serket 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2ad79717d0198ee41fa6b33200a5e3981b38e23f
+  data.tar.gz: 4a81d8df831e731c119852f48d41ba1a9b697b97
+SHA512:
+  metadata.gz: 9fe9da5c68f650defa989dc9ff38b95e888919efce12c8095b1fd74135dd47aecb7e9b206b1f21dc035a0d20afb0551c1195e038f98ef64c54acab19f8d905eb
+  data.tar.gz: b422b32fbddeb028a070b758a4dec4d90406ed85b25a01aeb827ca175e6d778b66c1d26999ecd4c5cd23740e31aaacd4a46977b6bad90b7d5ead469378de3c6e

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/EncryptUtil.java

@@ -0,0 +1,125 @@
+package org.adaptlab.chpir.android.survey;
+
+import java.nio.charset.Charset;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.spongycastle.jce.provider.BouncyCastleProvider;
+
+import android.util.Base64;
+import android.util.Log;
+
+/*
+ * Encrypts AES key with RSA using provided public key, and encrypts
+ * provided text with AES CBC.
+ * 
+ * Returns string with delimited base 64 encoded iv, cipher key, and encrypted text.
+ * 
+ * This is intended for using spongycastle with Android.
+ */
+public class EncryptUtil {
+    private final static String TAG = "EncryptUtil";
+    private final static String ASYMMETRIC_ALGO = "RSA/None/PKCS1Padding";
+    private final static String SYMMETRIC_ALGO = "AES/CBC/PKCS5Padding";
+    private final static int SYMMETRIC_KEY_SIZE = 256;
+    private final static String PROVIDER = "SC";
+    private final static String FIELD_DELIMITER = "::"; // delimits iv, cipher key, and encrypted text
+    static {
+        Security.insertProviderAt(new BouncyCastleProvider(), 1);
+    }
+    
+    private static PublicKey PUBLIC_KEY;
+    private final static String KEY_STRING = "" +
+            "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr19m7jjA3"
+            + "2IrF9io\ns9MWth119faF4Xc7clCtWWi9ncmMSBq0uQsASkpf/J"
+            + "VdVi91TZbzdzhInhhZ\nomMh+26r8oiAibRHRcxGRyCIUhEUZQu"
+            + "R8QeeaO5wugpg1zOYuYrevDH+MxuY\nebeAcqccW91ZQBDxsUKY"
+            + "jSiVIhm/Cmas/J/g9m+k+HKUGHREVzNZSRIToxuV\nc2DHVylWT"
+            + "0NPN14OUnOt4PHJZED/QwiiNFWo/UiovPkw1PjAC09gmV9sYmyK"
+            + "\nwu57oeCVvm6xbHkjO30an0NbaGrRFkR7wzLbVK+r8uTbkKPcm"
+            + "Mv0UPrG9hsg\nY4g5le8kVoDpdSYLIU7lc5LRDQIDAQAB"; // TEST public key
+    
+    public static String encrypt(String text) {
+        if (text == null || text.isEmpty()) return "";
+        
+        if (KEY_STRING == null || KEY_STRING.isEmpty()) {
+            throw new SecurityException("Public Key is not set for EncryptUtil");
+        }
+        
+        try {
+            return encryptWithKey(text, generateAESKey());
+        } catch (NoSuchAlgorithmException nsae) {
+            Log.e(TAG, "NoSuchAlgorithmException: " + nsae);
+        } catch (InvalidKeyException ike) {
+            Log.e(TAG, "InvalidKeyException: " + ike);
+        } catch (NoSuchPaddingException nspe) {
+            Log.e(TAG, "NoSuchPaddingException: " + nspe);
+        } catch (IllegalBlockSizeException ibse) {
+            Log.e(TAG, "IllegalBlockSizeException: " + ibse);
+        } catch (BadPaddingException bpe) {
+            Log.e(TAG, "BadPaddingException: " + bpe);
+        } catch (NoSuchProviderException nspe) {
+            Log.e(TAG, "NoSuchProviderException: " + nspe);
+        }
+        
+        return "";
+    }
+    
+    /*
+     * Encrypt provided text with provided secret key.  Secret key is used in the
+     * symmetric encryption algorithm.
+     * 
+     * Returns format:  IV::CIPHER_KEY::CIPHER_TEXT
+     */
+    private static String encryptWithKey(String text, SecretKey key) throws NoSuchAlgorithmException,
+            NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException {
+        
+        final Cipher symmetricCipher = Cipher.getInstance(SYMMETRIC_ALGO, PROVIDER);
+        symmetricCipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key.getEncoded(), SYMMETRIC_ALGO));
+        String cipherText = Base64.encodeToString(symmetricCipher.doFinal(text.getBytes()), Base64.DEFAULT);
+        String iv =  Base64.encodeToString(symmetricCipher.getIV(), Base64.DEFAULT);
+        
+        final Cipher asymmetricCipher = Cipher.getInstance(ASYMMETRIC_ALGO, PROVIDER);
+        asymmetricCipher.init(Cipher.ENCRYPT_MODE, getPublicKey());
+        String cipherKey = Base64.encodeToString(asymmetricCipher.doFinal(key.getEncoded()), Base64.DEFAULT);
+
+        return iv + FIELD_DELIMITER + cipherKey + FIELD_DELIMITER + cipherText;
+    }
+    
+    private static PublicKey getPublicKey() throws NoSuchProviderException {
+        if (PUBLIC_KEY == null) {
+            try {
+                byte[] key = KEY_STRING.getBytes(Charset.forName("UTF-8"));
+                PUBLIC_KEY = KeyFactory.getInstance("RSA", PROVIDER).generatePublic(
+                        new X509EncodedKeySpec(Base64.decode(key, Base64.DEFAULT)));
+            } catch (InvalidKeySpecException ikse) {
+                Log.e(TAG, "InvalidKeySpecException: " + ikse);
+            } catch (NoSuchAlgorithmException nsae) {
+                Log.e(TAG, "NoSuchAlgorithmException: " + nsae);
+            }
+        }
+        
+        return PUBLIC_KEY;
+    }
+    
+    private static SecretKey generateAESKey() throws NoSuchAlgorithmException, NoSuchProviderException {
+        KeyGenerator kgen = KeyGenerator.getInstance("AES", PROVIDER);
+        kgen.init(SYMMETRIC_KEY_SIZE);
+        return kgen.generateKey();      
+    }
+}
+

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in serket.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Michael Nipper
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,111 @@
+# Serket
+
+A gem for creating encrypted data using RSA and (by default) AES-256-CBC.
+
+The envisioned use case for this is to encrypt data before saving it to a server or mobile device using a public key, and decrypting that data only when it is sent to another server that has the private key.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'serket'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install serket
+
+## Usage
+
+To encrypt data, you must first tell serket where your public key is:
+
+```
+Serket.configure do |config|
+  config.public_key_path = "path/to/public_key.pem"
+end
+```
+
+You can then use the FieldEncrypter class to encrypt some text:
+``
+  Serket::FieldEncrypter.encrypt("Hello out there!")
+``
+
+By default, this will return a double-colon (::) delimited string.  The first field is the initialization vector used for the symmetric encryption algorithm (by default, this is AES-256-CBC).  The second field is the encrypted key for the symmetric algorithm.  This key is encrypted using RSA, using the provided public key.  The final field is the encrypted text ("Hello out there!" in this example).
+
+
+To decrypt data, tell serket where to find your private key:
+```
+Serket.configure do |config|
+  config.private_key_path = "path/to/private_key.pem"
+end
+```
+
+This expects the same format described for encryption, and is the inverse operation.
+
+Quick Start:
+
+```
+Serket.configure do |config|
+  config.public_key_path = "spec/resources/test_public_key.pem"
+  config.private_key_path = "spec/resources/test_private_key.pem"
+end
+
+encrypted = Serket::FieldEncrypter.new.encrypt("Hello out there!")
+puts "#{encrypted} can be decrypted to #{Serket::FieldDecrypter.new.decrypt(encrypted)}"
+```
+
+There are a few more configuration options.
+
+format: :delimited (default), :json
+symmetric_algorithm: AES-256-CBC (default)
+delimiter: '::' (default)
+
+These can all be modified in the configuration block, eg:
+
+```
+Serket.configure do |config|
+  config.format = :json
+end
+
+
+Serket.configure do |config|
+  config.delimiter = '**'
+end
+```
+
+Note: trying to use a delimiter in the base64 character set throws an exception.  This is because the iv/encrypted key/encrypted text are encoded in base64, and so it is a bad idea to use something in base64 as a delimiter.
+
+There are also some helpers if you are using rails that make encryption/decryption straight forward.  Assuming you have a model with a name field that you would like to encrypt before saving to the database, you could do so like this:
+
+```
+class EncryptedModel < ActiveRecord::Base
+  extend Serket::EncryptedFields
+
+  encrypted_fields :name
+end
+```
+
+If you instead would like to decrypt a field before saving (for example, and encrypted value that is coming from an api), then you could do so like this:
+
+```
+class DecryptedModel < ActiveRecord::Base
+  extend Serket::DecryptedFields
+
+  decrypted_fields :name
+end
+```
+
+This will automatically decrypt any values before saving assuming it matches your configurations.
+
+You can see an example java client for use with Android in EncryptUtil.java
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/serket/configuration.rb

@@ -0,0 +1,11 @@
+module Serket
+  class Configuration
+    attr_accessor :private_key_path, :public_key_path, :delimiter, :format, :symmetric_algorithm
+
+    def initialize
+      @delimiter = "::"
+      @format = :delimited
+      @symmetric_algorithm = 'AES-256-CBC'
+    end
+  end
+end

data/lib/serket/decrypted_fields.rb

@@ -0,0 +1,13 @@
+module Serket
+  module DecryptedFields
+    def decrypted_fields(*fields)
+      field_decrypter = FieldDecrypter.new
+
+      fields.each do |field|
+        define_method("#{field}=") do |value|
+          write_attribute(field, field_decrypter.decrypt(value))
+        end
+      end
+    end
+  end
+end

data/lib/serket/encrypted_fields.rb

@@ -0,0 +1,13 @@
+module Serket
+  module EncryptedFields
+    def encrypted_fields(*fields)
+      field_encrypter = FieldEncrypter.new
+
+      fields.each do |field|
+        define_method("#{field}=") do |value|
+          write_attribute(field, field_encrypter.encrypt(value))
+        end
+      end
+    end
+  end
+end

data/lib/serket/field_decrypter.rb

@@ -0,0 +1,52 @@
+require 'openssl'
+require 'base64'
+
+module Serket
+  class FieldDecrypter
+    attr_accessor :field_delimiter, :private_key_filepath, :symmetric_algorithm
+
+    def initialize(options = {})
+      options ||= {}
+
+      @private_key_filepath   = Serket.configuration.private_key_path
+      @field_delimiter        = options[:field_delimiter]     || Serket.configuration.delimiter 
+      @symmetric_algorithm    = options[:symmetric_algorithm] || Serket.configuration.symmetric_algorithm
+      @format                 = options[:format]              || Serket.configuration.format
+    end
+
+    def decrypt(field)
+      return if field !~ /\S/
+      iv, encrypted_aes_key, encrypted_text = parse(field)
+      private_key = OpenSSL::PKey::RSA.new(File.read(private_key_filepath))
+      decrypted_aes_key = private_key.private_decrypt(Base64.decode64(encrypted_aes_key))
+      decrypt_data(iv, decrypted_aes_key, encrypted_text)
+    end
+
+    def field_delimiter=(delimiter)
+      if delimiter =~ /[A-Za-z0-9\/+]/
+        raise "This is not a valid delimiter!  Must not be a character in Base64."
+      end
+
+      @field_delimiter = delimiter
+    end
+
+    private
+      def decrypt_data(iv, key, encrypted_text)
+        aes = OpenSSL::Cipher.new(symmetric_algorithm)
+        aes.decrypt
+        aes.key = key
+        aes.iv = Base64.decode64(iv)
+        aes.update(Base64.decode64(encrypted_text)) + aes.final
+      end
+
+      def parse(field)
+        case @format
+        when :delimited
+          field.split(field_delimiter)
+        when :json
+          parsed = JSON.parse(field)
+          [parsed['iv'], parsed['key'], parsed['message']]
+        end
+      end
+  end
+end

data/lib/serket/field_encrypter.rb

@@ -0,0 +1,59 @@
+require 'openssl'
+require 'base64'
+
+module Serket
+  class FieldEncrypter
+    attr_accessor :field_delimiter, :public_key_filepath, :symmetric_algorithm
+
+    def initialize(options = {})
+      options ||= {}
+
+      @public_key_filepath   = Serket.configuration.public_key_path
+      @field_delimiter        = options[:field_delimiter]     || Serket.configuration.delimiter 
+      @symmetric_algorithm    = options[:symmetric_algorithm] || Serket.configuration.symmetric_algorithm
+      @format                 = options[:format]              || Serket.configuration.format
+    end
+
+    def encrypt(field)
+      aes = OpenSSL::Cipher.new(symmetric_algorithm)
+      aes_key = aes.random_key
+      iv = aes.random_iv
+      encrypt_data(iv, aes_key, field)
+    end
+
+    def field_delimiter=(delimiter)
+      if delimiter =~ /[A-Za-z0-9\/+]/
+        raise "This is not a valid delimiter!  Must not be a character in Base64."
+      end
+
+      @field_delimiter = delimiter
+    end
+
+    private
+      def encrypt_data(iv, key, text)
+        public_key = OpenSSL::PKey::RSA.new(File.read(public_key_filepath))
+        encrypted_aes_key = public_key.public_encrypt(key)
+
+        aes = OpenSSL::Cipher.new(symmetric_algorithm)
+        aes.encrypt
+        aes.key = key
+        aes.iv = iv
+        encrypted_text = aes.update(text) + aes.final
+
+        parse(Base64.encode64(iv), Base64.encode64(encrypted_aes_key), Base64.encode64(encrypted_text))
+      end
+
+      def parse(iv, encrypted_key, encrypted_text)
+        case @format
+        when :delimited
+          [iv, field_delimiter, encrypted_key, field_delimiter, encrypted_text].join('')
+        when :json
+          hash = {}
+          hash['iv'] = iv
+          hash['key'] = encrypted_key
+          hash['message'] = encrypted_text
+          hash.to_json
+        end
+      end
+  end
+end

data/lib/serket/version.rb

@@ -0,0 +1,3 @@
+module Serket
+  VERSION = "0.0.1"
+end

data/lib/serket.rb

@@ -0,0 +1,20 @@
+require_relative "./serket/version"
+require_relative "./serket/field_decrypter.rb"
+require_relative "./serket/field_encrypter.rb"
+require_relative "./serket/decrypted_fields.rb"
+require_relative "./serket/encrypted_fields.rb"
+require_relative "./serket/configuration.rb"
+
+module Serket
+  class << self
+    attr_writer :configuration
+  end
+
+  def self.configuration
+    @configuration ||= Configuration.new
+  end
+
+  def self.configure
+    yield(configuration)
+  end
+end

data/serket.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'serket/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "serket"
+  spec.version       = Serket::VERSION
+  spec.authors       = ["Michael Nipper"]
+  spec.email         = ["mjn4406@gmail.com"]
+  spec.description   = %q{Automatically encrypt and decrypt fields.}
+  spec.summary       = %q{Automatically encrypt and decrypt fields using RSA and AES-256-CBC.}
+  spec.homepage      = "https://github.com/mnipper/serket"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+end

data/spec/resources/test_private_key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAr19m7jjA32IrF9ios9MWth119faF4Xc7clCtWWi9ncmMSBq0
+uQsASkpf/JVdVi91TZbzdzhInhhZomMh+26r8oiAibRHRcxGRyCIUhEUZQuR8Qee
+aO5wugpg1zOYuYrevDH+MxuYebeAcqccW91ZQBDxsUKYjSiVIhm/Cmas/J/g9m+k
++HKUGHREVzNZSRIToxuVc2DHVylWT0NPN14OUnOt4PHJZED/QwiiNFWo/UiovPkw
+1PjAC09gmV9sYmyKwu57oeCVvm6xbHkjO30an0NbaGrRFkR7wzLbVK+r8uTbkKPc
+mMv0UPrG9hsgY4g5le8kVoDpdSYLIU7lc5LRDQIDAQABAoIBAG31n5BWvXhTEToO
+exjljiP6LPBf9mn8XKW8uDSLW/kHWpILTK2JnFD4eV7iOHfFogNYVqe1/rJCClGr
+Xq9MITwdIps1EktNXfNTDqaGVwdUTdmXMVgRyVSdFUNZ8rTDwgy2O/DHqL8Is90v
+srRXAZMODL1cSFKZ04hiJErdPjHW8138/0H1bfUx/roMSdNXC50NrNXmrSaHGOfD
+nV1O3ybe9mfd1iyOqHzRjL6O56N4sh3okrF/woSAAhNDaQ2byRNcbQdlX60Ss/m8
+AHZH7a0Mr+2g5QJ8f9NWwoeUsQn5pSVF7hTOAL7y1WWTkqOhsXRNB/09/23idQqY
+Bh9iVXECgYEA2mhCrm67NdTZybqLiOPRab+PwsQ1ursrkRnKFjhykdSIeXCbwCg6
+NSbaquJRNAmLaf1Rmf+tx6GuxMTb7GQJU+XmKkjWKQ8YlFWgfcw5Qr4ROe2ES7wy
+JVn3PeYEvBLVLavhlJQqDSadTCNWk+0NlMCsJvPU+2eKz6p+h8Nvb48CgYEAzY7l
+YsuspzzM93v3js8n5mSsCEoFrPXGgIMrfbfydgB8GtqEcuEKH0nxwBkA2s8a7uom
+oEPL4TxVIsZZm6XxPWXOrRQMTJ94/qJ4sRUz63xBn+7fINRkm6OUJJtnRrQpM9f7
+Gix6fsu/aXoFz+Ai8djvLtydvxSMFnoL/oxgJ6MCgYBviAx9PSi27bIl1PBKgGRB
+R0SnpkD10X0HBQ9w13SSSeFDeqDeuOw4llXWK+ph03nxLx5LsQhSSJuR+iGAjvlA
+ccde0oEiyIW5whxKAU9AaQUs+sCzWDCXaGDcqCjEzi00vHBeymbK/mwXJHii48wq
+qVWAMsYReCensp4YwFGYuwKBgQC7IMPnzXyufiYlgkAaTLGJBsqpfSFvlAqSAVc9
+SpC6JbTVCWqb3gvF8h3W/6wMhY+CQbzKFw3qTG9AigsXK9jSSPT+EQslUePnAucW
+ZjPuwx5Gx0Fu9ItmOGLrdGFvNyFvJcZczHLzLO5iygeydtu5CQCsy3/7bGwfJhn3
+L7l1OwKBgQC0HtX6Z8oDLVRS9dykvpFY9l5ZAcgmn9l9JuG2QfaemMfEdM+LwX3m
+UA1XEKED1rE37J1oE3RcB1hVKg46n+ncy9NEKxysBoKQJA7Ineti6DnjRR1eSNjJ
+LVCabSkE+G4Nwf4rE0z/qsN+BfUcz9cwRJVDTN6mnOfH+u6cCEXqdw==
+-----END RSA PRIVATE KEY-----

data/spec/resources/test_public_key.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr19m7jjA32IrF9ios9MW
+th119faF4Xc7clCtWWi9ncmMSBq0uQsASkpf/JVdVi91TZbzdzhInhhZomMh+26r
+8oiAibRHRcxGRyCIUhEUZQuR8QeeaO5wugpg1zOYuYrevDH+MxuYebeAcqccW91Z
+QBDxsUKYjSiVIhm/Cmas/J/g9m+k+HKUGHREVzNZSRIToxuVc2DHVylWT0NPN14O
+UnOt4PHJZED/QwiiNFWo/UiovPkw1PjAC09gmV9sYmyKwu57oeCVvm6xbHkjO30a
+n0NbaGrRFkR7wzLbVK+r8uTbkKPcmMv0UPrG9hsgY4g5le8kVoDpdSYLIU7lc5LR
+DQIDAQAB
+-----END PUBLIC KEY-----

data/spec/serket/decrypted_fields_spec.rb

@@ -0,0 +1,15 @@
+require "spec_helper"
+
+describe Serket::DecryptedFields do
+  describe 'field decryption' do
+    before :each do
+      @encrypted_model = Serket::EncryptedModel.new
+    end
+
+    it "should decrypt an encrypted name" do
+      encrypted_name = 'bm5gkjwdfv6QBUqFPEnOaw==::CtQJyXdbuLeVzmIOIr0h/F9yh7xvz5KWUgxe/u4IkORGOW4KjU4bw+Wzve2vV1nLYUEWJJprr8sb+grm+Ao2sngNejiHzSkJKqZA/Pclw/Ok8KgHgN7olUz4BoCSdivIDRIT9ar06sNBrqOvLd4iGUlpMkpLdSJ69K08ebSvg5tED+PcK/oI6SJoVxRoUMYdYa9AfeIS9Ld5BgvhsaJgCKr089kfH2CzwpzlmRfdxb2qgyDXnk9PG/4WUEjjbamF/R74FNBdWkTLxZeLGdMImh87CQ6AOJ/v8l1JSzpPWwEjtmhTbFEzJPuA01tP5U5D07si0esJnab/B48iACEoLg==::iSmdDgnTzkEUv0yLbtFa8Q=='
+      @encrypted_model.name = encrypted_name
+      @encrypted_model.name.should == 'Kemba Walker'
+    end
+  end
+end

data/spec/serket/encrypted_fields_spec.rb

@@ -0,0 +1,16 @@
+require "spec_helper"
+
+describe Serket::EncryptedFields do
+  describe 'field encryption' do
+    before :each do
+      @encrypted_model = Serket::EncryptedModel.new
+    end
+
+    it "should encrypt a plaintext field" do
+      field_decrypter = Serket::FieldDecrypter.new
+      @encrypted_model.email = 'kemba.walker@aol.com'
+      decrypted = field_decrypter.decrypt(@encrypted_model.email)
+      decrypted.should == 'kemba.walker@aol.com'
+    end
+  end
+end

data/spec/serket/field_decrypter_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+describe Serket::FieldDecrypter do
+  before :all do
+    @encrypted_message = 'RC78JOorP4EKyuh3Bh9atg==::iiaRmPaoFbke5d81FkL5SgQYudtnV2rl370QVlJel0f2+IniSugQ359gvsTqT2YPg1JcZ+9eky9GLGoDdAX90jsqYBG3CnawS6FgHNfO2HxBxTcgTWgfRmZv1lLo4JJ423lVXMdQv2mxgBTTMMO1ZNJsHtDjOoKlTGPh1lL3DARRrkz67J8LKN/zGDMIQXr9kfag/qkCJgJB36Owsj+9qIKKrzxtznsp/t8/Q2JGaKJmvh0srKr35hXJ6+cucI/+2uhEE78oKadUTyxxzgKrrmhKkKW2TvO4BPRsA7kpU6/X44UYYxQ2eqiMrhvklbzZKgtOuk84LZg4gXi9zCc80g==::gPYO7iDShmrk+RzO5ydjMfSUizmVEA6dAdrpsLeZvqI=' 
+
+  end
+
+  before :each do
+    @field_decrypter = Serket::FieldDecrypter.new
+  end
+
+  it "should correctly decrypt a message" do
+    @field_decrypter.decrypt(@encrypted_message).should == "Hello out there!"
+  end
+
+  it "should return nil for a blank string" do
+    @field_decrypter.decrypt(' ').should be_nil
+  end
+
+  it "should allow a change in field delimiter" do
+    @field_decrypter.field_delimiter = '**'
+    @field_decrypter.field_delimiter.should == '**'
+    asterik_delimited = @encrypted_message.gsub(/:/, '*')
+    @field_decrypter.decrypt(asterik_delimited).should == "Hello out there!"
+  end
+
+  it "should not allow a base64 character as a delimiter" do
+    [*('a'..'z'), *('A'..'Z'), *('0'..'9'), '+', '/'].each do |char|
+      expect { @field_decrypter.field_delimiter = char }.to raise_error
+    end
+  end
+
+  describe "json parsing" do
+    before :each do
+      @field_decrypter_json = Serket::FieldDecrypter.new(format: :json)
+      iv, key, message = @encrypted_message.split(@field_decrypter.field_delimiter)
+      @message = {}
+      @message['iv'] = iv
+      @message['key'] = key 
+      @message['message'] = message 
+    end
+
+    it "should parse a json field" do
+      iv, key, m = @field_decrypter_json.send(:parse, @message.to_json)
+      iv.should  == @message['iv']
+      key.should == @message['key']
+      m.should   == @message['message']
+    end
+
+    it "should decrypt a json value" do
+      @field_decrypter_json.decrypt(@message.to_json).should == "Hello out there!"
+    end
+  end
+end

data/spec/serket/field_encrypter_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+describe Serket::FieldEncrypter do
+  before :each do
+    @field_encrypter = Serket::FieldEncrypter.new
+    @field_decrypter = Serket::FieldDecrypter.new
+  end
+
+  it "should correctly encrypt/decrypt a message" do
+    encrypted_text = @field_encrypter.encrypt("Hello out there!")
+    @field_decrypter.decrypt(encrypted_text).should == "Hello out there!" 
+  end
+
+  it "should not allow a base64 character as a delimiter" do
+    [*('a'..'z'), *('A'..'Z'), *('0'..'9'), '+', '/'].each do |char|
+      expect { @field_encrypter.field_delimiter = char }.to raise_error
+    end
+  end
+
+  describe "json parsing" do
+    before :each do
+      @field_encrypter_json = Serket::FieldEncrypter.new(format: :json)
+      @encrypted_json = @field_encrypter_json.encrypt("Hello out there!")
+      @parsed_json = JSON.parse(@encrypted_json)
+    end
+
+    it "should have the correct json fields" do
+      @parsed_json.has_key?('iv').should be_true
+      @parsed_json.has_key?('key').should be_true
+      @parsed_json.has_key?('message').should be_true
+    end
+  end
+end

data/spec/serket/models/encrypted_model.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+class Serket::EncryptedModel
+  extend Serket::DecryptedFields
+  extend Serket::EncryptedFields
+
+  attr_accessor :name, :email
+
+  decrypted_fields :name
+  encrypted_fields :email
+
+  def write_attribute(field, value)
+    self.instance_variable_set("@#{field}", value)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,13 @@
+require "rspec"
+require "json"
+
+$:.unshift((Pathname(__FILE__).dirname.parent + "lib").to_s)
+
+require "serket"
+
+Serket.configure do |config|
+  config.private_key_path = "spec/resources/test_private_key.pem"
+  config.public_key_path = "spec/resources/test_public_key.pem"
+end
+
+require "serket/models/encrypted_model.rb"

metadata

@@ -0,0 +1,116 @@
+--- !ruby/object:Gem::Specification
+name: serket
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Michael Nipper
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-12-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Automatically encrypt and decrypt fields.
+email:
+- mjn4406@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- EncryptUtil.java
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/serket.rb
+- lib/serket/configuration.rb
+- lib/serket/decrypted_fields.rb
+- lib/serket/encrypted_fields.rb
+- lib/serket/field_decrypter.rb
+- lib/serket/field_encrypter.rb
+- lib/serket/version.rb
+- serket.gemspec
+- spec/resources/test_private_key.pem
+- spec/resources/test_public_key.pem
+- spec/serket/decrypted_fields_spec.rb
+- spec/serket/encrypted_fields_spec.rb
+- spec/serket/field_decrypter_spec.rb
+- spec/serket/field_encrypter_spec.rb
+- spec/serket/models/encrypted_model.rb
+- spec/spec_helper.rb
+homepage: https://github.com/mnipper/serket
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.1
+signing_key: 
+specification_version: 4
+summary: Automatically encrypt and decrypt fields using RSA and AES-256-CBC.
+test_files:
+- spec/resources/test_private_key.pem
+- spec/resources/test_public_key.pem
+- spec/serket/decrypted_fields_spec.rb
+- spec/serket/encrypted_fields_spec.rb
+- spec/serket/field_decrypter_spec.rb
+- spec/serket/field_encrypter_spec.rb
+- spec/serket/models/encrypted_model.rb
+- spec/spec_helper.rb