inline_encryption 1.0.5 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +3 -2
- data/CHANGELOG.md +13 -0
- data/Guardfile +1 -7
- data/README.md +25 -0
- data/config/locales.yml +2 -0
- data/inline_encryption.gemspec +2 -3
- data/lib/inline_encryption/base.rb +3 -3
- data/lib/inline_encryption/errors.rb +1 -0
- data/lib/inline_encryption/version.rb +1 -1
- data/spec/inline_encryption/base_spec.rb +19 -8
- metadata +4 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9fa44349b8afbb67725ba42f2ac165ebb59cbfa6
|
4
|
+
data.tar.gz: 1cfca6d68fca5bd9fb651bda3baa74ede0db5689
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fc26913e1f8fbd7a49d866c9441658d665a5e4b3f77d1e2ccdbf5b083fcfeb5f69ffff537d56d65fc4d63c6e2716519ce3c1a108f702a7a21d21343e0f88a3f0
|
7
|
+
data.tar.gz: fafafd58e6d94081390689e11aca11257950b2758b44305fa2f3eb78125bf64e870de85ae1b3f3e55f881b958e7f82871168c646a7f48dcd97461cefb0adf0d9
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,16 @@
|
|
1
|
+
# 2.0.0
|
2
|
+
- Major backwards compatible change. A common if perhaps upspoken thought
|
3
|
+
of many good developers I have known is "I hate what I wrote yesterday"
|
4
|
+
Well, for whatever reason (that I cannot recall or even fathom) this gem was
|
5
|
+
originally written using a private key for encrypting a value, and a public
|
6
|
+
key to decrypt. While that is not itself insecure, it's a terrible
|
7
|
+
practice and makes it easy for humans to make errors.
|
8
|
+
So starting in version 2.0.0 encrpyt methods will use public key and
|
9
|
+
decrypt will use private key, as is conventional
|
10
|
+
- raise on trying to decrypt with a public key
|
11
|
+
- code cleanup (style, remove spork remnant)
|
12
|
+
- bump travis ruby versions to secure versions
|
13
|
+
|
1
14
|
# 1.0.5
|
2
15
|
- updated gem groups, updated travis to run without debugger and development groups
|
3
16
|
# 1.0.4
|
data/Guardfile
CHANGED
@@ -1,16 +1,10 @@
|
|
1
1
|
# A sample Guardfile
|
2
2
|
# More info at https://github.com/guard/guard#readme
|
3
3
|
|
4
|
-
guard 'rspec', all_after_pass: true, failed_mode: :focus, all_on_start: true, cmd: 'rspec
|
4
|
+
guard 'rspec', all_after_pass: true, failed_mode: :focus, all_on_start: true, cmd: 'rspec' do
|
5
5
|
watch(%r{^spec/.+_spec\.rb$})
|
6
6
|
watch(%r{^lib/(.+)\.rb$}){ |m| "spec/lib/#{m[1]}_spec.rb" }
|
7
7
|
watch('spec/spec_helper.rb'){ "spec" }
|
8
8
|
watch(%r{^spec/support/(.+)\.rb$}) { "spec" }
|
9
9
|
end
|
10
10
|
|
11
|
-
guard 'spork', :test_unit => false do
|
12
|
-
watch('Gemfile')
|
13
|
-
watch('Gemfile.lock')
|
14
|
-
watch('spec/spec_helper.rb') { :rspec }
|
15
|
-
end
|
16
|
-
|
data/README.md
CHANGED
@@ -2,6 +2,15 @@
|
|
2
2
|
|
3
3
|
Simple encryption relying on convention and designed to be used inline as string replacements.
|
4
4
|
|
5
|
+
PLEASE upgrade to version 2.0 - previous versions lend themselves to making
|
6
|
+
human errors which could lead to exploitation.
|
7
|
+
|
8
|
+
## Upgrading from 1.0 to 2.0
|
9
|
+
|
10
|
+
1. Recommended, but optional - generate a new RSA key pair
|
11
|
+
2. For a properly configured production environment, simply configure with a private key
|
12
|
+
3. Pass along the public key to any developers on the team that will need to encrypt new values
|
13
|
+
|
5
14
|
## Usage
|
6
15
|
|
7
16
|
Imagine you have a file named `database.yml` that contains passwords.
|
@@ -17,3 +26,19 @@ After:
|
|
17
26
|
```ruby
|
18
27
|
password: <%= InlineEncryption.decrypt(encrypted stuff goes here) %>
|
19
28
|
```
|
29
|
+
|
30
|
+
To set up:
|
31
|
+
|
32
|
+
```ruby
|
33
|
+
InlineEncryption.config[:key] = '/some/rsa_key'
|
34
|
+
```
|
35
|
+
|
36
|
+
An example of different keys per environment:
|
37
|
+
|
38
|
+
```ruby
|
39
|
+
InlineEncryption.config[:key] = ENV['INLINE_ENCRYPTION_KEY']
|
40
|
+
```
|
41
|
+
|
42
|
+
|
43
|
+
If you've configured with a private key, you can both encrypt and decrypt. If you've
|
44
|
+
configured with a public key, you can only encrypt.
|
data/config/locales.yml
CHANGED
@@ -3,8 +3,10 @@ en:
|
|
3
3
|
encrypted: 'Encrypted: %{data}'
|
4
4
|
error:
|
5
5
|
missing_key: "missing variable: 'key'"
|
6
|
+
pub_key_decrypt: "Tried to decrypt with a public key. If you really need this ability, please use version ~> 1.0"
|
6
7
|
es:
|
7
8
|
target: 'Destino: %{data}'
|
8
9
|
encrypted: 'Encriptado: %{data}'
|
9
10
|
error:
|
10
11
|
missing_key: "variable que falta: 'key'"
|
12
|
+
pub_key_decrypt: "Intentado decriptar con llave publica. Si de veras necesitas esta capabilidad, favor de user version ~> 1.0"
|
data/inline_encryption.gemspec
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
2
|
-
require 'base64'
|
3
2
|
lib = File.expand_path('../lib', __FILE__)
|
4
3
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
5
4
|
require 'inline_encryption/version'
|
@@ -8,7 +7,7 @@ Gem::Specification.new do |spec|
|
|
8
7
|
spec.name = 'inline_encryption'
|
9
8
|
spec.version = InlineEncryption::VERSION
|
10
9
|
spec.authors = ['rubyisbeautiful']
|
11
|
-
spec.email =
|
10
|
+
spec.email = 'bcptaylor@gmail.com'
|
12
11
|
spec.description = %q{ A simple encryption tool based on common convention }
|
13
12
|
spec.summary = %q{ A simple encryption tool based on common convention and designed as a drop in for Stringish things }
|
14
13
|
spec.homepage = 'http://github.com/rubyisbeautiful/inline_encryption'
|
@@ -18,7 +17,7 @@ Gem::Specification.new do |spec|
|
|
18
17
|
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
19
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
20
19
|
spec.require_paths = ['lib']
|
21
|
-
spec.required_ruby_version = '>= 1.
|
20
|
+
spec.required_ruby_version = '>= 2.1.5'
|
22
21
|
|
23
22
|
spec.executables = ['inline_encryption']
|
24
23
|
|
@@ -12,7 +12,7 @@ module InlineEncryption
|
|
12
12
|
config.check_required_variables
|
13
13
|
|
14
14
|
begin
|
15
|
-
encrypted = config.real_key.
|
15
|
+
encrypted = config.real_key.public_encrypt(data)
|
16
16
|
converted = Base64.encode64(encrypted)
|
17
17
|
rescue => e
|
18
18
|
err = EncryptionFailureError.exception I18n.t('target', data: data)
|
@@ -39,11 +39,11 @@ module InlineEncryption
|
|
39
39
|
# @raise [DecryptionFailureError] couldn't decrypt the target
|
40
40
|
def decrypt!(data)
|
41
41
|
config.check_required_variables
|
42
|
+
raise MisconfigurationError.new(I18n.t('error.pub_key_decrypt')) unless config.real_key.private?
|
42
43
|
|
43
44
|
begin
|
44
45
|
converted = Base64.decode64(data)
|
45
|
-
|
46
|
-
decrypted = this_key.public_decrypt(converted)
|
46
|
+
decrypted = config.real_key.private_decrypt(converted)
|
47
47
|
rescue => e
|
48
48
|
err = DecryptionFailureError.exception I18n.t('encrypted', data)
|
49
49
|
raise err
|
@@ -7,16 +7,16 @@ describe InlineEncryption::Base do
|
|
7
7
|
@default_key = OpenSSL::PKey::RSA.generate(2048)
|
8
8
|
end
|
9
9
|
|
10
|
-
before :each do
|
11
|
-
InlineEncryption.config[:key] = @default_key
|
12
|
-
end
|
13
|
-
|
14
10
|
describe 'encrypt' do
|
15
11
|
|
16
12
|
let(:str){ 'foo' }
|
17
13
|
|
14
|
+
before :each do
|
15
|
+
InlineEncryption.config[:key] = @default_key
|
16
|
+
end
|
17
|
+
|
18
18
|
it 'should encrypt' do
|
19
|
-
expect(InlineEncryption.encrypt(str)).
|
19
|
+
expect(InlineEncryption.encrypt(str)).not_to eq(str)
|
20
20
|
end
|
21
21
|
|
22
22
|
it 'should fail to encrpyt and return the target' do
|
@@ -34,8 +34,12 @@ describe InlineEncryption::Base do
|
|
34
34
|
describe 'encrypt!' do
|
35
35
|
let(:str){ 'foo' }
|
36
36
|
|
37
|
+
before :each do
|
38
|
+
InlineEncryption.config[:key] = @default_key
|
39
|
+
end
|
40
|
+
|
37
41
|
it 'should encrypt' do
|
38
|
-
expect(InlineEncryption.encrypt!(str)).
|
42
|
+
expect(InlineEncryption.encrypt!(str)).not_to eq(str)
|
39
43
|
end
|
40
44
|
|
41
45
|
it 'should fail to encrpyt and raise' do
|
@@ -48,10 +52,11 @@ describe InlineEncryption::Base do
|
|
48
52
|
describe 'decrypt' do
|
49
53
|
|
50
54
|
before :all do
|
51
|
-
@str = Base64.encode64(@default_key.
|
55
|
+
@str = Base64.encode64(@default_key.public_encrypt('chunky'))
|
52
56
|
end
|
53
57
|
|
54
58
|
it 'should decrypt' do
|
59
|
+
InlineEncryption.config[:key] = @default_key
|
55
60
|
expect(InlineEncryption.decrypt(@str)).to eq('chunky')
|
56
61
|
end
|
57
62
|
|
@@ -65,15 +70,21 @@ describe InlineEncryption::Base do
|
|
65
70
|
expect(InlineEncryption.decrypt(@str, 'chunky')).to eq('chunky')
|
66
71
|
end
|
67
72
|
|
73
|
+
it 'should fail to decrpyt and raise if using a public key to decrypt' do
|
74
|
+
InlineEncryption.config[:key] = @default_key.public_key
|
75
|
+
expect{ InlineEncryption.decrypt('whatevs') }.to raise_error(InlineEncryption::MisconfigurationError)
|
76
|
+
end
|
77
|
+
|
68
78
|
end
|
69
79
|
|
70
80
|
describe 'decrypt!' do
|
71
81
|
|
72
82
|
before :all do
|
73
|
-
@str = Base64.encode64(@default_key.
|
83
|
+
@str = Base64.encode64(@default_key.public_encrypt('chunky'))
|
74
84
|
end
|
75
85
|
|
76
86
|
it 'should decrypt' do
|
87
|
+
InlineEncryption.config[:key] = @default_key
|
77
88
|
expect(InlineEncryption.decrypt!(@str)).to eq('chunky')
|
78
89
|
end
|
79
90
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inline_encryption
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- rubyisbeautiful
|
@@ -53,8 +53,7 @@ dependencies:
|
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
55
|
description: " A simple encryption tool based on common convention "
|
56
|
-
email:
|
57
|
-
- bcptaylor@gmail.com
|
56
|
+
email: bcptaylor@gmail.com
|
58
57
|
executables:
|
59
58
|
- inline_encryption
|
60
59
|
extensions: []
|
@@ -144,7 +143,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
144
143
|
requirements:
|
145
144
|
- - ">="
|
146
145
|
- !ruby/object:Gem::Version
|
147
|
-
version: 1.
|
146
|
+
version: 2.1.5
|
148
147
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
149
148
|
requirements:
|
150
149
|
- - ">="
|
@@ -152,7 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
152
151
|
version: '0'
|
153
152
|
requirements: []
|
154
153
|
rubyforge_project:
|
155
|
-
rubygems_version: 2.
|
154
|
+
rubygems_version: 2.4.5.1
|
156
155
|
signing_key:
|
157
156
|
specification_version: 4
|
158
157
|
summary: A simple encryption tool based on common convention and designed as a drop
|