pgcrypto 0.0.1 → 0.0.2

data/CHANGES

@@ -1,3 +1,8 @@
+0.0.2
+	* Fixed a number of key-related bugs discovered in testing with our
+		second production app with encrypted columns. Also duck-typed AREL
+		statement types in a few places.
+
 0.0.1
 	* INSERT, SELECT, and UPDATE statements are working. But I wrote this
 	  while testing with a production app, and thus haven't written

data/README.markdown

@@ -22,9 +22,12 @@ You need to have PGCrypto installed before this guy will work. [LMGTFY](http://l
 		PGCrypto.keys[:private] = {:path => "~/.keys/private.key"}
 		PGCrypto.keys[:public] = {:path => "~/.keys/public.key"}
 
-4. PGCrypto columns are named `attribute_encrypted` and in the `binary` format, so do something like this:
+4. PGCrypto columns are named `attribute_encrypted` in the binary format, so do something like this:
 		
-		add_column :users, :social\_security\_number\_encrypted, :binary
+		add_column :users, :social_security_number_encrypted, :binary
+		
+	This will allow you to access `User#social_security_number` and store the user's social in an encrypted
+	column called `social_security_number_encryped`.
 
 5. Tell the User class to encrypt and decrypt the `social_security_number` attribute on the fly:
 		
@@ -47,14 +50,15 @@ a GPG-encrypted column that can only be decrypted with your secure key.
 Keys
 -
 
-You can tell PGCrypto about your keys in a number of fun ways. The most straightforward is to assign the actual
-content of the key manually:
+If you want to bundle your public key with your application, PGCrypto will automatically load `#{Rails.root}/.pgcrypto`,
+so feel free to put your public key in there. You can also tell PGCrypto about your keys in a number of fun ways.
+The most straightforward is to assign the actual content of the key manually:
 
 	PGCrypto.keys[:private] = "-----BEGIN PGP PRIVATE KEY BLOCK----- ..."
 
 You can also give it more specific stuff:
 
-	PGCrypto.keys[:private] = {:path => ".private.key", :armored => true, :password => "myKeyPASSwhichizneededBRO"}
+	PGCrypto.keys[:private] = {:path => ".private.key", :armored => false, :password => "myKeyPASSwhichizneededBRO"}
 
 This is especially important if you password protect your private key files (and you SHOULD, for the record)!
 
@@ -69,8 +73,7 @@ If you do that, just tell PGCrypto which keys to use on which columns, using an
 		pgcrypto :social_security_number, :private_key => :user_private, :public_key => :user_public
 	end
 
-FINALLY, if you want to bundle your public key with your application, PGCrypto will automatically load Rails.root/.pgcrypto,
-so feel free to put your public key in there. I recommend deploy-time passing of your private key and password, to ensure it
+I recommend deploy-time passing of your private key and password, to ensure it
 doesn't wind up in any long-term storage on the server:
 
 	PGCrypto.keys[:private] = {:value => ENV['PRIVATE_KEY'], :password => ENV['PRIVATE_KEY_PASSWORD']}
@@ -78,11 +81,15 @@ doesn't wind up in any long-term storage on the server:
 Warranty
 -
 
-As I mentioned before, this library is one HUGE hack. When you're using something like this alongside data that needs to be
-well protected, this is just scratching the surface. This will make it easy to follow the basics of asymmetric, GPG-based,
-column-level encryption in PostgreSQL but that's about it.
+As I mentioned before, this library is one HUGE hack. This is just scratching the surface of keeping your data secure.
+For example, if you don't protect your log files, anyone who can read them can get your private and public keys and
+decrypt whatever the hell they want. You'll also have to scrub your logs, because un-encrypted data is displayed right
+alongside those private and public keys.
+
+Basically, this will make it easy to start with asymmetric, GPG-based, column-level encryption in PostgreSQL. But that's about
+it; the rest is up to you.
 
-As such, the author and Delightful Widgets Inc. offer ABSOLUTELY NO GODDAMN WARRANTY. As I mentioned, this works great in our
+**As such,** the author and Delightful Widgets Inc. offer ***ABSOLUTELY NO GODDAMN WARRANTY***. As I mentioned, this works great in our
 Rails 3.2 world, but YMMV if your version of Arel or ActiveRecord are ahead or behind ours. Sorry, folks.
 
 WTF NO TESTS?!!
@@ -91,5 +98,4 @@ WTF NO TESTS?!!
 Nope. We built this inside of a production application, and used its test suite to debug everything. Since this is really just
 a preview release, I haven't written a suite for it yet. Sorry.
 
-Authored by Flip Sasser
-Copyright (C) 2012 Delightful Widgets, Inc.
+Copyright (C) 2012 Delightful Widgets, Inc. Built by Flip Sasser, Monkeypatcher Extraordinaire!

data/VERSION

@@ -1 +1 @@
-0.0.1
+0.0.2

data/lib/pgcrypto/active_record.rb

@@ -20,11 +20,12 @@ ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.class_eval do
     unless PGCrypto[table].empty?
       arel.ast.columns.each_with_index do |column, i|
         if options = PGCrypto[table][column.name]
-          key = PGCrypto.keys[options[:public_key] || :public]
-          value = arel.ast.values.expressions[i]
-          quoted_value = quote_string(value)
-          encryption_instruction = %[pgp_pub_encrypt(#{quoted_value}, #{key.dearmored})]
-          arel.ast.values.expressions[i] = Arel::Nodes::SqlLiteral.new(encryption_instruction)
+          if key = PGCrypto.keys[options[:public_key] || :public]
+            value = arel.ast.values.expressions[i]
+            quoted_value = quote_string(value)
+            encryption_instruction = %[pgp_pub_encrypt(#{quoted_value}, #{key.dearmored})]
+            arel.ast.values.expressions[i] = Arel::Nodes::SqlLiteral.new(encryption_instruction)
+          end
         end
       end
     end
@@ -67,11 +68,12 @@ ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.class_eval do
         # Now loop through the children to encrypt them for the SELECT
         where.children.each do |child|
           if options = PGCrypto[child.left.relation.name]["#{child.left.name}_encrypted"]
-            key = PGCrypto.keys[options[:private_key] || :private]
-            joins[key.name] ||= "#{key.dearmored} AS #{key.name}_key"
-            child.left = Arel::Nodes::SqlLiteral.new("pgp_pub_decrypt(#{child.left.name}_encrypted, keys.#{key.name}_key)")
+            if key = PGCrypto.keys[options[:private_key] || :private]
+              joins[key.name] ||= "#{key.dearmored} AS #{key.name}_key"
+              child.left = Arel::Nodes::SqlLiteral.new("pgp_pub_decrypt(#{child.left.name}_encrypted, keys.#{key.name}_key)")
+            end
           end
-        end
+        end if where.respond_to?(:children)
       end
     end
     unless joins.empty?
@@ -81,22 +83,21 @@ ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.class_eval do
 
   def pgcrypto_tweak_select_column(column, options, joins)
     return nil unless options[:type] == :pgp
-    key = PGCrypto.keys[options[:private_key] || :private]
-    select = %[pgp_pub_decrypt(#{column}, keys.#{key.name}_key#{", '#{key.password}'" if key.password}) AS "#{column.to_s.gsub(/_encrypted$/, '')}"]
-    joins[key.name] ||= "#{key.dearmored} AS #{key.name}_key"
-    Arel::Nodes::SqlLiteral.new(select)
+    if key = PGCrypto.keys[options[:private_key] || :private]
+      select = %[pgp_pub_decrypt(#{column}, keys.#{key.name}_key#{", '#{key.password}'" if key.password}) AS "#{column.to_s.gsub(/_encrypted$/, '')}"]
+      joins[key.name] ||= "#{key.dearmored} AS #{key.name}_key"
+      Arel::Nodes::SqlLiteral.new(select)
+    end
   end
 
   def pgcrypto_tweak_update(arel)
     # Loop through the assignments and make sure we take care of that whole
     # NULL value thing!
     arel.ast.values.each do |value|
-      if options = PGCrypto[value.left.relation.name][value.left.name]
-        case value.right
-        when NilClass
+      if value.respond_to?(:left) && options = PGCrypto[value.left.relation.name][value.left.name]
+        if value.right.nil?
           value.right = Arel::Nodes::SqlLiteral.new('NULL')
-        else
-          key = PGCrypto.keys[options[:public_key] || :public]
+        elsif key = PGCrypto.keys[options[:public_key] || :public]
           quoted_right = quote_string(value.right)
           encryption_instruction = %[pgp_pub_encrypt('#{quoted_right}', #{key.dearmored})]
           value.right = Arel::Nodes::SqlLiteral.new(encryption_instruction)

data/pgcrypto.gemspec

@@ -0,0 +1,46 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "pgcrypto"
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Flip Sasser"]
+  s.date = "2012-02-24"
+  s.description = "\n      PGCrypto is an ActiveRecord::Base extension that allows you to asymmetrically\n      encrypt PostgreSQL columns with as little trouble as possible. It's totally\n      freaking rad.\n    "
+  s.email = "flip@x451.com"
+  s.extra_rdoc_files = [
+    "LICENSE",
+    "README.markdown"
+  ]
+  s.files = [
+    ".rspec",
+    "CHANGES",
+    "LICENSE",
+    "README.markdown",
+    "Rakefile",
+    "VERSION",
+    "lib/pgcrypto.rb",
+    "lib/pgcrypto/active_record.rb",
+    "lib/pgcrypto/arel.rb",
+    "lib/pgcrypto/key.rb",
+    "lib/pgcrypto/table_manager.rb"
+  ]
+  s.homepage = "http://github.com/Plinq/pgcrypto"
+  s.require_paths = ["lib"]
+  s.rubygems_version = "1.8.10"
+  s.summary = "A transparent ActiveRecord::Base extension for encrypted columns"
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pgcrypto
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-02-24 00:00:00.000000000 Z
+date: 2012-02-28 00:00:00.000000000 Z
 dependencies: []
 description: ! "\n      PGCrypto is an ActiveRecord::Base extension that allows you
   to asymmetrically\n      encrypt PostgreSQL columns with as little trouble as possible.
@@ -32,6 +32,7 @@ files:
 - lib/pgcrypto/arel.rb
 - lib/pgcrypto/key.rb
 - lib/pgcrypto/table_manager.rb
+- pgcrypto.gemspec
 homepage: http://github.com/Plinq/pgcrypto
 licenses: []
 post_install_message: