serket 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +44 -10
  3. data/lib/serket/version.rb +1 -1
  4. data/lib/serket.rb +8 -0
  5. data/spec/serket/encrypted_fields_spec.rb +1 -2
  6. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2ad79717d0198ee41fa6b33200a5e3981b38e23f
4
- data.tar.gz: 4a81d8df831e731c119852f48d41ba1a9b697b97
3
+ metadata.gz: 9849d15eee6960c7de33414df0d5748a5175d6a6
4
+ data.tar.gz: 87fd71b37ebcb7ca3f21a67c58a1211b2140bd57
5
5
  SHA512:
6
- metadata.gz: 9fe9da5c68f650defa989dc9ff38b95e888919efce12c8095b1fd74135dd47aecb7e9b206b1f21dc035a0d20afb0551c1195e038f98ef64c54acab19f8d905eb
7
- data.tar.gz: b422b32fbddeb028a070b758a4dec4d90406ed85b25a01aeb827ca175e6d778b66c1d26999ecd4c5cd23740e31aaacd4a46977b6bad90b7d5ead469378de3c6e
6
+ metadata.gz: 97aad6851b4293cb0f1f5a91a265843127c18d30e2f84aa78b302a2e562f527ffd224be67aa908cda35f1ccc891362886e7eb78f71b1769da2621d3b12053be9
7
+ data.tar.gz: c92245e14eca0be9ea732fc2469558a7a9a257464337946db754d8ee0be22f395cefd68dd5a9d46132823b2ba2cd66873af05ce99749390dbe3bb5c88317d1b7
data/README.md CHANGED
@@ -4,6 +4,8 @@ A gem for creating encrypted data using RSA and (by default) AES-256-CBC.
4
4
 
5
5
  The envisioned use case for this is to encrypt data before saving it to a server or mobile device using a public key, and decrypting that data only when it is sent to another server that has the private key.
6
6
 
7
+ It works by generating a random AES key, encrypting text with that generated key, encrypting the generated AES key with RSA, and then saving the initialization vector + rsa-encrypted aes-key + the aes-encrypted cipher text in either a delimited string or json.
8
+
7
9
  ## Installation
8
10
 
9
11
  Add this line to your application's Gemfile:
@@ -20,6 +22,8 @@ Or install it yourself as:
20
22
 
21
23
  ## Usage
22
24
 
25
+ ### Encrypting data
26
+
23
27
  To encrypt data, you must first tell serket where your public key is:
24
28
 
25
29
  ```
@@ -30,12 +34,14 @@ end
30
34
 
31
35
  You can then use the FieldEncrypter class to encrypt some text:
32
36
  ``
33
- Serket::FieldEncrypter.encrypt("Hello out there!")
37
+ Serket.encrypt("Hello out there!")
34
38
  ``
35
39
 
36
40
  By default, this will return a double-colon (::) delimited string. The first field is the initialization vector used for the symmetric encryption algorithm (by default, this is AES-256-CBC). The second field is the encrypted key for the symmetric algorithm. This key is encrypted using RSA, using the provided public key. The final field is the encrypted text ("Hello out there!" in this example).
37
41
 
38
42
 
43
+ ### Decrypting data
44
+
39
45
  To decrypt data, tell serket where to find your private key:
40
46
  ```
41
47
  Serket.configure do |config|
@@ -45,23 +51,31 @@ end
45
51
 
46
52
  This expects the same format described for encryption, and is the inverse operation.
47
53
 
48
- Quick Start:
54
+ ```
55
+ Serket.decrypt(Serket.encrypt('Hello out there!'))
56
+ ```
57
+
58
+ ### Quick Start
49
59
 
50
60
  ```
51
61
  Serket.configure do |config|
52
- config.public_key_path = "spec/resources/test_public_key.pem"
53
- config.private_key_path = "spec/resources/test_private_key.pem"
62
+ config.public_key_path = "public_key.pem"
63
+ config.private_key_path = "private_key.pem"
54
64
  end
55
65
 
56
- encrypted = Serket::FieldEncrypter.new.encrypt("Hello out there!")
57
- puts "#{encrypted} can be decrypted to #{Serket::FieldDecrypter.new.decrypt(encrypted)}"
66
+ encrypted = Serket.encrypt("Hello out there!")
67
+ puts "#{encrypted} can be decrypted to #{Serket.decrypt(encrypted)}"
58
68
  ```
59
69
 
70
+ ### Additional configuration
71
+
60
72
  There are a few more configuration options.
61
73
 
62
- format: :delimited (default), :json
63
- symmetric_algorithm: AES-256-CBC (default)
64
- delimiter: '::' (default)
74
+ | Config | Default | Options |
75
+ | ------------------------ |---------------| --------------------------------------|
76
+ | format | :delimited | :delimited, :json |
77
+ | symmetric_algorithm | AES-256-CBC | Any valid cipher from OpenSSL::Cipher |
78
+ | delimiter | :: | Anything not base64 |
65
79
 
66
80
  These can all be modified in the configuration block, eg:
67
81
 
@@ -78,6 +92,8 @@ end
78
92
 
79
93
  Note: trying to use a delimiter in the base64 character set throws an exception. This is because the iv/encrypted key/encrypted text are encoded in base64, and so it is a bad idea to use something in base64 as a delimiter.
80
94
 
95
+ ### Use with Rails
96
+
81
97
  There are also some helpers if you are using rails that make encryption/decryption straight forward. Assuming you have a model with a name field that you would like to encrypt before saving to the database, you could do so like this:
82
98
 
83
99
  ```
@@ -88,7 +104,7 @@ class EncryptedModel < ActiveRecord::Base
88
104
  end
89
105
  ```
90
106
 
91
- If you instead would like to decrypt a field before saving (for example, and encrypted value that is coming from an api), then you could do so like this:
107
+ If you instead would like to decrypt a field before saving (for example, an encrypted value that is coming from an api), then you could do so like this:
92
108
 
93
109
  ```
94
110
  class DecryptedModel < ActiveRecord::Base
@@ -100,6 +116,24 @@ end
100
116
 
101
117
  This will automatically decrypt any values before saving assuming it matches your configurations.
102
118
 
119
+ I recommend putting an initializer at config/initializers/serket.rb and putting your serket config block there. I would also recommend having dummy keys for test/development, and using different config blocks depending on current env (test/development vs production).
120
+ For example:
121
+ ```
122
+ if Rails.env.production?
123
+ Serket.configure do |config|
124
+ config.public_key_path = "config/keys/public_key.pem"
125
+ config.private_key_path = "config/keys/private_key.pem"
126
+ end
127
+ else
128
+ Serket.configure do |config|
129
+ config.public_key_path = "config/keys/test_public_key.pem"
130
+ config.private_key_path = "config/keys/test_private_key.pem"
131
+ end
132
+ end
133
+ ```
134
+
135
+ ### Android Java Client
136
+
103
137
  You can see an example java client for use with Android in EncryptUtil.java
104
138
 
105
139
  ## Contributing
data/lib/serket/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Serket
2
- VERSION = "0.0.1"
2
+ VERSION = "0.0.2"
3
3
  end
data/lib/serket.rb CHANGED
@@ -17,4 +17,12 @@ module Serket
17
17
  def self.configure
18
18
  yield(configuration)
19
19
  end
20
+
21
+ def self.encrypt(text)
22
+ FieldEncrypter.new.encrypt(text)
23
+ end
24
+
25
+ def self.decrypt(cipher)
26
+ FieldDecrypter.new.decrypt(cipher)
27
+ end
20
28
  end
data/spec/serket/encrypted_fields_spec.rb CHANGED
@@ -7,9 +7,8 @@ describe Serket::EncryptedFields do
7
7
  end
8
8
 
9
9
  it "should encrypt a plaintext field" do
10
- field_decrypter = Serket::FieldDecrypter.new
11
10
  @encrypted_model.email = 'kemba.walker@aol.com'
12
- decrypted = field_decrypter.decrypt(@encrypted_model.email)
11
+ decrypted = Serket.decrypt(@encrypted_model.email)
13
12
  decrypted.should == 'kemba.walker@aol.com'
14
13
  end
15
14
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: serket
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Nipper