slosilo 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d243023c094f7eaec65752017e2550d57030d13a
-  data.tar.gz: f99b144884f5f3bf351fe4190e06c99f076b961f
+  metadata.gz: 19532fb817cc0d993257331452fd6fc36be49da8
+  data.tar.gz: 63c9b867b4e125aff0e5680e21a9a31605629716
 SHA512:
-  metadata.gz: 3b2b0a71040bedaf6e15da8c6fdf6bca34fec490fe41f8834c72ba170ab22cbe7bd8d1d1b93dcfd24855acbf4ad634aa342cdb0374d562277ac9d4df493c6e7a
-  data.tar.gz: 8f4741e1f0f4a00cb0b466e6776445830efc11f66947cac7533fc2d65d0060a0116f7b0239c130ff3866e24e628323170bf684ee2285dc1020e21e2a36106663
+  metadata.gz: 799000b32ea19b4b5ca3fb63901007e16c659af8ea383f3d469ed4a91a1c23b10529eeffda3167b73e0bf67043258622c997b68fefd110cf5fb96cedc8b3769c
+  data.tar.gz: c017465fd76fd4aa9812924ead3c3342d66d3f87f222cd94c0f08c0eadd2dd66c7088e3bc5333ae6d4a83f165c2329456cc38158b2de5d17e76dd1fe0d098449

data/README.md

@@ -1,7 +1,11 @@
 # Slosilo
 
-Slosilo is a keystore in the database. (Currently only works with postgres.)
-It allows easy storage and retrieval of keys.
+Slosilo is providing a ruby interface to some cryptographic primitives:
+- symmetric encryption,
+- a mixin for easy encryption of object attributes (WARNING: unauthenticated, see below),
+- asymmetric encryption and signing,
+- a keystore in a postgres sequel db -- it allows easy storage and retrieval of keys,
+- a keystore in files.
 
 ## Installation
 
@@ -13,6 +17,105 @@ And then execute:
 
     $ bundle
 
+## Usage
+
+### Symmetric encryption
+
+```ruby
+sym = Slosilo::Symmetric.new
+key = sym.random_key
+ciphertext = sym.encrypt "secret message", key: key
+```
+
+```ruby
+sym = Slosilo::Symmetric.new
+message = sym.decrypt ciphertext, key: key
+```
+
+### Encryption mixin
+
+```ruby
+require 'slosilo'
+
+class Foo
+  attr_accessor :foo
+  attr_encrypted :foo
+
+  def raw_foo
+    @foo
+  end
+end
+
+Slosilo::encryption_key = Slosilo::Symmetric.new.random_key
+
+obj = Foo.new
+obj.foo = "bar"
+obj.raw_foo # => "\xC4\xEF\x87\xD3b\xEA\x12\xDF\xD0\xD4hk\xEDJ\v\x1Cr\xF2#\xA3\x11\xA4*k\xB7\x8F\x8F\xC2\xBD\xBB\xFF\xE3"
+obj.foo # => "bar"
+```
+
+You can safely use it in ie. ActiveRecord::Base or Sequel::Model subclasses.
+
+#### Warning
+
+The encrypted data is not authenticated; it's intended to prevent
+opportunistic access to secrets by a third party which gets hold of a database
+dump. *IT DOES NOT prevent tampering.* If your threat model includes an attacker
+which can modify the database, `attr_encrypted` by itself IS NOT SECURE.
+
+### Asymmetric encryption and signing
+
+```ruby
+private_key = Slosilo::Key.new
+public_key = private_key.public
+```
+
+#### Key dumping
+```ruby
+k = public_key.to_s # => "-----BEGIN PUBLIC KEY----- ...
+(Slosilo::Key.new k) == public_key # => true
+```
+
+#### Encryption
+
+```ruby
+encrypted = public_key.encrypt_message "eagle one sees many clouds"
+# => "\xA3\x1A\xD2\xFC\xB0 ...
+
+public_key.decrypt_message encrypted
+# => OpenSSL::PKey::RSAError: private key needed.
+
+private_key.decrypt_message encrypted
+# => "eagle one sees many clouds"
+```
+
+#### Signing
+
+```ruby
+token = private_key.signed_token "missile launch not authorized"
+# => {"data"=>"missile launch not authorized", "timestamp"=>"2014-10-13 12:41:25 UTC", "signature"=>"bSImk...DzV3o", "key"=>"455f7ac42d2d483f750b4c380761821d"}
+
+public_key.token_valid? token # => true
+
+token["data"] = "missile launch authorized"
+public_key.token_valid? token # => false
+```
+
+### Keystore
+
+```ruby
+Slosilo::encryption_key = ENV['SLOSILO_KEY']
+Slosilo.adapter = Slosilo::Adapters::FileAdapter.new "~/.keys"
+
+Slosilo[:own] = Slosilo::Key.new
+Slosilo[:their] = Slosilo::Key.new File.read("foo.pem")
+
+msg = Slosilo[:their].encrypt_message 'bar'
+p Slosilo[:own].signed_token msg
+```
+
+### Keystore in database
+
 Add a migration to create the necessary table:
 
     require 'slosilo/adapters/sequel_adapter/migration'
@@ -21,7 +124,10 @@ Remember to migrate your database
 
     $ rake db:migrate
 
-## Usage
+Then
+```ruby
+Slosilo.adapter = Slosilo::Adapters::SequelAdapter.new
+```
 
 ## Contributing
 

data/lib/slosilo/version.rb

@@ -1,3 +1,3 @@
 module Slosilo
-  VERSION = "1.0.0"
+  VERSION = "1.1.0"
 end

data/slosilo.gemspec

@@ -18,8 +18,8 @@ Gem::Specification.new do |gem|
   gem.required_ruby_version = '>= 1.9.3'
   
   gem.add_development_dependency 'rake'
-  gem.add_development_dependency 'rspec', '~> 2.14'
-  gem.add_development_dependency 'ci_reporter', '~> 1.9'
+  gem.add_development_dependency 'rspec', '~> 3.0'
+  gem.add_development_dependency 'ci_reporter_rspec'
   gem.add_development_dependency 'simplecov'
   gem.add_development_dependency 'io-grab', '~> 0.0.1'
   gem.add_development_dependency 'sequel' # for sequel tests

data/spec/file_adapter_spec.rb

@@ -13,7 +13,7 @@ describe Slosilo::Adapters::FileAdapter do
   describe "#get_key" do
     context "when given key does not exist" do
       it "returns nil" do
-        subject.get_key(:whatever).should_not be
+        expect(subject.get_key(:whatever)).not_to be
       end
     end
   end
@@ -22,7 +22,7 @@ describe Slosilo::Adapters::FileAdapter do
     context "unacceptable id" do
       let(:id) { "foo.bar" }
       it "isn't accepted" do
-        lambda { subject.put_key id, key }.should raise_error
+        expect { subject.put_key id, key }.to raise_error
       end    
     end
     context "acceptable id" do
@@ -30,11 +30,11 @@ describe Slosilo::Adapters::FileAdapter do
       let(:key_encrypted) { "encrypted key" }
       let(:fname) { "#{dir}/#{id}.key" }
       it "creates the key" do
-        Slosilo::EncryptedAttributes.should_receive(:encrypt).with(key.to_der).and_return key_encrypted
-        File.should_receive(:write).with(fname, key_encrypted)
-        File.should_receive(:chmod).with(0400, fname)
+        expect(Slosilo::EncryptedAttributes).to receive(:encrypt).with(key.to_der).and_return key_encrypted
+        expect(File).to receive(:write).with(fname, key_encrypted)
+        expect(File).to receive(:chmod).with(0400, fname)
         subject.put_key id, key
-        subject.instance_variable_get("@keys")[id].should == key
+        expect(subject.instance_variable_get("@keys")[id]).to eq(key)
       end    
     end
   end
@@ -45,7 +45,7 @@ describe Slosilo::Adapters::FileAdapter do
     it "iterates over each key" do
       results = []
       adapter.each { |id,k| results << { id => k } }
-      results.should == [ { one: :onek}, {two: :twok } ]
+      expect(results).to eq([ { one: :onek}, {two: :twok } ])
     end
   end
 
@@ -60,13 +60,13 @@ describe Slosilo::Adapters::FileAdapter do
 
     describe '#get_key' do
       it "loads and decrypts the key" do
-        adapter.get_key(id).should == key
+        expect(adapter.get_key(id)).to eq(key)
       end
     end
 
     describe '#get_by_fingerprint' do
       it "can look up a key by a fingerprint" do
-        adapter.get_by_fingerprint(key_fingerprint).should == [key, id]
+        expect(adapter.get_by_fingerprint(key_fingerprint)).to eq([key, id])
       end
     end
     
@@ -74,7 +74,7 @@ describe Slosilo::Adapters::FileAdapter do
       it "enumerates the keys" do
         results = []
         adapter.each { |id,k| results << { id => k } }
-        results.should == [ { id => key } ]
+        expect(results).to eq([ { id => key } ])
       end
     end
   end

data/spec/key_spec.rb

@@ -4,38 +4,50 @@ describe Slosilo::Key do
   include_context "with example key"
   
   subject { key }
-  its(:to_der) { should == rsa.to_der }
-  its(:to_s) { should == rsa.public_key.to_pem }
-  its(:fingerprint) { should == key_fingerprint }
-  it { should be_private }
+
+  describe '#to_der' do
+    subject { super().to_der }
+    it { is_expected.to eq(rsa.to_der) }
+  end
+
+  describe '#to_s' do
+    subject { super().to_s }
+    it { is_expected.to eq(rsa.public_key.to_pem) }
+  end
+
+  describe '#fingerprint' do
+    subject { super().fingerprint }
+    it { is_expected.to eq(key_fingerprint) }
+  end
+  it { is_expected.to be_private }
 
   context "with identical key" do
     let(:other) { Slosilo::Key.new rsa.to_der }
     it "is equal" do
-      subject.should == other
+      expect(subject).to eq(other)
     end
 
     it "is eql?" do
-      subject.eql?(other).should be_true
+      expect(subject.eql?(other)).to be_truthy
     end
 
     it "has equal hash" do
-      subject.hash.should == other.hash
+      expect(subject.hash).to eq(other.hash)
     end
   end
   
   context "with a different key" do
     let(:other) { Slosilo::Key.new another_rsa }
     it "is not equal" do
-      subject.should_not == other
+      expect(subject).not_to eq(other)
     end
 
     it "is not eql?" do
-      subject.eql?(other).should_not be_true
+      expect(subject.eql?(other)).not_to be_truthy
     end
 
     it "has different hash" do
-      subject.hash.should_not == other.hash
+      expect(subject.hash).not_to eq(other.hash)
     end
   end
 
@@ -54,14 +66,14 @@ describe Slosilo::Key do
     it "generates a symmetric encryption key and encrypts the plaintext with the public key" do
       ctxt, skey = subject.encrypt plaintext
       pskey = rsa.private_decrypt skey
-      Slosilo::Symmetric.new.decrypt(ctxt, key: pskey).should == plaintext
+      expect(Slosilo::Symmetric.new.decrypt(ctxt, key: pskey)).to eq(plaintext)
     end
   end
 
   describe '#encrypt_message' do
     it "#encrypts a message and then returns the result as a single string" do
-      subject.should_receive(:encrypt).with(plaintext).and_return ['fake ciphertext', 'fake key']
-      subject.encrypt_message(plaintext).should == 'fake keyfake ciphertext'
+      expect(subject).to receive(:encrypt).with(plaintext).and_return ['fake ciphertext', 'fake key']
+      expect(subject.encrypt_message(plaintext)).to eq('fake keyfake ciphertext')
     end
   end
   
@@ -69,14 +81,14 @@ describe Slosilo::Key do
   let(:skey) { "\x15\xFF\xD4>\x9C\xF4\x0F\xB6\x04C\x18\xC1\x96\xC3\xE0T\xA3\xF5\xE8\x17\xA6\xE0\x86~rrw\xC3\xDF\x11)$\x9B\r@\x0E\xE4Zv\rw-\xFC\x1C\x84\x17\xBD\xDB\x12u\xCD\r\xFEo\xD5\xC8[\x8FEA\\\xA9\xA2F#\x8BH -\xFA\xF7\xA9\xEBf\x97\xAAT}\x8E*\xC0r\x944p\xD0\x9A\xE7\xBD\a;O\f\xEF\xE4B.y\xFA\xB4e@O\xBB\x15>y\xC9\t=\x01\xE1J\xF3X\xA9\x9E3\x04^H\x1F\xFF\x19C\x93ve)@\xF7\t_\xCF\xDE\xF1\xB7]\x83lL\xB8%A\x93p{\xE9Y\xBAu\xCE\x99T\xDC\xDF\xE7\x0FD%\xB9AXb\x1CW\x94$P\xBB\xE1g\xDEE\t\xC4\x92\x9E\xFEt\xDF\xD0\xEA\x03\xC4\x12\xA9\x02~u\xF4\x92 ;\xA0\xCE.\b+)\x05\xEDo\xA5cF\xF8\x12\xD7F\x97\xE44\xBF\xF1@\xA5\xC5\xA8\xE5\a\xE8ra<\x04\xB5\xA2\f\t\xF7T\x97\e\xF5(^\xAB\xA5%84\x10\xD1\x13e<\xCA/\xBF}%\xF6\xB1%\xB2".force_encoding("ASCII-8BIT") }
   describe '#decrypt' do
     it "decrypts the symmetric key and then uses it to decrypt the ciphertext" do
-      subject.decrypt(ciphertext, skey).should == plaintext
+      expect(subject.decrypt(ciphertext, skey)).to eq(plaintext)
     end
   end
   
   describe '#decrypt_message' do
     it "splits the message into key and rest, then #decrypts it" do
-      subject.should_receive(:decrypt).with(ciphertext, skey).and_return plaintext
-      subject.decrypt_message(skey + ciphertext).should == plaintext
+      expect(subject).to receive(:decrypt).with(ciphertext, skey).and_return plaintext
+      expect(subject.decrypt_message(skey + ciphertext)).to eq(plaintext)
     end
   end
 
@@ -85,17 +97,25 @@ describe Slosilo::Key do
       subject { Slosilo::Key.new }
       let (:rsa) { double "key" }
       it "generates a new key pair" do
-        OpenSSL::PKey::RSA.should_receive(:new).with(2048).and_return(rsa)
-        subject.key.should == rsa
+        expect(OpenSSL::PKey::RSA).to receive(:new).with(2048).and_return(rsa)
+        expect(subject.key).to eq(rsa)
       end
     end
     context "when given an armored key" do
       subject { Slosilo::Key.new rsa.to_der }
-      its(:to_der) { should == rsa.to_der }
+
+      describe '#to_der' do
+        subject { super().to_der }
+        it { is_expected.to eq(rsa.to_der) }
+      end
     end
     context "when given a key instance" do
       subject { Slosilo::Key.new rsa }
-      its(:to_der) { should == rsa.to_der }
+
+      describe '#to_der' do
+        subject { super().to_der }
+        it { is_expected.to eq(rsa.to_der) }
+      end
     end
     context "when given something else" do
       subject { Slosilo::Key.new "foo" }
@@ -108,21 +128,21 @@ describe Slosilo::Key do
   describe "#sign" do
     context "when given a hash" do
       it "converts to a sorted array and signs that" do
-        key.should_receive(:sign_string).with '[["a",3],["b",42]]'
+        expect(key).to receive(:sign_string).with '[["a",3],["b",42]]'
         key.sign b: 42, a: 3
       end
     end
     context "when given an array" do
       it "signs a JSON representation instead" do
-        key.should_receive(:sign_string).with '[2,[42,2]]'
+        expect(key).to receive(:sign_string).with '[2,[42,2]]'
         key.sign [2, [42, 2]]
       end
     end
     context "when given a string" do
       let(:expected_signature) { "d[\xA4\x00\x02\xC5\x17\xF5P\x1AD\x91\xF9\xC1\x00P\x0EG\x14,IN\xDE\x17\xE1\xA2a\xCC\xABR\x99'\xB0A\xF5~\x93M/\x95-B\xB1\xB6\x92!\x1E\xEA\x9C\v\xC2O\xA8\x91\x1C\xF9\x11\x92a\xBFxm-\x93\x9C\xBBoM\x92%\xA9\xD06$\xC1\xBC.`\xF8\x03J\x16\xE1\xB0c\xDD\xBF\xB0\xAA\xD7\xD4\xF4\xFC\e*\xAB\x13A%-\xD3\t\xA5R\x18\x01let6\xC8\xE9\"\x7F6O\xC7p\x82\xAB\x04J(IY\xAA]b\xA4'\xD6\x873`\xAB\x13\x95g\x9C\x17\xCAB\xF8\xB9\x85B:^\xC5XY^\x03\xEA\xB6V\x17b2\xCA\xF5\xD6\xD4\xD2\xE3u\x11\xECQ\x0Fb\x14\xE2\x04\xE1<a\xC5\x01eW-\x15\x01X\x81K\x1A\xE5A\vVj\xBF\xFC\xFE#\xD5\x93y\x16\xDC\xB4\x8C\xF0\x02Y\xA8\x87i\x01qC\xA7#\xE8\f\xA5\xF0c\xDEJ\xB0\xDB BJ\x87\xA4\xB0\x92\x80\x03\x95\xEE\xE9\xB8K\xC0\xE3JbE-\xD4\xCBP\\\x13S\"\eZ\xE1\x93\xFDa pinch of salt".force_encoding("ASCII-8BIT") }
       it "signs it" do
-        key.stub shake_salt: 'a pinch of salt'
-        key.sign("this sentence is not this sentence").should == expected_signature
+        allow(key).to receive_messages shake_salt: 'a pinch of salt'
+        expect(key.sign("this sentence is not this sentence")).to eq(expected_signature)
       end
     end
   end
@@ -136,44 +156,44 @@ describe Slosilo::Key do
     let(:expected_signature) { Base64::urlsafe_encode64 "\xB0\xCE{\x9FP\xEDV\x9C\xE7b\x8B[\xFAil\x87^\x96\x17Z\x97\x1D\xC2?B\x96\x9C\x8Ep-\xDF_\x8F\xC21\xD9^\xBC\n\x16\x04\x8DJ\xF6\xAF-\xEC\xAD\x03\xF9\xEE:\xDF\xB5\x8F\xF9\xF6\x81m\xAB\x9C\xAB1\x1E\x837\x8C\xFB\xA8P\xA8<\xEA\x1Dx\xCEd\xED\x84f\xA7\xB5t`\x96\xCC\x0F\xA9t\x8B\x9Fo\xBF\x92K\xFA\xFD\xC5?\x8F\xC68t\xBC\x9F\xDE\n$\xCA\xD2\x8F\x96\x0EtX2\x8Cl\x1E\x8Aa\r\x8D\xCAi\x86\x1A\xBD\x1D\xF7\xBC\x8561j\x91YlO\xFA(\x98\x10iq\xCC\xAF\x9BV\xC6\v\xBC\x10Xm\xCD\xFE\xAD=\xAA\x95,\xB4\xF7\xE8W\xB8\x83;\x81\x88\xE6\x01\xBA\xA5F\x91\x17\f\xCE\x80\x8E\v\x83\x9D<\x0E\x83\xF6\x8D\x03\xC0\xE8A\xD7\x90i\x1D\x030VA\x906D\x10\xA0\xDE\x12\xEF\x06M\xD8\x8B\xA9W\xC8\x9DTc\x8AJ\xA4\xC0\xD3!\xFA\x14\x89\xD1p\xB4J7\xA5\x04\xC2l\xDC8<\x04Y\xD8\xA4\xFB[\x89\xB1\xEC\xDA\xB8\xD7\xEA\x03Ja pinch of salt".force_encoding("ASCII-8BIT") }
     let(:expected_token) { token_to_sign.merge "signature" => expected_signature, "key" => key_fingerprint }
     before do
-      key.stub shake_salt: salt
-      Time.stub new: time
+      allow(key).to receive_messages shake_salt: salt
+      allow(Time).to receive_messages new: time
     end
     subject { key.signed_token data }
-    it { should == expected_token }
+    it { is_expected.to eq(expected_token) }
   end
   
   describe "#token_valid?" do
     let(:data) { { "foo" => :bar } }
     let(:signature) { Base64::urlsafe_encode64 "\xB0\xCE{\x9FP\xEDV\x9C\xE7b\x8B[\xFAil\x87^\x96\x17Z\x97\x1D\xC2?B\x96\x9C\x8Ep-\xDF_\x8F\xC21\xD9^\xBC\n\x16\x04\x8DJ\xF6\xAF-\xEC\xAD\x03\xF9\xEE:\xDF\xB5\x8F\xF9\xF6\x81m\xAB\x9C\xAB1\x1E\x837\x8C\xFB\xA8P\xA8<\xEA\x1Dx\xCEd\xED\x84f\xA7\xB5t`\x96\xCC\x0F\xA9t\x8B\x9Fo\xBF\x92K\xFA\xFD\xC5?\x8F\xC68t\xBC\x9F\xDE\n$\xCA\xD2\x8F\x96\x0EtX2\x8Cl\x1E\x8Aa\r\x8D\xCAi\x86\x1A\xBD\x1D\xF7\xBC\x8561j\x91YlO\xFA(\x98\x10iq\xCC\xAF\x9BV\xC6\v\xBC\x10Xm\xCD\xFE\xAD=\xAA\x95,\xB4\xF7\xE8W\xB8\x83;\x81\x88\xE6\x01\xBA\xA5F\x91\x17\f\xCE\x80\x8E\v\x83\x9D<\x0E\x83\xF6\x8D\x03\xC0\xE8A\xD7\x90i\x1D\x030VA\x906D\x10\xA0\xDE\x12\xEF\x06M\xD8\x8B\xA9W\xC8\x9DTc\x8AJ\xA4\xC0\xD3!\xFA\x14\x89\xD1p\xB4J7\xA5\x04\xC2l\xDC8<\x04Y\xD8\xA4\xFB[\x89\xB1\xEC\xDA\xB8\xD7\xEA\x03Ja pinch of salt".force_encoding("ASCII-8BIT") }
     let(:token) { { "data" => data, "timestamp" => "2012-01-01 01:01:01 UTC", "signature" => signature } }
-    before { Time.stub now: Time.new(2012,1,1,1,2,1,0) }
+    before { allow(Time).to receive_messages now: Time.new(2012,1,1,1,2,1,0) }
     subject { key.token_valid? token }
-    it { should be_true }
+    it { is_expected.to be_truthy }
     
     it "doesn't check signature on the advisory key field" do
-      key.token_valid?(token.merge "key" => key_fingerprint).should be_true
+      expect(key.token_valid?(token.merge "key" => key_fingerprint)).to be_truthy
     end
     
     it "rejects the token if the key field is present and doesn't match" do
-      key.token_valid?(token.merge "key" => "this is not the key you are looking for").should_not be_true
+      expect(key.token_valid?(token.merge "key" => "this is not the key you are looking for")).not_to be_truthy
     end
     
     context "when token is 1 hour old" do
-      before { Time.stub now: Time.new(2012,1,1,2,1,1,0) }
-      it { should be_false }
+      before { allow(Time).to receive_messages now: Time.new(2012,1,1,2,1,1,0) }
+      it { is_expected.to be_falsey }
       context "when timestamp in the token is changed accordingly" do
         let(:token) { { "data" => data, "timestamp" => "2012-01-01 02:00:01 UTC", "signature" => signature } }
-        it { should be_false }
+        it { is_expected.to be_falsey }
       end
     end
     context "when the data is changed" do
       let(:data) { { "foo" => :baz } }
-      it { should be_false }
+      it { is_expected.to be_falsey }
     end
     context "when RSA decrypt raises an error" do
-      before { OpenSSL::PKey::RSA.any_instance.should_receive(:public_decrypt).and_raise(OpenSSL::PKey::RSAError) }
-      it { should be_false }
+      before { expect_any_instance_of(OpenSSL::PKey::RSA).to receive(:public_decrypt).and_raise(OpenSSL::PKey::RSAError) }
+      it { is_expected.to be_falsey }
     end
   end
 end

data/spec/keystore_spec.rb

@@ -7,7 +7,7 @@ describe Slosilo::Keystore do
   describe '#put' do
     it "handles Slosilo::Keys" do
       subject.put(:test, key)
-      adapter['test'].to_der.should == rsa.to_der
+      expect(adapter['test'].to_der).to eq(rsa.to_der)
     end
 
     it "refuses to store a key with a nil id" do
@@ -19,7 +19,7 @@ describe Slosilo::Keystore do
     end
 
     it "passes the Slosilo key to the adapter" do
-      adapter.should_receive(:put_key).with "test", key
+      expect(adapter).to receive(:put_key).with "test", key
       subject.put :test, key
     end
   end

data/spec/random_spec.rb

@@ -4,6 +4,16 @@ describe Slosilo::Random do
   subject { Slosilo::Random }
   let(:other_salt) { Slosilo::Random::salt }
   
-  its('salt.length') { should == 32 }
-  its(:salt) { should_not == other_salt }
+  describe '#salt' do
+    subject { super().salt }
+    describe '#length' do
+      subject { super().length }
+      it { is_expected.to eq(32) }
+    end
+  end
+
+  describe '#salt' do
+    subject { super().salt }
+    it { is_expected.not_to eq(other_salt) }
+  end
 end

data/spec/sequel_adapter_spec.rb

@@ -8,21 +8,21 @@ describe Slosilo::Adapters::SequelAdapter do
   include_context "with example key"
 
   let(:model) { double "model" }
-  before { subject.stub create_model: model }
+  before { allow(subject).to receive_messages create_model: model }
   
   describe "#get_key" do
     context "when given key does not exist" do
-      before { model.stub :[] => nil }
+      before { allow(model).to receive_messages :[] => nil }
       it "returns nil" do
-        subject.get_key(:whatever).should_not be
+        expect(subject.get_key(:whatever)).not_to be
       end
     end
 
     context "when it exists" do
       let(:id) { "id" }
-      before { model.stub(:[]).with(id).and_return (double "key entry", id: id, key: rsa.to_der) }
+      before { allow(model).to receive(:[]).with(id).and_return (double "key entry", id: id, key: rsa.to_der) }
       it "returns it" do
-        subject.get_key(id).should == key
+        expect(subject.get_key(id)).to eq(key)
       end
     end
   end
@@ -30,14 +30,14 @@ describe Slosilo::Adapters::SequelAdapter do
   describe "#put_key" do
     let(:id) { "id" }
     it "creates the key" do
-      model.should_receive(:create).with id: id, key: key.to_der
-      model.stub columns: [:id, :key]
+      expect(model).to receive(:create).with id: id, key: key.to_der
+      allow(model).to receive_messages columns: [:id, :key]
       subject.put_key id, key
     end
 
     it "adds the fingerprint if feasible" do
-      model.should_receive(:create).with id: id, key: key.to_der, fingerprint: key.fingerprint
-      model.stub columns: [:id, :key, :fingerprint]
+      expect(model).to receive(:create).with id: id, key: key.to_der, fingerprint: key.fingerprint
+      allow(model).to receive_messages columns: [:id, :key, :fingerprint]
       subject.put_key id, key
     end
   end
@@ -46,25 +46,21 @@ describe Slosilo::Adapters::SequelAdapter do
   describe "#each" do
     let(:one) { double("one", id: :one, key: :onek) }
     let(:two) { double("two", id: :two, key: :twok) }
-    before { model.stub(:each).and_yield(one).and_yield(two) }
+    before { allow(model).to receive(:each).and_yield(one).and_yield(two) }
     
     it "iterates over each key" do
       results = []
-      Slosilo::Key.stub(:new) {|x|x}
+      allow(Slosilo::Key).to receive(:new) {|x|x}
       adapter.each { |id,k| results << { id => k } }
-      results.should == [ { one: :onek}, {two: :twok } ]
+      expect(results).to eq([ { one: :onek}, {two: :twok } ])
     end
   end
 
   shared_context "database" do
     let(:db) { Sequel.sqlite }
     before do
-      subject.unstub :create_model
-      begin
-        Sequel::Model.cache_anonymous_models = false
-      rescue NoMethodError # sequel 4.0 moved the method
-        Sequel.cache_anonymous_models = false
-      end
+      allow(subject).to receive(:create_model).and_call_original
+      Sequel.cache_anonymous_models = false
       Sequel::Model.db = db
     end
   end
@@ -91,24 +87,24 @@ describe Slosilo::Adapters::SequelAdapter do
       before { subject.migrate! }
 
       it "supports look up by id" do
-        subject.get_key("test").should == key
+        expect(subject.get_key("test")).to eq(key)
       end
 
       it "supports look up by fingerprint, without a warning" do
-        $stderr.grab do
-          subject.get_by_fingerprint(key.fingerprint).should == [key, 'test']
-        end.should be_empty
+        expect($stderr.grab do
+          expect(subject.get_by_fingerprint(key.fingerprint)).to eq([key, 'test'])
+        end).to be_empty
       end
     end
 
     it "supports look up by id" do
-      subject.get_key("test").should == key
+      expect(subject.get_key("test")).to eq(key)
     end
 
     it "supports look up by fingerprint, but issues a warning" do
-      $stderr.grab do
-        subject.get_by_fingerprint(key.fingerprint).should == [key, 'test']
-      end.should_not be_empty
+      expect($stderr.grab do
+        expect(subject.get_by_fingerprint(key.fingerprint)).to eq([key, 'test'])
+      end).not_to be_empty
     end
   end
 
@@ -129,11 +125,11 @@ describe Slosilo::Adapters::SequelAdapter do
     end
 
     it "supports look up by id" do
-      subject.get_key("test").should == key
+      expect(subject.get_key("test")).to eq(key)
     end
 
     it "supports look up by fingerprint" do
-      subject.get_by_fingerprint(key.fingerprint).should == [key, 'test']
+      expect(subject.get_by_fingerprint(key.fingerprint)).to eq([key, 'test'])
     end
   end
 
@@ -141,7 +137,7 @@ describe Slosilo::Adapters::SequelAdapter do
     include_context "encryption key"
     include_context "current schema"
 
-    it { should be_secure }
+    it { is_expected.to be_secure }
 
     it "saves the keys in encrypted form" do
       subject.put_key 'test', key
@@ -158,7 +154,7 @@ describe Slosilo::Adapters::SequelAdapter do
 
     include_context "current schema"
 
-    it { should_not be_secure }
+    it { is_expected.not_to be_secure }
 
     it "refuses to store a private key" do
       expect { subject.put_key 'test', key }.to raise_error(Slosilo::Error::InsecureKeyStorage)

data/spec/slosilo_spec.rb

@@ -7,32 +7,32 @@ describe Slosilo do
   
   describe '[]' do
     it "returns a Slosilo::Key" do
-      Slosilo[:test].should be_instance_of Slosilo::Key
+      expect(Slosilo[:test]).to be_instance_of Slosilo::Key
     end
 
     it "allows looking up by fingerprint" do
-      Slosilo[fingerprint: key_fingerprint].should == key
+      expect(Slosilo[fingerprint: key_fingerprint]).to eq(key)
     end
     
     context "when the requested key does not exist" do
       it "returns nil instead of creating a new key" do
-        Slosilo[:aether].should_not be
+        expect(Slosilo[:aether]).not_to be
       end
     end
   end
   
   describe '.sign' do
     let(:own_key) { double "own key" }
-    before { Slosilo.stub(:[]).with(:own).and_return own_key }
+    before { allow(Slosilo).to receive(:[]).with(:own).and_return own_key }
     let (:argument) { double "thing to sign" }
     it "fetches the own key and signs using that" do
-      own_key.should_receive(:sign).with(argument)
+      expect(own_key).to receive(:sign).with(argument)
       Slosilo.sign argument
     end
   end
   
   describe '.token_valid?' do
-    before { adapter['test'].stub token_valid?: false }
+    before { allow(adapter['test']).to receive_messages token_valid?: false }
     let(:key2) { double "key 2", token_valid?: false }
     let(:key3) { double "key 3", token_valid?: false }
     before do
@@ -44,19 +44,19 @@ describe Slosilo do
     subject { Slosilo.token_valid? token }
     
     context "when no key validates the token" do
-      before { Slosilo::Key.stub new: (double "key", token_valid?: false) }
-      it { should be_false }
+      before { allow(Slosilo::Key).to receive_messages new: (double "key", token_valid?: false) }
+      it { is_expected.to be_falsey }
     end
     
     context "when a key validates the token" do
       let(:valid_key) { double token_valid?: true }
       let(:invalid_key) { double token_valid?: true }
       before do
-        Slosilo::Key.stub new: invalid_key
+        allow(Slosilo::Key).to receive_messages new: invalid_key
         adapter[:key2] = valid_key
       end
       
-      it { should be_true }
+      it { is_expected.to be_truthy }
     end
   end
   
@@ -66,18 +66,18 @@ describe Slosilo do
       let(:token) {{ 'data' => 'foo', 'key' => key.fingerprint, 'signature' => 'XXX' }}
 
       context "and the signature is valid" do
-        before { key.stub(:token_valid?).with(token).and_return true }
+        before { allow(key).to receive(:token_valid?).with(token).and_return true }
 
         it "returns the key id" do
-          subject.token_signer(token).should == 'test'
+          expect(subject.token_signer(token)).to eq('test')
         end
       end
 
       context "and the signature is invalid" do
-        before { key.stub(:token_valid?).with(token).and_return false }
+        before { allow(key).to receive(:token_valid?).with(token).and_return false }
 
         it "returns nil" do
-          subject.token_signer(token).should_not be
+          expect(subject.token_signer(token)).not_to be
         end
       end
     end
@@ -85,7 +85,7 @@ describe Slosilo do
     context "when token doesn't match a key" do
       let(:token) {{ 'data' => 'foo', 'key' => "footprint", 'signature' => 'XXX' }}
       it "returns nil" do
-        subject.token_signer(token).should_not be
+        expect(subject.token_signer(token)).not_to be
       end
     end
   end

data/spec/spec_helper.rb

@@ -1,10 +1,6 @@
 require "simplecov"
 SimpleCov.start
 
-RSpec.configure do |c|
-  c.treat_symbols_as_metadata_keys_with_true_values = true
-end
-
 require 'slosilo'
 
 shared_context "with mock adapter" do
@@ -80,20 +76,6 @@ ooQ2FuL0K6ukQfHPjuMswqi41lmVH8gIVqVC+QnImUCrGxH9WXWy
   end
   
   def self.mock_own_key
-    before { Slosilo.stub(:[]).with(:own).and_return key }
-  end
-end
-
-class RackEnvironmentInputMatcher
-  def initialize expected
-    @expected = expected
+    before { allow(Slosilo).to receive(:[]).with(:own).and_return key }
   end
-  
-  def == env
-    env['rack.input'].read.should == @expected
-  end
-end
-
-def rack_environment_with_input expected
-  RackEnvironmentInputMatcher.new expected
 end

data/spec/symmetric_spec.rb

@@ -8,21 +8,21 @@ describe Slosilo::Symmetric do
   let(:ciphertext) { "\xA1\xFA#z\x16\x80R\xCC|\x0Fyc\xB7j\x17\xED\x15\xC9r\xC9\xEE\xB9\xBC5\xB7\ni\x0F\f\xC8X\x80 h\a\xF4\xA6\xE3\x15\x9D\xF1-\xE5\bs\xF6\x02Z\x0F\xCD|S\x1A\xAA\x9At\xEFT\x17\xA5lT\x8C\xF3".force_encoding("ASCII-8BIT") }
   describe '#encrypt' do
     it "encrypts with AES-256-CBC" do
-      subject.stub random_iv: iv
-      subject.encrypt(plaintext, key: key).should == ciphertext
+      allow(subject).to receive_messages random_iv: iv
+      expect(subject.encrypt(plaintext, key: key)).to eq(ciphertext)
     end
   end
   
   describe '#decrypt' do
     it "decrypts with AES-256-CBC" do
-      subject.decrypt(ciphertext, key: key).should == plaintext
+      expect(subject.decrypt(ciphertext, key: key)).to eq(plaintext)
     end
     
     context "when ciphertext happens to end in a zero" do
       let(:ciphertext) { "\x7F\xD6\xEAb\xE56\a\xD3\xC5\xF2J\n\x8C\x8Fg\xB7-\\\x8A\fh\x18\xC8\x91\xB9 \x97\xC9\x12\xE6\xA6\xAE\xB1I\x1E\x80\xAB\xD8\xDC\xBD\xB6\xCD\x9A\xA3MH\xA8\xB0\xC7\xDA\x87\xA7c\xD75,\xD2A\xB8\x9E\xE3o\x04\x00" }
       let(:key) { "4pSuk1rAQyuHA5uUYaj0X0BsiPCFb9Nc8J03XA6V5/Y" }
       it "works correctly" do
-        subject.decrypt(ciphertext, key: key).should == "R6KNTQ4aUivojbaqhgAqj1I4PaF8h/5/YcENy4uNbfk="
+        expect(subject.decrypt(ciphertext, key: key)).to eq("R6KNTQ4aUivojbaqhgAqj1I4PaF8h/5/YcENy4uNbfk=")
       end
     end
 
@@ -30,22 +30,22 @@ describe Slosilo::Symmetric do
       let(:ciphertext) { "\xC0\xDA#\xE9\xE1\xFD\xEDJ\xADs4P\xA9\xD6\x92 \xF7\xF8_M\xF6\x16\xC2i$\x8BT^\b\xA1\xB2L&\xE9\x80\x02[]6i\x9B\xD3\xC3\xED\xA9\xD1\x94\xE8\x15\xFD\xDA\xFEUj\xC5upH*\xBF\x82\x15le" }
       let(:key) { "4pSuk1rAQyuHA5uUYaj0X0BsiPCFb9Nc8J03XA6V5/Y" }
       it "works correctly" do
-        subject.decrypt(ciphertext, key: key).should == "zGptmL3vd4obi1vqSiWHt/Ias2k+6qDtuq9vdow8jNA="
+        expect(subject.decrypt(ciphertext, key: key)).to eq("zGptmL3vd4obi1vqSiWHt/Ias2k+6qDtuq9vdow8jNA=")
       end
     end
   end
   
   describe '#random_iv' do
     it "generates a random iv" do
-      OpenSSL::Cipher.any_instance.should_receive(:random_iv).and_return :iv
-      subject.random_iv.should == :iv
+      expect_any_instance_of(OpenSSL::Cipher).to receive(:random_iv).and_return :iv
+      expect(subject.random_iv).to eq(:iv)
     end
   end
 
   describe '#random_key' do
     it "generates a random key" do
-      OpenSSL::Cipher.any_instance.should_receive(:random_key).and_return :key
-      subject.random_key.should == :key
+      expect_any_instance_of(OpenSSL::Cipher).to receive(:random_key).and_return :key
+      expect(subject.random_key).to eq(:key)
     end
   end
 end

metadata

@@ -1,111 +1,111 @@
 --- !ruby/object:Gem::Specification
 name: slosilo
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Rafał Rzepecki
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-12 00:00:00.000000000 Z
+date: 2014-10-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '2.14'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '2.14'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: ci_reporter
+  name: ci_reporter_rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '>='
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '>='
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: io-grab
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.0.1
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: This gem provides an easy way of storing and retrieving encryption keys
@@ -116,8 +116,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".kateproject"
+- .gitignore
+- .kateproject
 - Gemfile
 - LICENSE
 - README.md
@@ -156,12 +156,12 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
@@ -179,3 +179,4 @@ test_files:
 - spec/slosilo_spec.rb
 - spec/spec_helper.rb
 - spec/symmetric_spec.rb
+has_rdoc: