spikex-strongbox 0.1.1

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2009 Joseph A. Ilacqua, Jr
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.

data/README.textile

@@ -0,0 +1,177 @@
+h1. Strongbox
+
+Strongbox provides Public Key Encryption for ActiveRecord. By using a public key
+sensitive information can be encrypted and stored automatically. Once stored a
+password is required to access the information.
+
+Because the largest amount of data that can practically be encrypted with a public
+key is 245 byte, by default Strongbox uses a two layer approach. First it encrypts
+the attribute using symmetric encryption with a randomly generated key and
+initialization vector (IV) (which can just be through to as a second key), then it
+encrypts those with the public key.
+
+Strongbox stores the encrypted attribute in a database column by the same name, i.e.
+if you tell Strongbox to encrypt "secret" then it will be store in "secret" in the
+database, just as the unencrypted attribute would be. If symmetric encryption is used
+(the default) two additional columns "secret_key" and "secret_iv" are needed as well.
+
+The attribute is automatically encrypted simply by setting it:
+
+user.secret = "Shhhhhhh..."
+
+and decrypted by calling the "decrypt" method with the private key password.
+
+plain_text = user.secret.decrypt 'letmein'
+
+h2. Quick Start
+
+In your model:
+
+  class User < ActiveRecord::Base
+    encrypt_with_public_key :secret,
+      :key_pair => File.join(RAILS_ROOT,'config','keypair.pem'),
+  end
+  
+In your migrations:
+  class AddSecretColumnsToUser < ActiveRecord::Migration
+    def self.up
+      add_column :users, :secret, binary
+      add_column :users, :secret_key, binary
+      add_column :users, :secret_iv, binary
+    end
+    
+    def self.down
+      remove_column :users, :secret
+      remove_column :users, :secret_key
+      remove_column :users, :secret_iv
+  end
+  
+Generate a key pair:
+
+  (Choose a strong password.)
+  openssl genrsa -des3 -out config/private.pem 2048
+  openssl rsa -in config/private.pem -out config/public.pem -outform PEM -pubout
+  cat config/private.pem  config/public.pem >> config/keypair.pem
+
+In your views and forms you don't need to do anything special to encrypt data. To
+decrypt call:
+
+  user.secret.decrypt 'password'
+
+h2. Gem installation (Rails 2.1+)
+
+In config/environment.rb:
+
+    config.gem "spikex-strongbox", 
+      :lib     => 'strongbox', 
+      :source  => 'http://gems.github.com', 
+
+h2. Usage
+
+_encrypt_with_public_key_ sets up the attribute it's called on for automatic
+encryption.  It's simplest form is:
+
+class User < ActiveRecord::Base
+  encrypt_with_public_key :secret,
+    :key_pair => File.join(RAILS_ROOT,'config','keypair.pem')
+  end
+end
+
+Which will encrypt the attribute "secret". The attribute will be encrypted using
+symmetric encryption with an automatically generated key and IV encrypted using the
+public key. This requires three columns in the database "secret", "secret_key", and
+"secret_iv" (see below).
+
+Options to encrypt_with_public_key are:
+
+:public_key - Path to the public key file.  Overrides :keypair.
+
+:private_key - Path to the private key file.  Overrides :keypair.
+
+:keypair - Path to a file containing both the public and private keys.
+
+:symmetric :always/:never - Encrypt the date using symmetric encryption. The public
+key is used to encrypt an automatically generated key and IV. This allows for large
+amounts of data to be encrypted. The size of data that can be encrypted directly with
+the public is limit to key size (in bytes) - 11. So a 2048 key can encrypt *245
+bytes*. Defaults to *:always*
+
+:symmetric_cipher - Cipher to use for symmetric encryption.  Defaults to *'aes-256-cbc'*.  Other ciphers support by OpenSSL may be used.
+
+:base64 true/false - Use Base64 encoding to convert encrypted data to text. Use when
+binary save data storage is not available.  Defaults to *false*
+
+:padding - Method used to pad data encrypted with the public key. Defaults to
+RSA_PKCS1_PADDING. The default should be find unless you are dealing with legacy
+data.
+
+For example, encrypting a small attribute, providing only the public key for extra
+security, and Base64 encoding the encrypted data:
+
+class User < ActiveRecord::Base
+  validates_length_of :pin_code, 
+  encrypt_with_public_key :pin_code, :is => 4
+    :symmetric => :never
+    :base64 => true
+    :public_key => File.join(RAILS_ROOT,'config','public.pem'),
+  end
+end
+
+h2. Key Generation
+
+Generate a key pair:
+
+openssl genrsa -des3 -out config/private.pem 2048
+Generating RSA private key, 2048 bit long modulus
+......+++
+.+++
+e is 65537 (0x10001)
+Enter pass phrase for config/private.pem:
+Verifying - Enter pass phrase for config/private.pem:
+
+and extract the the public key:
+
+openssl rsa -in config/private.pem -out config/public.pem -outform PEM -pubout
+Enter pass phrase for config/private.pem:
+writing RSA key
+
+If you are going to leave the private key installed it's easiest to create a single
+key pair file:
+
+cat config/private.pem  config/public.pem >> config/keypair.pem
+
+Or, for added security, store the private key file else where, leaving only the public key.
+
+h2. Table Creation
+
+In it's default configuration Strongbox requires three columns, one the encrypted
+data, one for the encrypted symmetric key, and one for the encrypted symmetric IV. If
+symmetric encryption is disabled then only the columns for the data being encrypted
+is needed.
+
+If your underlying database allows, use the *binary* column type. If you must store
+your data in text format be sure to enable Base64 encoding and to use the *text*
+column type. The _string_ column type is likely to be too small to hold the encrypted
+string.
+
+h2. Security Caveats
+
+If you don't encrypt your data, then an attacker only needs to steal that data to get
+your secrets.
+
+If encrypt your data using symmetric encrypts and a stored key, then the attacker
+needs the data and the key stored on the server.
+
+If you use public key encryption, the attacker needs the data, the private key, and
+the password. This means the attacker has to sniff the password somehow, so that's
+what you need to protect against.
+
+h2. Authors
+
+Spike Ilacqua
+
+h2. Thanks
+
+Strongbox's implementation drew inspiration from Thoughtbot's Paperclip gem
+http://www.thoughtbot.com/projects/paperclip
+

data/Rakefile

@@ -0,0 +1,43 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+$LOAD_PATH << File.join(File.dirname(__FILE__), 'lib')
+require 'strongbox'
+
+desc 'Default: run tests.'
+task :default => :test
+
+desc 'Test the strongbox gem.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib' << 'profile'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the strongbox gem.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'doc'
+  rdoc.title = 'Strongbox'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+spec = Gem::Specification.new do |s|
+  s.name = "strongbox"
+  s.version = Strongbox::VERSION
+  s.summary = "Secures ActiveRecord fields with public key encryption."
+  s.authors = ["Spike Ilacqua"]
+  s.email = "spike@stuff-things.net"
+  s.homepage = "http://stuff-things.net/strongbox"
+  s.files = FileList["[A-Z]*", "{lib,rails,test}/**/*"]
+  s.add_development_dependency 'thoughtbot-shoulda'
+end
+
+desc "Generate a gemspec file for GitHub"
+task :gemspec do
+  File.open("#{spec.name}.gemspec", 'w') do |f|
+    f.write spec.to_yaml
+  end
+end

data/lib/strongbox.rb

@@ -0,0 +1,69 @@
+require 'openssl'
+require 'base64'
+
+require 'strongbox/lock'
+
+module Strongbox
+
+  VERSION = "0.1.1"
+
+  RSA_PKCS1_PADDING	= OpenSSL::PKey::RSA::PKCS1_PADDING
+  RSA_SSLV23_PADDING	= OpenSSL::PKey::RSA::SSLV23_PADDING
+  RSA_NO_PADDING		= OpenSSL::PKey::RSA::NO_PADDING
+  RSA_PKCS1_OAEP_PADDING	= OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
+  
+  class << self
+    # Provides for setting the default options for Strongbox
+    def options
+      @options ||= {
+        :base64 => false,
+        :symmetric => :always,
+        :padding => RSA_PKCS1_PADDING,
+        :symmetric_cipher => 'aes-256-cbc'
+      }
+    end
+    
+    def included base #:nodoc:
+      base.extend ClassMethods
+    end
+  end
+
+  class StrongboxError < StandardError #:nodoc:
+  end
+  
+  module ClassMethods
+    # +encrypt_with_public_key+ gives the class it is called on an attribute that
+    # when assigned is automatically encrypted using a public key.  This allows the
+    # unattended encryption of data, without exposing the information need to decrypt
+    # it (as would be the case when using symmetric key encryption alone).  Small
+    # amounts of data may be encrypted directly with the public key.  Larger data is
+    # encrypted using symmetric encryption. The encrypted data is stored in the
+    # database column of the same name as the attibute.  If symmetric encryption is
+    # used (the default) additional column are need to store the generated password
+    # and IV.
+    def encrypt_with_public_key(name, options = {})
+      include InstanceMethods
+      
+      options = options.symbolize_keys.reverse_merge Strongbox.options
+          
+      define_method name do
+        @_lock ||= Lock.new(name, self, options)
+      end
+      
+      define_method "#{name}=" do | plaintext |
+        @_lock ||= Lock.new(name, self, options)
+        @_lock.encrypt plaintext
+      end
+      
+    end
+  end
+  
+  module InstanceMethods
+    
+  end
+end
+
+if Object.const_defined?("ActiveRecord")
+  ActiveRecord::Base.send(:include, Strongbox)
+end
+

data/lib/strongbox/lock.rb

@@ -0,0 +1,85 @@
+module Strongbox
+  # The Lock class encrypts and decrypts the protected attribute.  It 
+  # automatically encrypts the data when set and decrypts it when the private
+  # key password is provided.
+  class Lock
+      
+    def initialize name, instance, options = {}
+      @name              = name
+      @instance          = instance
+      
+      options = Strongbox.options.merge(options)
+      
+      @base64 = options[:base64]
+      @public_key = options[:public_key] || options[:key_pair]
+      @private_key = options[:private_key] || options[:key_pair]
+      @padding = options[:padding]
+      @symmetric = options[:symmetric]
+      @symmetric_cipher = options[:symmetric_cipher]
+      @symmetric_key = options[:symmetric_key] || "#{name}_key"
+      @symmetric_iv = options[:symmetric_iv] || "#{name}_iv"
+    end
+    
+    def encrypt plaintext
+      unless @public_key
+        raise StrongboxError.new("#{@instance.class} model does not have public key_file")
+      end
+      if !plaintext.blank?
+        # Using a blank password in OpenSSL::PKey::RSA.new prevents reading
+        # the private key if the file is a key pair
+        public_key = OpenSSL::PKey::RSA.new(File.read(@public_key),"")
+        if @symmetric == :always
+          cipher = OpenSSL::Cipher::Cipher.new(@symmetric_cipher)
+          cipher.encrypt
+          cipher.key = random_key = cipher.random_key
+          cipher.iv = random_iv = cipher.random_iv
+
+          ciphertext = cipher.update(plaintext)
+          ciphertext << cipher.final
+
+          @instance.write_attribute(@symmetric_key,public_key.public_encrypt(random_key,@padding))
+          @instance.write_attribute(@symmetric_iv,public_key.public_encrypt(random_iv,@padding))
+        else
+          ciphertext = public_key.public_encrypt(plaintext,@padding)
+        end
+        ciphertext =  Base64.encode64(ciphertext) if @base64
+        @instance.write_attribute(@name,ciphertext)
+      end
+    end
+    
+    # Given the private key password decrypts the attribute.  Will raise
+    # OpenSSL::PKey::RSAError if the password is wrong.
+    
+    def decrypt password = ""
+      # Given a private key and a nil password OpenSSL::PKey::RSA.new() will
+      # *prompt* for a password, we default to an empty string to avoid that.
+      return "*encrypted*" if password.blank?
+
+      unless @private_key
+        raise StrongboxError.new("#{@instance.class} model does not have public key_file")
+      end
+      
+      ciphertext = @instance.read_attribute(@name)
+      if ciphertext
+        ciphertext = Base64.decode64(ciphertext) if @base64
+        private_key = OpenSSL::PKey::RSA.new(File.read(@private_key),password)
+        if @symmetric == :always        
+          cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+          cipher.decrypt
+          cipher.key = private_key.private_decrypt(@instance.read_attribute(@symmetric_key),@padding)
+          cipher.iv = private_key.private_decrypt(@instance.read_attribute(@symmetric_iv),@padding)
+          plaintext = cipher.update(ciphertext)
+          plaintext << cipher.final
+        else
+          plaintext = private_key.private_decrypt(ciphertext,@padding)
+        end
+      else
+        nil
+      end
+    end
+    
+    def to_s
+      decrypt
+    end
+  end
+end

data/rails/init.rb

@@ -0,0 +1 @@
+require File.join(File.dirname(__FILE__),'../init.rb')

data/test/database.yml

@@ -0,0 +1,4 @@
+test:
+  adapter: sqlite3
+  database: ":memory:"
+

data/test/fixtures/keypair.pem

@@ -0,0 +1,24 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,317921A00FB0882F
+
+f+GWBkcLJLsBUElOEKhqrtYgT1X4nixaZHD5x0VhmW2FrREz4vcqXrxwLTaRQJK/
+vHFJ/7IVmEHScwEognSfw/wX2HMIHczoQT3ugsa29Nt7t1VLGy9jvN1+1f+g90xe
+02jC7CYEKUJ3agZPox49i0/UN9OCIgdtKfecdDHYWyziob8yYTsUdDGyAXlPv0Kx
+0MPSCRDtEh4UJ2PIFyw2HowkYeNss6uIte9rxJGINI11D9vmXR0pH0XyCwHQn+2T
+ScHWg8BJ1rkBKydbKQ4vnfhGMjG+bZyrJXrJSoazXroseuhHu8QRUONm5Kl/zW1f
+GP1CjIfTCQQZECYIa2tXTFdL9y2ZOCn8xit57SwEpmJMvZC58PkQX5+/aHPcOXhl
+YrF+6FEfNpdBz9PUmv4Af2kTa88xZqm1Q3GtTOk7wsJpfeTMhU71KjA1pL9xNPrT
+DnKhtfLGvcgo8Z9BGOiLFe9uQvhhprX7isc1XdysbMigsVIWLvZp9RxRp/zAn7fy
+y56C6mc3tUwcq89RcxAn+bC75gwZO/hyVrnkhManOMfHTEiZXVybU9Ril3SZ+ry6
+8AxMid0ZWbbtCHdDc5rHfXsGeFhJZxBbg/WtMxBPGHNByqs8sWUM9Z8YoK8WMYxV
+GvC9RB4m0jgA4S3MEOMmKOXDuJxa7IgTgApVmLPl+sDOHGK3xAItYJJawJqOZQ1f
+r+x/8g19CuehuflCxDo+D4/RJMqkOEq+0FGUqI8lHv6vR6+YpkGdrQQXUohBy67f
+3Qym1ztZ8ygsttgJwnhwAfMh8FdIrVJc7NZ8pDiBZbg=
+-----END RSA PRIVATE KEY-----
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9F1ipsLL+V68bGSJFqFLQKgXq
+Glyyplx0s9KxgLbmbDICXpV7DceKaIBUkPZDx2DrlvjZmG+rG5ehdWNI7q/hupao
+NF0WzEiOp+30gISeyl81Z/NAmhcwcOnZpbS9nl4JLaWrN7iGC1geNBNDo+lVbsm1
+O2+Tlt8rjHsNjzgIzQIDAQAB
+-----END PUBLIC KEY-----

data/test/strongbox_test.rb

@@ -0,0 +1,111 @@
+require 'test/test_helper'
+
+class StrongboxTest < Test::Unit::TestCase
+  context "A Class with a secured field" do
+    setup do
+      rebuild_model :key_pair => File.join(FIXTURES_DIR,'keypair.pem') 
+    end
+
+    should "not error when trying to also create a secure field" do
+      assert_nothing_raised do
+        Dummy.class_eval do
+          encrypt_with_public_key :secret,
+                                  :key_pair => File.join(FIXTURES_DIR,'keypair.pem')
+        end
+      end
+    end
+     
+     context "that is valid" do
+       setup do
+         @dummy = Dummy.new
+         @dummy.secret = 'Shhhh'
+         @dummy.in_the_clear = 'Hey you guys!'
+       end
+       
+       should "not change unencrypted fields" do
+         assert_equal 'Hey you guys!', @dummy.in_the_clear
+       end
+       
+       should "return '*encrypted*' when locked"  do
+         assert_equal "*encrypted*", @dummy.secret.decrypt
+       end
+       
+       should "return secret when unlocked"  do
+         assert_equal "Shhhh", @dummy.secret.decrypt('boost facile')
+       end
+       
+       should "generate and store symmetric encryption key and IV" do
+         assert_not_nil @dummy.attributes['secret_key']
+         assert_not_nil @dummy.attributes['secret_iv']
+       end
+       
+       should "raise on bad password" do
+         assert_raises(OpenSSL::PKey::RSAError) do
+           @dummy.secret.decrypt('letmein')
+         end
+       end
+
+       context "with symmetric encryption disabled" do
+         setup do
+           rebuild_class(:key_pair => File.join(FIXTURES_DIR,'keypair.pem'),
+                         :symmetric => :never)
+           @dummy = Dummy.new
+           @dummy.secret = 'Shhhh'
+         end
+         
+         should "return '*encrypted*' when locked"  do
+           assert_equal "*encrypted*", @dummy.secret.decrypt
+         end
+         
+         should "return secret when unlocked"  do
+           assert_equal "Shhhh", @dummy.secret.decrypt('boost facile')
+         end
+         
+         should "not generate and store symmetric encryption key and IV" do
+           assert_nil @dummy.attributes['secret_key']
+           assert_nil @dummy.attributes['secret_iv']
+         end
+
+       end
+       
+       context "with Base64 encoding enabled" do
+         setup do
+           rebuild_class(:key_pair => File.join(FIXTURES_DIR,'keypair.pem'),
+                         :base64 => true)
+           @dummy = Dummy.new
+           @dummy.secret = 'Shhhh'
+         end
+       
+         should 'Base64 encode the ciphertext' do
+           # Base64 encoded text is limited to the charaters A–Z, a–z, and 0–9,
+           # and is padded with 0 to 2 equal-signs
+           assert @dummy.attributes['secret'] =~ /^[0-9A-Za-z+\/]+={0,2}$/
+         end
+       end
+     end
+  end
+   
+  context "when a key_pair is not provided" do
+    setup do
+      rebuild_class
+      @dummy = Dummy.new
+    end
+
+    should "raise on encrypt" do
+      assert_raises(Strongbox::StrongboxError) do
+        @dummy.secret = 'Shhhh'
+      end
+    end
+    
+    should "raise on decrypt with a password" do
+      assert_raises(Strongbox::StrongboxError) do
+        @dummy.secret.decrypt('boost facile')
+      end
+    end
+    
+    should "return '*encrypted*' when still locked" do
+      assert_equal "*encrypted*", @dummy.secret.decrypt
+    end
+  end
+end
+

data/test/test_helper.rb

@@ -0,0 +1,50 @@
+ROOT       = File.join(File.dirname(__FILE__), '..')
+RAILS_ROOT = ROOT
+$LOAD_PATH << File.join(ROOT, 'lib')
+
+require 'rubygems'
+require 'test/unit'
+require 'activerecord'
+gem 'thoughtbot-shoulda', ">= 2.9.0"
+require 'shoulda'
+begin require 'redgreen'; rescue LoadError; end
+
+require 'strongbox'
+
+ENV['RAILS_ENV'] ||= 'test'
+
+FIXTURES_DIR = File.join(File.dirname(__FILE__), "fixtures") 
+config = YAML::load(IO.read(File.dirname(__FILE__) + '/database.yml'))
+ActiveRecord::Base.logger = Logger.new(File.dirname(__FILE__) + "/debug.log")
+ActiveRecord::Base.establish_connection(config['test'])
+
+
+# rebuild_model and rebuild_class are borrowed directly from the Paperclip gem
+#
+# http://thoughtbot.com/projects/paperclip
+
+# rebuild_model (re)creates a database table for our Dummy model.
+# Call this to initial create a model, or to reset the database.
+
+def rebuild_model options = {}
+  ActiveRecord::Base.connection.create_table :dummies, :force => true do |table|
+    table.string :in_the_clear
+    table.binary :secret
+    table.binary :secret_key
+    table.binary :secret_iv
+  end
+  rebuild_class options
+end
+
+# rebuild_class creates or replaces the Dummy ActiveRecord Model.
+# Call this when changing the options to encrypt_with_public_key
+
+def rebuild_class options = {}
+  ActiveRecord::Base.send(:include, Strongbox)
+  Object.send(:remove_const, "Dummy") rescue nil
+  Object.const_set("Dummy", Class.new(ActiveRecord::Base))
+  Dummy.class_eval do
+    include Strongbox
+    encrypt_with_public_key :secret, options
+  end
+end

metadata

@@ -0,0 +1,73 @@
+--- !ruby/object:Gem::Specification 
+name: spikex-strongbox
+version: !ruby/object:Gem::Version 
+  version: 0.1.1
+platform: ruby
+authors: 
+- Spike Ilacqua
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-04-15 23:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: thoughtbot-shoulda
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: 
+email: spike@stuff-things.net
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- LICENSE
+- Rakefile
+- README.textile
+- lib/strongbox
+- lib/strongbox/lock.rb
+- lib/strongbox.rb
+- rails/init.rb
+- test/database.yml
+- test/fixtures
+- test/fixtures/keypair.pem
+- test/strongbox_test.rb
+- test/test_helper.rb
+has_rdoc: false
+homepage: http://stuff-things.net/strongbox
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: Secures ActiveRecord fields with public key encryption.
+test_files: []
+