keypairs 0.1.0.alpha.1 → 0.1.0.alpha.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -0
  3. data/app/models/keypair.rb +3 -2
  4. data/db/migrate/20201024100500_create_keypairs.rb +1 -2
  5. data/lib/keypairs.rb +1 -0
  6. data/lib/keypairs/version.rb +1 -1
  7. metadata +8 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c6674e2a0a6b9e2a995950c220252b13402d1410d58d2102819cf10811275a50
4
- data.tar.gz: dfd6fa3397cbce88a13b405fcf5c4f6fea0dfa20fcd94daba6d7247f0c33aca9
3
+ metadata.gz: bf4de0021d86f8b939eb09102bf3523ff50c43b65306090823f4d7ea896f85c6
4
+ data.tar.gz: 69e0d3738b6e8d3c2d3d1e7b397b08361d83b98f075526ffd9174ab844201109
5
5
  SHA512:
6
- metadata.gz: c92758e1f8552b5cc461790e7779a2526d21580a962c8de2126ed441f19a548273fe049924dbf1e80e92edb08becb84fdb00a7877142a9cfcd600bc474df1977
7
- data.tar.gz: d689d8a570e11ff872174a5163411427f9cd189fff972976741bae5c89b01624096f3646bb6194257e8698d6c3e7fe554faf20726b6992bc011e37a6094b7353
6
+ metadata.gz: 0e2acb9c0ec8069c3de1885bb810d6d759fa5e6594ce309feffb3abd5e357338106740949185734731f2fd9368b06472cbc2cd2dedc2a283711c78a17587c6af
7
+ data.tar.gz: 359aeb886e535c34f4c8071b4043e1186c92e91947b05c6215cd45efd3a54314abb85be17d8e56b5e186581b8a166f9b8f5f2e22ab4cc1af8a9590d796c9c546
data/README.md CHANGED
@@ -12,6 +12,8 @@ gem 'keypairs'
12
12
 
13
13
  The of course run `bundle install` and run the migrations `bundle exec rake db:migrate`. The migrations from the gem run automatically.
14
14
 
15
+ The private keys are encrypted with the [lockbox](https://github.com/ankane/lockbox) gem. In order for this to work, you need to set the master key as described in [the readme](https://github.com/ankane/lockbox#key-generation), but the easiest thing is to set the environment variable `LOCKBOX_MASTER_KEY` to a sufficient long string (you can generate one with `Lockbox.generate_key`).
16
+
15
17
  ## Usage
16
18
  The central point of this gem is the `Keypair` model which is backed by the `keypairs` table. If you need to sign messages, you can get the current keypair with the `Keypair.current` method. This method performs the rotation of the keypairs if required.
17
19
 
data/app/models/keypair.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'attr_encrypted'
3
+ require 'lockbox'
4
4
  require 'jwt'
5
5
 
6
6
  # This class contains functionality needed for signing messages
@@ -23,8 +23,9 @@ require 'jwt'
23
23
  # @attr [String] jwk_kid The public external id of the key used to find the associated key on decoding.
24
24
  class Keypair < ActiveRecord::Base
25
25
  ALGORITHM = 'RS256'
26
+ ROTATION_INTERVAL = 1.month
26
27
 
27
- attr_encrypted :_keypair, key: Rails.application.secrets.secret_key_base[0, 32]
28
+ encrypts :_keypair
28
29
 
29
30
  validates :_keypair, presence: true
30
31
  validates :jwk_kid, presence: true
data/db/migrate/20201024100500_create_keypairs.rb CHANGED
@@ -4,8 +4,7 @@ class CreateKeypairs < ActiveRecord::Migration[6.0]
4
4
  def change
5
5
  create_table :keypairs do |t|
6
6
  t.string :jwk_kid, null: false
7
- t.string :encrypted__keypair, null: false
8
- t.string :encrypted__keypair_iv, null: false
7
+ t.text :_keypair_ciphertext, null: false
9
8
  t.timestamps precision: 6
10
9
  # Since we are ordering on created_at, let's create an index
11
10
  t.index :created_at
data/lib/keypairs.rb CHANGED
@@ -1,3 +1,4 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require 'lockbox'
3
4
  require 'keypairs/engine'
data/lib/keypairs/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Keypairs
4
- VERSION = '0.1.0.alpha.1'
4
+ VERSION = '0.1.0.alpha.2'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: keypairs
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0.alpha.1
4
+ version: 0.1.0.alpha.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stef Schenkelaars
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-24 00:00:00.000000000 Z
11
+ date: 2020-10-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionpack
@@ -39,33 +39,33 @@ dependencies:
39
39
  - !ruby/object:Gem::Version
40
40
  version: '6.0'
41
41
  - !ruby/object:Gem::Dependency
42
- name: attr_encrypted
42
+ name: jwt
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '3.1'
47
+ version: '2.1'
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '3.1'
54
+ version: '2.1'
55
55
  - !ruby/object:Gem::Dependency
56
- name: jwt
56
+ name: lockbox
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '2.1'
61
+ version: '0.4'
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '2.1'
68
+ version: '0.4'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: brakeman
71
71
  requirement: !ruby/object:Gem::Requirement