strongbox 0.5.0 → 0.6.0

data/README.textile

@@ -69,11 +69,11 @@ Which will encrypt the attribute "secret". The attribute will be encrypted using
 
 Options to encrypt_with_public_key are:
 
-:public_key - Path to the public key file.  Overrides :keypair.
+:public_key -  Public key.  Overrides :key_pair. See Key Formats below.
 
-:private_key - Path to the private key file.  Overrides :keypair.
+:private_key - Private key.  Overrides :key_pair.
 
-:keypair - Path to a file containing both the public and private keys.
+:key_pair - Key pair, containing both the public and private keys.
 
 :symmetric :always/:never - Encrypt the date using symmetric encryption. The public key is used to encrypt an automatically generated key and IV. This allows for large amounts of data to be encrypted. The size of data that can be encrypted directly with the public is limit to key size (in bytes) - 11. So a 2048 key can encrypt *245 bytes*. Defaults to *:always*.
 
@@ -95,8 +95,35 @@ bc. class User < ActiveRecord::Base
     :public_key => File.join(RAILS_ROOT,'config','public.pem')
 end
 
+Strongbox can encrypt muliple attributes. _encrypt_with_public_key_ accepts a list of attributes, assuming they will use the same options:
+
+bc. class User < ActiveRecord::Base
+  encrypt_with_public_key :secret, :double_secret,
+    :key_pair => File.join(RAILS_ROOT,'config','keypair.pem')
+end
+
+If you need different options, call _encrypt_with_public_key_ for each attribute:
+
+bc. class User < ActiveRecord::Base
+  encrypt_with_public_key :secret,
+    :key_pair => File.join(RAILS_ROOT,'config','keypair.pem')
+  encrypt_with_public_key :double_secret,
+    :key_pair => File.join(RAILS_ROOT,'config','another_key.pem')
+end
+
+h2 Key Formats
+
+_:public_key_, _:private_key_, and _:key_pair_ can be in one of the following formats:
+
+* A string containing path to a file. This is the default interpretation of a string.
+* A string contanting a key in PEM format, needs to match this the regex /^-+BEGIN .* KEY-+$/
+* A symbol naming a method to call. Can return any of the other valid key formats.
+* A instance of OpenSSL::PKey::RSA. Must be unlocked to be used as the private key.
+
 h2. Key Generation
 
+h3. In the shell
+
 Generate a key pair:
 
 bc. openssl genrsa -des3 -out config/private.pem 2048
@@ -119,6 +146,17 @@ bc. cat config/private.pem  config/public.pem >> config/keypair.pem
 
 Or, for added security, store the private key file else where, leaving only the public key.
 
+h3. In code
+
+bc. require 'openssl'
+rsa_key = OpenSSL::PKey::RSA.new(2048)
+cipher =  OpenSSL::Cipher::Cipher.new('des3')
+private_key = rsa_key.to_pem(cipher,'password')
+public_key = rsa_key.public_key.to_pem
+key_pair = private_key + public_key
+
+_private_key_, _public_key_, and _key_pair_ are strings, store as you see fit.
+
 h2. Table Creation
 
 In it's default configuration Strongbox requires three columns, one the encrypted data, one for the encrypted symmetric key, and one for the encrypted symmetric IV. If symmetric encryption is disabled then only the columns for the data being encrypted is needed.

data/lib/strongbox.rb

@@ -5,7 +5,7 @@ require 'strongbox/lock'
 
 module Strongbox
 
-  VERSION = "0.5.0"
+  VERSION = "0.6.0"
 
   RSA_PKCS1_PADDING	= OpenSSL::PKey::RSA::PKCS1_PADDING
   RSA_SSLV23_PADDING	= OpenSSL::PKey::RSA::SSLV23_PADDING

data/lib/strongbox/lock.rb

@@ -133,7 +133,16 @@ module Strongbox
 
 private
     def get_rsa_key(key,password = '')
+      if key.is_a?(Proc)
+        key = key.call
+      end
+
+      if key.is_a?(Symbol)
+        key = @instance.send(key)
+      end
+
       return key if key.is_a?(OpenSSL::PKey::RSA)
+
       if key !~ /^-+BEGIN .* KEY-+$/
         key = File.read(key)
       end

data/test/test_helper.rb

@@ -72,3 +72,15 @@ def generate_key_pair(password = nil,size = 2048)
   key_pair << rsa_key.public_key.to_pem
   return key_pair
 end
+
+class Test::Unit::TestCase
+  def self.should_encypted_and_decrypt
+    should 'return "*encrypted*" when locked'  do
+      assert_equal '*encrypted*', @dummy.secret.decrypt
+    end
+
+    should 'return secret when unlocked'  do
+      assert_equal 'Shhhh', @dummy.secret.decrypt(@password)
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: strongbox
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-11-16 00:00:00.000000000 Z
+date: 2012-04-18 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
-  requirement: &70333660206440 !ruby/object:Gem::Requirement
+  requirement: &70366421924900 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70333660206440
+  version_requirements: *70366421924900
 - !ruby/object:Gem::Dependency
   name: thoughtbot-shoulda
-  requirement: &70333660206020 !ruby/object:Gem::Requirement
+  requirement: &70366421905620 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70333660206020
+  version_requirements: *70366421905620
 - !ruby/object:Gem::Dependency
   name: sqlite3
-  requirement: &70333660205600 !ruby/object:Gem::Requirement
+  requirement: &70366421904420 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,7 +43,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70333660205600
+  version_requirements: *70366421904420
 description: ! "    Strongbox provides Public Key Encryption for ActiveRecord. By
   using a\n    public key sensitive information can be encrypted and stored automatically.\n
   \   Once stored a password is required to access the information. dependencies\n