rom_encrypted_attribute 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a969ae5d8669ac0bba27f0ba1aeb8ad53b42962c4a63dea849033f3398ea0048
4
- data.tar.gz: 752b299f84b9a569983e7b937fb8588f404572032d4fd58d64a022399ffbeb98
3
+ metadata.gz: d8f15d21dd70764715c289e7a5c6bc687066517b188b3457a94fc1913f0d09fd
4
+ data.tar.gz: e3b106612840731afffb3ea6fc6df41d142e1f68e5f0f3f349a81b8e89338006
5
5
  SHA512:
6
- metadata.gz: a8a2e9a6dbebf654fff5349968e66b8a77909720ffedafeb1dfa9e7232d789c758123c36f078266fd6895fbacebed1d79a8aa78e439450bcb437cd6cbcdbfe80
7
- data.tar.gz: 414fbbf17de5976ec4940f1d4244dc215f1b6ebfb3d4b98d80c2c72ba574c9ebe79a48d5db1b8960ef302f3320afcf1e6e19ee1845d228c81865c4b09587b14e
6
+ metadata.gz: 4a11a62105323e121bad0b230267ad796233dc7638e2f570bf290ec4c427572db0f93c9f20d8ee44e18984bba32a40b6daedbc5c36ea10efc581c8f272172669
7
+ data.tar.gz: 4d74d25778f535512b170cfbce064f0fe38861f4e66fd6b86feda8530e981180ca1fe63db24b57125556e18d61c550f8564cc9038df52908f9932da8e2c42dca
data/README.md CHANGED
@@ -36,13 +36,29 @@ class SecretNotes < ROM::Relation[:sql]
36
36
  end
37
37
  ```
38
38
 
39
- Of course, you can define it somewhere else and just `include` in the relation or use your custom types code organization.
39
+ By default the gem uses SHA1 for key derivation (same as Rails' default), but you can configure it by passing custom `has_digest_class` option.
40
+
41
+ ``` ruby
42
+ class SecretNotes < ROM::Relation[:sql]
43
+ EncryptedString, EncryptedStringReader =
44
+ RomEncryptedAttribute.define_encrypted_attribute_types(
45
+ primary_key: ENV["ENCRYPTION_PRIMARY_KEY"],
46
+ key_derivation_salt: ENV["ENCRYPTION_KEY_DERIVATION_SALT"],
47
+ hash_digest_class: OpenSSL::Digest::SHA256
48
+ )
49
+
50
+ schema(:secret_notes, infer: true) do
51
+ attribute :content, EncryptedString, read: EncryptedStringReader
52
+ end
53
+ end
54
+
55
+ ```
40
56
 
41
57
  ### Caveats
42
58
 
43
- * Due to a bug in `rom-sql`, reading unencrypted data is turned on by default
44
- * The gem uses SHA256 for key derivation and it's currently not configurable
59
+ * Due to [a bug](https://github.com/rom-rb/rom-sql/issues/423) in `rom-sql`, reading unencrypted data is always supported, which means that if there's a plain not-encrypted data in your database already, it will be read correctly. This might or might not be desirable, but for the time being there's no choice in cofiguring this behaviour.
45
60
  * Support for deterministic encryption from `ActiveRecord::Encryption` is not implemented
61
+ * Support for key rotation is not implemented
46
62
 
47
63
  ## Contributing
48
64
 
@@ -2,13 +2,12 @@
2
2
 
3
3
  require "base64"
4
4
  require "json"
5
- require_relative "key_derivator"
6
5
  require_relative "payload"
7
6
 
8
7
  module RomEncryptedAttribute
9
8
  class Decryptor
10
- def initialize(secret:, salt:)
11
- @derivator = KeyDerivator.new(secret: secret, salt: salt)
9
+ def initialize(derivator:)
10
+ @derivator = derivator
12
11
  end
13
12
 
14
13
  def decrypt(message)
@@ -3,13 +3,12 @@
3
3
  require "base64"
4
4
  require "json"
5
5
  require "openssl"
6
- require_relative "key_derivator"
7
6
  require_relative "payload"
8
7
 
9
8
  module RomEncryptedAttribute
10
9
  class Encryptor
11
- def initialize(secret:, salt:)
12
- @derivator = KeyDerivator.new(secret: secret, salt: salt)
10
+ def initialize(derivator:)
11
+ @derivator = derivator
13
12
  end
14
13
 
15
14
  def encrypt(message)
@@ -4,16 +4,17 @@ require "openssl"
4
4
 
5
5
  module RomEncryptedAttribute
6
6
  class KeyDerivator
7
- DIGEST_CLASS = OpenSSL::Digest::SHA256
7
+ DEFAULT_DIGEST_CLASS = OpenSSL::Digest::SHA1
8
8
  ITERATIONS = 2**16
9
9
 
10
- def initialize(secret:, salt:)
10
+ def initialize(secret:, salt:, hash_digest_class: DEFAULT_DIGEST_CLASS)
11
11
  @secret = secret
12
12
  @salt = salt
13
+ @hash_digest_class = hash_digest_class
13
14
  end
14
15
 
15
16
  def derive(size)
16
- OpenSSL::PKCS5.pbkdf2_hmac(@secret, @salt, ITERATIONS, size, DIGEST_CLASS.new)
17
+ OpenSSL::PKCS5.pbkdf2_hmac(@secret, @salt, ITERATIONS, size, @hash_digest_class.new)
17
18
  end
18
19
  end
19
20
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module RomEncryptedAttribute
4
- VERSION = "0.0.2"
4
+ VERSION = "0.0.3"
5
5
  end
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require_relative "rom_encrypted_attribute/key_derivator"
3
4
  require_relative "rom_encrypted_attribute/decryptor"
4
5
  require_relative "rom_encrypted_attribute/encryptor"
5
6
  require_relative "rom_encrypted_attribute/version"
@@ -7,13 +8,15 @@ require_relative "rom_encrypted_attribute/version"
7
8
  require "dry/types"
8
9
 
9
10
  module RomEncryptedAttribute
10
- def self.define_encrypted_attribute_types(primary_key:, key_derivation_salt:)
11
+ def self.define_encrypted_attribute_types(primary_key:, key_derivation_salt:, hash_digest_class: OpenSSL::Digest::SHA1)
12
+ key_derivator = KeyDerivator.new(salt: key_derivation_salt, secret: primary_key, hash_digest_class: hash_digest_class)
13
+
11
14
  reader_type = Dry.Types.Constructor(String) do |value|
12
- RomEncryptedAttribute::Decryptor.new(secret: primary_key, salt: key_derivation_salt).decrypt(value)
15
+ RomEncryptedAttribute::Decryptor.new(derivator: key_derivator).decrypt(value)
13
16
  end
14
17
 
15
18
  writer_type = Dry.Types.Constructor(String) do |value|
16
- RomEncryptedAttribute::Encryptor.new(secret: primary_key, salt: key_derivation_salt).encrypt(value)
19
+ RomEncryptedAttribute::Encryptor.new(derivator: key_derivator).encrypt(value)
17
20
  end
18
21
 
19
22
  [writer_type, reader_type]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rom_encrypted_attribute
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Paweł Świątkowski
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-11-12 00:00:00.000000000 Z
11
+ date: 2024-03-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dry-types
@@ -104,7 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
104
104
  - !ruby/object:Gem::Version
105
105
  version: '0'
106
106
  requirements: []
107
- rubygems_version: 3.4.21
107
+ rubygems_version: 3.5.6
108
108
  signing_key:
109
109
  specification_version: 4
110
110
  summary: Encrypted attributes for ROM