strongbox 0.2.2 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
data/README.textile CHANGED
@@ -74,7 +74,6 @@ encryption. It's simplest form is:
74
74
  bc. class User < ActiveRecord::Base
75
75
  encrypt_with_public_key :secret,
76
76
  :key_pair => File.join(RAILS_ROOT,'config','keypair.pem')
77
- end
78
77
  end
79
78
 
80
79
  Which will encrypt the attribute "secret". The attribute will be encrypted using
@@ -113,7 +112,6 @@ bc. class User < ActiveRecord::Base
113
112
  :symmetric => :never,
114
113
  :base64 => true,
115
114
  :public_key => File.join(RAILS_ROOT,'config','public.pem')
116
- end
117
115
  end
118
116
 
119
117
  h2. Key Generation
@@ -150,8 +148,8 @@ is needed.
150
148
 
151
149
  If your underlying database allows, use the *binary* column type. If you must store
152
150
  your data in text format be sure to enable Base64 encoding and to use the *text*
153
- column type. The _string_ column type is likely to be too small to hold the encrypted
154
- string.
151
+ column type. If you use a _string_ column and encrypt anything greater than 186 bytes (245 bytes if you don't enable Base64 encoding) *your data will be lost*.
152
+
155
153
 
156
154
  h2. Security Caveats
157
155
 
@@ -30,7 +30,7 @@ module Strongbox
30
30
  @size = plaintext.size # For validations
31
31
  # Using a blank password in OpenSSL::PKey::RSA.new prevents reading
32
32
  # the private key if the file is a key pair
33
- public_key = OpenSSL::PKey::RSA.new(File.read(@public_key),"")
33
+ public_key = get_rsa_key(@public_key,"")
34
34
  if @symmetric == :always
35
35
  cipher = OpenSSL::Cipher::Cipher.new(@symmetric_cipher)
36
36
  cipher.encrypt
@@ -58,22 +58,21 @@ module Strongbox
58
58
  # Given the private key password decrypts the attribute. Will raise
59
59
  # OpenSSL::PKey::RSAError if the password is wrong.
60
60
 
61
- def decrypt password = ""
61
+ def decrypt password = nil
62
62
  # Given a private key and a nil password OpenSSL::PKey::RSA.new() will
63
63
  # *prompt* for a password, we default to an empty string to avoid that.
64
64
  ciphertext = @instance[@name]
65
65
  return nil if ciphertext.nil?
66
66
  return "" if ciphertext.empty?
67
67
 
68
- return "*encrypted*" if password.blank?
69
-
68
+ return "*encrypted*" if password.nil?
70
69
  unless @private_key
71
70
  raise StrongboxError.new("#{@instance.class} model does not have private key_file")
72
71
  end
73
72
 
74
73
  if ciphertext
75
74
  ciphertext = Base64.decode64(ciphertext) if @base64
76
- private_key = OpenSSL::PKey::RSA.new(File.read(@private_key),password)
75
+ private_key = get_rsa_key(@private_key,password)
77
76
  if @symmetric == :always
78
77
  random_key = @instance[@symmetric_key]
79
78
  random_iv = @instance[@symmetric_iv]
@@ -111,5 +110,14 @@ module Strongbox
111
110
  def size
112
111
  @size
113
112
  end
113
+
114
+ private
115
+ def get_rsa_key(key,password = '')
116
+ return key if key.is_a?(OpenSSL::PKey::RSA)
117
+ if key !~ /^-----BEGIN RSA/
118
+ key = File.read(key)
119
+ end
120
+ return OpenSSL::PKey::RSA.new(key,password)
121
+ end
114
122
  end
115
123
  end
data/lib/strongbox.rb CHANGED
@@ -5,7 +5,7 @@ require 'strongbox/lock'
5
5
 
6
6
  module Strongbox
7
7
 
8
- VERSION = "0.2.2"
8
+ VERSION = "0.3.0"
9
9
 
10
10
  RSA_PKCS1_PADDING = OpenSSL::PKey::RSA::PKCS1_PADDING
11
11
  RSA_SSLV23_PADDING = OpenSSL::PKey::RSA::SSLV23_PADDING
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: strongbox
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Spike Ilacqua
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-12-08 00:00:00 -07:00
12
+ date: 2009-12-14 00:00:00 -07:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency