strongbox 0.5.0 → 0.6.0

Sign up to get free protection for your applications and to get access to all the features.
data/README.textile CHANGED
@@ -69,11 +69,11 @@ Which will encrypt the attribute "secret". The attribute will be encrypted using
69
69
 
70
70
  Options to encrypt_with_public_key are:
71
71
 
72
- :public_key - Path to the public key file. Overrides :keypair.
72
+ :public_key - Public key. Overrides :key_pair. See Key Formats below.
73
73
 
74
- :private_key - Path to the private key file. Overrides :keypair.
74
+ :private_key - Private key. Overrides :key_pair.
75
75
 
76
- :keypair - Path to a file containing both the public and private keys.
76
+ :key_pair - Key pair, containing both the public and private keys.
77
77
 
78
78
  :symmetric :always/:never - Encrypt the date using symmetric encryption. The public key is used to encrypt an automatically generated key and IV. This allows for large amounts of data to be encrypted. The size of data that can be encrypted directly with the public is limit to key size (in bytes) - 11. So a 2048 key can encrypt *245 bytes*. Defaults to *:always*.
79
79
 
@@ -95,8 +95,35 @@ bc. class User < ActiveRecord::Base
95
95
  :public_key => File.join(RAILS_ROOT,'config','public.pem')
96
96
  end
97
97
 
98
+ Strongbox can encrypt muliple attributes. _encrypt_with_public_key_ accepts a list of attributes, assuming they will use the same options:
99
+
100
+ bc. class User < ActiveRecord::Base
101
+ encrypt_with_public_key :secret, :double_secret,
102
+ :key_pair => File.join(RAILS_ROOT,'config','keypair.pem')
103
+ end
104
+
105
+ If you need different options, call _encrypt_with_public_key_ for each attribute:
106
+
107
+ bc. class User < ActiveRecord::Base
108
+ encrypt_with_public_key :secret,
109
+ :key_pair => File.join(RAILS_ROOT,'config','keypair.pem')
110
+ encrypt_with_public_key :double_secret,
111
+ :key_pair => File.join(RAILS_ROOT,'config','another_key.pem')
112
+ end
113
+
114
+ h2 Key Formats
115
+
116
+ _:public_key_, _:private_key_, and _:key_pair_ can be in one of the following formats:
117
+
118
+ * A string containing path to a file. This is the default interpretation of a string.
119
+ * A string contanting a key in PEM format, needs to match this the regex /^-+BEGIN .* KEY-+$/
120
+ * A symbol naming a method to call. Can return any of the other valid key formats.
121
+ * A instance of OpenSSL::PKey::RSA. Must be unlocked to be used as the private key.
122
+
98
123
  h2. Key Generation
99
124
 
125
+ h3. In the shell
126
+
100
127
  Generate a key pair:
101
128
 
102
129
  bc. openssl genrsa -des3 -out config/private.pem 2048
@@ -119,6 +146,17 @@ bc. cat config/private.pem config/public.pem >> config/keypair.pem
119
146
 
120
147
  Or, for added security, store the private key file else where, leaving only the public key.
121
148
 
149
+ h3. In code
150
+
151
+ bc. require 'openssl'
152
+ rsa_key = OpenSSL::PKey::RSA.new(2048)
153
+ cipher = OpenSSL::Cipher::Cipher.new('des3')
154
+ private_key = rsa_key.to_pem(cipher,'password')
155
+ public_key = rsa_key.public_key.to_pem
156
+ key_pair = private_key + public_key
157
+
158
+ _private_key_, _public_key_, and _key_pair_ are strings, store as you see fit.
159
+
122
160
  h2. Table Creation
123
161
 
124
162
  In it's default configuration Strongbox requires three columns, one the encrypted data, one for the encrypted symmetric key, and one for the encrypted symmetric IV. If symmetric encryption is disabled then only the columns for the data being encrypted is needed.
data/lib/strongbox.rb CHANGED
@@ -5,7 +5,7 @@ require 'strongbox/lock'
5
5
 
6
6
  module Strongbox
7
7
 
8
- VERSION = "0.5.0"
8
+ VERSION = "0.6.0"
9
9
 
10
10
  RSA_PKCS1_PADDING = OpenSSL::PKey::RSA::PKCS1_PADDING
11
11
  RSA_SSLV23_PADDING = OpenSSL::PKey::RSA::SSLV23_PADDING
@@ -133,7 +133,16 @@ module Strongbox
133
133
 
134
134
  private
135
135
  def get_rsa_key(key,password = '')
136
+ if key.is_a?(Proc)
137
+ key = key.call
138
+ end
139
+
140
+ if key.is_a?(Symbol)
141
+ key = @instance.send(key)
142
+ end
143
+
136
144
  return key if key.is_a?(OpenSSL::PKey::RSA)
145
+
137
146
  if key !~ /^-+BEGIN .* KEY-+$/
138
147
  key = File.read(key)
139
148
  end
data/test/test_helper.rb CHANGED
@@ -72,3 +72,15 @@ def generate_key_pair(password = nil,size = 2048)
72
72
  key_pair << rsa_key.public_key.to_pem
73
73
  return key_pair
74
74
  end
75
+
76
+ class Test::Unit::TestCase
77
+ def self.should_encypted_and_decrypt
78
+ should 'return "*encrypted*" when locked' do
79
+ assert_equal '*encrypted*', @dummy.secret.decrypt
80
+ end
81
+
82
+ should 'return secret when unlocked' do
83
+ assert_equal 'Shhhh', @dummy.secret.decrypt(@password)
84
+ end
85
+ end
86
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: strongbox
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.6.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2011-11-16 00:00:00.000000000 Z
12
+ date: 2012-04-18 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activerecord
16
- requirement: &70333660206440 !ruby/object:Gem::Requirement
16
+ requirement: &70366421924900 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *70333660206440
24
+ version_requirements: *70366421924900
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: thoughtbot-shoulda
27
- requirement: &70333660206020 !ruby/object:Gem::Requirement
27
+ requirement: &70366421905620 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: '0'
33
33
  type: :development
34
34
  prerelease: false
35
- version_requirements: *70333660206020
35
+ version_requirements: *70366421905620
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: sqlite3
38
- requirement: &70333660205600 !ruby/object:Gem::Requirement
38
+ requirement: &70366421904420 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ! '>='
@@ -43,7 +43,7 @@ dependencies:
43
43
  version: '0'
44
44
  type: :development
45
45
  prerelease: false
46
- version_requirements: *70333660205600
46
+ version_requirements: *70366421904420
47
47
  description: ! " Strongbox provides Public Key Encryption for ActiveRecord. By
48
48
  using a\n public key sensitive information can be encrypted and stored automatically.\n
49
49
  \ Once stored a password is required to access the information. dependencies\n