porky_lib 0.2.2 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CODEOWNERS +15 -0
- data/Gemfile.lock +12 -11
- data/README.md +1 -1
- data/lib/porky_lib/symmetric.rb +20 -8
- data/lib/porky_lib/version.rb +1 -1
- data/porky_lib.gemspec +1 -0
- metadata +17 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 19b718381824aafedef703480921fd9fe899e626
|
|
4
|
+
data.tar.gz: b64260ec8053b525a43d069892ca2e54da7f99b6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cfcf429664d82469a425401afbf5b6d149ec71ef942b9c88b3c5b9a588c2731ae5f5945e4fb17f23ec9332858e40acaf4a23bff5dbda3e546b657cc6f585f119
|
|
7
|
+
data.tar.gz: e8ce54df309f48201fc36c7835673c80e9d438a9d88c1474cc56bc57a9dc973f2bd7885b0ba70d84bb2ff1b401566f4fe43ebce5d37e67971dd5b8a02999675f
|
data/CODEOWNERS
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# For help consult: https://help.github.com/articles/about-codeowners/
|
|
2
|
+
|
|
3
|
+
# Lines starting with '#' are comments.
|
|
4
|
+
# Each line is a file pattern followed by one or more owners.
|
|
5
|
+
|
|
6
|
+
# These owners will be the default owners for everything in the repo.
|
|
7
|
+
* @Zetatango/security
|
|
8
|
+
|
|
9
|
+
# Order is important. The last matching pattern has the most precedence.
|
|
10
|
+
# So if a pull request only touches javascript files, only these owners
|
|
11
|
+
# will be requested to review.
|
|
12
|
+
# *.js @octocat @github/js
|
|
13
|
+
|
|
14
|
+
# You can also use email addresses if you prefer.
|
|
15
|
+
# docs/* docs@example.com
|
data/Gemfile.lock
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
porky_lib (0.
|
|
4
|
+
porky_lib (0.3.0)
|
|
5
5
|
aws-sdk-kms
|
|
6
6
|
aws-sdk-s3
|
|
7
7
|
msgpack
|
|
8
|
+
rbnacl (= 5.0.0)
|
|
8
9
|
rbnacl-libsodium
|
|
9
10
|
|
|
10
11
|
GEM
|
|
@@ -12,17 +13,17 @@ GEM
|
|
|
12
13
|
specs:
|
|
13
14
|
ast (2.4.0)
|
|
14
15
|
aws-eventstream (1.0.1)
|
|
15
|
-
aws-partitions (1.
|
|
16
|
-
aws-sdk-core (3.
|
|
16
|
+
aws-partitions (1.115.0)
|
|
17
|
+
aws-sdk-core (3.39.0)
|
|
17
18
|
aws-eventstream (~> 1.0)
|
|
18
19
|
aws-partitions (~> 1.0)
|
|
19
20
|
aws-sigv4 (~> 1.0)
|
|
20
21
|
jmespath (~> 1.0)
|
|
21
|
-
aws-sdk-kms (1.
|
|
22
|
-
aws-sdk-core (~> 3, >= 3.
|
|
22
|
+
aws-sdk-kms (1.12.0)
|
|
23
|
+
aws-sdk-core (~> 3, >= 3.39.0)
|
|
23
24
|
aws-sigv4 (~> 1.0)
|
|
24
|
-
aws-sdk-s3 (1.
|
|
25
|
-
aws-sdk-core (~> 3, >= 3.
|
|
25
|
+
aws-sdk-s3 (1.25.0)
|
|
26
|
+
aws-sdk-core (~> 3, >= 3.39.0)
|
|
26
27
|
aws-sdk-kms (~> 1)
|
|
27
28
|
aws-sigv4 (~> 1.0)
|
|
28
29
|
aws-sigv4 (1.0.3)
|
|
@@ -42,7 +43,7 @@ GEM
|
|
|
42
43
|
json (2.1.0)
|
|
43
44
|
msgpack (1.2.4)
|
|
44
45
|
parallel (1.12.1)
|
|
45
|
-
parser (2.5.
|
|
46
|
+
parser (2.5.3.0)
|
|
46
47
|
ast (~> 2.4.0)
|
|
47
48
|
powerpack (0.1.2)
|
|
48
49
|
rainbow (3.0.0)
|
|
@@ -68,14 +69,14 @@ GEM
|
|
|
68
69
|
rspec-support (3.8.0)
|
|
69
70
|
rspec_junit_formatter (0.4.1)
|
|
70
71
|
rspec-core (>= 2, < 4, != 2.12.0)
|
|
71
|
-
rubocop (0.
|
|
72
|
+
rubocop (0.60.0)
|
|
72
73
|
jaro_winkler (~> 1.5.1)
|
|
73
74
|
parallel (~> 1.10)
|
|
74
75
|
parser (>= 2.5, != 2.5.1.1)
|
|
75
76
|
powerpack (~> 0.1)
|
|
76
77
|
rainbow (>= 2.2.2, < 4.0)
|
|
77
78
|
ruby-progressbar (~> 1.7)
|
|
78
|
-
unicode-display_width (~> 1.
|
|
79
|
+
unicode-display_width (~> 1.4.0)
|
|
79
80
|
rubocop-rspec (1.29.1)
|
|
80
81
|
rubocop (>= 0.58.0)
|
|
81
82
|
rubocop_runner (2.1.0)
|
|
@@ -111,4 +112,4 @@ DEPENDENCIES
|
|
|
111
112
|
timecop
|
|
112
113
|
|
|
113
114
|
BUNDLED WITH
|
|
114
|
-
1.
|
|
115
|
+
1.17.1
|
data/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
[](https://circleci.com/gh/Zetatango/porky_lib) [](https://codecov.io/gh/Zetatango/porky_lib)
|
|
1
|
+
[](https://circleci.com/gh/Zetatango/porky_lib) [](https://codecov.io/gh/Zetatango/porky_lib) [](https://badge.fury.io/rb/porky_lib)
|
|
2
2
|
|
|
3
3
|
# PorkyLib
|
|
4
4
|
|
data/lib/porky_lib/symmetric.rb
CHANGED
|
@@ -51,13 +51,14 @@ class PorkyLib::Symmetric
|
|
|
51
51
|
resp = client.generate_data_key(key_id: cmk_key_id, key_spec: SYMMETRIC_KEY_SPEC, encryption_context: encryption_context) if encryption_context
|
|
52
52
|
resp = client.generate_data_key(key_id: cmk_key_id, key_spec: SYMMETRIC_KEY_SPEC) unless encryption_context
|
|
53
53
|
|
|
54
|
-
[resp.
|
|
54
|
+
[resp.plaintext, resp.ciphertext_blob]
|
|
55
55
|
end
|
|
56
56
|
|
|
57
57
|
def decrypt_data_encryption_key(ciphertext_key, encryption_context = nil)
|
|
58
|
-
return client.decrypt(ciphertext_blob: ciphertext_key, encryption_context: encryption_context).
|
|
58
|
+
return client.decrypt(ciphertext_blob: ciphertext_key, encryption_context: encryption_context).plaintext if encryption_context
|
|
59
59
|
|
|
60
|
-
client.decrypt(ciphertext_blob: ciphertext_key)
|
|
60
|
+
resp = client.decrypt(ciphertext_blob: ciphertext_key)
|
|
61
|
+
resp.plaintext
|
|
61
62
|
end
|
|
62
63
|
|
|
63
64
|
def encrypt(data, cmk_key_id, ciphertext_dek = nil, encryption_context = nil)
|
|
@@ -71,9 +72,6 @@ class PorkyLib::Symmetric
|
|
|
71
72
|
# Initialize the box
|
|
72
73
|
secret_box = RbNaCl::SecretBox.new(plaintext_key)
|
|
73
74
|
|
|
74
|
-
# Securely delete the plaintext value from memory
|
|
75
|
-
plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
|
|
76
|
-
|
|
77
75
|
# First, make a nonce: A single-use value never repeated under the same key
|
|
78
76
|
# The nonce isn't secret, and can be sent with the ciphertext.
|
|
79
77
|
# The cipher instance has a nonce_bytes method for determining how many bytes should be in a nonce
|
|
@@ -81,6 +79,10 @@ class PorkyLib::Symmetric
|
|
|
81
79
|
|
|
82
80
|
# Encrypt a message with SecretBox
|
|
83
81
|
ciphertext = secret_box.encrypt(nonce, data)
|
|
82
|
+
|
|
83
|
+
# Securely delete the plaintext value from memory
|
|
84
|
+
plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
|
|
85
|
+
|
|
84
86
|
[ciphertext_key, ciphertext, nonce]
|
|
85
87
|
end
|
|
86
88
|
|
|
@@ -89,13 +91,23 @@ class PorkyLib::Symmetric
|
|
|
89
91
|
|
|
90
92
|
# Decrypt the data encryption key
|
|
91
93
|
plaintext_key = decrypt_data_encryption_key(ciphertext_dek, encryption_context)
|
|
92
|
-
|
|
93
94
|
secret_box = RbNaCl::SecretBox.new(plaintext_key)
|
|
94
95
|
|
|
96
|
+
should_reencrypt = false
|
|
97
|
+
begin
|
|
98
|
+
# Decrypt the message
|
|
99
|
+
message = secret_box.decrypt(nonce, ciphertext)
|
|
100
|
+
rescue RbNaCl::CryptoError
|
|
101
|
+
# For backwards compatibility due to a code error in a previous release
|
|
102
|
+
plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
|
|
103
|
+
message = secret_box.decrypt(nonce, ciphertext)
|
|
104
|
+
should_reencrypt = true
|
|
105
|
+
end
|
|
106
|
+
|
|
95
107
|
# Securely delete the plaintext value from memory
|
|
96
108
|
plaintext_key.replace(secure_delete_plaintext_key(plaintext_key.bytesize))
|
|
97
109
|
|
|
98
|
-
|
|
110
|
+
[message, should_reencrypt]
|
|
99
111
|
end
|
|
100
112
|
|
|
101
113
|
def secure_delete_plaintext_key(length)
|
data/lib/porky_lib/version.rb
CHANGED
data/porky_lib.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: porky_lib
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Greg Fletcher
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-11-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -248,6 +248,20 @@ dependencies:
|
|
|
248
248
|
- - ">="
|
|
249
249
|
- !ruby/object:Gem::Version
|
|
250
250
|
version: '0'
|
|
251
|
+
- !ruby/object:Gem::Dependency
|
|
252
|
+
name: rbnacl
|
|
253
|
+
requirement: !ruby/object:Gem::Requirement
|
|
254
|
+
requirements:
|
|
255
|
+
- - '='
|
|
256
|
+
- !ruby/object:Gem::Version
|
|
257
|
+
version: 5.0.0
|
|
258
|
+
type: :runtime
|
|
259
|
+
prerelease: false
|
|
260
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
261
|
+
requirements:
|
|
262
|
+
- - '='
|
|
263
|
+
- !ruby/object:Gem::Version
|
|
264
|
+
version: 5.0.0
|
|
251
265
|
- !ruby/object:Gem::Dependency
|
|
252
266
|
name: rbnacl-libsodium
|
|
253
267
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -274,6 +288,7 @@ files:
|
|
|
274
288
|
- ".gitignore"
|
|
275
289
|
- ".rspec"
|
|
276
290
|
- ".rubocop.yml"
|
|
291
|
+
- CODEOWNERS
|
|
277
292
|
- Gemfile
|
|
278
293
|
- Gemfile.lock
|
|
279
294
|
- README.md
|