jamescook-ezcrypto 0.7.4

data/CHANGELOG

@@ -0,0 +1,85 @@
+0.7.2 March, 2009 support for base64 encrypted attributes in ActiveCrypto (Micah Wedemeyer)
+
+0.7 September 12th, 2006 PKYP services support
+
+Marking the release of http://pkyp.org a new no nonsense Public Key directory, this allows you register your public keys and certificates on a public server. If you have web applications with certificates or public keys you can point your users at http://pkyp.org/{key.digest} for more info about a certificate.
+
+Register a public key or certificate at PKYP with the new method register_with_pkyp like this:
+
+    signer=EzCrypto::Signer.generate
+    signer.verifier.register_with_pkyp
+    
+If you have the public key or certificate digest you can fetch the full public key or certificate like this:
+
+    verifier=EzCrypto::Verifier.from_pkyp "e93e18114cbefaaa89fda908b09df63d3662879a"
+    verifier.verify sig, request_text
+
+This allows a simpler way of transfering certificates. The idea of including certificates with every request is not really necessary in an online world. For example you could pass the digest in a HTTP header for a REST web services request.
+
+0.6.2 August 15th, 2006 Trust something release
+
+Now comes complete with a fairly trusted list of root certs as extracted from Apple's keystore. With the addition of CACerts and GoDaddy SSL Certs (Buy from http://widecert.net). If you feel any important ones are missing let me know.
+
+You can create a trust store from this with TrustStore.default_trusted. Note many of these CA's are useless and you shouldn't really trust them, but this makes it easy to emulate the browsers support.
+
+0.6.1 August 14th, 2006 Subject!=Issuer bug fix
+
+I discovered a not so little bug in the certificate handling. The issuer method of the Certificate mistakenly returned the subject.
+
+0.6   August 10th, 2006 Certified PKI release
+
+Finally I have had a good reason http://www.tractis.com to add Digital Signature support to EzCrypto. We have support for RSA and DSA private and public keys as well as basic X509 certificate support. All in typical EzCrypto simple Ruby like methods.
+
+KNOWN PROBLEM. The DSA Signer.public_key method has some sort of problem but will be fixed for 0.6.1.
+
+0.5   July 19th, 2006 Good citizen release
+
+I have cleaned up the ActiveCrypto namespaces. It now does not use ActiveRecord::Crypto, but ActiveCrypto::*, if you have called stuff directly please update your code. 
+
+The reason for this is to really be a good citizen in the world of rails and not unnecessarily pollute the ActiveRecord name space.
+
+I have also created much more thorough unit tests and refactored some things that did not work in version 0.4 that the world thankfully did not see.
+
+0.4   Flawed internal release
+
+0.3   February 25th, 2006 new encrypted file support by Dirk (dirk.barnikel@gmx.de) Thanks Dirk.
+
+* Added test case for the file-related stuff. file-stuff 
+  seems to work fine
+
+* Replaced hard coded IO buffersize (512) with class attribute
+  Key#block_size and default value.
+
+* Modification to create {De,En}crypters only via the factory methods
+  Key#{de,en}crypter.
+
+* Added Key#{de,en}crypt_file methods that take a file and de- or encrypts it. 
+
+* The methods are implemented to call the cipher with small chunks of data (512 bytes) to keep memory usage low.
+
+* By default, the original file is first overwritten and then removed.
+
+* This overwrite is not really safe but should make it harder to restore the data of the removed file from the filesystem.
+
+* Added Key#{store,load} methods that read and write Key data to/from files.
+
+* Added Key#safe_{create,delete,read} methods to encapsulate the handling of files inside EzCrypto.
+
+0.2.2 January 4th, 2006 Bug fixes and unit tests for active_crypto
+
+There were some serious problems with ActiveCrypto's support for having keys in associated classes. I also added unit tests to active_crypto. The support code was brutaly stolen from Rick Olson's acts_as_paranoid library. Unfortunately I disabled the schema stuff for now, but will add it in the next release, which hopefully is soon.
+
+0.2.1 November 2nd, 2005 New method in KeyHolder
+
+Added set_encoded_key(enc) to KeyHolder for setting a key with the Base64 encoded keyvalue.
+
+0.2 October 30th, 2005 Ruby on Rails integration
+
+As promised I have now included my first version of ActiveCrypto the crypto layer for ActiveRecord and Ruby on Rails.
+
+0.1.1 August 27, 2005 Minor fixes
+
+Thanks to Jason Vasquez mugatu at mugfu dot com for noticing that Key#to_s
+called the nonexistent encoded method. 
+
+I also made a few slight changes to the documentation.

data/MIT-LICENSE

@@ -0,0 +1,21 @@
+Copyright (c) 2004 David Heinemeier Hansson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/README.rdoc

@@ -0,0 +1,152 @@
+= EzCrypto - Easy to use Crypto for Ruby
+
+EzCrypto is an easy to use wrapper around the poorly documented OpenSSL ruby library.
+
+== Features
+
+* Defaults to AES 128 CBC
+* Will use the systems OpenSSL library for transparent hardware crypto support
+* Single class object oriented access to most commonly used features
+* Ruby like
+
+== Installation
+
+Download it from here:
+
+http://rubyforge.org/frs/?group_id=755
+
+or install it via Ruby Gems:
+
+	gem install ezcrypto
+
+== Simple examples
+
+==== To encrypt:
+
+Generate a key using a password and a salt. Use the keys encrypt method to encrypt a strings worth of data:
+
+  @key=EzCrypto::Key.with_password "password", "system salt"
+  @encrypted=@key.encrypt "Top secret should not be revealed"
+    
+==== To decrypt:
+
+Same procedure as encrypt. Generate a key using a password and a salt. Use the keys decrypt method to decrypt a strings worth of data:
+
+  @key=EzCrypto::Key.with_password "password", "system salt"
+  @key.decrypt @encrypted
+  
+==== One liners:
+
+These simple examples use one line each:
+
+  @encrypted=EzCrypto::Key.encrypt_with_password "password", @salt,"Top secret should not be revealed"
+  
+  EzCrypto::Key.decrypt_with_password "password", @salt,@encrypted
+
+== Keys
+
+The only class you need to know for most uses og EzCrypto is the Key class. You don't need understand ciphers or the encryption life cycle.
+
+==== Generating a random key
+
+The most secure type of key is the randomly generated key:
+
+  @key=EzCrypto::Key.generate
+  
+==== Initializing a key with raw key data
+
+If you already have a key from some other source, you simply have to call the constructor with the raw data:
+
+  @key=EzCrypto::Key.new @binarykey
+  
+==== Initializing a Key with a Base64 encoded key
+
+As seen above you can create a key from a password. This should be used if you don't want the key to be stored on disk for example:
+
+  @key=EzCrypto::Key.with_password "Secret password"
+
+==== Initializing a Key with a Base64 encoded key
+
+If you already have a key from some other source in the popular Base64 encoded format, you use the decode class method:
+
+  @key=EzCrypto::Key.decode @binarykey
+
+==== Exporting the key
+
+To export or save a key use the encode method (or to_s) method for a Base64 encoded key or raw as the raw binary data.
+
+  puts @key.encode
+  puts @key.raw
+  
+The raw method could be used for storing in a database using a tinyblob column.
+
+== Encryption and Decryption
+
+EzCrypto is optimized for simple encryption and decryption of strings. There are encrypt/decrypt pairs for normal binary use as well as for Base64 encoded use.
+
+==== Regular raw use
+
+Assuming you have generated a key using one of the above methods:
+
+  @encrypted=@key.encrypt("clear text")
+  @decrypted=@key.decrypt(@encrypted)
+  assert "clear text", @decrypted
+
+==== Base64 encoded use
+
+This uses the encrypt64 and decrypt64 methods. Otherwise it is all the same:
+
+  @encrypted=@key.encrypt64("clear text")
+  @decrypted=@key.decrypt64(@encrypted)
+  assert "clear text", @decrypted
+
+== FAQ
+
+=== What algorithm does this use?
+
+It uses as the default algorithm the AES 128 bit standard. This is a very fast and highly secure algorithm specified as the national standard in the US. For more information see:
+
+http://en.wikipedia.org/wiki/AES
+
+=== Only 128 bits. Is that enough?
+
+While it might sound like more would make it more secure, there is really no real security advantage for most commercial applications to use more than 128 bit AES.
+
+=== What is Base64 encoding?
+
+This is the most efficient and commonly used encoding scheme for binary data. This is used amongst other things for email attachments. It is also very common to use it for encrypted data.
+
+=== What is a Salt?
+
+A salt is just a piece of data we hash in with the password to create the key. If it is a server based application you could use store a salt within your source file. The salt must be the same for both encryption and decryption.
+
+
+== License
+
+EzCrypto and ActionCrypto is released under the MIT license.
+
+
+== Support
+
+To contact the author, send mail to pelle@stakeventures.com
+
+Also see my blogs at:
+http://stakeventures.com and
+http://blog.extraeagle.com
+
+This project was based on code used in my projects Agree2, WideWord and WideBlog.
+
+Agree2 lets you create legal business agreements instantly.
+
+https://agree2.com
+
+WideWord lets you collaboratively write and share documents that remain 100% encrypted on the server. Only you have the keys:
+
+http://wideword.net
+
+WideBlog is a secure private blogging system designed for private project blogs. It uses the same encryption technology as WideWord and is very easy to use:
+
+http://wideblog.net
+
+
+(C) 2005-2009 Pelle Braendgaard

data/README_ACTIVE_CRYPTO

@@ -0,0 +1,122 @@
+= ActiveCrypto - Easy to use Crypto for Ruby on Rails
+
+ActiveCrypto is based on EzCrypto and provides application oriented crypto support for Ruby on Rails applications.
+
+== Features
+
+* Transparent encryption/decryption
+* Ruby on Rails like domain language
+
+== Installation
+
+Download it from here:
+
+http://rubyforge.org/frs/?group_id=755
+
+or install it via Ruby Gems:
+
+	gem install ezruby
+
+
+== Simple examples
+
+==== A simple encrypted class
+
+You specify in your class which fields are encrypted:
+
+	class Document < ActiveRecord::Base
+		encrypt :title,:body
+	end
+
+Two encrypt it you need to enter a key. For ease of use there is a method called enter_password which sets the key based on a password of your choice.
+
+	doc=Document.new
+	doc.enter_password "This stuff is secret man!!!"
+	doc.title="Plan to take over the world"
+	doc.body="Write apps in Rails"
+	doc.save
+	
+This needs to be done as well if you want to read your document:
+
+	doc=Document.find 1
+	doc.enter_password "This stuff is secret man!!!"
+	puts doc.name
+	
+If you don't remember to set a key it will through a MissingKeyError.
+
+==== More realistic example with KeyHolder
+
+It probably isn't much use if each record needs its own key. The solution to this is the KeyHolder. A KeyHolder is an object that holds keys for use by other objects. A typical example would be a user.
+
+	class User < ActiveRecord::Base
+		has_many :documents
+		keyholder
+	end
+
+We use standard ActiveRecord associations to associate the User with his documents. We also need to specify that he is a keyholder. We now modify our Document class as follows:
+
+	class Document < ActiveRecord::Base
+		belongs_to :user
+		encrypt :title,:body,:key=>:user
+	end
+
+We have the standard associations going on here, but we have also added the option :key=>:user to the encrypt statement. Now we could do this:
+
+	@user=User.new
+	@user.enter_password "This stuff is secret man!!!"
+	@user.save
+	 
+	@doc=Document.new
+	@doc.user=@user 
+	@doc.title="Plan to take over the world"
+	@doc.body="Write apps in Rails"
+	@doc.save
+	
+You could also do ordinary rails like stuf such as:
+
+	@user.documents.each do |doc|
+		puts doc.name
+	end
+
+Decryption is done transparently.
+
+When doing this within a rails application, active_crypto automatically maintains a list of keys for each user session. Besides the 2 steps below you don't need to do anything special within your controller.
+
+1. When a user logs on with a password enter his password like this:
+
+	@user.enter_password @params['password']
+
+2. When a user logs off call the following
+
+	clear_session_keys
+	
+== Usage as a Rails plugin
+
+Just unpack it into your $MY_RAILS_PROJECTS/vendor/plugins folder to use it as a self contained plugin. Otherwise you can install it as a gem using:
+
+	$ gem install ezcrypto
+
+Then make sure to require "active_crypto.rb" at the end of your environment.rb file.
+
+== Database Schema issues
+
+ActiveCrypto doesn't really care about the schema, but that said you do need a schema that will accept and not mangle it's output. On MySQL I normally use TINYBLOB instead of VARCHAR and BLOB instead of TEXT.
+
+== License
+
+EzCrypto and ActionCrypto is released under the MIT license.
+
+
+== Support
+
+To contact the author, send mail to pelleb@gmail.com
+
+Also see my blogs at:
+http://stakeventures.com and
+http://neubia.com
+
+This project was based on code used in my projects WideWord where you can securely share documents and StakeItOut, where you can securely share web services with your partners.
+https://wideword.net
+https://stakeitout.com
+
+(C) 2005 Pelle Braendgaard

data/README_DIGITAL_SIGNATURES

@@ -0,0 +1,55 @@
+= EzSig - Easy to use Digital Signatures for Ruby
+
+EzSig is based on OpenSSL and allows you to do create and verify digital signatures in Ruby without learning too much crypto goobledegook.
+
+== Features
+
+* Simple Signer class
+* Simple Verifier class
+* Certificate sub class of Verifier which lets you read the certificate data in clear ruby.
+
+== Installation
+
+Download it from here:
+
+http://rubyforge.org/frs/?group_id=755
+
+or install it via Ruby Gems:
+
+	gem install ezruby
+
+
+== Simple examples
+
+==== Load Private key and sign
+
+	signer=EzCrypto::Signer.from_file "testsigner.pem"
+	sig=signer.sign "hello"
+
+==== Load Certificate and verify
+
+	cert=EzCrypto::Verifier.from_file "testsigner.cert"
+	cert.verify( sig,"hello")
+
+==== Query Certificate for information
+	
+	assert_equal cert.email,"pelleb@gmail.com"
+	assert_equal cert.country,"DK"
+	assert_equal cert.state,"Denmark"
+	assert_equal cert.locality,"Copenhagen"
+
+== PKYP integration
+
+http://pkyp.org allows you register your public keys and certificates on a public server. If you have web applications with certificates or public keys you can point your users at http://pkyp.org/{key.digest} for more info about a certificate.
+
+Register a public key or certificate at PKYP with the new method register_with_pkyp like this:
+
+	signer=EzCrypto::Signer.generate
+	signer.verifier.register_with_pkyp
+
+If you have the public key or certificate digest you can fetch the full public key or certificate like this:
+
+	verifier=EzCrypto::Verifier.from_pkyp "e93e18114cbefaaa89fda908b09df63d3662879a"
+	verifier.verify sig, request_text
+
+This allows a simpler way of transfering certificates. The idea of including certificates with every request is not really necessary in an online world. For example you could pass the digest in a HTTP header for a REST web services request.

data/init.rb

@@ -0,0 +1 @@
+require 'active_crypto.rb'

data/lib/active_crypto.rb

@@ -0,0 +1,326 @@
+require "ezcrypto.rb"
+require "active_support/rescuable"
+module ActiveCrypto # :nodoc:
+    
+    def self.append_features(base)  #:nodoc:
+      super
+      base.extend(ClassMethods)
+    end
+    
+=begin rdoc
+
+Usage is very simple. You will generally only need the two class methods listed here in your ActiveRecord class model.
+
+== License
+
+ActiveCrypto and EzCrypto are released under the MIT license.
+
+
+== Support
+
+To contact the author, send mail to pelleb@gmail.com
+
+Also see my blogs at:
+http://stakeventures.com and
+http://neubia.com
+
+This project was based on code used in my project StakeItOut, where you can securely share web services with your partners.
+https://stakeitout.com
+
+(C) 2005 Pelle Braendgaard
+
+=end
+    module ClassMethods
+      @@session_keys={}
+
+=begin rdoc
+Turn encryption on for this record. List all encrypted attributes
+
+  class Document < ActiveRecord::Base
+		encrypt :title,:body
+	end
+
+Options are:
+  <tt>key</tt> - to specify an external KeyHolder, which holds the key used for encrypting and decrypting
+  <tt>base64</tt> - set to true in order to base64 encode the encrypted attributes.  defaults to false
+
+  class Document < ActiveRecord::Base
+  	belongs_to :user
+  	encrypt :title,:body,:key=>:user, :base64 => true
+  end
+	
+=end
+      def encrypt(*attributes)        
+      	include ActiveCrypto::Encrypted
+      	before_save :encrypt_attributes
+      	after_save :decrypt_attributes
+        options=attributes.last.is_a?(Hash) ? attributes.pop : {}
+        keyholder
+        if options and options[:key]
+  				module_eval <<-"end;"				 
+  					def session_key
+  						(send :#{options[:key]} ).send :session_key
+  					end	 
+  					@@external_key=true
+  				end;
+        end
+
+        base64_encode = (options and options[:base64])
+        module_eval <<-"end;"
+          def self.ezcrypto_base64?
+            #{base64_encode.to_s}
+          end
+        end;
+        
+        self.encrypted_attributes=attributes
+      end   
+		
+=begin rdoc
+Creates support in this class for holding a key. Adds the following methods:
+
+* enter_password(password,salt="onetwothree")
+* set_session_key(key)
+* session_key
+
+Use it as follows:
+
+  class User < ActiveRecord::Base
+  	has_many :documents
+  	keyholder
+  end
+
+=end        
+      def keyholder()
+      	include ActiveCrypto::AssociationKeyHolder   
+      	after_create :save_session_key       
+      end
+
+=begin rdoc
+Clears the session_key array. Generally this is handled automatically as a filter in ActionController. Only use these if you need to
+do something out of the ordinary.
+=end
+      def clear_session_keys() #:nodoc:
+        @@session_keys.clear
+      end 
+      
+=begin rdoc
+Sets the session_keys array. Only use these if you need to
+do something out of the ordinary, as it is handled
+=end
+      def session_keys=(keys) #:nodoc:
+        @@session_keys=keys
+      end
+      
+      def session_keys() #:nodoc:
+        @@session_keys
+      end
+      
+    end
+
+=begin rdoc
+This module handles all standard key management features.
+=end
+    module KeyHolder   
+
+=begin rdoc
+Creates a key for object based on given password and an optional salt.
+=end
+      def enter_password(password,salt="onetwothree")
+        set_session_key(EzCrypto::Key.with_password(password, salt))
+      end
+
+=begin rdoc
+Decodes the Base64 encoded key and uses it as it's session key
+=end
+      def set_encoded_key(enc)
+        set_session_key(EzCrypto::Key.decode(enc))
+      end
+=begin rdoc
+Sets a session key for the object. This should be a EzCrypto::Key instance.
+=end
+      def set_session_key(key)    
+        @session_key=key
+        self.decrypt_attributes if self.class.include? Encrypted
+      end      
+
+=begin rdoc
+Returns the session_key
+=end
+      def session_key
+        @session_key
+      end
+      
+    end
+
+    module AssociationKeyHolder   
+      include ActiveCrypto::KeyHolder
+      
+      
+      def save_session_key
+        ActiveRecord::Base.session_keys[session_key_id]=@session_key if @session_key
+      end
+=begin rdoc
+Sets a session key for the object. This should be a EzCrypto::Key instance.
+=end
+      def set_session_key(key)    
+        if self.new_record?
+          @session_key=key
+        else
+          ActiveRecord::Base.session_keys[session_key_id]=key
+        end
+        decrypt_attributes if self.class.include? Encrypted #if respond_to?(:decrypt_attributes)
+        
+      end      
+
+=begin rdoc
+Returns the session_key
+=end
+      def session_key
+        if self.new_record?
+          @session_key
+        else
+          ActiveRecord::Base.session_keys[session_key_id]
+        end
+      end
+        
+      
+
+      def session_key_id
+        "#{self.class.to_s}:#{id}"
+      end      
+      
+    end
+
+    module Encrypted    #:nodoc:
+      def self.append_features(base)  #:nodoc:
+        super
+        base.extend ClassAccessors
+      end
+      
+      module ClassAccessors
+        def encrypted_attributes
+          @encrypted_attributes||=[]
+        end
+
+        def encrypted_attributes=(attrs)
+          @encrypted_attributes=attrs
+        end
+        
+      end
+    
+      protected
+
+      def encrypt_attributes
+        if !is_encrypted?
+          self.class.encrypted_attributes.each do |key|
+            value=read_attribute(key)
+            write_attribute(key,_encrypt(value)) if value
+          end
+          @is_encrypted=true
+        end
+        true
+      end
+    
+      def decrypt_attributes
+        if is_encrypted?
+          self.class.encrypted_attributes.each do |key|
+            value=read_attribute(key)
+            write_attribute(key,_decrypt(value)) if value
+          end
+          @is_encrypted=false
+        end
+        true
+      end
+      
+      def after_find
+        @is_encrypted=true
+        decrypt_attributes unless session_key.nil?
+      end
+      
+      private
+      def is_encrypted?
+        @is_encrypted
+      end
+      
+      def _decrypt(data)
+        if session_key.nil?
+          raise MissingKeyError
+        else
+          if data
+            self.class.ezcrypto_base64? ? session_key.decrypt64(data) : session_key.decrypt(data)
+          else
+            nil
+          end
+        end
+      end
+    
+      def _encrypt(data)
+        if session_key.nil?
+          raise MissingKeyError
+        else 
+          if data
+            self.class.ezcrypto_base64? ? session_key.encrypt64(data) : session_key.encrypt(data)
+          else
+            nil
+          end
+        end
+      end
+               
+    end
+  
+
+module ActionController # :nodoc:
+=begin rdoc
+This includes some basic support in the ActionController for handling session keys. It creates two filters one before the action and one after.
+These do the following:
+  
+If the users session already has a 'session_keys' value it loads it into the ActiveRecord::Base.session_keys class field. If not it 
+clears any existing session_keys.
+
+Leaving the action it stores any session_keys in the corresponding session variable.
+
+These filters are automatically enabled. You do not have to do anything.
+  
+To manually clear the session keys call clear_session_keys. This should be done for example as part of a session log off action.
+=end      
+    def self.append_features(base) #:nodoc:
+      super
+      base.send :prepend_before_filter, :load_session_keys
+      base.send :prepend_after_filter, :save_session_keys      
+    end
+
+=begin rdoc
+Clears the session keys. Call this when a user logs of.
+=end
+    def clear_session_keys
+      ActiveRecord::Base.clear_session_keys
+    end
+    
+    
+    private
+    def load_session_keys
+      if session['session_keys']
+        ActiveRecord::Base.session_keys=session['session_keys']
+      else
+        ActiveRecord::Base.clear_session_keys
+      end
+    end
+
+    def save_session_keys
+      if ActiveRecord::Base.session_keys.size>0
+        session['session_keys']=ActiveRecord::Base.session_keys
+      else
+        session['session_keys']=nil
+      end
+    end
+    
+
+end
+
+class MissingKeyError < RuntimeError
+end 
+end
+ActiveRecord::Base.send :include, ActiveCrypto
+require 'actionpack'
+require 'action_controller'
+ActionController::Base.send :include, ActiveCrypto::ActionController