porky_lib 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: cc40805a9b711ba76325becb50acc00ed3bedb28
+  data.tar.gz: 728228c4441a2362bf8dbee387db06db13e1adb3
+SHA512:
+  metadata.gz: dbb89bca0d5f79bec39b326e148e589a499c95ae5a618755bf592bce71c53949161a1a2f06699e30a2ca33a7f439212f17e2a2453c039b3fb067602ec5c2ace2
+  data.tar.gz: aedfd5f8356dbf49994518e6ec2dd99ac7372c01183d0985e34084a68cbf62e7f446f3685fe8c927895697cc0864e0ae9ec18ef29d59375366e01c2f943353cc

data/.circleci/config.yml

@@ -0,0 +1,58 @@
+version: 2
+jobs:
+  build:
+    parallelism: 2
+    working_directory: ~/porky_lib
+    environment:
+      - CODECOV_TOKEN: 4d03ca51-5054-4858-87c7-b37c376ffb6a
+    docker:
+      - image: zetatango/circle-ruby-2.3.7-openssl
+
+    steps:
+      - checkout
+
+      - restore_cache:
+          name: Restore bundle cache
+          keys:
+            - porky_lib-bundle-{{ checksum "Gemfile.lock" }}
+            - porky_lib-bundle-
+
+      - run:
+          name: Bundle Install
+          command: bundle install
+
+      - save_cache:
+          name: Store bundle cache
+          key: porky_lib-bundle-{{ checksum "Gemfile.lock" }}
+          paths:
+            - vendor/bundle
+
+      - run:
+          name: Run rubocop
+          command: |
+            bundle exec rubocop --out test_results/rubocop.txt --format fuubar --require rubocop-rspec --config .rubocop.yml
+
+      - run:
+          name: Run bundle-audit
+          command: |
+            bundle exec bundle-audit check --update
+
+      - run:
+          name: Run rspec tests
+          command: |
+            bundle exec rspec \
+              --profile 10 \
+              --format RspecJunitFormatter \
+              --out test_results/rspec.xml \
+              --format progress
+
+      - store_test_results:
+          path: test_results
+
+      - store_artifacts:
+          path: test_results
+          prefix: tests
+
+      - store_artifacts:
+          path: coverage
+          prefix: coverage

data/.github/pull_request_template.md

@@ -0,0 +1,19 @@
+*Related Issue(s) or Task(s)*
+
+List the issues or tasks that are related to this pull request.
+
+*Why?*
+
+Explain the high-level reason(s) why this change is required.
+
+*How?*
+
+Explain the development-level approach you are using in this solution.
+
+*Risks*
+
+Explain the risks that are involved with making this change, if any.
+
+*Requested Reviewers*
+
+List the developers that should review this pull request.

data/.gitignore

@@ -0,0 +1,16 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+
+.byebug_history
+
+.DS_Store
+/.idea/*

data/.rspec

@@ -0,0 +1 @@
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,46 @@
+require: rubocop-rspec
+
+AllCops:
+  Exclude:
+    - bin/*
+    - db/**/*.rb
+    - node_modules/**/*
+    - output/**/*
+    - vendor/**/*
+  TargetRubyVersion: 2.3.7
+  RSpec:
+    Patterns:
+      - _spec.rb
+      - "(?:^|/)spec/"
+    SpecTypes:
+      Feature: 'spec/features/**/*'
+
+Documentation:
+  Enabled: false
+
+Metrics/LineLength:
+  Max: 160
+
+Metrics/ClassLength:
+  Enabled: false
+
+Metrics/BlockLength:
+  Enabled: false
+
+Metrics/AbcSize:
+  Max: 50
+
+Metrics/MethodLength:
+  Max: 50
+
+Style/StringLiterals:
+  Enabled: false
+
+Style/ClassAndModuleChildren:
+  EnforcedStyle: compact
+
+RSpec/MultipleExpectations:
+  Max: 5
+
+RSpec/ExampleLength:
+  Max: 10

data/Gemfile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in porky_lib.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,109 @@
+PATH
+  remote: .
+  specs:
+    porky_lib (0.1.0)
+      aws-sdk-kms
+      msgpack
+      rbnacl-libsodium
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.0)
+    aws-eventstream (1.0.1)
+    aws-partitions (1.95.0)
+    aws-sdk-core (3.22.1)
+      aws-eventstream (~> 1.0)
+      aws-partitions (~> 1.0)
+      aws-sigv4 (~> 1.0)
+      jmespath (~> 1.0)
+    aws-sdk-kms (1.6.0)
+      aws-sdk-core (~> 3)
+      aws-sigv4 (~> 1.0)
+    aws-sigv4 (1.0.3)
+    bundler-audit (0.6.0)
+      bundler (~> 1.2)
+      thor (~> 0.18)
+    byebug (10.0.2)
+    codecov (0.1.10)
+      json
+      simplecov
+      url
+    diff-lcs (1.3)
+    docile (1.3.1)
+    ffi (1.9.25)
+    jaro_winkler (1.5.1)
+    jmespath (1.4.0)
+    json (2.1.0)
+    msgpack (1.2.4)
+    parallel (1.12.1)
+    parser (2.5.1.0)
+      ast (~> 2.4.0)
+    powerpack (0.1.2)
+    rainbow (3.0.0)
+    rake (12.3.1)
+    rbnacl (5.0.0)
+      ffi
+    rbnacl-libsodium (1.0.16)
+      rbnacl (>= 3.0.1)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-collection_matchers (1.1.3)
+      rspec-expectations (>= 2.99.0.beta1)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
+    rspec_junit_formatter (0.4.1)
+      rspec-core (>= 2, < 4, != 2.12.0)
+    rubocop (0.57.2)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.5)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    rubocop-rspec (1.27.0)
+      rubocop (>= 0.56.0)
+    rubocop_runner (2.1.0)
+    ruby-progressbar (1.9.0)
+    simplecov (0.16.1)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    thor (0.20.0)
+    timecop (0.9.1)
+    unicode-display_width (1.4.0)
+    url (0.3.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler
+  bundler-audit
+  byebug
+  codecov
+  porky_lib!
+  rake
+  rspec
+  rspec-collection_matchers
+  rspec-mocks
+  rspec_junit_formatter
+  rubocop
+  rubocop-rspec
+  rubocop_runner
+  simplecov
+  timecop
+
+BUNDLED WITH
+   1.16.1

data/README.md

@@ -0,0 +1,103 @@
+[![CircleCI](https://circleci.com/gh/Zetatango/porky_lib.svg?style=svg&circle-token=f1a41896097b814585e5042a8e38425b4d1cdc0b)](https://circleci.com/gh/Zetatango/porky_lib) [![codecov](https://codecov.io/gh/Zetatango/porky_lib/branch/master/graph/badge.svg?token=WxED9350q4)](https://codecov.io/gh/Zetatango/porky_lib)
+
+# PorkyLib
+
+This gem is a cryptographic services library. PorkyLib uses AWS Key Management Service (KMS) for key management and RbNaCl for
+performing cryptographic operations.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'porky_lib'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install porky_lib
+    
+Inside of your Ruby program do:
+
+```ruby
+require 'porky_lib'
+```
+... to pull it in as a dependency.
+
+## Usage
+
+### Initialization
+Something like the following should be included in an initializer in your Rails project:
+```ruby
+# Use PorkyLib's AWS KMS mock client except in production, for example
+use_mock_client = !Rails.env.production?
+PorkyLib::Config.configure(aws_region: ENV[AWS_REGION],
+                           aws_key_id: ENV[AWS_KEY_ID],
+                           aws_key_secret: ENV[AWS_KEY_SECRET],
+                           aws_client_mock: use_mock_client)
+PorkyLib::Config.initialize_aws
+```
+
+### Creating a New CMK
+To create a new customer master key (CMK) within AWS:
+```ruby
+# Where tags is a list of key/value pairs (i.e [{ key1: 'value1' }])
+# key_alias is an optional parameter, and if provided will create an alias with the provided value for the newly created key
+# key_rotation_enabled is an optional parameter, and if true will enable automatic key rotation for the new created key. Default is true.
+key_id = PorkyLib::Symmetric.instance.create_key(tags, key_alias, key_rotation_enabled)
+```
+
+### Creating an Alias for an Existing CMK
+To create a new alias for an existing customer master key (CMK) within AWS:
+```ruby
+# Where key_id is the AWS key ID or Amazon Resource Name (ARN)
+# key_alias is the value of the alias to create
+PorkyLib::Symmetric.instance.create_alias(key_id, key_alias)
+```
+
+### Enabling Key Rotation for an Existing CMK
+To create a new alias for an existing customer master key (CMK) within AWS:
+```ruby
+# Where key_id is the AWS key ID or Amazon Resource Name (ARN)
+PorkyLib::Symmetric.instance.enable_key_rotation(key_id)
+```
+
+### Encrypting Data
+To encrypt data:
+```ruby
+# Where data is the data to encrypt
+# cmk_key_id is the AWS key ID, Amazon Resource Name (ARN) or alias for the CMK to use to generate the data encryption key (DEK)
+# encryption_context is an optional parameter to provide additional authentication data for encrypting the DEK. Default is nil.
+[ciphertext_dek, ciphertext, nonce] = PorkyLib::Symmetric.instance.encrypt(data, cmk_key_id, encryption_context)
+```
+
+### Decrypting Data
+To decrypt data:
+```ruby
+# Where ciphertext_dek is the encrypted data encryption key (DEK)
+# ciphertext is the encrypted data to be decrypted
+# nonce is the nonce value associated with ciphertext
+# encryption_context is an optional parameter to provide additional authentication data for decrypting the DEK. Default is nil. Note, this must match the value that was used to encrypt.
+plaintext_data = PorkyLib::Symmetric.instance.decrypt(ciphertext_dek, ciphertext, nonce, encryption_context)
+```
+
+## Development
+
+Development on this project should occur on separate feature branches and pull requests should be submitted. When submitting a
+pull request, the pull request comment template should be filled out as much as possible to ensure a quick review and increase
+the likelihood of the pull request being accepted.
+
+### Running Tests
+
+```ruby
+rspec # Without code coverage
+COVERAGE=true rspec # with code coverage
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at [https://github.com/Zetatango/porky_lib](https://github.com/Zetatango/porky_lib)

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "porky_lib"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/porky_lib/aws/kms/client.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+require 'aws-sdk-kms'
+require 'msgpack'
+
+##
+# This class is required for unit testing in order to mock response values from the AWS KMS SDK.
+##
+class Aws::KMS::Client
+  MOCK_ALIAS_NAME_ALREADY_EXISTS = 'alias/dup'
+  MOCK_INVALID_ALIAS_NAME = 'alias/aws'
+  MOCK_INVALID_TAG_VALUE = 'bad_value'
+  MOCK_NOT_FOUND_KEY_ID = 'bad_key'
+  MOCK_VALID_KEY_USAGE = 'AES_256'
+  PLAINTEXT_KEY_LENGTH = 32
+
+  def create_key(key_usage:, origin:, tags:)
+    raise Aws::KMS::Errors::TagException.new(nil, nil) if tags[0].value?(MOCK_INVALID_TAG_VALUE)
+
+    Aws::KMS::Types::CreateKeyResponse.new(
+      key_metadata: {
+        aws_account_id: '123',
+        creation_date: Time.now.utc.iso8601,
+        description: '',
+        enabled: true,
+        key_id: SecureRandom.uuid,
+        key_state: 'Enabled',
+        key_usage: key_usage,
+        origin: origin
+      }
+    )
+  end
+
+  def enable_key_rotation(key_id:)
+    raise Aws::KMS::Errors::NotFoundException.new(nil, nil) if key_id.include?(MOCK_NOT_FOUND_KEY_ID)
+  end
+
+  def create_alias(target_key_id:, alias_name:)
+    raise Aws::KMS::Errors::InvalidAliasNameException.new(nil, nil) if alias_name == MOCK_INVALID_ALIAS_NAME
+    raise Aws::KMS::Errors::AlreadyExistsException.new(nil, nil) if alias_name == MOCK_ALIAS_NAME_ALREADY_EXISTS
+    raise Aws::KMS::Errors::NotFoundException.new(nil, nil) if target_key_id.include?(MOCK_NOT_FOUND_KEY_ID)
+  end
+
+  def generate_data_key(key_id:, key_spec:, encryption_context: nil)
+    raise Aws::KMS::Errors::InvalidKeyUsageException.new(nil, nil) unless key_spec == 'AES_256'
+    raise Aws::KMS::Errors::NotFoundException.new(nil, nil) if key_id.include?(MOCK_NOT_FOUND_KEY_ID)
+
+    plaintext = SecureRandom.random_bytes(PLAINTEXT_KEY_LENGTH)
+    Aws::KMS::Types::GenerateDataKeyResponse.new(
+      key_id: key_id,
+      plaintext: plaintext,
+      ciphertext_blob: [key_id, encryption_context, plaintext].to_msgpack.reverse
+    )
+  end
+
+  def decrypt(ciphertext_blob:, encryption_context: nil)
+    key_id, decoded_context, plaintext = MessagePack.unpack(ciphertext_blob.reverse)
+    decoded_context = Hash[decoded_context.map { |k, v| [k.to_sym, v] }] if decoded_context
+    raise Aws::KMS::Errors::InvalidCiphertextException.new(nil, nil) unless decoded_context == encryption_context
+
+    Aws::KMS::Types::DecryptResponse.new(
+      key_id: key_id,
+      plaintext: plaintext
+    )
+  rescue MessagePack::MalformedFormatError
+    raise Aws::KMS::Errors::InvalidCiphertextException.new(nil, nil)
+  end
+
+  def inspect
+    '#<Aws::KMS::Client (mocked)>'
+  end
+end

data/lib/porky_lib/config.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+class PorkyLib::Config
+  @aws_region = ''
+  @aws_key_id = ''
+  @aws_key_secret = ''
+  @aws_client_mock = false
+
+  @config = {
+    aws_region: @aws_region,
+    aws_key_id: @aws_key_id,
+    aws_key_secret: @aws_key_secret,
+    aws_client_mock: @aws_client_mock
+  }
+
+  @allowed_config_keys = @config.keys
+
+  def self.configure(options = {})
+    options.each { |key, value| @config[key.to_sym] = value if @allowed_config_keys.include? key.to_sym }
+  end
+
+  def self.initialize_aws
+    Aws.config.update(
+      region: @config[:aws_region],
+      credentials: Aws::Credentials.new(
+        @config[:aws_key_id],
+        @config[:aws_key_secret]
+      )
+    )
+  end
+
+  class << self
+    attr_reader :config
+  end
+
+  def self.logger
+    @logger ||= defined?(Rails) ? Rails.logger : Logger.new(STDOUT)
+    @logger
+  end
+
+  class << self
+    attr_writer :logger
+  end
+end

data/lib/porky_lib/symmetric.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+require 'aws-sdk-kms'
+require 'rbnacl/libsodium'
+require 'singleton'
+
+class PorkyLib::Symmetric
+  include Singleton
+
+  CMK_KEY_ORIGIN = 'AWS_KMS'
+  CMK_KEY_USAGE = 'ENCRYPT_DECRYPT'
+  SYMMETRIC_KEY_SPEC = 'AES_256'
+
+  def client
+    require 'porky_lib/aws/kms/client' if PorkyLib::Config.config[:aws_client_mock]
+    @client ||= Aws::KMS::Client.new
+  end
+
+  def create_key(tags, key_alias = nil, key_rotation_enabled = true)
+    PorkyLib::Config.logger.info("Creating a new master key")
+    resp = client.create_key(key_usage: CMK_KEY_USAGE, origin: CMK_KEY_ORIGIN, tags: tags)
+    key_id = resp.to_h[:key_metadata][:key_id]
+
+    # Enable automatic key rotation for the newly created CMK
+    enable_key_rotation(key_id) if key_rotation_enabled
+
+    # Create an alias for the newly created CMK
+    create_alias(key_id, key_alias) if key_alias
+
+    key_id
+  end
+
+  def enable_key_rotation(key_id)
+    PorkyLib::Config.logger.info("Enabling automatic key rotation for master key: '#{key_id}'")
+    client.enable_key_rotation(key_id: key_id)
+  end
+
+  def create_alias(key_id, key_alias)
+    PorkyLib::Config.logger.info("Setting alias as '#{key_alias}' for master key: '#{key_id}'")
+    client.create_alias(target_key_id: key_id, alias_name: key_alias)
+  end
+
+  def encrypt(data, cmk_key_id, encryption_context = nil)
+    return if data.nil? || cmk_key_id.nil?
+
+    # Generate a new data encryption key
+    PorkyLib::Config.logger.info('Generating new data encryption key')
+
+    resp = {}
+    resp = client.generate_data_key(key_id: cmk_key_id, key_spec: SYMMETRIC_KEY_SPEC, encryption_context: encryption_context) if encryption_context
+    resp = client.generate_data_key(key_id: cmk_key_id, key_spec: SYMMETRIC_KEY_SPEC) unless encryption_context
+
+    plaintext_key = resp.to_h[:plaintext]
+    ciphertext_key = resp.to_h[:ciphertext_blob]
+
+    # Initialize the box
+    secret_box = RbNaCl::SecretBox.new(plaintext_key)
+
+    # rubocop:disable Lint/UselessAssignment
+    plaintext_key = "\0" * plaintext_key.bytesize
+    # rubocop:enable Lint/UselessAssignment
+
+    # First, make a nonce: A single-use value never repeated under the same key
+    # The nonce isn't secret, and can be sent with the ciphertext.
+    # The cipher instance has a nonce_bytes method for determining how many bytes should be in a nonce
+    nonce = RbNaCl::Random.random_bytes(secret_box.nonce_bytes)
+
+    # Encrypt a message with SecretBox
+    PorkyLib::Config.logger.info('Beginning encryption')
+    ciphertext = secret_box.encrypt(nonce, data)
+    PorkyLib::Config.logger.info('Encryption complete')
+    [ciphertext_key, ciphertext, nonce]
+  end
+
+  def decrypt(ciphertext_dek, ciphertext, nonce, encryption_context = nil)
+    return if ciphertext.nil? || ciphertext_dek.nil? || nonce.nil?
+
+    # Decrypt the data encryption key
+    PorkyLib::Config.logger.info('Decrypting data encryption key')
+
+    resp = {}
+    resp = client.decrypt(ciphertext_blob: ciphertext_dek, encryption_context: encryption_context) if encryption_context
+    resp = client.decrypt(ciphertext_blob: ciphertext_dek) unless encryption_context
+
+    plaintext_key = resp.to_h[:plaintext]
+
+    secret_box = RbNaCl::SecretBox.new(plaintext_key)
+
+    # rubocop:disable Lint/UselessAssignment
+    plaintext_key = "\0" * plaintext_key.bytesize
+    # rubocop:enable Lint/UselessAssignment
+
+    PorkyLib::Config.logger.info('Beginning decryption')
+    result = secret_box.decrypt(nonce, ciphertext)
+    PorkyLib::Config.logger.info('Decryption complete')
+    result
+  end
+end

data/lib/porky_lib/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module PorkyLib
+  VERSION = "0.1.0"
+end

data/lib/porky_lib.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module PorkyLib
+  require 'porky_lib/config'
+  require 'porky_lib/symmetric'
+  require 'porky_lib/version'
+end

data/porky_lib.gemspec

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'porky_lib/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "porky_lib"
+  spec.version       = PorkyLib::VERSION
+  spec.authors       = ["Greg Fletcher"]
+  spec.email         = ["greg.fletcher@zetatango.com"]
+
+  spec.summary       = 'A library for cryptographic services for the Zetatango platform'
+  spec.homepage      = 'https://github.com/Zetatango/porky_lib'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'bundler-audit'
+  spec.add_development_dependency 'byebug'
+  spec.add_development_dependency 'codecov'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rspec-collection_matchers'
+  spec.add_development_dependency 'rspec-mocks'
+  spec.add_development_dependency 'rspec_junit_formatter'
+  spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'rubocop-rspec'
+  spec.add_development_dependency 'rubocop_runner'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'timecop'
+
+  spec.add_dependency 'aws-sdk-kms'
+  spec.add_dependency 'msgpack'
+  spec.add_dependency 'rbnacl-libsodium'
+end

metadata

@@ -0,0 +1,298 @@
+--- !ruby/object:Gem::Specification
+name: porky_lib
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Greg Fletcher
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-07-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler-audit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: codecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-collection_matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-mocks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec_junit_formatter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop_runner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-kms
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: msgpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rbnacl-libsodium
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- greg.fletcher@zetatango.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".circleci/config.yml"
+- ".github/pull_request_template.md"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/porky_lib.rb
+- lib/porky_lib/aws/kms/client.rb
+- lib/porky_lib/config.rb
+- lib/porky_lib/symmetric.rb
+- lib/porky_lib/version.rb
+- porky_lib.gemspec
+homepage: https://github.com/Zetatango/porky_lib
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2
+signing_key: 
+specification_version: 4
+summary: A library for cryptographic services for the Zetatango platform
+test_files: []