps in Rails"
37
+ doc.save
38
+
39
+ This needs to be done as well if you want to read your document:
40
+
41
+ doc=Document.find 1
42
+ doc.enter_password "This stuff is secret man!!!"
43
+ puts doc.name
44
+
45
+ If you don't remember to set a key it will through a MissingKeyError.
46
+
47
+ ==== More realistic example with KeyHolder
48
+
49
+ It probably isn't much use if each record needs its own key. The solution to this is the KeyHolder. A KeyHolder is an object that holds keys for use by other objects. A typical example would be a user.
50
+
51
+ class User < ActiveRecord::Base
52
+ has_many :documents
53
+ keyholder
54
+ end
55
+
56
+ We use standard ActiveRecord associations to associate the User with his documents. We also need to specify that he is a keyholder. We now modify our Document class as follows:
57
+
58
+ class Document < ActiveRecord::Base
59
+ belongs_to :user
60
+ encrypt :title,:body,:key=>:user
61
+ end
62
+
63
+ We have the standard associations going on here, but we have also added the option :key=>:user to the encrypt statement. Now we could do this:
64
+
65
+ @user=User.new
66
+ @user.enter_password "This stuff is secret man!!!"
67
+ @user.save
68
+
69
+ @doc=Document.new
70
+ @doc.user=@user
71
+ @doc.title="Plan to take over the world"
72
+ @doc.body="Write apps in Rails"
73
+ @doc.save
74
+
75
+ You could also do ordinary rails like stuf such as:
76
+
77
+ @user.documents.each do |doc|
78
+ puts doc.name
79
+ end
80
+
81
+ Decryption is done transparently.
82
+
83
+ When doing this within a rails application, active_crypto automatically maintains a list of keys for each user session. Besides the 2 steps below you don't need to do anything special within your controller.
84
+
85
+ 1. When a user logs on with a password enter his password like this:
86
+
87
+ @user.enter_password @params['password']
88
+
89
+ 2. When a user logs off call the following
90
+
91
+ clear_session_keys
92
+
93
+ == Usage as a Rails plugin
94
+
95
+ Just unpack it into your $MY_RAILS_PROJECTS/vendor/plugins folder to use it as a self contained plugin. Otherwise you can install it as a gem using:
96
+
97
+ $ gem install ezcrypto
98
+
99
+ Then make sure to require "active_crypto.rb" at the end of your environment.rb file.
100
+
101
+ == Database Schema issues
102
+
103
+ ActiveCrypto doesn't really care about the schema, but that said you do need a schema that will accept and not mangle it's output. On MySQL I normally use TINYBLOB instead of VARCHAR and BLOB instead of TEXT.
104
+
105
+ == License
106
+
107
+ EzCrypto and ActionCrypto is released under the MIT license.
108
+
109
+
110
+ == Support
111
+
112
+ To contact the author, send mail to pelleb@gmail.com
113
+
114
+ Also see my blogs at:
115
+ http://stakeventures.com and
116
+ http://neubia.com
117
+
118
+ This project was based on code used in my projects WideWord where you can securely share documents and StakeItOut, where you can securely share web services with your partners.
119
+ https://wideword.net
120
+ https://stakeitout.com
121
+
122
+ (C) 2005 Pelle Braendgaard
@@ -0,0 +1,55 @@
1
+ = EzSig - Easy to use Digital Signatures for Ruby
2
+
3
+ EzSig is based on OpenSSL and allows you to do create and verify digital signatures in Ruby without learning too much crypto goobledegook.
4
+
5
+ == Features
6
+
7
+ * Simple Signer class
8
+ * Simple Verifier class
9
+ * Certificate sub class of Verifier which lets you read the certificate data in clear ruby.
10
+
11
+ == Installation
12
+
13
+ Download it from here:
14
+
15
+ http://rubyforge.org/frs/?group_id=755
16
+
17
+ or install it via Ruby Gems:
18
+
19
+ gem install ezruby
20
+
21
+
22
+ == Simple examples
23
+
24
+ ==== Load Private key and sign
25
+
26
+ signer=EzCrypto::Signer.from_file "testsigner.pem"
27
+ sig=signer.sign "hello"
28
+
29
+ ==== Load Certificate and verify
30
+
31
+ cert=EzCrypto::Verifier.from_file "testsigner.cert"
32
+ cert.verify( sig,"hello")
33
+
34
+ ==== Query Certificate for information
35
+
36
+ assert_equal cert.email,"pelleb@gmail.com"
37
+ assert_equal cert.country,"DK"
38
+ assert_equal cert.state,"Denmark"
39
+ assert_equal cert.locality,"Copenhagen"
40
+
41
+ == PKYP integration
42
+
43
+ http://pkyp.org allows you register your public keys and certificates on a public server. If you have web applications with certificates or public keys you can point your users at http://pkyp.org/{key.digest} for more info about a certificate.
44
+
45
+ Register a public key or certificate at PKYP with the new method register_with_pkyp like this:
46
+
47
+ signer=EzCrypto::Signer.generate
48
+ signer.verifier.register_with_pkyp
49
+
50
+ If you have the public key or certificate digest you can fetch the full public key or certificate like this:
51
+
52
+ verifier=EzCrypto::Verifier.from_pkyp "e93e18114cbefaaa89fda908b09df63d3662879a"
53
+ verifier.verify sig, request_text
54
+
55
+ This allows a simpler way of transfering certificates. The idea of including certificates with every request is not really necessary in an online world. For example you could pass the digest in a HTTP header for a REST web services request.