keypairs 0.1.0.alpha.1 → 0.1.0.alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -0
  3. data/app/models/keypair.rb +3 -2
  4. data/db/migrate/20201024100500_create_keypairs.rb +1 -2
  5. data/lib/keypairs.rb +1 -0
  6. data/lib/keypairs/version.rb +1 -1
  7. metadata +8 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c6674e2a0a6b9e2a995950c220252b13402d1410d58d2102819cf10811275a50
4
- data.tar.gz: dfd6fa3397cbce88a13b405fcf5c4f6fea0dfa20fcd94daba6d7247f0c33aca9
3
+ metadata.gz: bf4de0021d86f8b939eb09102bf3523ff50c43b65306090823f4d7ea896f85c6
4
+ data.tar.gz: 69e0d3738b6e8d3c2d3d1e7b397b08361d83b98f075526ffd9174ab844201109
5
5
  SHA512:
6
- metadata.gz: c92758e1f8552b5cc461790e7779a2526d21580a962c8de2126ed441f19a548273fe049924dbf1e80e92edb08becb84fdb00a7877142a9cfcd600bc474df1977
7
- data.tar.gz: d689d8a570e11ff872174a5163411427f9cd189fff972976741bae5c89b01624096f3646bb6194257e8698d6c3e7fe554faf20726b6992bc011e37a6094b7353
6
+ metadata.gz: 0e2acb9c0ec8069c3de1885bb810d6d759fa5e6594ce309feffb3abd5e357338106740949185734731f2fd9368b06472cbc2cd2dedc2a283711c78a17587c6af
7
+ data.tar.gz: 359aeb886e535c34f4c8071b4043e1186c92e91947b05c6215cd45efd3a54314abb85be17d8e56b5e186581b8a166f9b8f5f2e22ab4cc1af8a9590d796c9c546
data/README.md CHANGED
@@ -12,6 +12,8 @@ gem 'keypairs'
12
12
 
13
13
  The of course run `bundle install` and run the migrations `bundle exec rake db:migrate`. The migrations from the gem run automatically.
14
14
 
15
+ The private keys are encrypted with the [lockbox](https://github.com/ankane/lockbox) gem. In order for this to work, you need to set the master key as described in [the readme](https://github.com/ankane/lockbox#key-generation), but the easiest thing is to set the environment variable `LOCKBOX_MASTER_KEY` to a sufficient long string (you can generate one with `Lockbox.generate_key`).
16
+
15
17
  ## Usage
16
18
  The central point of this gem is the `Keypair` model which is backed by the `keypairs` table. If you need to sign messages, you can get the current keypair with the `Keypair.current` method. This method performs the rotation of the keypairs if required.
17
19
 
data/app/models/keypair.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'attr_encrypted'
3
+ require 'lockbox'
4
4
  require 'jwt'
5
5
 
6
6
  # This class contains functionality needed for signing messages
@@ -23,8 +23,9 @@ require 'jwt'
23
23
  # @attr [String] jwk_kid The public external id of the key used to find the associated key on decoding.
24
24
  class Keypair < ActiveRecord::Base
25
25
  ALGORITHM = 'RS256'
26
+ ROTATION_INTERVAL = 1.month
26
27
 
27
- attr_encrypted :_keypair, key: Rails.application.secrets.secret_key_base[0, 32]
28
+ encrypts :_keypair
28
29
 
29
30
  validates :_keypair, presence: true
30
31
  validates :jwk_kid, presence: true
data/db/migrate/20201024100500_create_keypairs.rb CHANGED
@@ -4,8 +4,7 @@ class CreateKeypairs < ActiveRecord::Migration[6.0]
4
4
  def change
5
5
  create_table :keypairs do |t|
6
6
  t.string :jwk_kid, null: false
7
- t.string :encrypted__keypair, null: false
8
- t.string :encrypted__keypair_iv, null: false
7
+ t.text :_keypair_ciphertext, null: false
9
8
  t.timestamps precision: 6
10
9
  # Since we are ordering on created_at, let's create an index
11
10
  t.index :created_at
data/lib/keypairs.rb CHANGED
@@ -1,3 +1,4 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require 'lockbox'
3
4
  require 'keypairs/engine'
data/lib/keypairs/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Keypairs
4
- VERSION = '0.1.0.alpha.1'
4
+ VERSION = '0.1.0.alpha.2'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: keypairs
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0.alpha.1
4
+ version: 0.1.0.alpha.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stef Schenkelaars
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-24 00:00:00.000000000 Z
11
+ date: 2020-10-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack
@@ -39,33 +39,33 @@ dependencies:
39
39
  - !ruby/object:Gem::Version
40
40
  version: '6.0'
41
41
  - !ruby/object:Gem::Dependency
42
- name: attr_encrypted
42
+ name: jwt
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '3.1'
47
+ version: '2.1'
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '3.1'
54
+ version: '2.1'
55
55
  - !ruby/object:Gem::Dependency
56
- name: jwt
56
+ name: lockbox
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '2.1'
61
+ version: '0.4'
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '2.1'
68
+ version: '0.4'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: brakeman
71
71
  requirement: !ruby/object:Gem::Requirement