lockbox 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e4dcdb1c1115e0712d5d65dd8302c3d575a74a5456dd245692970d080d221fa0
-  data.tar.gz: 2278b9fe032f0159525a48a9a9c694c28a80bcbac371039a97729e6ec61087d7
+  metadata.gz: b4e87cf5f769166cd6cf534608a6877e5cd9f11931441307d9eca11a3d2c4d18
+  data.tar.gz: c52a2bded1142c80918f79de4317ec948c576c1168fd699dac0f69c7d2ca9b47
 SHA512:
-  metadata.gz: 8afe130b6c4231667ea26f1ece4a25e4a577a535ec4930a5f85ac2b53b7b508fe77ec9e4b1720f1aab3f1fe513b03576646d8b24cf27bee3a6c5626c9484c35e
-  data.tar.gz: 6662d25470d89b327b2cddf45d9467cd7d2bd8e3e8664140a71c7ea4cb10f13a156d21c01c17b26f0c2dca928f6f3f0010403ba96e77349442ab185def552d10
+  metadata.gz: 9a92f516956fe3d4feb26cc338bf25a5048fc46916bc4c4722a12028b73697e467ceae118733f1dce778a1585e3a4e97fbf9073c3c80fa7d5340d1e0676cb02c
+  data.tar.gz: 60684645d7645b1b66a66a9b5393db04eb690095fc8bfbe16de50e8770225afe46e2236045cf4c0985a9e7b0e86aa7da16294804e0e6cebe2325193761d9965e

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.2.0
+
+- Added `encrypts` method for database fields
+- Added `encrypts_attached` method
+- Added `generate_key` method
+- Added support for XSalsa20
+
 ## 0.1.1
 
 - Added support for hybrid cryptography

data/README.md

@@ -1,12 +1,14 @@
 # Lockbox
 
-:lock: File encryption for Ruby and Rails
+:lock: Modern encryption for Rails
 
-- Supports Active Storage and CarrierWave
-- Uses AES-GCM by default for [authenticated encryption](https://tonyarcieri.com/all-the-crypto-code-youve-ever-written-is-probably-broken)
-- Makes key rotation easy
+- Uses state-of-the-art algorithms
+- Works with database fields, files, and strings
+- Stores encrypted data in a single field
+- Requires you to only manage a single encryption key
+- Makes migrating existing data and key rotation easy
 
-Check out [this post](https://ankane.org/sensitive-data-rails) for more info on securing sensitive data with Rails
+Check out [this post](https://ankane.org/modern-encryption-rails) for more info on its design, and [this post](https://ankane.org/sensitive-data-rails) for more info on securing sensitive data with Rails
 
 [![Build Status](https://travis-ci.org/ankane/lockbox.svg?branch=master)](https://travis-ci.org/ankane/lockbox)
 
@@ -23,41 +25,63 @@ gem 'lockbox'
 Generate an encryption key
 
 ```ruby
-SecureRandom.hex(32)
+Lockbox.generate_key
 ```
 
 Store the key with your other secrets. This is typically Rails credentials or an environment variable ([dotenv](https://github.com/bkeepers/dotenv) is great for this). Be sure to use different keys in development and production. Keys don’t need to be hex-encoded, but it’s often easier to store them this way.
 
+Set the following environment variable with your key (you can use this one in development)
+
+```sh
+LOCKBOX_MASTER_KEY=0000000000000000000000000000000000000000000000000000000000000000
+```
+
+or create `config/initializers/lockbox.rb` with something like
+
+```ruby
+Lockbox.master_key = Rails.application.credentials.lockbox_master_key
+```
+
 Alternatively, you can use a [key management service](#key-management) to manage your keys.
 
-## Files
+## Database Fields
 
-Create a box
+Create a migration with:
 
 ```ruby
-box = Lockbox.new(key: key)
+class AddEmailCiphertextToUsers < ActiveRecord::Migration[5.2]
+  def change
+    add_column :users, :email_ciphertext, :text
+  end
+end
 ```
 
-Encrypt
+Add to your model:
 
 ```ruby
-ciphertext = box.encrypt(File.binread("license.jpg"))
+class User < ApplicationRecord
+  encrypts :email
+end
 ```
 
-Decrypt
+You can use `email` just like any other attribute.
 
 ```ruby
-box.decrypt(ciphertext)
+User.create!(email: "hi@example.org")
 ```
 
-## Active Storage
+If you need to query encrypted fields, check out [Blind Index](https://github.com/ankane/blind_index).
+
+## Files
+
+### Active Storage
 
 Add to your model:
 
 ```ruby
 class User < ApplicationRecord
   has_one_attached :license
-  attached_encrypted :license, key: key
+  encrypts_attached :license
 end
 ```
 
@@ -66,7 +90,7 @@ Works with multiple attachments as well.
 ```ruby
 class User < ApplicationRecord
   has_many_attached :documents
-  attached_encrypted :documents, key: key
+  encrypts_attached :documents
 end
 ```
 
@@ -75,43 +99,130 @@ There are a few limitations to be aware of:
 - Metadata like image width and height are not extracted when encrypted
 - Direct uploads cannot be encrypted
 
-## CarrierWave
+To serve encrypted files, use a controller action.
+
+```ruby
+def license
+  send_data @user.license.download, type: @user.license.content_type
+end
+```
+
+**Note:** With Rails 6, attachments are not encrypted with:
+
+```ruby
+User.create!(avatar: params[:avatar])
+```
+
+Until this is addressed, use:
+
+```ruby
+user = User.new
+user.attach(params[:avatar])
+user.save!
+```
+
+### CarrierWave
 
 Add to your uploader:
 
 ```ruby
 class LicenseUploader < CarrierWave::Uploader::Base
-  encrypt key: key
+  encrypt
 end
 ```
 
 Encryption is applied to all versions after processing.
 
-## Serving Files
-
 To serve encrypted files, use a controller action.
 
 ```ruby
 def license
-  send_data @user.license.download, type: @user.license.content_type
+  send_data @user.license.read, type: @user.license.content_type
+end
+```
+
+### Local Files
+
+Read the file as a binary string
+
+```ruby
+message = File.binread("file.txt")
+```
+
+Then follow the instructions for encrypting a string below.
+
+## Strings
+
+Create a box
+
+```ruby
+box = Lockbox.new(key: key)
+```
+
+Encrypt
+
+```ruby
+ciphertext = box.encrypt(message)
+```
+
+Decrypt
+
+```ruby
+box.decrypt(ciphertext)
+```
+
+## Migrating Existing Data
+
+Lockbox makes it easy to encrypt an existing column. Add a new column for the ciphertext, then add to your model:
+
+```ruby
+class User < ApplicationRecord
+  encrypts :email, migrating: true
+end
+```
+
+Backfill the data in the Rails console:
+
+```ruby
+Lockbox.migrate(User)
+```
+
+Then update the model to the desired state:
+
+```ruby
+class User < ApplicationRecord
+  encrypts :email
+
+  # remove this line after dropping email column
+  self.ignored_columns = ["email"]
 end
 ```
 
-Use `read` instead of `download` for CarrierWave.
+Finally, drop the unencrypted column.
 
 ## Key Rotation
 
 To make key rotation easy, you can pass previous versions of keys that can decrypt.
 
+For Active Record, use:
+
 ```ruby
-Lockbox.new(key: key, previous_versions: [{key: previous_key}])
+class User < ApplicationRecord
+  encrypts :email, previous_versions: [{key: previous_key}]
+end
+```
+
+To rotate, use:
+
+```ruby
+user.update!(email: user.email)
 ```
 
 For Active Storage use:
 
 ```ruby
 class User < ApplicationRecord
-  attached_encrypted :license, key: key, previous_versions: [{key: previous_key}]
+  encrypts_attached :license, previous_versions: [{key: previous_key}]
 end
 ```
 
@@ -125,7 +236,7 @@ For CarrierWave, use:
 
 ```ruby
 class LicenseUploader < CarrierWave::Uploader::Base
-  encrypt key: key, previous_versions: [{key: previous_key}]
+  encrypt previous_versions: [{key: previous_key}]
 end
 ```
 
@@ -135,55 +246,108 @@ To rotate existing files, use:
 user.license.rotate_encryption!
 ```
 
+For strings, use:
+
+```ruby
+Lockbox.new(key: key, previous_versions: [{key: previous_key}])
+```
+
+## Fixtures
+
+You can use encrypted attributes in fixtures with:
+
+```yml
+test_user:
+  email_ciphertext: <%= User.generate_email_ciphertext("secret").inspect %>
+```
+
+Be sure to include the `inspect` at the end or it won’t be encoded properly in YAML.
+
 ## Algorithms
 
 ### AES-GCM
 
-The default algorithm is AES-GCM with a 256-bit key. Rotate the key every 2 billion files to minimize the chance of a [nonce collision](https://www.cryptologie.net/article/402/is-symmetric-security-solved/), which will leak the key.
+This is the default algorithm. Rotate the key every 2 billion encryptions to minimize the chance of a [nonce collision](https://www.cryptologie.net/article/402/is-symmetric-security-solved/), which will expose the key.
+
+### XSalsa20
+
+You can also use XSalsa20, which uses an extended nonce so you don’t have to worry about nonce collisions. First, [install Libsodium](https://github.com/crypto-rb/rbnacl/wiki/Installing-libsodium). For Homebrew, use:
 
-### XChaCha20
+```sh
+brew install libsodium
+```
 
-[Install Libsodium](https://github.com/crypto-rb/rbnacl/wiki/Installing-libsodium) >= 1.0.12 and add [rbnacl](https://github.com/crypto-rb/rbnacl) to your application’s Gemfile:
+And add to your Gemfile:
 
 ```ruby
 gem 'rbnacl'
 ```
 
-Then pass the `algorithm` option:
+Then add to your model:
 
-```ruby
-# files
-box = Lockbox.new(key: key, algorithm: "xchacha20")
 
-# Active Storage
+```ruby
 class User < ApplicationRecord
-  attached_encrypted :license, key: key, algorithm: "xchacha20"
-end
-
-# CarrierWave
-class LicenseUploader < CarrierWave::Uploader::Base
-  encrypt key: key, algorithm: "xchacha20"
+  encrypts :email, algorithm: "xsalsa20"
 end
 ```
 
 Make it the default with:
 
 ```ruby
-Lockbox.default_options = {algorithm: "xchacha20"}
+Lockbox.default_options = {algorithm: "xsalsa20"}
 ```
 
 You can also pass an algorithm to `previous_versions` for key rotation.
 
-## Hybrid Cryptography
+#### XSalsa20 Deployment
 
-[Hybrid cryptography](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) allows servers to encrypt data without being able to decrypt it.
+##### Heroku
 
-[Install Libsodium](https://github.com/crypto-rb/rbnacl/wiki/Installing-libsodium) and add [rbnacl](https://github.com/crypto-rb/rbnacl) to your application’s Gemfile:
+Heroku [comes with libsodium](https://devcenter.heroku.com/articles/stack-packages) preinstalled.
 
-```ruby
-gem 'rbnacl'
+##### Ubuntu
+
+For Ubuntu 16.04, use:
+
+```sh
+sudo apt-get install libsodium18
+```
+
+For Ubuntu 18.04, use:
+
+```sh
+sudo apt-get install libsodium23
 ```
 
+##### Travis CI
+
+On Xenial, add to `.travis.yml`:
+
+```yml
+addons:
+  apt:
+    packages:
+      - libsodium18
+```
+
+##### CircleCI
+
+Add a step to `.circleci/config.yml`:
+
+```yml
+- run:
+    name: install Libsodium
+    command: |
+      sudo apt-get install -y libsodium18
+```
+
+## Hybrid Cryptography
+
+[Hybrid cryptography](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) allows servers to encrypt data without being able to decrypt it.
+
+Follow the instructions above for installing Libsodium and including `rbnacl` in your Gemfile.
+
 Generate a key pair with:
 
 ```ruby
@@ -193,17 +357,8 @@ Lockbox.generate_key_pair
 Store the keys with your other secrets. Then use:
 
 ```ruby
-# files
-box = Lockbox.new(algorithm: "hybrid", encryption_key: encryption_key, decryption_key: decryption_key)
-
-# Active Storage
 class User < ApplicationRecord
-  attached_encrypted :license, algorithm: "hybrid", encryption_key: encryption_key, decryption_key: decryption_key
-end
-
-# CarrierWave
-class LicenseUploader < CarrierWave::Uploader::Base
-  encrypt algorithm: "hybrid", encryption_key: encryption_key, decryption_key: decryption_key
+  encrypts :email, algorithm: "hybrid", encryption_key: encryption_key, decryption_key: decryption_key
 end
 ```
 
@@ -211,15 +366,29 @@ Make sure `decryption_key` is `nil` on servers that shouldn’t decrypt.
 
 This uses X25519 for key exchange and XSalsa20-Poly1305 for encryption.
 
+## Key Separation
+
+The master key is used to generate unique keys for each column. This technique comes from [CipherSweet](https://ciphersweet.paragonie.com/internals/key-hierarchy). The table name and column name are both used in this process. If you need to rename a table with encrypted columns, or an encrypted column itself, get the key:
+
+```ruby
+Lockbox.attribute_key(table: "users", attribute: "email_ciphertext")
+```
+
+And set it directly before renaming:
+
+```ruby
+class User < ApplicationRecord
+  encrypts :email, key: ENV["USER_EMAIL_ENCRYPTION_KEY"]
+end
+```
+
 ## Key Management
 
 You can use a key management service to manage your keys with [KMS Encrypted](https://github.com/ankane/kms_encrypted).
 
-For Active Storage, use:
-
 ```ruby
 class User < ApplicationRecord
-  attached_encrypted :license, key: :kms_key
+  encrypts :email, key: :kms_key
 end
 ```
 
@@ -235,70 +404,121 @@ end
 
 ## Compatibility
 
-It’s easy to read encrypted files in another language if needed.
+It’s easy to read encrypted data in another language if needed.
 
-Here are [some examples](docs/Compatibility.md).
-
-The format for AES-GCM is:
+For AES-GCM, the format is:
 
 - nonce (IV) - 12 bytes
 - ciphertext - variable length
 - authentication tag - 16 bytes
 
-For XChaCha20, use the appropriate [Libsodium library](https://libsodium.gitbook.io/doc/bindings_for_other_languages).
+Here are [some examples](docs/Compatibility.md).
 
-## Database Fields
+For XSalsa20, use the appropriate [Libsodium library](https://libsodium.gitbook.io/doc/bindings_for_other_languages).
 
-Lockbox can also be used with [attr_encrypted](https://github.com/attr-encrypted/attr_encrypted) for database fields. This gives you:
+## Migrating from Another Library
 
-1. Easy key rotation
-2. XChaCha20
-3. Hybrid cryptography
-4. No need for separate IV columns
+Lockbox makes it easy to migrate from another library. The example below uses `attr_encrypted` but the same approach should work for any library.
 
-Add to your Gemfile:
+Let’s suppose your model looks like this:
 
 ```ruby
-gem 'attr_encrypted'
+class User < ApplicationRecord
+  attr_encrypted :name, key: key
+  attr_encrypted :email, key: key
+end
 ```
 
-Create a migration to add a new column for the encrypted data. We don’t need a separate IV column, as this will be included in the encrypted data.
+Create a migration with:
 
 ```ruby
-class AddEncryptedPhoneToUsers < ActiveRecord::Migration[5.2]
+class MigrateToLockbox < ActiveRecord::Migration[5.2]
   def change
-    add_column :users, :encrypted_phone, :string
+    add_column :users, :name_ciphertext, :text
+    add_column :users, :email_ciphertext, :text
   end
 end
 ```
 
-All Lockbox options are supported.
+And add `encrypts` to your model with the `migrating` option:
 
 ```ruby
 class User < ApplicationRecord
-  attr_encrypted :phone, encryptor: Lockbox::Encryptor, key: key, algorithm: "xchacha20", previous_versions: [{key: previous_key}]
-
-  attribute :encrypted_phone_iv # prevent attr_encrypted error
+  encrypts :name, :email, migrating: true
 end
 ```
 
-For hybrid cryptography, use:
+Then run:
+
+```ruby
+Lockbox.migrate(User)
+```
+
+Once all records are migrated, remove the `migrating` option and the previous model code (the `attr_encrypted` methods in this example).
 
 ```ruby
 class User < ApplicationRecord
-  attr_encrypted :phone, encryptor: Lockbox::Encryptor, algorithm: "hybrid", encryption_key: encryption_key, decryption_key: decryption_key
+  encrypts :name, :email
+end
+```
+
+Then remove the previous gem from your Gemfile and drop its columns.
+
+```ruby
+class RemovePreviousEncryptedColumns < ActiveRecord::Migration[5.2]
+  def change
+    remove_column :users, :encrypted_name, :text
+    remove_column :users, :encrypted_name_iv, :text
+    remove_column :users, :encrypted_email, :text
+    remove_column :users, :encrypted_email_iv, :text
+  end
+end
+```
+
+## Upgrading
+
+### 0.2.0
+
+0.2.0 brings a number of improvements. Here are a few to be aware of:
+
+- Added `encrypts` method for database fields
+- Added support for XSalsa20
+- `attached_encrypted` is deprecated in favor of `encrypts_attached`.
+
+#### Optional
+
+To switch to a master key, generate a key:
+
+```ruby
+Lockbox.generate_key
+```
 
-  attribute :encrypted_phone_iv # prevent attr_encrypted error
+And set `ENV["LOCKBOX_MASTER_KEY"]` or `Lockbox.master_key`.
+
+Update your model:
+
+```ruby
+class User < ApplicationRecord
+  encrypts_attached :license, previous_versions: [{key: key}]
 end
 ```
 
-## Reference
+New uploads will be encrypted with the new key.
 
-Pass associated data to encryption and decryption
+You can rotate existing records with:
 
 ```ruby
-box.encrypt(message, associated_data: "bingo")
-box.decrypt(ciphertext, associated_data: "bingo")
+User.unscoped.find_each do |user|
+  user.license.rotate_encryption!
+end
+```
+
+Once that’s complete, update your model:
+
+```ruby
+class User < ApplicationRecord
+  encrypts_attached :license
+end
 ```
 
 ## History

data/lib/lockbox.rb

@@ -1,6 +1,10 @@
+# dependencies
+require "securerandom"
+
 # modules
 require "lockbox/box"
 require "lockbox/encryptor"
+require "lockbox/key_generator"
 require "lockbox/utils"
 require "lockbox/version"
 
@@ -8,14 +12,62 @@ require "lockbox/version"
 require "lockbox/carrier_wave_extensions" if defined?(CarrierWave)
 require "lockbox/railtie" if defined?(Rails)
 
+if defined?(ActiveSupport)
+  ActiveSupport.on_load(:active_record) do
+    require "lockbox/model"
+    extend Lockbox::Model
+  end
+end
+
 class Lockbox
   class Error < StandardError; end
   class DecryptionError < Error; end
 
   class << self
     attr_accessor :default_options
+    attr_writer :master_key
+  end
+  self.default_options = {}
+
+  def self.master_key
+    @master_key ||= ENV["LOCKBOX_MASTER_KEY"]
+  end
+
+  def self.migrate(model, restart: false)
+    # get fields
+    fields = model.lockbox_attributes.select { |k, v| v[:migrating] }
+
+    # get blind indexes
+    blind_indexes = model.respond_to?(:blind_indexes) ? model.blind_indexes.select { |k, v| v[:migrating] } : {}
+
+    # build relation
+    relation = model.unscoped
+
+    unless restart
+      attributes = fields.map { |_, v| v[:encrypted_attribute] }
+      attributes += blind_indexes.map { |_, v| v[:bidx_attribute] }
+
+      attributes.each_with_index do |attribute, i|
+        relation =
+          if i == 0
+            relation.where(attribute => nil)
+          else
+            relation.or(model.where(attribute => nil))
+          end
+      end
+    end
+
+    # migrate
+    relation.find_each do |record|
+      fields.each do |k, v|
+        record.send("#{v[:attribute]}=", record.send(k)) if restart || !record.send(v[:encrypted_attribute])
+      end
+      blind_indexes.each do |k, v|
+        record.send("compute_#{k}_bidx") if restart || !record.send(v[:bidx_attribute])
+      end
+      record.save(validate: false) if record.changed?
+    end
   end
-  self.default_options = {algorithm: "aes-gcm"}
 
   def initialize(**options)
     options = self.class.default_options.merge(options)
@@ -56,6 +108,10 @@ class Lockbox
     end
   end
 
+  def self.generate_key
+    SecureRandom.hex(32)
+  end
+
   def self.generate_key_pair
     require "rbnacl"
     # encryption and decryption servers exchange public keys
@@ -65,11 +121,24 @@ class Lockbox
     # alice is sending message to bob
     # use bob first in both cases to prevent keys being swappable
     {
-      encryption_key: (bob.public_key.to_bytes + alice.to_bytes).unpack("H*").first,
-      decryption_key: (bob.to_bytes + alice.public_key.to_bytes).unpack("H*").first
+      encryption_key: to_hex(bob.public_key.to_bytes + alice.to_bytes),
+      decryption_key: to_hex(bob.to_bytes + alice.public_key.to_bytes)
     }
   end
 
+  def self.attribute_key(table:, attribute:, master_key: nil, encode: true)
+    master_key ||= Lockbox.master_key
+    raise ArgumentError, "Missing master key" unless master_key
+
+    key = Lockbox::KeyGenerator.new(master_key).attribute_key(table: table, attribute: attribute)
+    key = to_hex(key) if encode
+    key
+  end
+
+  def self.to_hex(str)
+    str.unpack("H*").first
+  end
+
   private
 
   def check_string(str, name)

data/lib/lockbox/active_storage_extensions.rb

@@ -10,16 +10,16 @@ class Lockbox
       def encrypted?
         # could use record_type directly
         # but record should already be loaded most of the time
-        Utils.encrypted_options(record, name).present?
+        !Utils.encrypted_options(record, name).nil?
       end
 
       def encrypt_attachable(attachable)
         options = Utils.encrypted_options(record, name)
-        box = Utils.build_box(record, options)
+        box = Utils.build_box(record, options, record.class.table_name, name)
 
         case attachable
         when ActiveStorage::Blob
-          raise NotImplemented, "Not supported"
+          raise NotImplementedError, "Not supported"
         when ActionDispatch::Http::UploadedFile, Rack::Test::UploadedFile
           attachable = {
             io: StringIO.new(box.encrypt(attachable.read)),
@@ -33,7 +33,7 @@ class Lockbox
             content_type: attachable[:content_type]
           }
         when String
-          raise NotImplemented, "Not supported"
+          raise NotImplementedError, "Not supported"
         else
           nil
         end
@@ -107,7 +107,7 @@ class Lockbox
 
         options = Utils.encrypted_options(record, name)
         if options
-          result = Utils.build_box(record, options).decrypt(result)
+          result = Utils.build_box(record, options, record.class.table_name, name).decrypt(result)
         end
 
         result
@@ -123,30 +123,5 @@ class Lockbox
         after_save :mark_analyzed
       end
     end
-
-    module Model
-      def attached_encrypted(name, **options)
-        class_eval do
-          @encrypted_attachments ||= {}
-
-          unless respond_to?(:encrypted_attachments)
-            def self.encrypted_attachments
-              parent_attachments =
-                if superclass.respond_to?(:encrypted_attachments)
-                  superclass.encrypted_attachments
-                else
-                  {}
-                end
-
-              parent_attachments.merge(@encrypted_attachments || {})
-            end
-          end
-
-          raise ArgumentError, "Duplicate encrypted attachment: #{name}" if encrypted_attachments[name]
-
-          @encrypted_attachments[name] = options
-        end
-      end
-    end
   end
 end

data/lib/lockbox/box.rb

@@ -5,9 +5,9 @@ class Lockbox
     def initialize(key: nil, algorithm: nil, encryption_key: nil, decryption_key: nil)
       raise ArgumentError, "Cannot pass both key and public/private key" if key && (encryption_key || decryption_key)
 
-      key = decode_key(key) if key
-      encryption_key = decode_key(encryption_key) if encryption_key
-      decryption_key = decode_key(decryption_key) if decryption_key
+      key = Lockbox::Utils.decode_key(key) if key
+      encryption_key = Lockbox::Utils.decode_key(encryption_key) if encryption_key
+      decryption_key = Lockbox::Utils.decode_key(decryption_key) if decryption_key
 
       algorithm ||= "aes-gcm"
 
@@ -20,6 +20,10 @@ class Lockbox
         raise ArgumentError, "Missing key" unless key
         require "rbnacl"
         @box = RbNaCl::AEAD::XChaCha20Poly1305IETF.new(key)
+      when "xsalsa20"
+        raise ArgumentError, "Missing key" unless key
+        require "rbnacl"
+        @box = RbNaCl::SecretBoxes::XSalsa20Poly1305.new(key)
       when "hybrid"
         raise ArgumentError, "Missing key" unless encryption_key || decryption_key
         require "rbnacl"
@@ -33,11 +37,15 @@ class Lockbox
     end
 
     def encrypt(message, associated_data: nil)
-      if @algorithm == "hybrid"
+      case @algorithm
+      when "hybrid"
         raise ArgumentError, "No public key set" unless @encryption_box
         raise ArgumentError, "Associated data not supported with this algorithm" if associated_data
         nonce = generate_nonce(@encryption_box)
         ciphertext = @encryption_box.encrypt(nonce, message)
+      when "xsalsa20"
+        nonce = generate_nonce(@box)
+        ciphertext = @box.encrypt(nonce, message)
       else
         nonce = generate_nonce(@box)
         ciphertext = @box.encrypt(nonce, message, associated_data)
@@ -46,11 +54,15 @@ class Lockbox
     end
 
     def decrypt(ciphertext, associated_data: nil)
-      if @algorithm == "hybrid"
+      case @algorithm
+      when "hybrid"
         raise ArgumentError, "No private key set" unless @decryption_box
         raise ArgumentError, "Associated data not supported with this algorithm" if associated_data
         nonce, ciphertext = extract_nonce(@decryption_box, ciphertext)
         @decryption_box.decrypt(nonce, ciphertext)
+      when "xsalsa20"
+        nonce, ciphertext = extract_nonce(@box, ciphertext)
+        @box.decrypt(nonce, ciphertext)
       else
         nonce, ciphertext = extract_nonce(@box, ciphertext)
         @box.decrypt(nonce, ciphertext, associated_data)
@@ -73,13 +85,5 @@ class Lockbox
       nonce = bytes.slice(0, nonce_bytes)
       [nonce, bytes.slice(nonce_bytes..-1)]
     end
-
-    # decode hex key
-    def decode_key(key)
-      if key.encoding != Encoding::BINARY && key =~ /\A[0-9a-f]{64,128}\z/i
-        key = [key].pack("H*")
-      end
-      key
-    end
   end
 end

data/lib/lockbox/carrier_wave_extensions.rb

@@ -36,7 +36,21 @@ class Lockbox
         private
 
         define_method :lockbox do
-          @lockbox ||= Utils.build_box(self, options)
+          @lockbox ||= begin
+            table = model ? model.class.table_name : "_uploader"
+            attribute =
+              if mounted_as
+                mounted_as.to_s
+              else
+                uploader = self
+                while uploader.parent_version
+                  uploader = uploader.parent_version
+                end
+                uploader.class.name.sub(/Uploader\z/, "").underscore
+              end
+
+            Utils.build_box(self, options, table, attribute)
+          end
         end
       end
     end

data/lib/lockbox/key_generator.rb

@@ -0,0 +1,43 @@
+class Lockbox
+  class KeyGenerator
+    def initialize(master_key)
+      @master_key = master_key
+    end
+
+    # pattern ported from CipherSweet
+    # https://ciphersweet.paragonie.com/internals/key-hierarchy
+    def attribute_key(table:, attribute:)
+      raise ArgumentError, "Missing table for key generation" if table.to_s.empty?
+      raise ArgumentError, "Missing attribute for key generation" if attribute.to_s.empty?
+
+      c = "\xB4"*32
+      hkdf(Lockbox::Utils.decode_key(@master_key), salt: table.to_s, info: "#{c}#{attribute}", length: 32, hash: "sha384")
+    end
+
+    private
+
+    def hash_hmac(hash, ikm, salt)
+      OpenSSL::HMAC.digest(hash, salt, ikm)
+    end
+
+    def hkdf(ikm, salt:, info:, length:, hash:)
+      if OpenSSL::KDF.respond_to?(:hkdf)
+        return OpenSSL::KDF.hkdf(ikm, salt: salt, info: info, length: length, hash: hash)
+      end
+
+      prk = hash_hmac(hash, ikm, salt)
+
+      # empty binary string
+      t = String.new
+      last_block = String.new
+      block_index = 1
+      while t.bytesize < length
+        last_block = hash_hmac(hash, last_block + info + [block_index].pack("C"), prk)
+        t << last_block
+        block_index += 1
+      end
+
+      t[0, length]
+    end
+  end
+end

data/lib/lockbox/model.rb

@@ -0,0 +1,149 @@
+class Lockbox
+  module Model
+    def attached_encrypted(attribute, **options)
+      warn "[lockbox] DEPRECATION WARNING: Use encrypts_attached instead"
+      encrypts_attached(attribute, **options)
+    end
+
+    def encrypts_attached(*attributes, **options)
+      attributes.each do |name|
+        name = name.to_sym
+
+        class_eval do
+          @lockbox_attachments ||= {}
+
+          unless respond_to?(:lockbox_attachments)
+            def self.lockbox_attachments
+              parent_attachments =
+                if superclass.respond_to?(:lockbox_attachments)
+                  superclass.lockbox_attachments
+                else
+                  {}
+                end
+
+              parent_attachments.merge(@lockbox_attachments || {})
+            end
+          end
+
+          raise "Duplicate encrypted attachment: #{name}" if lockbox_attachments[name]
+          @lockbox_attachments[name] = options
+        end
+      end
+    end
+
+    def encrypts(*attributes, **options)
+      attributes.each do |name|
+        # add default options
+        encrypted_attribute = "#{name}_ciphertext"
+
+        options = options.dup
+
+        # migrating
+        original_name = name.to_sym
+        name = "migrated_#{name}" if options[:migrating]
+
+        name = name.to_sym
+
+        options[:attribute] = name.to_s
+        options[:encrypted_attribute] = encrypted_attribute
+        class_method_name = "generate_#{encrypted_attribute}"
+
+        class_eval do
+          if options[:migrating]
+            before_validation do
+              send("#{name}=", send(original_name)) if send("#{original_name}_changed?")
+            end
+          end
+
+          @lockbox_attributes ||= {}
+
+          unless respond_to?(:lockbox_attributes)
+            def self.lockbox_attributes
+              parent_attributes =
+                if superclass.respond_to?(:lockbox_attributes)
+                  superclass.lockbox_attributes
+                else
+                  {}
+                end
+
+              parent_attributes.merge(@lockbox_attributes || {})
+            end
+          end
+
+          raise "Duplicate encrypted attribute: #{original_name}" if lockbox_attributes[original_name]
+          @lockbox_attributes[original_name] = options
+
+          if @lockbox_attributes.size == 1
+            def serializable_hash(options = nil)
+              options = options.try(:dup) || {}
+              options[:except] = Array(options[:except])
+              options[:except] += self.class.lockbox_attributes.values.reject { |v| v[:attached] }.flat_map { |v| [v[:attribute], v[:encrypted_attribute]] }
+              super(options)
+            end
+
+            # use same approach as devise
+            def inspect
+              inspection =
+                serializable_hash.map do |k,v|
+                  "#{k}: #{respond_to?(:attribute_for_inspect) ? attribute_for_inspect(k) : v.inspect}"
+                end
+              "#<#{self.class} #{inspection.join(", ")}>"
+            end
+          end
+
+          attribute name, :string
+
+          define_method("#{name}=") do |message|
+            # decrypt first for dirty tracking
+            # don't raise error if can't decrypt previous
+            begin
+              send(name)
+            rescue Lockbox::DecryptionError
+              nil
+            end
+
+            ciphertext =
+              if message.nil? || message == ""
+                message
+              else
+                self.class.send(class_method_name, message, context: self)
+              end
+            send("#{encrypted_attribute}=", ciphertext)
+
+            super(message)
+          end
+
+          define_method(name) do
+            message = super()
+            unless message
+              ciphertext = send(encrypted_attribute)
+              message =
+                if ciphertext.nil? || ciphertext == ""
+                  ciphertext
+                else
+                  decoded = Base64.decode64(ciphertext)
+                  Lockbox::Utils.build_box(self, options, self.class.table_name, encrypted_attribute).decrypt(decoded)
+                end
+
+              # set previous attribute on first decrypt
+              @attributes[name.to_s].instance_variable_set("@value_before_type_cast", message)
+
+              # cache
+              if respond_to?(:_write_attribute, true)
+                _write_attribute(name, message)
+              else
+                raw_write_attribute(name, message)
+              end
+            end
+            message
+          end
+
+          # for fixtures
+          define_singleton_method class_method_name do |message, **opts|
+            Base64.strict_encode64(Lockbox::Utils.build_box(opts[:context], options, table_name, encrypted_attribute).encrypt(message))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/lockbox/railtie.rb

@@ -8,7 +8,6 @@ class Lockbox
         ActiveStorage::Attached.prepend(Lockbox::ActiveStorageExtensions::Attached)
         ActiveStorage::Attached::One.prepend(Lockbox::ActiveStorageExtensions::AttachedOne)
         ActiveStorage::Attached::Many.prepend(Lockbox::ActiveStorageExtensions::AttachedMany)
-        ActiveRecord::Base.extend(Lockbox::ActiveStorageExtensions::Model) if defined?(ActiveRecord)
       end
 
       app.config.to_prepare do

data/lib/lockbox/utils.rb

@@ -1,7 +1,7 @@
 class Lockbox
   class Utils
-    def self.build_box(context, options)
-      options = options.dup
+    def self.build_box(context, options, table, attribute)
+      options = options.except(:attribute, :encrypted_attribute, :migrating, :attached)
       options.each do |k, v|
         if v.is_a?(Proc)
           options[k] = context.instance_exec(&v) if v.respond_to?(:call)
@@ -10,11 +10,22 @@ class Lockbox
         end
       end
 
+      unless options[:key] || options[:encryption_key] || options[:decryption_key]
+        options[:key] = Lockbox.attribute_key(table: table, attribute: attribute, master_key: options.delete(:master_key))
+      end
+
       Lockbox.new(options)
     end
 
     def self.encrypted_options(record, name)
-      record.class.respond_to?(:encrypted_attachments) && record.class.encrypted_attachments[name.to_sym]
+      record.class.respond_to?(:lockbox_attachments) && record.class.lockbox_attachments[name.to_sym]
+    end
+
+    def self.decode_key(key)
+      if key.encoding != Encoding::BINARY && key =~ /\A[0-9a-f]{64,128}\z/i
+        key = [key].pack("H*")
+      end
+      key
     end
   end
 end

data/lib/lockbox/version.rb

@@ -1,3 +1,3 @@
 class Lockbox
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lockbox
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Andrew Kane
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-01 00:00:00.000000000 Z
+date: 2019-07-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -25,7 +25,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: carrierwave
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -39,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: minitest
+  name: combustion
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -53,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: carrierwave
+  name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,21 +67,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: activestorage
+  name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5'
 - !ruby/object:Gem::Dependency
-  name: activejob
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -95,35 +95,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: combustion
+  name: rbnacl
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '6'
 - !ruby/object:Gem::Dependency
   name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.3.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.3.0
-- !ruby/object:Gem::Dependency
-  name: rbnacl
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -137,7 +123,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: attr_encrypted
+  name: benchmark-ips
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -165,6 +151,8 @@ files:
 - lib/lockbox/box.rb
 - lib/lockbox/carrier_wave_extensions.rb
 - lib/lockbox/encryptor.rb
+- lib/lockbox/key_generator.rb
+- lib/lockbox/model.rb
 - lib/lockbox/railtie.rb
 - lib/lockbox/utils.rb
 - lib/lockbox/version.rb
@@ -180,16 +168,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.4
 signing_key: 
 specification_version: 4
-summary: File encryption for Ruby and Rails. Supports Active Storage and CarrierWave.
+summary: Modern encryption for Rails
 test_files: []