mongoid-encrypted-fields 1.0.0 → 1.1.0

data/CHANGLOG.md

@@ -0,0 +1,22 @@
+# Revision history
+
+## 1.1 - Breaking changes - PLEASE READ
+
+### encrypted-strings gem
+During performance testing, we've found the [encrypted-strings](https://github.com/pluginaweek/encrypted_strings) gem
+to be very slow under load, and it's patching the == method on String so it has been removed as the default cipher option.
+
+### Gibberish
+[Gibberish](https://github.com/mdp/gibberish) was found to be very fast, but uses a unique salt for each encryption.
+This is normally great for security, but becomes problematic for searching for encrypted fields in Mongoid because each
+search would generate a unique value that wouldn't match what's stored in the database.
+
+We've included classes in the **examples** folder to show implementations of using either of these Gems, but remember that
+we only require a class that implements **encrypt** and **decrypt** so you can use any gem of your choice.
+
+### Modifications
+
+* Removed included cipher implementations
+* Removed [encrypted-strings](https://github.com/pluginaweek/encrypted_strings) gem dependency
+
+## 1.0 - Initial release

data/README.md

@@ -10,16 +10,19 @@ Queries encrypt data before searching the database, so equality matches work aut
 ## Prerequisites
 * Ruby 1.9.3
 * [Mongoid](http://mongoid.org) 3.0
-* [Encrypted-Strings](https://github.com/pluginaweek/encrypted_strings)
+* "Bring your own" encryption, see below
 
 ## Install
     gem 'mongoid-encrypted-fields'
 
 ## Usage
 * Configure the cipher to be used for encrypting field values:
-    ```Ruby
-    Mongoid::EncryptedFields.cipher = Mongoid::Ciphers::SymmetricCipher.new(algorithm: 'aes-256-cbc', password: ENV['MY_PASSWORD']) # find a secure way to get your password
-    ```
+
+    GibberishCipher can be found in examples - uses the [Gibberish](https://github.com/mdp/gibberish) gem:
+```Ruby
+    Mongoid::EncryptedFields.cipher = GibberishCipher.new(ENV['MY_PASSWORD']) 
+```
+
 * Use encrypted types for fields in your models:
     ```Ruby
     class Person
@@ -37,6 +40,9 @@ Queries encrypt data before searching the database, so equality matches work aut
 * The encrypted value is accessible with the "encrypted" attribute
     ```Ruby
     person.ssn.encrypted # => <encrypted string>
+
+    # It can also be accessed using the hash syntax supported by Mongoid
+    person[:ssn] # => <encrypted string>
     ```
 * Finding a model by an encrypted field works automatically (equality only):
     ```Ruby
@@ -47,4 +53,4 @@ Queries encrypt data before searching the database, so equality matches work aut
 * Single cipher for all encrypted fields
 
 ## Copyright
-(c) 2012 Koan Health. See LICENSE.txt for further details.
+(c) 2012 Koan Health. See LICENSE.txt for further details.

data/examples/encrypted_strings_asymmetric_cipher.rb

@@ -0,0 +1,20 @@
+require 'encrypted_strings'
+
+class EncryptedStringsAsymmetricCipher
+
+  attr_reader :algorithm, :password, :public_key_file, :private_key_file
+
+  def initialize(options = {})
+    @options = options
+    @options.each { |key, value| instance_variable_set "@#{key}", value }
+  end
+
+  def encrypt(data)
+    data.encrypt(:asymmetric, @options)
+  end
+
+  def decrypt(data)
+    data.decrypt(:asymmetric, @options)
+  end
+
+end

data/examples/encrypted_strings_symmetric_cipher.rb

@@ -0,0 +1,20 @@
+require 'encrypted_strings'
+
+class EncryptedStringsSymmetricCipher
+
+  attr_reader :algorithm, :password
+
+  def initialize(options = {})
+    @options = options
+    @options.each { |key, value| instance_variable_set "@#{key}", value }
+  end
+
+  def encrypt(data)
+    data.encrypt(:symmetric, @options)
+  end
+
+  def decrypt(data)
+    data.decrypt(:symmetric, @options)
+  end
+
+end

data/examples/gibberish_cipher.rb

@@ -0,0 +1,19 @@
+require 'gibberish/aes'
+
+# Gibberish uses a unique salt for every encryption, but we need the same text to return the same ciphertext
+# so Searching for encrypted field will work
+class GibberishCipher < Gibberish::AES
+
+  SALT = "OU812FTW" # TODO: If you use this example class, make a unique 8-byte salt for your project
+
+  def initialize(password, options = {})
+    super password, options[:size] || 256
+    @salt = options[:salt] || SALT
+  end
+
+  def generate_salt
+    return @salt if @salt
+    super
+  end
+
+end

data/lib/mongoid-encrypted-fields.rb

@@ -1,10 +1,5 @@
-require 'encrypted_strings'
-
 require 'mongoid-encrypted-fields/version'
 require 'mongoid-encrypted-fields/logging'
-require 'mongoid-encrypted-fields/ciphers/cipher'
-require 'mongoid-encrypted-fields/ciphers/asymmetric_cipher'
-require 'mongoid-encrypted-fields/ciphers/symmetric_cipher'
 require 'mongoid-encrypted-fields/fields/encrypted_field'
 require 'mongoid-encrypted-fields/fields/encrypted_string'
 require 'mongoid-encrypted-fields/fields/encrypted_date'

data/lib/mongoid-encrypted-fields/version.rb

@@ -1,5 +1,5 @@
 module Mongoid
   module EncryptedFields
-      VERSION = "1.0.0"
+      VERSION = "1.1.0"
   end
 end

data/mongoid-encrypted-fields.gemspec

@@ -19,7 +19,8 @@ Gem::Specification.new do |gem|
 
   gem.add_dependency "rake"
   gem.add_dependency "mongoid", "~> 3"
-  gem.add_dependency "encrypted_strings", "~> 0.3"
 
   gem.add_development_dependency "rspec"
+  gem.add_development_dependency "gibberish", "~> 1.2"
+  gem.add_development_dependency "encrypted_strings", "~> 0.3"
 end

data/spec/mongoid-encrypted-fields/fields/encrypted_date_spec.rb

@@ -4,7 +4,7 @@ module Mongoid
   describe EncryptedDate do
 
     before(:all) do
-      Mongoid::EncryptedFields.cipher = Mongoid::Ciphers::SymmetricCipher.new(algorithm: 'aes-256-cbc', password: 'my test password')
+      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password')
     end
 
     subject { Mongoid::EncryptedDate }

data/spec/mongoid-encrypted-fields/fields/encrypted_datetime_spec.rb

@@ -4,7 +4,7 @@ module Mongoid
   describe EncryptedDateTime do
 
     before(:all) do
-      Mongoid::EncryptedFields.cipher = Mongoid::Ciphers::SymmetricCipher.new(algorithm: 'aes-256-cbc', password: 'my test password')
+      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password')
     end
 
     subject { Mongoid::EncryptedDateTime }

data/spec/mongoid-encrypted-fields/fields/encrypted_field_spec.rb

@@ -4,7 +4,7 @@ module Mongoid
   describe EncryptedField do
 
     before(:all) do
-      Mongoid::EncryptedFields.cipher = Mongoid::Ciphers::SymmetricCipher.new(algorithm: 'aes-256-cbc', password: 'my test password')
+      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password')
     end
 
     it "should encrypt and decrypt a string" do

data/spec/mongoid-encrypted-fields/fields/encrypted_string_spec.rb

@@ -4,7 +4,7 @@ module Mongoid
   describe EncryptedString do
 
     before(:all) do
-      Mongoid::EncryptedFields.cipher = Mongoid::Ciphers::SymmetricCipher.new(algorithm: 'aes-256-cbc', password: 'my test password')
+      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password')
     end
 
     let(:raw) { "abc123" }

data/spec/mongoid-encrypted-fields/fields/encrypted_time_spec.rb

@@ -4,7 +4,7 @@ module Mongoid
   describe EncryptedTime do
 
     before(:all) do
-      Mongoid::EncryptedFields.cipher = Mongoid::Ciphers::SymmetricCipher.new(algorithm: 'aes-256-cbc', password: 'my test password')
+      Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password')
     end
 
     subject { Mongoid::EncryptedTime }

data/spec/mongoid-encrypted-fields/fields/model_spec.rb

@@ -3,14 +3,14 @@ require 'spec_helper'
 describe 'Single model' do
 
   before(:all) do
-    Mongoid::EncryptedFields.cipher = Mongoid::Ciphers::SymmetricCipher.new(algorithm: 'aes-256-cbc', password: 'my test password')
+    Mongoid::EncryptedFields.cipher = GibberishCipher.new('my test password')
   end
 
   let (:ssn) { '123456789' }
-  let (:ssn_encrypted) { Mongoid::EncryptedString.mongoize('123456789') }
+  let (:ssn_encrypted) { Mongoid::EncryptedString.mongoize(ssn) }
   let (:birth_date) { 20.years.ago.to_date }
-  let (:birth_date_encrypted) { Mongoid::EncryptedDate.mongoize(20.years.ago.to_date) }
-  let (:person) { Person.new(name: 'John Doe', ssn: '123456789', birth_date: 20.years.ago.to_date) }
+  let (:birth_date_encrypted) { Mongoid::EncryptedDate.mongoize(birth_date) }
+  let (:person) { Person.new(name: 'John Doe', ssn: ssn, birth_date: birth_date) }
 
   it "model stores encrypted ssn" do
     person.attributes['ssn'].should eq(ssn_encrypted)

data/spec/spec_helper.rb

@@ -1,11 +1,11 @@
 require 'rubygems'
 require 'bundler/setup'
 require 'mongoid'
-require 'encrypted_strings'
 require 'rspec'
 
 require 'mongoid-encrypted-fields'
 
+Dir["#{File.dirname(__FILE__)}/../examples/**/*.rb"].each {|f| require f}
 Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
 
 ENV['MONGOID_ENV'] ||= 'test'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mongoid-encrypted-fields
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-12-23 00:00:00.000000000 Z
+date: 2013-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -44,37 +44,53 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3'
 - !ruby/object:Gem::Dependency
-  name: encrypted_strings
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: gibberish
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '0.3'
-  type: :runtime
+        version: '1.2'
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: encrypted_strings
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.3'
 description: A library for storing encrypted data in Mongo
 email:
 - development@koanhealth.com
@@ -85,14 +101,15 @@ files:
 - .gitignore
 - .rspec
 - .rvmrc
+- CHANGLOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
+- examples/encrypted_strings_asymmetric_cipher.rb
+- examples/encrypted_strings_symmetric_cipher.rb
+- examples/gibberish_cipher.rb
 - lib/mongoid-encrypted-fields.rb
-- lib/mongoid-encrypted-fields/ciphers/asymmetric_cipher.rb
-- lib/mongoid-encrypted-fields/ciphers/cipher.rb
-- lib/mongoid-encrypted-fields/ciphers/symmetric_cipher.rb
 - lib/mongoid-encrypted-fields/fields/encrypted_date.rb
 - lib/mongoid-encrypted-fields/fields/encrypted_date_time.rb
 - lib/mongoid-encrypted-fields/fields/encrypted_field.rb
@@ -124,7 +141,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3554219364353199264
+      hash: -323082810856718661
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -133,10 +150,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3554219364353199264
+      hash: -323082810856718661
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 1.8.25
 signing_key: 
 specification_version: 3
 summary: Custom types for storing encrypted data

data/lib/mongoid-encrypted-fields/ciphers/asymmetric_cipher.rb

@@ -1,22 +0,0 @@
-module Mongoid
-  module Ciphers
-    class AsymmetricCipher < Cipher
-
-      attr_reader :algorithm, :password, :public_key_file, :private_key_file
-
-      def initialize(options = {})
-        @options = options
-        @options.each { |key, value| instance_variable_set "@#{key}", value }
-      end
-
-      def encrypt(data)
-        data.encrypt(:asymmetric, @options)
-      end
-
-      def decrypt(data)
-        data.decrypt(:asymmetric, @options)
-      end
-
-    end
-  end
-end

data/lib/mongoid-encrypted-fields/ciphers/cipher.rb

@@ -1,15 +0,0 @@
-module Mongoid
-  module Ciphers
-    class Cipher
-
-      def encrypt(data)
-        raise NotImplementedError.new('encrypt must be implemented')
-      end
-
-      def decrypt(data)
-        raise NotImplementedError.new('decrypt must be implemented')
-      end
-
-    end
-  end
-end

data/lib/mongoid-encrypted-fields/ciphers/symmetric_cipher.rb

@@ -1,22 +0,0 @@
-module Mongoid
-  module Ciphers
-    class SymmetricCipher < Cipher
-
-      attr_reader :algorithm, :password
-
-      def initialize(options = { })
-        @options = options
-        @options.each { |key, value| instance_variable_set "@#{key}", value }
-      end
-
-      def encrypt(data)
-        data.encrypt(:symmetric, @options)
-      end
-
-      def decrypt(data)
-        data.decrypt(:symmetric, @options)
-      end
-
-    end
-  end
-end