ssoper-acts_as_encryptable 1.0.4

data/Changelog

@@ -0,0 +1,12 @@
+== 3-26-2009
+
+* Changed how encrypted data is saved, now put on separate column in the same table as encrypted model
+* Added tests
+* Can configure name of encrypted column
+* Added documentation
+* Log warning if default sample keys are being used while in production mode
+
+
+== 3-25-2009
+
+* Initial build

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Sean Soper
+ 
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+ 
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+ 
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,61 @@
+= Acts As Encryptable
+
+Encrypt and decrypt your data using asymmetric keys
+
+
+== Installation
+
+Run this if the gem isn't installed already
+  gem install ssoper-acts_as_encryptable --source=http://gems.github.com
+
+Or place in your environment.rb
+  config.gem 'ssoper-acts_as_encryptable', :source => 'http://gems.github.com'
+
+
+== Configuration
+
+After installing be sure to add a column to any tables that need to be encrypted
+  class AddEncryptionFieldsToCreditCards < ActiveRecord::Migration
+    def self.up
+      add_column :credit_cards, :encrypted, :text
+    end
+
+    def self.down
+      remove_column :credit_cards, :encrypted
+    end
+  end
+
+Or you can use the migration helper to generate the migration for the model
+  ./script/generate acts_as_encryptable_migration credit_cards
+
+And in your model
+  class CreditCard < ActiveRecord::Base
+    attr_accessor :first_name, :last_name, :number
+    acts_as_encryptable :first_name, :last_name, :number
+  end
+
+
+== Usage
+
+Encrypt your data
+  card = CreditCard.new
+  card.first_name = 'Test'
+  card.last_name = 'User'
+  card.number = '1234567890'
+  card.save
+  
+Decrypt your data
+  card = CreditCard.last
+  card.decrypt!
+  => { :first_name => 'Test', :last_name => 'User', :number => '1234567890' }
+
+
+== Tests
+
+  > rake test
+
+
+== Acknowledgements
+
+* Tobias Lütke for his blog post on asymmetric encryption using Ruby's native SSL libraries
+* Paul Barry for helping simplify the functionality

data/Rakefile

@@ -0,0 +1,36 @@
+require 'rake'
+require 'rake/testtask'
+
+namespace :gem do
+ 
+  task :default => :build
+
+  desc 'Build the acts_as_encryptable gem'
+  task :build do
+    Dir['*.gem'].each do |gem_filename|
+      sh "rm -rf #{gem_filename}"
+    end
+    sh "gem build acts_as_encryptable.gemspec"
+  end
+
+  desc 'Install the acts_as_encryptable gem'
+  task :install do
+    gem_filename = Dir['*.gem'].first
+    sh "sudo gem install --local #{gem_filename}"
+  end
+
+end
+ 
+task :default => ['gem:build', 'gem:install']
+
+namespace :test do
+  Rake::TestTask.new(:unit) do |t|
+    t.libs << 'test'
+    t.pattern = 'test/unit/*_test.rb'
+    t.verbose = true  
+  end
+end
+
+task :test do
+  Rake::Task['test:unit'].invoke
+end

data/acts_as_encryptable.gemspec

@@ -0,0 +1,36 @@
+Gem::Specification.new do |s|
+  s.name = "acts_as_encryptable"
+  s.version = "1.0.4"
+  s.date = "2009-03-27"
+  s.author = "Sean Soper"
+  s.email = "sean.soper@gmail.com"
+  s.summary = "Encrypt and decrypt your data using asymmetric keys"
+  s.description = "Allow your models to encrypt an arbitrary amount of data using asymmetric keys"
+  s.homepage = "http://github.com/ssoper/acts_as_encryptable"
+  s.require_path = "lib"
+  s.files = %w{ acts_as_encryptable.gemspec
+                lib/acts_as_encryptable.rb
+                lib/acts_as_encryptable/base.rb
+                lib/acts_as_encryptable/crypto.rb
+                generators/acts_as_encryptable_migration/acts_as_encryptable_migration_generator.rb
+                sample_keys/rsa_key.pub
+                sample_keys/rsa_key
+                test/test_helper.rb
+                test/unit/base_test.rb
+                test/unit/crypto_test.rb
+                MIT-LICENSE
+                Rakefile
+                README.rdoc
+                Changelog }
+  s.has_rdoc = true
+  s.extra_rdoc_files = %w{ MIT-LICENSE
+                           README.rdoc }
+  s.rdoc_options = ["--line-numbers",
+                    "--inline-source",
+                    "--title",
+                    "acts_as_encryptable",
+                    "--main",
+                    "README.rdoc"]
+  s.rubygems_version = "1.3.1"
+  s.add_dependency "capistrano", ">= 2.5.0"
+end

data/generators/acts_as_encryptable_migration/acts_as_encryptable_migration_generator.rb

@@ -0,0 +1,25 @@
+class ActsAsEncryptableMigrationGenerator < Rails::Generator::NamedBase 
+  def manifest
+    record do |m| 
+      m.migration_template 'migration:migration.rb', 'db/migrate', {
+        :assigns => migration_local_assigns,
+        :migration_file_name => "add_encryption_field_to_#{model_name}"
+      }
+    end
+  end
+  
+  private
+  
+  def model_name
+    return ARGV.first
+  end
+  
+  def migration_local_assigns
+    returning(assigns = {}) do
+      assigns[:migration_action] = "add"
+      assigns[:class_name] = "add_encryption_field_to_#{model_name}"
+      assigns[:table_name] = model_name
+      assigns[:attributes] = [Rails::Generator::GeneratedAttribute.new("encrypted", "text")]
+    end
+  end
+end

data/lib/acts_as_encryptable.rb

@@ -0,0 +1,2 @@
+require 'acts_as_encryptable/base'
+require 'acts_as_encryptable/crypto'

data/lib/acts_as_encryptable/base.rb

@@ -0,0 +1,90 @@
+module ActsAsEncryptable
+  module Base
+    WARNING_MSG = "\n  \e[0m\e[1;36m[\e[37mActsAsEncryptable\e[36m] \e[1;31mUsing the provided sample keys in production mode is highly discouraged. Generate your own RSA keys using the provided crypto libraries.\e[0m\n\n"
+    MAX_CHUNK_SIZE = 118
+    ENCRYPTED_CHUNK_SIZE = 175
+    
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      def acts_as_encryptable(*args)
+        self.class_eval do
+          has_many :encrypted_chunks, :as => :encryptable
+          before_save :encrypt!
+
+          sample_key_public = File.join(File.dirname(__FILE__), '/../../sample_keys/rsa_key.pub')
+          sample_key_private = File.join(File.dirname(__FILE__), '/../../sample_keys/rsa_key')
+
+          options = {
+            :public_key => sample_key_public,
+            :private_key => sample_key_private,
+            :column => :encrypted
+          }
+          options.merge!(args.pop) if args.last.is_a? Hash
+
+          if (sample_key_public == options[:public_key]) and 
+             (ENV['RAILS_ENV'] && ENV['RAILS_ENV'] == 'production')
+            RAILS_DEFAULT_LOGGER.warn WARNING_MSG
+          end
+
+          write_inheritable_attribute(:encrypted_fields, args.uniq)
+          class_inheritable_reader :encrypted_fields
+
+          write_inheritable_attribute(:public_key, ActsAsEncryptable::Crypto::Key.from_file(options[:public_key]))
+          class_inheritable_reader :public_key
+
+          write_inheritable_attribute(:private_key, ActsAsEncryptable::Crypto::Key.from_file(options[:private_key]))
+          class_inheritable_reader :private_key
+
+          write_inheritable_attribute(:encrypted_column, options[:column])
+          class_inheritable_reader :encrypted_column
+
+          include ActsAsEncryptable::Base::InstanceMethods
+          extend ActsAsEncryptable::Base::SingletonMethods
+        end
+      end
+    end
+
+    module SingletonMethods
+      def chunkize(str, chunk_size)
+        (0..((str.length/chunk_size.to_f).ceil - 1)).each do |x|
+          start, stop = x * chunk_size, (x + 1) * chunk_size
+          start += 1 if start > 0
+          yield str[start..stop]
+        end
+      end
+    end
+
+    module InstanceMethods      
+      def encrypt!
+        yaml_data = self.class.encrypted_fields.inject({}) do |result, field|
+          result.merge!(field => instance_variable_get("@#{field}".to_sym))
+        end.to_yaml
+
+        chunks = ''
+        self.class.chunkize(yaml_data, MAX_CHUNK_SIZE) do |chunk|
+          chunks << self.class.public_key.encrypt(chunk)
+        end
+
+        self.send("#{self.class.encrypted_column}=", chunks)
+      end
+
+      def decrypt!
+        encrypted_data = self.send("#{self.class.encrypted_column}")
+
+        chunks = ''
+        self.class.chunkize(encrypted_data, ENCRYPTED_CHUNK_SIZE) do |chunk|
+          chunks << self.class.private_key.decrypt(chunk)
+        end
+
+        YAML::load(chunks).each do |k, v|
+          instance_variable_set("@#{k}".to_sym, v)
+        end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.send(:include, ActsAsEncryptable::Base)

data/lib/acts_as_encryptable/crypto.rb

@@ -0,0 +1,46 @@
+require 'openssl' 
+
+module ActsAsEncryptable
+
+  # Originally posted by Tobias Lütke
+  # http://blog.leetsoft.com/2006/03/14/simple-encryption
+  module Crypto
+    def self.create_keys(priv = "rsa_key", pub = "#{priv}.pub", bits = 1024)
+      private_key = OpenSSL::PKey::RSA.new(bits)
+      File.open(priv, "w+") { |fp| fp << private_key.to_s }
+      File.open(pub,  "w+") { |fp| fp << private_key.public_key.to_s }    
+      private_key
+    end
+  
+    class Key
+      def initialize(data)
+        @public = (data =~ /^-----BEGIN (RSA|DSA) PRIVATE KEY-----$/).nil?
+        @key = OpenSSL::PKey::RSA.new(data)
+      end
+  
+      def self.from_file(filename)    
+        self.new File.read( filename )
+      end
+  
+      def encrypt(text)
+        Base64.encode64(@key.send("#{key_type}_encrypt", text))
+      end
+    
+      def decrypt(text)
+        @key.send("#{key_type}_decrypt", Base64.decode64(text))
+      end
+  
+      def private?  
+        !@public  
+      end
+  
+      def public?   
+        @public   
+      end
+    
+      def key_type
+        @public ? :public : :private
+      end
+    end
+  end
+end

data/sample_keys/rsa_key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDN2qBMNriTzfnGTcPkkPWR/Ep6jAcOBGjmFj15hPzshjgk++dr
+Z74AVlE/3EsCZ1mY16T1UDz8c8izVr8AhDaixhZBrRkx4xzipjHZ98JJwQhVQQIA
+85j2jH+/sYHLetr4VbSNTfQBXcOmWltW7l8ABePXt0uEUbE2NYuPQNOu0QIDAQAB
+AoGAE4MZlp/JNxlbB5TvcIbdAA1t8de8A3QfjU+mXBJi9vhx8e9+rAuVUurboLX8
+1il9sKMgG7CTV0qSR419ZUsi8ndJW5Lg4V3jLDJ4iSnNH4L7DWs7ZyoYq4Z0Rkav
+lZJbvFo0dsl9ntWAgioemEhul7d+OYI2/Rzrn1Kulqb/EQECQQDxWB5iphmyhIiq
+rSF344TXoFKHEKL6+EQbknPh2WkhFxzkx53/oKm3IszjbMkixOrmIYbxRyhXWL7c
+WJ1fBOkpAkEA2lrI8pHo7k5qkFc9RBpjUiPqEhl9ZO+W8tS0XS45uCpxM+Z3Di9k
+tafzkPIU11oeGrvYa6m5SEkgN34O1DhFaQJAYzkXRPeFGR/kEEeduuyPcRc41s7A
+Mu5fEfbkLbZ0wmX+OxDWpIIpRGHKWrYe+2x6JqMiF5BpxX92+KB2EtqyAQJAG4U9
+tnT1arOvcqnMKv04b23fXpCf4UzhNZHhea0N0UxoICZ38u2+P7b/V9FrFwlgqfXq
+/QbTN20gBl549/5voQJAQPC7y93eEL73CY6FTNqETMrIT8dVmaAnQkvbk55Ratqv
+XwxN+/Ec8Nvu12fTO+dYrf7IW6kbZ0zZ3pCQUIYsQQ==
+-----END RSA PRIVATE KEY-----

data/sample_keys/rsa_key.pub

@@ -0,0 +1,5 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIGJAoGBAM3aoEw2uJPN+cZNw+SQ9ZH8SnqMBw4EaOYWPXmE/OyGOCT752tnvgBW
+UT/cSwJnWZjXpPVQPPxzyLNWvwCENqLGFkGtGTHjHOKmMdn3wknBCFVBAgDzmPaM
+f7+xgct62vhVtI1N9AFdw6ZaW1buXwAF49e3S4RRsTY1i49A067RAgMBAAE=
+-----END RSA PUBLIC KEY-----

data/test/test_helper.rb

@@ -0,0 +1,22 @@
+require 'rubygems'
+require 'test/unit'
+require 'activerecord'
+require 'fileutils'
+
+ENV['RAILS_ENV'] = 'test'
+require File.dirname(__FILE__) + '/../lib/acts_as_encryptable'
+
+class Test::Unit::TestCase
+
+  def establish_connection(db_file = nil)
+    db_file = File.join('/tmp/acts_as_encryptable_tests.sqlite') unless db_file      
+    ActiveRecord::Base.configurations = { 'ActiveRecord::Base' => { :adapter => 'sqlite3', :database => db_file, :timeout => 5000 } }
+    ActiveRecord::Base.establish_connection('ActiveRecord::Base')
+    ActiveRecord::Base.connection.execute('drop table if exists credit_cards')
+    ActiveRecord::Base.connection.execute('create table credit_cards (id integer, encrypted text)')
+    ActiveRecord::Base.connection.execute('drop table if exists people')
+    ActiveRecord::Base.connection.execute('create table people (id integer, important_data text)')
+    ActiveRecord::Base.connection
+  end
+
+end

data/test/unit/base_test.rb

@@ -0,0 +1,69 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class BaseTest < Test::Unit::TestCase
+  
+  class CreditCard < ActiveRecord::Base
+    attr_accessor :name_on_card, :number, :expiration
+    acts_as_encryptable :name_on_card, :number, :expiration
+  end
+
+  class Person < ActiveRecord::Base
+    attr_accessor :first_name, :last_name, :ssn
+    acts_as_encryptable :first_name, :last_name, :ssn, :column => 'important_data'
+  end
+
+  def setup
+    @connection = establish_connection
+  end
+  
+  def test_a_credit_card
+    card = CreditCard.new(valid_credit_card)
+    assert card.save
+  end
+  
+  def test_data_is_encrypted
+    test_a_credit_card
+    card = CreditCard.last
+    assert !card.name_on_card
+    assert !card.number
+    assert !card.expiration
+  end
+  
+  def test_data_is_decrypted
+    test_a_credit_card
+    card = CreditCard.last
+    card.decrypt!
+    assert card.name_on_card == valid_credit_card[:name_on_card]
+    assert card.number == valid_credit_card[:number]
+    assert card.expiration == valid_credit_card[:expiration]
+  end
+  
+  def test_set_encrypted_column_name
+    person = Person.new(valid_person)
+    assert person.save!
+    person = Person.last
+    person.decrypt!
+    assert person.first_name = valid_person[:first_name]
+    assert person.last_name = valid_person[:last_name]
+    assert person.ssn = valid_person[:ssn]
+  end
+  
+  private
+  
+  def valid_credit_card
+    {
+      :name_on_card => 'Test User',
+      :number => '1234567890123456',
+      :expiration => (Date.today + 1.year).strftime("%i/%y")
+    }
+  end
+
+  def valid_person
+    {
+      :first_name => 'Test',
+      :last_name => 'User',
+      :ssn => '111223333'
+    }
+  end
+
+end

data/test/unit/crypto_test.rb

@@ -0,0 +1,24 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class CryptoTest < Test::Unit::TestCase
+  
+  def setup
+    @text = "I am a secret"
+    @public_key = File.join(File.dirname(__FILE__), '/../../sample_keys/rsa_key.pub')
+    @private_key = File.join(File.dirname(__FILE__), '/../../sample_keys/rsa_key')
+  end
+  
+  def test_encryption
+    public_key = ActsAsEncryptable::Crypto::Key.from_file(@public_key)
+    encrypted = public_key.encrypt(@text)
+    assert encrypted != @text
+  end
+  
+  def test_decryption
+    public_key = ActsAsEncryptable::Crypto::Key.from_file(@public_key)
+    private_key = ActsAsEncryptable::Crypto::Key.from_file(@private_key)
+    encrypted = public_key.encrypt(@text)
+    assert @text == private_key.decrypt(encrypted)
+  end
+
+end

metadata

@@ -0,0 +1,81 @@
+--- !ruby/object:Gem::Specification 
+name: ssoper-acts_as_encryptable
+version: !ruby/object:Gem::Version 
+  version: 1.0.4
+platform: ruby
+authors: 
+- Sean Soper
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-03-27 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: capistrano
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 2.5.0
+    version: 
+description: Allow your models to encrypt an arbitrary amount of data using asymmetric keys
+email: sean.soper@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- MIT-LICENSE
+- README.rdoc
+files: 
+- acts_as_encryptable.gemspec
+- lib/acts_as_encryptable.rb
+- lib/acts_as_encryptable/base.rb
+- lib/acts_as_encryptable/crypto.rb
+- generators/acts_as_encryptable_migration/acts_as_encryptable_migration_generator.rb
+- sample_keys/rsa_key.pub
+- sample_keys/rsa_key
+- test/test_helper.rb
+- test/unit/base_test.rb
+- test/unit/crypto_test.rb
+- MIT-LICENSE
+- Rakefile
+- README.rdoc
+- Changelog
+has_rdoc: true
+homepage: http://github.com/ssoper/acts_as_encryptable
+post_install_message: 
+rdoc_options: 
+- --line-numbers
+- --inline-source
+- --title
+- acts_as_encryptable
+- --main
+- README.rdoc
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: Encrypt and decrypt your data using asymmetric keys
+test_files: []
+