symmetric-encryption 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +16 -76
- data/examples/symmetric-encryption.yml +6 -6
- data/lib/symmetric/encryption.rb +2 -2
- data/lib/symmetric/version.rb +1 -1
- data/symmetric-encryption-0.3.0.gem +0 -0
- metadata +3 -2
data/README.md
CHANGED
@@ -137,9 +137,8 @@ Create a configuration file in config/symmetric-encryption.yml per the following
|
|
137
137
|
# can be placed directly in the source code.
|
138
138
|
# And therefore no RSA private key is required
|
139
139
|
development: &development_defaults
|
140
|
-
|
141
|
-
|
142
|
-
encoding: base64
|
140
|
+
key: 1234567890ABCDEF1234567890ABCDEF
|
141
|
+
iv: 1234567890ABCDEF
|
143
142
|
cipher: aes-128-cbc
|
144
143
|
|
145
144
|
test:
|
@@ -182,40 +181,12 @@ Create a configuration file in config/symmetric-encryption.yml per the following
|
|
182
181
|
-----END RSA PRIVATE KEY-----
|
183
182
|
|
184
183
|
# List Symmetric Key files in the order of current / latest first
|
185
|
-
|
184
|
+
ciphers:
|
186
185
|
-
|
187
186
|
# Filename containing Symmetric Encryption Key encrypted using the
|
188
187
|
# RSA public key derived from the private key above
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
# By adding a version indicator all encrypted data will include
|
193
|
-
# an additional first Byte that includes this version number to
|
194
|
-
# assist with speeding up decryption when adding new encryption keys
|
195
|
-
# and to support old data decryption using older keys
|
196
|
-
#
|
197
|
-
# By not specifying a version, or setting it to 0 will disable version
|
198
|
-
# identification prior to decrypting data
|
199
|
-
# During decryption these Keys will be tried in the order listed in the
|
200
|
-
# configuration file starting with the first in the list
|
201
|
-
# Slower since a decryption attempt is made for every key until the
|
202
|
-
# correct key is located. However, all encrypted data does not require
|
203
|
-
# the 1 Byte version header prefix
|
204
|
-
#
|
205
|
-
# Default: 0
|
206
|
-
version: 0
|
207
|
-
|
208
|
-
# Set the way the encrypted data is encoded:
|
209
|
-
# base64
|
210
|
-
# Encrypted data is returned in base64 encoding format
|
211
|
-
# Symmetric::Encryption.decrypt will also base64 decode any data prior
|
212
|
-
# to decrypting it
|
213
|
-
# binary
|
214
|
-
# Encrypted data is returned as raw binary
|
215
|
-
# Although smaller than base64 it cannot be stored in MySQL text columns
|
216
|
-
# It can only be held in binary columns such as BINARY or BLOB
|
217
|
-
# Default: base64
|
218
|
-
encoding: base64
|
188
|
+
key_filename: /etc/rails/.rails.key
|
189
|
+
iv_filename: /etc/rails/.rails.iv
|
219
190
|
|
220
191
|
# Encryption cipher
|
221
192
|
# Recommended values:
|
@@ -240,9 +211,9 @@ initialization vector.
|
|
240
211
|
|
241
212
|
To generate the keys run the following Rake task in each environment:
|
242
213
|
|
243
|
-
RAILS_ENV=
|
214
|
+
RAILS_ENV=production rake symmetric_encryption:generate_symmetric_keys
|
244
215
|
|
245
|
-
Replace '
|
216
|
+
Replace 'production' as necessary for each environment.
|
246
217
|
|
247
218
|
Make sure that the current user has read and write access to the folder listed
|
248
219
|
in the configuration option symmetric_key_filename above.
|
@@ -284,7 +255,7 @@ Parameters:
|
|
284
255
|
|
285
256
|
## Supporting Multiple Encryption Keys
|
286
257
|
|
287
|
-
According to the PCI
|
258
|
+
According to the PCI Compliance documentation: "Cryptographic keys must be changed on an annual basis."
|
288
259
|
|
289
260
|
During the transition period of moving from one encryption key to another
|
290
261
|
symmetric-encryption supports multiple Symmetric Encryption keys. If decryption
|
@@ -308,9 +279,8 @@ Create a configuration file in config/symmetric-encryption.yml per the following
|
|
308
279
|
# can be placed directly in the source code.
|
309
280
|
# And therefore no RSA private key is required
|
310
281
|
development: &development_defaults
|
311
|
-
|
312
|
-
|
313
|
-
encoding: base64
|
282
|
+
key: 1234567890ABCDEF1234567890ABCDEF
|
283
|
+
iv: 1234567890ABCDEF
|
314
284
|
cipher: aes-128-cbc
|
315
285
|
|
316
286
|
test:
|
@@ -353,40 +323,12 @@ Create a configuration file in config/symmetric-encryption.yml per the following
|
|
353
323
|
-----END RSA PRIVATE KEY-----
|
354
324
|
|
355
325
|
# List Symmetric Key files in the order of current / latest first
|
356
|
-
|
326
|
+
ciphers:
|
357
327
|
-
|
358
328
|
# Filename containing Symmetric Encryption Key encrypted using the
|
359
329
|
# RSA public key derived from the private key above
|
360
|
-
|
361
|
-
|
362
|
-
|
363
|
-
# By adding a version indicator all encrypted data will include
|
364
|
-
# an additional first Byte that includes this version number to
|
365
|
-
# assist with speeding up decryption when adding new encryption keys
|
366
|
-
# and to support old data decryption using older keys
|
367
|
-
#
|
368
|
-
# By not specifying a version, or setting it to 0 will disable version
|
369
|
-
# identification prior to decrypting data
|
370
|
-
# During decryption these Keys will be tried in the order listed in the
|
371
|
-
# configuration file starting with the first in the list
|
372
|
-
# Slower since a decryption attempt is made for every key until the
|
373
|
-
# correct key is located. However, all encrypted data does not require
|
374
|
-
# the 1 Byte version header prefix
|
375
|
-
#
|
376
|
-
# Default: 0
|
377
|
-
version: 0
|
378
|
-
|
379
|
-
# Set the way the encrypted data is encoded:
|
380
|
-
# base64
|
381
|
-
# Encrypted data is returned in base64 encoding format
|
382
|
-
# Symmetric::Encryption.decrypt will also base64 decode any data prior
|
383
|
-
# to decrypting it
|
384
|
-
# binary
|
385
|
-
# Encrypted data is returned as raw binary
|
386
|
-
# Although smaller than base64 it cannot be stored in MySQL text columns
|
387
|
-
# It can only be held in binary columns such as BINARY or BLOB
|
388
|
-
# Default: base64
|
389
|
-
encoding: base64
|
330
|
+
key_filename: /etc/rails/.rails.key
|
331
|
+
iv_filename: /etc/rails/.rails.iv
|
390
332
|
|
391
333
|
# Encryption cipher
|
392
334
|
# Recommended values:
|
@@ -399,7 +341,7 @@ Create a configuration file in config/symmetric-encryption.yml per the following
|
|
399
341
|
# Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
|
400
342
|
# JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
|
401
343
|
cipher: aes-256-cbc
|
402
|
-
|
344
|
+
|
403
345
|
-
|
404
346
|
# OPTIONAL:
|
405
347
|
#
|
@@ -407,10 +349,8 @@ Create a configuration file in config/symmetric-encryption.yml per the following
|
|
407
349
|
#
|
408
350
|
# Only used when old data still exists that requires old decryption keys
|
409
351
|
# to be used
|
410
|
-
|
411
|
-
|
412
|
-
version: 0
|
413
|
-
encoding: base64
|
352
|
+
key_filename: /etc/rails/.rails_old.key
|
353
|
+
iv_filename: /etc/rails/.rails_old.iv
|
414
354
|
cipher: aes-256-cbc
|
415
355
|
|
416
356
|
## Possible Future Enhancements
|
@@ -6,8 +6,8 @@
|
|
6
6
|
# can be placed directly in the source code.
|
7
7
|
# And therefore no RSA private key is required
|
8
8
|
development: &development_defaults
|
9
|
-
|
10
|
-
|
9
|
+
key: 1234567890ABCDEF1234567890ABCDEF
|
10
|
+
iv: 1234567890ABCDEF
|
11
11
|
cipher: aes-128-cbc
|
12
12
|
|
13
13
|
test:
|
@@ -53,8 +53,8 @@ production:
|
|
53
53
|
ciphers:
|
54
54
|
# Filename containing Symmetric Encryption Key encrypted using the
|
55
55
|
# RSA public key derived from the private key above
|
56
|
-
-
|
57
|
-
|
56
|
+
- key_filename: /etc/rails/.rails.key
|
57
|
+
iv_filename: /etc/rails/.rails.iv
|
58
58
|
|
59
59
|
# Encryption cipher
|
60
60
|
# Recommended values:
|
@@ -106,6 +106,6 @@ production:
|
|
106
106
|
#
|
107
107
|
# Only used when old data still exists that requires old decryption keys
|
108
108
|
# to be used
|
109
|
-
-
|
110
|
-
|
109
|
+
- key_filename: /etc/rails/.rails_old.key
|
110
|
+
iv_filename: /etc/rails/.rails_old.iv
|
111
111
|
cipher: aes-256-cbc
|
data/lib/symmetric/encryption.rb
CHANGED
@@ -216,9 +216,9 @@ module Symmetric
|
|
216
216
|
|
217
217
|
else
|
218
218
|
# Migrate old format config
|
219
|
-
raise "Missing mandatory config parameter 'private_rsa_key'" unless cfg[
|
219
|
+
raise "Missing mandatory config parameter 'private_rsa_key'" unless cfg[:private_rsa_key] = config['private_rsa_key']
|
220
220
|
cfg[:ciphers] = [ {
|
221
|
-
:cipher =>
|
221
|
+
:cipher => default_cipher,
|
222
222
|
:key_filename => config['symmetric_key_filename'],
|
223
223
|
:iv_filename => config['symmetric_iv_filename'],
|
224
224
|
} ]
|
data/lib/symmetric/version.rb
CHANGED
Binary file
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 3
|
8
|
-
-
|
9
|
-
version: 0.3.
|
8
|
+
- 1
|
9
|
+
version: 0.3.1
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Reid Morrison
|
@@ -46,6 +46,7 @@ files:
|
|
46
46
|
- nbproject/project.xml
|
47
47
|
- Rakefile
|
48
48
|
- README.md
|
49
|
+
- symmetric-encryption-0.3.0.gem
|
49
50
|
- test/attr_encrypted_test.rb
|
50
51
|
- test/cipher_test.rb
|
51
52
|
- test/config/database.yml
|