RubyGems - strongbox - Versions diffs - 0.7.0 → 0.7.1 - Mend

strongbox 0.7.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MGZhNGI2ODYzOWFjYTk3MTYyNDdjNjIzMDJmMzc4NDc2ZGMyMGEzOQ==
+  data.tar.gz: !binary |-
+    Yzk0MDNlNWNjYzlmMjkyMDYwYjE2YjUwNjYzNWJhOGIxNzNkMWU4MQ==
+SHA512:
+  metadata.gz: !binary |-
+    OTZlY2M1NmMwZjkzMjMyYTlmY2IzODc3MzM4NzIzMmYxYjllMjMxNTczZWYz
+    ZTc2ZDc0ZjQyNTVmZDQwYzE0NmIxOWE4Y2FmOTFlY2I4OTlmOWZhN2MyMjE5
+    ZGE2YTlhYTI0NGRmZDI3NzM3YjU0NTg0YWY1OGQyNTJlNzBmMjM=
+  data.tar.gz: !binary |-
+    ODZhNGYzZmJiMWNhNmVhMDU3MzdhNDVjNDI4MDgwMzE0OGI4YzRjZjEyYjQy
+    Njc5NzkwMjliZDNhY2JjY2NkYzQ4Yzc5MjA1ODcwZTM2Y2U2NDA4YWE4M2M5
+    ZjY0YzVjZDNiNzE2NzIyYjE2YzAyYzQwNGVmMmY5Yzg3ZmM0OWE=

data/README.md CHANGED Viewed

@@ -126,6 +126,8 @@ Options to `encrypt_with_public_key` are:
 * `:ensure_required_columns` - Make sure the required database column(s) exist.  Defaults to `true`, set to `false` if you want to encrypt/decrypt data stored outside of the database.
+* `:deferred_encryption` - Defer the encryption to happen before saving the object, instead of on the assignment of the encrypted attribute. Solves issues when using [dynamic keys](http://stuff-things.net/2012/04/18/dynamic-keys-for-strongbox/). Defaults to `false`.
 For example, encrypting a small attribute, providing only the public
 key for extra security, and Base64 encoding the encrypted data:

data/lib/strongbox.rb CHANGED Viewed

@@ -5,7 +5,7 @@ require 'strongbox/lock'
 module Strongbox
-  VERSION = "0.7.0"
+  VERSION = "0.7.1"
   RSA_PKCS1_PADDING	= OpenSSL::PKey::RSA::PKCS1_PADDING
   RSA_SSLV23_PADDING	= OpenSSL::PKey::RSA::SSLV23_PADDING
@@ -20,7 +20,8 @@ module Strongbox
         :symmetric => :always,
         :padding => RSA_PKCS1_PADDING,
         :symmetric_cipher => 'aes-256-cbc',
-        :ensure_required_columns => true
+        :ensure_required_columns => true,
+        :deferred_encryption => false
       }
     end
@@ -50,20 +51,20 @@ module Strongbox
     # Argument 0..-2 contains columns to be encrypted
     def encrypt_with_public_key(*args)
       include InstanceMethods
       options = args.delete_at(-1) || {}
       unless options.is_a?(Hash)
         args.push(options)
         options = {}
       end
       if args.one?
         name = args.first
       else
         return args.each { |name| encrypt_with_public_key(name, options) }
       end
       if respond_to?(:class_attribute)
         self.lock_options = {} if lock_options.nil?
       else
@@ -77,9 +78,14 @@ module Strongbox
       end
       define_method "#{name}=" do | plaintext |
-        lock_for(name).encrypt plaintext
+        lock_for(name).content plaintext
       end
+      if lock_options[name][:deferred_encryption]
+        before_save do
+          lock_for(name).encrypt!
+        end
+      end
     end
   end
@@ -94,4 +100,3 @@ end
 if Object.const_defined?("ActiveRecord")
   ActiveRecord::Base.send(:include, Strongbox)
 end

data/lib/strongbox/lock.rb CHANGED Viewed

@@ -21,6 +21,20 @@ module Strongbox
       @symmetric_key = options[:symmetric_key] || "#{name}_key"
       @symmetric_iv = options[:symmetric_iv] || "#{name}_iv"
       @ensure_required_columns = options[:ensure_required_columns]
+      @deferred_encryption = options[:deferred_encryption]
+    end
+    def content plaintext
+      if @deferred_encryption
+        @raw_content = plaintext
+      else
+        encrypt plaintext
+      end
+    end
+    def encrypt!
+      encrypt @raw_content
+      @raw_content = nil
     end
     def encrypt plaintext
@@ -61,11 +75,15 @@ module Strongbox
     # OpenSSL::PKey::RSAError if the password is wrong.
     def decrypt password = nil, ciphertext = nil
+      return @raw_content if @deferred_encryption && @raw_content
       # Given a private key and a nil password OpenSSL::PKey::RSA.new() will
       # *prompt* for a password, we default to an empty string to avoid that.
       ciphertext ||= @instance[@name]
-      return nil if ciphertext.nil?
-      return "" if ciphertext.empty?
+      unless @deferred_encryption
+        return nil if ciphertext.nil?
+        return "" if ciphertext.empty?
+      end
       return "*encrypted*" if password.nil?
       unless @private_key
@@ -97,7 +115,7 @@ module Strongbox
     end
     def to_s
-      decrypt
+      @raw_content || decrypt
     end
     def to_json(options = nil)

data/test/method_key_test.rb CHANGED Viewed

@@ -74,4 +74,72 @@ class MethodKeyTest < Test::Unit::TestCase
     should_encypted_and_decrypt
   end
+  context "With dynamic keys" do
+    setup do
+      ActiveRecord::Base.connection.create_table :dummies, :force => true do |table|
+        table.string :in_the_clear
+        table.binary :secret
+        table.binary :secret_key
+        table.binary :secret_iv
+        table.binary :segreto
+        table.string :key_pair
+      end
+      rebuild_class :public_key => :key_pair,
+                    :private_key => :key_pair,
+                    :deferred_encryption => true
+      Dummy.class_eval do
+        attr_accessor :password
+        def key_pair
+          unless self['key_pair']
+            raise if self.password.blank?
+            self['key_pair'] = generate_key_pair(self.password)
+          end
+          self['key_pair']
+        end
+      end
+      @password = 'letmein'
+    end
+    context 'When just initialized' do
+      setup do
+        @dummy = Dummy.new
+        @dummy.secret = 'Shhhh'
+        @dummy.password = @password
+      end
+      should 'return secret when not yet locked'  do
+        assert_equal 'Shhhh', @dummy.secret.decrypt
+      end
+      should 'return secret when unlocked'  do
+        assert_equal 'Shhhh', @dummy.secret.decrypt(@password)
+      end
+      context 'Then locked' do
+        setup do
+          @dummy.secret.encrypt!
+        end
+        should_encypted_and_decrypt
+      end
+    end
+    context 'After saving the model, and then loading it from the database' do
+      setup do
+        Dummy.create!(:secret => 'Shhhh', :password => @password)
+        @dummy = Dummy.first
+        p 'XXXXXXXXXXXX'
+      end
+      should_encypted_and_decrypt
+    end
+    teardown do
+      rebuild_model
+    end
+  end
 end

metadata CHANGED Viewed

@@ -1,20 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: strongbox
 version: !ruby/object:Gem::Version
-  version: 0.7.0
-  prerelease:
+  version: 0.7.1
 platform: ruby
 authors:
 - Spike Ilacqua
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-02-14 00:00:00.000000000 Z
+date: 2015-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -30,7 +27,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: thoughtbot-shoulda
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -38,7 +34,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -46,7 +41,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -54,7 +48,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -62,7 +55,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -70,7 +62,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -78,7 +69,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -86,7 +76,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -128,27 +117,26 @@ files:
 - test/validations_test.rb
 homepage: http://stuff-things.net/strongbox
 licenses: []
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.24
+rubygems_version: 2.4.5
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: Secures ActiveRecord fields with public key encryption.
 test_files:
 - test/database.yml