porky_lib 0.2.2 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CODEOWNERS +15 -0
- data/Gemfile.lock +12 -11
- data/README.md +1 -1
- data/lib/porky_lib/symmetric.rb +20 -8
- data/lib/porky_lib/version.rb +1 -1
- data/porky_lib.gemspec +1 -0
- metadata +17 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 19b718381824aafedef703480921fd9fe899e626
|
|
4
|
+
data.tar.gz: b64260ec8053b525a43d069892ca2e54da7f99b6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cfcf429664d82469a425401afbf5b6d149ec71ef942b9c88b3c5b9a588c2731ae5f5945e4fb17f23ec9332858e40acaf4a23bff5dbda3e546b657cc6f585f119
|
|
7
|
+
data.tar.gz: e8ce54df309f48201fc36c7835673c80e9d438a9d88c1474cc56bc57a9dc973f2bd7885b0ba70d84bb2ff1b401566f4fe43ebce5d37e67971dd5b8a02999675f
|
data/CODEOWNERS
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# For help consult: https://help.github.com/articles/about-codeowners/
|
|
2
|
+
|
|
3
|
+
# Lines starting with '#' are comments.
|
|
4
|
+
# Each line is a file pattern followed by one or more owners.
|
|
5
|
+
|
|
6
|
+
# These owners will be the default owners for everything in the repo.
|
|
7
|
+
* @Zetatango/security
|
|
8
|
+
|
|
9
|
+
# Order is important. The last matching pattern has the most precedence.
|
|
10
|
+
# So if a pull request only touches javascript files, only these owners
|
|
11
|
+
# will be requested to review.
|
|
12
|
+
# *.js @octocat @github/js
|
|
13
|
+
|
|
14
|
+
# You can also use email addresses if you prefer.
|
|
15
|
+
# docs/* docs@example.com
|
data/Gemfile.lock
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
porky_lib (0.
|
|
4
|
+
porky_lib (0.3.0)
|
|
5
5
|
aws-sdk-kms
|
|
6
6
|
aws-sdk-s3
|
|
7
7
|
msgpack
|
|
8
|
+
rbnacl (= 5.0.0)
|
|
8
9
|
rbnacl-libsodium
|
|
9
10
|
|
|
10
11
|
GEM
|
|
@@ -12,17 +13,17 @@ GEM
|
|
|
12
13
|
specs:
|
|
13
14
|
ast (2.4.0)
|
|
14
15
|
aws-eventstream (1.0.1)
|
|
15
|
-
aws-partitions (1.
|
|
16
|
-
aws-sdk-core (3.
|
|
16
|
+
aws-partitions (1.115.0)
|
|
17
|
+
aws-sdk-core (3.39.0)
|
|
17
18
|
aws-eventstream (~> 1.0)
|
|
18
19
|
aws-partitions (~> 1.0)
|
|
19
20
|
aws-sigv4 (~> 1.0)
|
|
20
21
|
jmespath (~> 1.0)
|
|
21
|
-
aws-sdk-kms (1.
|
|
22
|
-
aws-sdk-core (~> 3, >= 3.
|
|
22
|
+
aws-sdk-kms (1.12.0)
|
|
23
|
+
aws-sdk-core (~> 3, >= 3.39.0)
|
|
23
24
|
aws-sigv4 (~> 1.0)
|
|
24
|
-
aws-sdk-s3 (1.
|
|
25
|
-
aws-sdk-core (~> 3, >= 3.
|
|
25
|
+
aws-sdk-s3 (1.25.0)
|
|
26
|
+
aws-sdk-core (~> 3, >= 3.39.0)
|
|
26
27
|
aws-sdk-kms (~> 1)
|
|
27
28
|
aws-sigv4 (~> 1.0)
|
|
28
29
|
aws-sigv4 (1.0.3)
|
|
@@ -42,7 +43,7 @@ GEM
|
|
|
42
43
|
json (2.1.0)
|
|
43
44
|
msgpack (1.2.4)
|
|
44
45
|
parallel (1.12.1)
|
|
45
|
-
parser (2.5.
|
|
46
|
+
parser (2.5.3.0)
|
|
46
47
|
ast (~> 2.4.0)
|
|
47
48
|
powerpack (0.1.2)
|
|
48
49
|
rainbow (3.0.0)
|
|
@@ -68,14 +69,14 @@ GEM
|
|
|
68
69
|
rspec-support (3.8.0)
|
|
69
70
|
rspec_junit_formatter (0.4.1)
|
|
70
71
|
rspec-core (>= 2, < 4, != 2.12.0)
|
|
71
|
-
rubocop (0.
|
|
72
|
+
rubocop (0.60.0)
|
|
72
73
|
jaro_winkler (~> 1.5.1)
|
|
73
74
|
parallel (~> 1.10)
|
|
74
75
|
parser (>= 2.5, != 2.5.1.1)
|
|
75
76
|
powerpack (~> 0.1)
|
|
76
77
|
rainbow (>= 2.2.2, < 4.0)
|
|
77
78
|
ruby-progressbar (~> 1.7)
|
|
78
|
-
unicode-display_width (~> 1.
|
|
79
|
+
unicode-display_width (~> 1.4.0)
|
|
79
80
|
rubocop-rspec (1.29.1)
|
|
80
81
|
rubocop (>= 0.58.0)
|
|
81
82
|
rubocop_runner (2.1.0)
|
|
@@ -111,4 +112,4 @@ DEPENDENCIES
|
|
|
111
112
|
timecop
|
|
112
113
|
|
|
113
114
|
BUNDLED WITH
|
|
114
|
-
1.
|
|
115
|
+
1.17.1
|
data/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
[](https://circleci.com/gh/Zetatango/porky_lib) [](https://codecov.io/gh/Zetatango/porky_lib)
|
|
1
|
+
[](https://circleci.com/gh/Zetatango/porky_lib) [](https://codecov.io/gh/Zetatango/porky_lib) [](https://badge.fury.io/rb/porky_lib)
|
|
2
2
|
|
|
3
3
|
# PorkyLib
|
|
4
4
|
|
data/lib/porky_lib/symmetric.rb
CHANGED
|
@@ -51,13 +51,14 @@ class PorkyLib::Symmetric
|
|
|
51
51
|
resp = client.generate_data_key(key_id: cmk_key_id, key_spec: SYMMETRIC_KEY_SPEC, encryption_context: encryption_context) if encryption_context
|
|
52
52
|
resp = client.generate_data_key(key_id: cmk_key_id, key_spec: SYMMETRIC_KEY_SPEC) unless encryption_context
|
|
53
53
|
|
|
54
|
-
[resp.
|
|
54
|
+
[resp.plaintext, resp.ciphertext_blob]
|
|
55
55
|
end
|
|
56
56
|
|
|
57
57
|
def decrypt_data_encryption_key(ciphertext_key, encryption_context = nil)
|
|
58
|
-
return client.decrypt(ciphertext_blob: ciphertext_key, encryption_context: encryption_context).
|
|
58
|
+
return client.decrypt(ciphertext_blob: ciphertext_key, encryption_context: encryption_context).plaintext if encryption_context
|
|
59
59
|
|
|
60
|
-
client.decrypt(ciphertext_blob: ciphertext_key)
|
|
60
|
+
resp = client.decrypt(ciphertext_blob: ciphertext_key)
|
|
61
|
+
resp.plaintext
|
|
61
62
|
end
|
|
62
63
|
|
|
63
64
|
def encrypt(data, cmk_key_id, ciphertext_dek = nil, encryption_context = nil)
|
|
@@ -71,9 +72,6 @@ class PorkyLib::Symmetric
|
|
|
71
72
|
# Initialize the box
|
|
72
73
|
secret_box = RbNaCl::SecretBox.new(plaintext_key)
|
|
73
74
|
|
|
74
|
-
# Securely delete the plaintext value from memory
|
|
75
|
-
plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
|
|
76
|
-
|
|
77
75
|
# First, make a nonce: A single-use value never repeated under the same key
|
|
78
76
|
# The nonce isn't secret, and can be sent with the ciphertext.
|
|
79
77
|
# The cipher instance has a nonce_bytes method for determining how many bytes should be in a nonce
|
|
@@ -81,6 +79,10 @@ class PorkyLib::Symmetric
|
|
|
81
79
|
|
|
82
80
|
# Encrypt a message with SecretBox
|
|
83
81
|
ciphertext = secret_box.encrypt(nonce, data)
|
|
82
|
+
|
|
83
|
+
# Securely delete the plaintext value from memory
|
|
84
|
+
plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
|
|
85
|
+
|
|
84
86
|
[ciphertext_key, ciphertext, nonce]
|
|
85
87
|
end
|
|
86
88
|
|
|
@@ -89,13 +91,23 @@ class PorkyLib::Symmetric
|
|
|
89
91
|
|
|
90
92
|
# Decrypt the data encryption key
|
|
91
93
|
plaintext_key = decrypt_data_encryption_key(ciphertext_dek, encryption_context)
|
|
92
|
-
|
|
93
94
|
secret_box = RbNaCl::SecretBox.new(plaintext_key)
|
|
94
95
|
|
|
96
|
+
should_reencrypt = false
|
|
97
|
+
begin
|
|
98
|
+
# Decrypt the message
|
|
99
|
+
message = secret_box.decrypt(nonce, ciphertext)
|
|
100
|
+
rescue RbNaCl::CryptoError
|
|
101
|
+
# For backwards compatibility due to a code error in a previous release
|
|
102
|
+
plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
|
|
103
|
+
message = secret_box.decrypt(nonce, ciphertext)
|
|
104
|
+
should_reencrypt = true
|
|
105
|
+
end
|
|
106
|
+
|
|
95
107
|
# Securely delete the plaintext value from memory
|
|
96
108
|
plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
|
|
97
109
|
|
|
98
|
-
|
|
110
|
+
[message, should_reencrypt]
|
|
99
111
|
end
|
|
100
112
|
|
|
101
113
|
def secure_delete_plaintext_key(length)
|
data/lib/porky_lib/version.rb
CHANGED
data/porky_lib.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: porky_lib
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Greg Fletcher
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-11-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -248,6 +248,20 @@ dependencies:
|
|
|
248
248
|
- - ">="
|
|
249
249
|
- !ruby/object:Gem::Version
|
|
250
250
|
version: '0'
|
|
251
|
+
- !ruby/object:Gem::Dependency
|
|
252
|
+
name: rbnacl
|
|
253
|
+
requirement: !ruby/object:Gem::Requirement
|
|
254
|
+
requirements:
|
|
255
|
+
- - '='
|
|
256
|
+
- !ruby/object:Gem::Version
|
|
257
|
+
version: 5.0.0
|
|
258
|
+
type: :runtime
|
|
259
|
+
prerelease: false
|
|
260
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
261
|
+
requirements:
|
|
262
|
+
- - '='
|
|
263
|
+
- !ruby/object:Gem::Version
|
|
264
|
+
version: 5.0.0
|
|
251
265
|
- !ruby/object:Gem::Dependency
|
|
252
266
|
name: rbnacl-libsodium
|
|
253
267
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -274,6 +288,7 @@ files:
|
|
|
274
288
|
- ".gitignore"
|
|
275
289
|
- ".rspec"
|
|
276
290
|
- ".rubocop.yml"
|
|
291
|
+
- CODEOWNERS
|
|
277
292
|
- Gemfile
|
|
278
293
|
- Gemfile.lock
|
|
279
294
|
- README.md
|