symmetric-encryption 0.9.1 → 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ce8b40ac71f3b255ea4947fe3a41ba51145b5188
+  data.tar.gz: de4ceb7712388671b92054ed66409e78ddcf21bd
+SHA512:
+  metadata.gz: 83166719c8132a10e4108c6d8e3822b61dc02be4bcd0159a47d44a6f23ebc914b8ab5cf2b979cd7a4fffc413f6d0a1aa0b6e7f211afa2e4031173f72cf2c5ef4
+  data.tar.gz: 1c0917a0a784610aaa517b526374fed613883203bb0d9ff04f56c6182581af415f4b2b73adb81c15948e8a5e2c2ed17d83d5820f9ed47b75498c4863d79c8668

data/Gemfile

@@ -0,0 +1,17 @@
+source :rubygems
+
+group :test do
+  gem "shoulda"
+
+  gem "activerecord"
+  platforms :ruby do
+    gem 'sqlite3'
+  end
+
+  platforms :jruby do
+    gem 'jdbc-sqlite3'
+    gem 'activerecord-jdbcsqlite3-adapter'
+  end
+
+  gem "mongoid"
+end

data/Gemfile.lock

@@ -0,0 +1,50 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    activemodel (3.2.9)
+      activesupport (= 3.2.9)
+      builder (~> 3.0.0)
+    activerecord (3.2.9)
+      activemodel (= 3.2.9)
+      activesupport (= 3.2.9)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activesupport (3.2.9)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    arel (3.0.2)
+    bourne (1.1.2)
+      mocha (= 0.10.5)
+    builder (3.0.4)
+    i18n (0.6.1)
+    metaclass (0.0.1)
+    mocha (0.10.5)
+      metaclass (~> 0.0.1)
+    mongoid (3.0.6)
+      activemodel (~> 3.1)
+      moped (~> 1.1)
+      origin (~> 1.0)
+      tzinfo (~> 0.3.22)
+    moped (1.2.5)
+    multi_json (1.5.0)
+    origin (1.0.9)
+    shoulda (3.3.2)
+      shoulda-context (~> 1.0.1)
+      shoulda-matchers (~> 1.4.1)
+    shoulda-context (1.0.1)
+    shoulda-matchers (1.4.2)
+      activesupport (>= 3.0.0)
+      bourne (~> 1.1.2)
+    sqlite3 (1.3.6)
+    tzinfo (0.3.35)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord
+  activerecord-jdbcsqlite3-adapter
+  jdbc-sqlite3
+  mongoid
+  shoulda
+  sqlite3

data/README.md

@@ -27,7 +27,7 @@ created, managed and further secured by System Administrators. This prevents
 developers having or needing to have access to the symmetric encryption keys
 * The Operating System security features limit access to the Symmetric Encryption
 key files to System Administrators and the userid under which the Rails application runs.
-* The files in which the Symmetric Encryption keys are stored are futher
+* The files in which the Symmetric Encryption keys are stored are further
 encrypted using RSA 2048 bit encryption
 
 In order for anyone to decrypt the data being encrypted in the database, they
@@ -38,6 +38,15 @@ by the Operating System
 * The userid and password for the database to copy the encrypted data itself,
 or an unsecured copy or export of the database contents
 
+A major feature of symmetric encryption is that it makes the encryption and decryption
+automatically available when the Rails application is started. This includes all
+rake tasks and the Rails console. In this way data can be encrypted or decrypted as
+part of any rake task.
+
+From a security perspective it is important then to properly secure the system so that
+no hacker can switch to and run as the rails user and thereby gain access to the
+encryption and decryption capabilities
+
 ## Features
 
 * Encryption of passwords in configuration files
@@ -59,37 +68,96 @@ are extended with encrypted_ behavior, rather than every object in the system
 
 ### Encryption Example
 
-    SymmetricEncryption.encrypt "Sensitive data"
+```ruby
+SymmetricEncryption.encrypt "Sensitive data"
+```
 
 ### Decryption Example
 
-    SymmetricEncryption.decrypt "JqLJOi6dNjWI9kX9lSL1XQ==\n"
+```ruby
+SymmetricEncryption.decrypt "JqLJOi6dNjWI9kX9lSL1XQ==\n"
+```
 
-### Validation Example
+### ActiveRecord Example
+
+```ruby
+class User < ActiveRecord::Base
+  # Requires table users to have a column called encrypted_bank_account_number
+  attr_encrypted :bank_account_number
+
+  # Requires table users to have a column called encrypted_social_security_number
+  attr_encrypted :social_security_number
+
+  validates :encrypted_bank_account_number, :symmetric_encryption => true
+  validates :encrypted_social_security_number, :symmetric_encryption => true
+end
+
+# Create a new user instance assigning a bank account number
+user = User.new
+user.bank_account_number = '12345'
+
+# Saves the bank_account_number in the column encrypted_bank_account_number in
+# encrypted form
+user.save!
+
+# Short example using create
+User.create(:bank_account_number => '12345')
+```
+
+### Mongoid Example
 
-    class MyModel < ActiveRecord::Base
-      validates :encrypted_ssn, :symmetric_encryption => true
-    end
+To encrypt a field in a Mongoid document, just add ":encrypted => true" at the end
+of the field specifier. The field name must currently begin with "encrypted_"
 
-    m = MyModel.new
-    m.valid?
-    #  => false
-    m.encrypted_ssn = SymmetricEncryption.encrypt('123456789')
-    m.valid?
-    #  => true
+```ruby
+# User model in Mongoid
+class User
+  include Mongoid::Document
 
+  field :name,                             :type => String
+  field :encrypted_bank_account_number,    :type => String,  :encrypted => true
+  field :encrypted_social_security_number, :type => String,  :encrypted => true
+end
+
+# Create a new user document
+User.create(:bank_account_number => '12345')
+
+# When finding a document, always use the encrypted form of the field name
+user = User.where(:encrypted_bank_account_number => SymmetricEncryption.encrypt('12345')).first
+
+# Fields can be accessed using their unencrypted names
+puts user.bank_account_number
+```
+
+### Validation Example
+
+```ruby
+class MyModel < ActiveRecord::Base
+  validates :encrypted_ssn, :symmetric_encryption => true
+end
+
+m = MyModel.new
+m.valid?
+#  => false
+m.encrypted_ssn = SymmetricEncryption.encrypt('123456789')
+m.valid?
+#  => true
+```
 ### Encrypting Passwords in configuration files
 
 Passwords can be encrypted in any YAML configuration file.
 
 For example config/database.yml
 
-    production:
-      adapter:  mysql
-      host:     db1w
-      database: myapp_production
-      username: admin
-      password: <%= SymmetricEncryption.try_decrypt "JqLJOi6dNjWI9kX9lSL1XQ==\n" %>
+```yaml
+---
+production:
+  adapter:  mysql
+  host:     db1w
+  database: myapp_production
+  username: admin
+  password: <%= SymmetricEncryption.try_decrypt "JqLJOi6dNjWI9kX9lSL1XQ==\n" %>
+```
 
 Note: Use SymmetricEncryption.try_decrypt method which will return nil if it
   fails to decrypt the value, which is essential when the encryption keys differ
@@ -98,54 +166,75 @@ Note: Use SymmetricEncryption.try_decrypt method which will return nil if it
 Note: In order for the above technique to work in other YAML configuration files
   the YAML file must be processed using ERB prior to passing to YAML. For example
 
+```ruby
     config_file = Rails.root.join('config', 'redis.yml')
     raise "redis config not found. Create a config file at: config/redis.yml" unless config_file.file?
 
     cfg = YAML.load(ERB.new(File.new(config_file).read).result)[Rails.env]
     raise("Environment #{Rails.env} not defined in redis.yml") unless cfg
+```
 
 ### Large File Encryption
 
 Example: Read and decrypt a line at a time from a file
 
-    SymmetricEncryption::Reader.open('encrypted_file') do |file|
-      file.each_line do |line|
-        puts line
-      end
-    end
+```ruby
+SymmetricEncryption::Reader.open('encrypted_file') do |file|
+  file.each_line do |line|
+	 puts line
+  end
+end
+```
 
 Example: Encrypt and write data to a file
 
-    SymmetricEncryption::Writer.open('encrypted_file') do |file|
-      file.write "Hello World\n"
-      file.write "Keep this secret"
-    end
+```ruby
+SymmetricEncryption::Writer.open('encrypted_file') do |file|
+  file.write "Hello World\n"
+  file.write "Keep this secret"
+end
+```
 
 Example: Compress, Encrypt and write data to a file
 
-    SymmetricEncryption::Writer.open('encrypted_compressed.zip', :compress => true) do |file|
-      file.write "Hello World\n"
-      file.write "Compress this\n"
-      file.write "Keep this safe and secure\n"
-    end
+```ruby
+SymmetricEncryption::Writer.open('encrypted_compressed.zip', :compress => true) do |file|
+  file.write "Hello World\n"
+  file.write "Compress this\n"
+  file.write "Keep this safe and secure\n"
+end
+```
 
 ### Standalone test
 
 Before generating keys we can use SymmetricEncryption in a standalone test environment:
 
-    # Use test encryption keys
-    SymmetricEncryption.cipher = SymmetricEncryption::Cipher.new(
-      :key    => '1234567890ABCDEF1234567890ABCDEF',
-      :iv     => '1234567890ABCDEF',
-      :cipher => 'aes-128-cbc'
-    )
-    encrypted = SymmetricEncryption.encrypt('hello world')
-    puts SymmetricEncryption.decrypt(encrypted)
+```ruby
+# Use test encryption keys
+SymmetricEncryption.cipher = SymmetricEncryption::Cipher.new(
+  :key    => '1234567890ABCDEF1234567890ABCDEF',
+  :iv     => '1234567890ABCDEF',
+  :cipher => 'aes-128-cbc'
+)
+encrypted = SymmetricEncryption.encrypt('hello world')
+puts SymmetricEncryption.decrypt(encrypted)
+```
+
+### Rake Tasks
+
+For PCI compliance developers should not be the ones creating or encrypting
+passwords. The following rake tasks can be used by system administrators to
+generate and encrypt passwords for databases, or external web calls.
+It is safe to pass the encrypted password for say MySQL to the developers
+who can then put it in the config files which are kept in source control.
+
+Generate a random password and display its encrypted form:
+
+    rake symmetric_encryption:random_password
 
-### Generating encrypted passwords
+Encrypt a known value, such as a password:
 
-The following rake task can be used to generate encrypted passwords for the
-specified environment
+    rake symmetric_encryption:encrypt
 
 Note: Passwords must be encrypted in the environment in which they will be used.
   Since each environment should have its own symmetric encryption keys
@@ -155,7 +244,9 @@ Note: Passwords must be encrypted in the environment in which they will be used.
 ### Add to an existing Rails project
 Add the following line to Gemfile
 
-    gem 'symmetric-encryption'
+```ruby
+gem 'symmetric-encryption'
+```
 
 Install the Gem with bundler
 
@@ -244,8 +335,10 @@ one supplied in examples/symmetric-encryption.yml.
 At application startup, run the code below to initialize symmetric-encryption prior to
 attempting to encrypt or decrypt any data
 
-    require 'symmetric-encryption'
-    SymmetricEncryption.load!('config/symmetric-encryption.yml', 'production')
+```ruby
+require 'symmetric-encryption'
+SymmetricEncryption.load!('config/symmetric-encryption.yml', 'production')
+```
 
 Parameters:
 
@@ -254,8 +347,10 @@ Parameters:
 
 To manually generate the symmetric encryption keys, run the code below
 
-    require 'symmetric-encryption'
-    SymmetricEncryption.generate_symmetric_key_files('config/symmetric-encryption.yml', 'production')
+```ruby
+require 'symmetric-encryption'
+SymmetricEncryption.generate_symmetric_key_files('config/symmetric-encryption.yml', 'production')
+```
 
 Parameters:
 
@@ -280,87 +375,89 @@ use the same RSA Private key for gaining access to the Symmetric Encryption Keys
 
 Create a configuration file in config/symmetric-encryption.yml per the following example:
 
-    #
-    # Symmetric Encryption for Ruby
-    #
-    ---
-    # For the development and test environments the test symmetric encryption keys
-    # can be placed directly in the source code.
-    # And therefore no RSA private key is required
-    development: &development_defaults
-      key:    1234567890ABCDEF1234567890ABCDEF
-      iv:     1234567890ABCDEF
-      cipher: aes-128-cbc
-
-    test:
-      <<: *development_defaults
-
-    production:
-      # Since the key to encrypt and decrypt with must NOT be stored along with the
-      # source code, we only hold a RSA key that is used to unlock the file
-      # containing the actual symmetric encryption key
-      #
-      # Sample RSA Key, DO NOT use this RSA key, generate a new one using
-      #    openssl genrsa 2048
-      private_rsa_key: |
-        -----BEGIN RSA PRIVATE KEY-----
-        MIIEpAIBAAKCAQEAxIL9H/jYUGpA38v6PowRSRJEo3aNVXULNM/QNRpx2DTf++KH
-        6DcuFTFcNSSSxG9n4y7tKi755be8N0uwCCuOzvXqfWmXYjbLwK3Ib2vm0btpHyvA
-        qxgqeJOOCxKdW/cUFLWn0tACUcEjVCNfWEGaFyvkOUuR7Ub9KfhbW9cZO3BxZMUf
-        IPGlHl/gWyf484sXygd+S7cpDTRRzo9RjG74DwfE0MFGf9a1fTkxnSgeOJ6asTOy
-        fp9tEToUlbglKaYGpOGHYQ9TV5ZsyJ9jRUyb4SP5wK2eK6dHTxTcHvT03kD90Hv4
-        WeKIXv3WOjkwNEyMdpnJJfSDb5oquQvCNi7ZSQIDAQABAoIBAQCbzR7TUoBugU+e
-        ICLvpC2wOYOh9kRoFLwlyv3QnH7WZFWRZzFJszYeJ1xr5etXQtyjCnmOkGAg+WOI
-        k8GlOKOpAuA/PpB/leJFiYL4lBwU/PmDdTT0cdx6bMKZlNCeMW8CXGQKiFDOcMqJ
-        0uGtH5YD+RChPIEeFsJxnC8SyZ9/t2ra7XnMGiCZvRXIUDSEIIsRx/mOymJ7bL+h
-        Lbp46IfXf6ZuIzwzoIk0JReV/r+wdmkAVDkrrMkCmVS4/X1wN/Tiik9/yvbsh/CL
-        ztC55eSIEjATkWxnXfPASZN6oUfQPEveGH3HzNjdncjH/Ho8FaNMIAfFpBhhLPi9
-        nG5sbH+BAoGBAOdoUyVoAA/QUa3/FkQaa7Ajjehe5MR5k6VtaGtcxrLiBjrNR7x+
-        nqlZlGvWDMiCz49dgj+G1Qk1bbYrZLRX/Hjeqy5dZOGLMfgf9eKUmS1rDwAzBMcj
-        M9jnnJEBx8HIlNzaR6wzp3GMd0rrccs660A8URvzkgo9qNbvMLq9vyUtAoGBANll
-        SY1Iv9uaIz8klTXU9YzYtsfUmgXzw7K8StPdbEbo8F1J3JPJB4D7QHF0ObIaSWuf
-        suZqLsvWlYGuJeyX2ntlBN82ORfvUdOrdrbDlmPyj4PfFVl0AK3U3Ai374DNrjKR
-        hF6YFm4TLDaJhUjeV5C43kbE1N2FAMS9LYtPJ44NAoGAFDGHZ/E+aCLerddfwwun
-        MBS6MnftcLPHTZ1RimTrNfsBXipBw1ItWEvn5s0kCm9X24PmdNK4TnhqHYaF4DL5
-        ZjbQK1idEA2Mi8GGPIKJJ2x7P6I0HYiV4qy7fe/w1ZlCXE90B7PuPbtrQY9wO7Ll
-        ipJ45X6I1PnyfOcckn8yafUCgYACtPAlgjJhWZn2v03cTbqA9nHQKyV/zXkyUIXd
-        /XPLrjrP7ouAi5A8WuSChR/yx8ECRgrEM65Be3qBEtoGCB4AS1G0NcigM6qhKBFi
-        VS0aMXr3+V8argcUIwJaWW/x+p2go48yXlJpLHPweeXe8mXEt4iM+QZte6p2yKQ4
-        h9PGQQKBgQCqSydmXBnXGIVTp2sH/2GnpxLYnDBpcJE0tM8bJ42HEQQgRThIChsn
-        PnGA91G9MVikYapgI0VYBHQOTsz8rTIUzsKwXG+TIaK+W84nxH5y6jUkjqwxZmAz
-        r1URaMAun2PfAB4g2N/kEZTExgeOGqXjFhvvjdzl97ux2cTyZhaTXg==
-        -----END RSA PRIVATE KEY-----
-
-      # List Symmetric Key files in the order of current / latest first
-      ciphers:
-        -
-          # Filename containing Symmetric Encryption Key encrypted using the
-          # RSA public key derived from the private key above
-          key_filename: /etc/rails/.rails.key
-          iv_filename:  /etc/rails/.rails.iv
-
-          # Encryption cipher
-          #   Recommended values:
-          #      aes-256-cbc
-          #         256 AES CBC Algorithm. Very strong
-          #         Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
-          #         JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
-          #      aes-128-cbc
-          #         128 AES CBC Algorithm. Less strong.
-          #         Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
-          #         JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
-          cipher: aes-256-cbc
-
-        -
-          # OPTIONAL:
-          #
-          # Any previous Symmetric Encryption Keys
-          #
-          # Only used when old data still exists that requires old decryption keys
-          # to be used
-          key_filename: /etc/rails/.rails_old.key
-          iv_filename:  /etc/rails/.rails_old.iv
-          cipher:       aes-256-cbc
+```yaml
+#
+# Symmetric Encryption for Ruby
+#
+---
+# For the development and test environments the test symmetric encryption keys
+# can be placed directly in the source code.
+# And therefore no RSA private key is required
+development: &development_defaults
+  key:    1234567890ABCDEF1234567890ABCDEF
+  iv:     1234567890ABCDEF
+  cipher: aes-128-cbc
+
+test:
+  <<: *development_defaults
+
+production:
+  # Since the key to encrypt and decrypt with must NOT be stored along with the
+  # source code, we only hold a RSA key that is used to unlock the file
+  # containing the actual symmetric encryption key
+  #
+  # Sample RSA Key, DO NOT use this RSA key, generate a new one using
+  #    openssl genrsa 2048
+  private_rsa_key: |
+	 -----BEGIN RSA PRIVATE KEY-----
+	 MIIEpAIBAAKCAQEAxIL9H/jYUGpA38v6PowRSRJEo3aNVXULNM/QNRpx2DTf++KH
+	 6DcuFTFcNSSSxG9n4y7tKi755be8N0uwCCuOzvXqfWmXYjbLwK3Ib2vm0btpHyvA
+	 qxgqeJOOCxKdW/cUFLWn0tACUcEjVCNfWEGaFyvkOUuR7Ub9KfhbW9cZO3BxZMUf
+	 IPGlHl/gWyf484sXygd+S7cpDTRRzo9RjG74DwfE0MFGf9a1fTkxnSgeOJ6asTOy
+	 fp9tEToUlbglKaYGpOGHYQ9TV5ZsyJ9jRUyb4SP5wK2eK6dHTxTcHvT03kD90Hv4
+	 WeKIXv3WOjkwNEyMdpnJJfSDb5oquQvCNi7ZSQIDAQABAoIBAQCbzR7TUoBugU+e
+	 ICLvpC2wOYOh9kRoFLwlyv3QnH7WZFWRZzFJszYeJ1xr5etXQtyjCnmOkGAg+WOI
+	 k8GlOKOpAuA/PpB/leJFiYL4lBwU/PmDdTT0cdx6bMKZlNCeMW8CXGQKiFDOcMqJ
+	 0uGtH5YD+RChPIEeFsJxnC8SyZ9/t2ra7XnMGiCZvRXIUDSEIIsRx/mOymJ7bL+h
+	 Lbp46IfXf6ZuIzwzoIk0JReV/r+wdmkAVDkrrMkCmVS4/X1wN/Tiik9/yvbsh/CL
+	 ztC55eSIEjATkWxnXfPASZN6oUfQPEveGH3HzNjdncjH/Ho8FaNMIAfFpBhhLPi9
+	 nG5sbH+BAoGBAOdoUyVoAA/QUa3/FkQaa7Ajjehe5MR5k6VtaGtcxrLiBjrNR7x+
+	 nqlZlGvWDMiCz49dgj+G1Qk1bbYrZLRX/Hjeqy5dZOGLMfgf9eKUmS1rDwAzBMcj
+	 M9jnnJEBx8HIlNzaR6wzp3GMd0rrccs660A8URvzkgo9qNbvMLq9vyUtAoGBANll
+	 SY1Iv9uaIz8klTXU9YzYtsfUmgXzw7K8StPdbEbo8F1J3JPJB4D7QHF0ObIaSWuf
+	 suZqLsvWlYGuJeyX2ntlBN82ORfvUdOrdrbDlmPyj4PfFVl0AK3U3Ai374DNrjKR
+	 hF6YFm4TLDaJhUjeV5C43kbE1N2FAMS9LYtPJ44NAoGAFDGHZ/E+aCLerddfwwun
+	 MBS6MnftcLPHTZ1RimTrNfsBXipBw1ItWEvn5s0kCm9X24PmdNK4TnhqHYaF4DL5
+	 ZjbQK1idEA2Mi8GGPIKJJ2x7P6I0HYiV4qy7fe/w1ZlCXE90B7PuPbtrQY9wO7Ll
+	 ipJ45X6I1PnyfOcckn8yafUCgYACtPAlgjJhWZn2v03cTbqA9nHQKyV/zXkyUIXd
+	 /XPLrjrP7ouAi5A8WuSChR/yx8ECRgrEM65Be3qBEtoGCB4AS1G0NcigM6qhKBFi
+	 VS0aMXr3+V8argcUIwJaWW/x+p2go48yXlJpLHPweeXe8mXEt4iM+QZte6p2yKQ4
+	 h9PGQQKBgQCqSydmXBnXGIVTp2sH/2GnpxLYnDBpcJE0tM8bJ42HEQQgRThIChsn
+	 PnGA91G9MVikYapgI0VYBHQOTsz8rTIUzsKwXG+TIaK+W84nxH5y6jUkjqwxZmAz
+	 r1URaMAun2PfAB4g2N/kEZTExgeOGqXjFhvvjdzl97ux2cTyZhaTXg==
+	 -----END RSA PRIVATE KEY-----
+
+  # List Symmetric Key files in the order of current / latest first
+  ciphers:
+	 -
+		# Filename containing Symmetric Encryption Key encrypted using the
+		# RSA public key derived from the private key above
+		key_filename: /etc/rails/.rails.key
+		iv_filename:  /etc/rails/.rails.iv
+
+		# Encryption cipher
+		#   Recommended values:
+		#      aes-256-cbc
+		#         256 AES CBC Algorithm. Very strong
+		#         Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
+		#         JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
+		#      aes-128-cbc
+		#         128 AES CBC Algorithm. Less strong.
+		#         Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
+		#         JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
+		cipher: aes-256-cbc
+
+	 -
+		# OPTIONAL:
+		#
+		# Any previous Symmetric Encryption Keys
+		#
+		# Only used when old data still exists that requires old decryption keys
+		# to be used
+		key_filename: /etc/rails/.rails_old.key
+		iv_filename:  /etc/rails/.rails_old.iv
+		cipher:       aes-256-cbc
+```
 
 ## Future Enhancements
 

data/Rakefile

@@ -2,6 +2,7 @@ lib = File.expand_path('../lib/', __FILE__)
 $:.unshift lib unless $:.include?(lib)
 
 require 'rubygems'
+require 'rubygems/package'
 require 'rake/clean'
 require 'rake/testtask'
 require 'date'
@@ -20,9 +21,10 @@ task :gem  do |t|
     s.summary     = "Symmetric Encryption for Ruby, and Ruby on Rails"
     s.description = "SymmetricEncryption supports encrypting ActiveRecord data, Mongoid data, passwords in configuration files, encrypting and decrypting of large files through streaming"
     s.files       = FileList["./**/*"].exclude(/.gem$/, /.log$/,/^nbproject/).map{|f| f.sub(/^\.\//, '')}
+    s.license     = "Apache License V2.0"
     s.has_rdoc    = true
   end
-  Gem::Builder.new(gemspec).build
+  Gem::Package.build gemspec
 end
 
 desc "Run Test Suite"

data/lib/symmetric_encryption/cipher.rb

@@ -11,7 +11,7 @@ module SymmetricEncryption
     attr_accessor :encoding
 
     # Available encodings
-    ENCODINGS = [:none, :base64, :base64strict]
+    ENCODINGS = [:none, :base64, :base64strict, :base16]
 
     # Generate a new Symmetric Key pair
     #
@@ -51,7 +51,9 @@ module SymmetricEncryption
     #       It is not the default for backward compatibility
     #     :base64
     #       Return as a base64 encoded string
-    #     :binary
+    #     :base16
+    #       Return as a Hex encoded string
+    #     :none
     #       Return as raw binary data string. Note: String can contain embedded nulls
     #     Default: :base64
     #     Recommended: :base64strict
@@ -69,45 +71,53 @@ module SymmetricEncryption
       raise("Invalid Encoding: #{@encoding}") unless ENCODINGS.include?(@encoding)
     end
 
-    # AES Symmetric Encryption of supplied string
+    # Encryption of supplied string
     # The String is encoded to UTF-8 prior to encryption
     #
-    #  Returns result as a Base64 encoded string
+    #  Returns result as an encoded string if encode is true
     #  Returns nil if the supplied str is nil
     #  Returns "" if it is a string and it is empty
     if defined?(Encoding)
-      def encrypt(str)
+      def encrypt(str, encode = true)
         return if str.nil?
         buf = str.to_s.encode(SymmetricEncryption::UTF8_ENCODING)
         return str if buf.empty?
-        crypt(:encrypt, buf)
+        encrypted = crypt(:encrypt, buf)
+        encode ? self.encode(encrypted) : encrypted
       end
     else
-      def encrypt(str)
+      def encrypt(str, encode = true)
         return if str.nil?
         buf = str.to_s
         return str if buf.empty?
-        crypt(:encrypt, buf)
+        encrypted = crypt(:encrypt, buf)
+        encode ? self.encode(encrypted) : encrypted
       end
     end
 
-    # AES Symmetric Decryption of supplied string
-    # The encoding of the supplied string is ignored since it must be binary data
+    # Decryption of supplied string
+    #
+    # Decodes string first if decode is true
+    #
     #  Returns a UTF-8 encoded, decrypted string
     #  Returns nil if the supplied str is nil
     #  Returns "" if it is a string and it is empty
     if defined?(Encoding)
-      def decrypt(str)
-        return if str.nil?
-        buf = str.to_s.force_encoding(SymmetricEncryption::BINARY_ENCODING)
-        return str if buf.empty?
+      def decrypt(str, decode = true)
+        decoded = self.decode(str) if decode
+        return unless decoded
+
+        buf = decoded.to_s.force_encoding(SymmetricEncryption::BINARY_ENCODING)
+        return decoded if buf.empty?
         crypt(:decrypt, buf).force_encoding(SymmetricEncryption::UTF8_ENCODING)
       end
     else
-      def decrypt(str)
-        return if str.nil?
-        buf = str.to_s
-        return str if buf.empty?
+      def decrypt(str, decode = true)
+        decoded = self.decode(str) if decode
+        return unless decoded
+
+        buf = decoded.to_s
+        return decoded if buf.empty?
         crypt(:decrypt, buf)
       end
     end
@@ -123,6 +133,40 @@ module SymmetricEncryption
       ::OpenSSL::Cipher::Cipher.new(@cipher).block_size
     end
 
+    # Encode the supplied string using the encoding in this cipher instance
+    # Returns nil if the supplied string is nil
+    # Note: No encryption or decryption is performed
+    def encode(binary_string)
+      return unless binary_string
+
+      # Now encode data based on encoding setting
+      case encoding
+      when :base64
+        ::Base64.encode64(binary_string)
+      when :base64strict
+        ::Base64.encode64(binary_string).gsub(/\n/, '')
+      when :base16
+        binary_string.to_s.unpack('H*').first
+      else
+        binary_string
+      end
+    end
+
+    # Decode the supplied string using the encoding in this cipher instance
+    # Note: No encryption or decryption is performed
+    def decode(encoded_string)
+      return unless encoded_string
+
+      case encoding
+      when :base64, :base64strict
+        ::Base64.decode64(encoded_string)
+      when :base16
+        [encoded_string].pack('H*')
+      else
+        encoded_string
+      end
+    end
+
     protected
 
     # Only for use by Symmetric::EncryptedStream

data/lib/symmetric_encryption/symmetric_encryption.rb

@@ -66,12 +66,7 @@ module SymmetricEncryption
   def self.decrypt(str)
     raise "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data" unless @@cipher
 
-    # Decode data first based on encoding setting
-    case @@cipher.encoding
-    when :base64, :base64strict
-      str = ::Base64.decode64(str) if str
-    end
-
+    # Decode and then decrypt supplied string
     begin
       @@cipher.decrypt(str)
     rescue OpenSSL::Cipher::CipherError => exc
@@ -92,19 +87,8 @@ module SymmetricEncryption
   def self.encrypt(str)
     raise "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data" unless @@cipher
 
-    # Encrypt data as a binary string
-    if result = @@cipher.encrypt(str)
-      # Now encode data based on encoding setting
-      case @@cipher.encoding
-      when :base64
-        # Base 64 Encoding of binary data
-        ::Base64.encode64(result)
-      when :base64strict
-        ::Base64.encode64(result).gsub(/\n/, '')
-      else
-        result
-      end
-    end
+    # Encrypt and then encode the supplied string
+    @@cipher.encrypt(str)
   end
 
   # Invokes decrypt

data/lib/symmetric_encryption/version.rb

@@ -1,4 +1,4 @@
 # encoding: utf-8
 module SymmetricEncryption #:nodoc
-  VERSION = "0.9.1"
+  VERSION = "1.0.0"
 end

data/nbproject/private/private.properties

@@ -1,3 +1,3 @@
 file.reference.symmetry-lib=/Users/rmorrison/Sandbox/symmetry/lib
 file.reference.symmetry-test=/Users/rmorrison/Sandbox/symmetry/test
-platform.active=Ruby_0
+platform.active=Ruby

data/nbproject/private/private.xml

@@ -14,7 +14,4 @@
             <line>60</line>
         </file>
     </editor-bookmarks>
-    <open-files xmlns="http://www.netbeans.org/ns/projectui-open-files/1">
-        <file>file:/Users/rmorrison/Sandbox/symmetric-encryption/lib/symmetric_encryption/extensions/active_record/base.rb</file>
-    </open-files>
 </project-private>

data/test/cipher_test.rb

@@ -13,16 +13,18 @@ class CipherTest < Test::Unit::TestCase
 
     should "allow setting the cipher" do
       cipher = SymmetricEncryption::Cipher.new(
-        :cipher => 'aes-128-cbc',
-        :key => '1234567890ABCDEF1234567890ABCDEF',
-        :iv  => '1234567890ABCDEF'
+        :cipher   => 'aes-128-cbc',
+        :key      => '1234567890ABCDEF1234567890ABCDEF',
+        :iv       => '1234567890ABCDEF',
+        :encoding => :none
       )
       assert_equal 'aes-128-cbc', cipher.cipher
     end
 
     should "not require an iv" do
       cipher = SymmetricEncryption::Cipher.new(
-        :key => '1234567890ABCDEF1234567890ABCDEF'
+        :key      => '1234567890ABCDEF1234567890ABCDEF',
+        :encoding => :none
       )
       result = "\302<\351\227oj\372\3331\310\260V\001\v'\346"
       # Note: This test fails on JRuby 1.7 RC1 since it's OpenSSL
@@ -35,9 +37,10 @@ class CipherTest < Test::Unit::TestCase
 
     should "throw an exception on bad data" do
       cipher = SymmetricEncryption::Cipher.new(
-        :cipher => 'aes-128-cbc',
-        :key => '1234567890ABCDEF1234567890ABCDEF',
-        :iv  => '1234567890ABCDEF'
+        :cipher   => 'aes-128-cbc',
+        :key      => '1234567890ABCDEF1234567890ABCDEF',
+        :iv       => '1234567890ABCDEF',
+        :encoding => :none
       )
       assert_raise OpenSSL::Cipher::CipherError do
         cipher.decrypt('bad data')
@@ -49,8 +52,9 @@ class CipherTest < Test::Unit::TestCase
   context 'with configuration' do
     setup do
       @cipher = SymmetricEncryption::Cipher.new(
-        :key => '1234567890ABCDEF1234567890ABCDEF',
-        :iv  => '1234567890ABCDEF'
+        :key      => '1234567890ABCDEF1234567890ABCDEF',
+        :iv       => '1234567890ABCDEF',
+        :encoding => :none
       )
       @social_security_number = "987654321"
 

data/test/config/database.yml

@@ -1,7 +1,5 @@
 test:
-  database: symmetric_encryption_test
-  username: root
-  password:
-  encoding: utf8
-  adapter:  mysql
-  host:     127.0.0.1
+  adapter:  sqlite3
+  database: test/test_db.sqlite3
+  pool:     5
+  timeout:  5000

data/test/reader_test.rb

@@ -22,7 +22,7 @@ class ReaderTest < Test::Unit::TestCase
       ]
       @data_str = @data.inject('') {|sum,str| sum << str}
       @data_len = @data_str.length
-      @data_encrypted = SymmetricEncryption.cipher.encrypt(@data_str)
+      @data_encrypted = SymmetricEncryption.cipher.encrypt(@data_str, false)
     end
 
     should "decrypt from string stream as a single read" do

data/test/symmetric_encryption_test.rb

@@ -12,9 +12,9 @@ SymmetricEncryption.load!(File.join(File.dirname(__FILE__), 'config', 'symmetric
 # Unit Test for SymmetricEncryption
 #
 class SymmetricEncryptionTest < Test::Unit::TestCase
-  context 'initialized' do
+  context 'SymmetricEncryption' do
 
-    context 'SymmetricEncryption configuration' do
+    context 'configuration' do
       setup do
         @config = SymmetricEncryption.send(:read_config, File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'), 'test')
       end
@@ -24,61 +24,51 @@ class SymmetricEncryptionTest < Test::Unit::TestCase
       end
     end
 
-    context 'Base64 encoding tests' do
-      setup do
-        @social_security_number = "987654321"
-        @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA==\n"
-        @social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow==\n"
-        @encoding = SymmetricEncryption.cipher.encoding
-        SymmetricEncryption.cipher.encoding = :base64
-      end
-
-      teardown do
-        SymmetricEncryption.cipher.encoding = @encoding
-      end
-
-      should "encrypt simple string" do
-        assert_equal @social_security_number_encrypted, SymmetricEncryption.encrypt(@social_security_number)
-      end
-
-      should "decrypt string" do
-        assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted)
-      end
-
-      should "determine if string is encrypted" do
-        assert_equal true, SymmetricEncryption.encrypted?(@social_security_number_encrypted)
-        assert_equal false, SymmetricEncryption.encrypted?(@social_security_number)
-      end
-
-      should "decrypt with secondary key when first one fails" do
-        assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted)
+    SymmetricEncryption::Cipher::ENCODINGS.each do |encoding|
+      context "encoding: #{encoding}" do
+        setup do
+          @social_security_number = "987654321"
+          @social_security_number_encrypted =
+            case encoding
+          when :base64
+            "S+8X1NRrqdfEIQyFHVPuVA==\n"
+          when :base64strict
+            "S+8X1NRrqdfEIQyFHVPuVA=="
+          when :base16
+            "4bef17d4d46ba9d7c4210c851d53ee54"
+          when :none
+            "K\xEF\x17\xD4\xD4k\xA9\xD7\xC4!\f\x85\x1DS\xEET".force_encoding(Encoding.find("binary"))
+          else
+            raise "Add test for encoding: #{encoding}"
+          end
+          @social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow==\n"
+          @encoding = SymmetricEncryption.cipher.encoding
+          SymmetricEncryption.cipher.encoding = encoding
+        end
+
+        teardown do
+          SymmetricEncryption.cipher.encoding = @encoding
+        end
+
+        should "encrypt simple string" do
+          assert_equal @social_security_number_encrypted, SymmetricEncryption.encrypt(@social_security_number)
+        end
+
+        should "decrypt string" do
+          assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted)
+        end
+
+        should "determine if string is encrypted" do
+          assert_equal true, SymmetricEncryption.encrypted?(@social_security_number_encrypted)
+          assert_equal false, SymmetricEncryption.encrypted?(@social_security_number)
+        end
+
+        should "decrypt with secondary key when first one fails" do
+          assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted_with_secondary_1)
+        end
       end
     end
 
-    context 'Base64Strict tests' do
-      setup do
-        @social_security_number = "987654321"
-        @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA=="
-        @social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow=="
-      end
-
-      should "encrypt simple string" do
-        assert_equal @social_security_number_encrypted, SymmetricEncryption.encrypt(@social_security_number)
-      end
-
-      should "decrypt string" do
-        assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted)
-      end
-
-      should "determine if string is encrypted" do
-        assert_equal true, SymmetricEncryption.encrypted?(@social_security_number_encrypted)
-        assert_equal false, SymmetricEncryption.encrypted?(@social_security_number)
-      end
-
-      should "decrypt with secondary key when first one fails" do
-        assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted)
-      end
-    end
   end
 
 end

data/test/writer_test.rb

@@ -22,7 +22,7 @@ class EncryptionWriterTest < Test::Unit::TestCase
       ]
       @data_str = @data.inject('') {|sum,str| sum << str}
       @data_len = @data_str.length
-      @data_encrypted = SymmetricEncryption.cipher.encrypt(@data_str)
+      @data_encrypted = SymmetricEncryption.cipher.encrypt(@data_str, false)
       @filename = '._test'
     end
 

metadata

@@ -1,15 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: symmetric-encryption
 version: !ruby/object:Gem::Version
-  version: 0.9.1
-  prerelease: 
+  version: 1.0.0
 platform: ruby
 authors:
 - Reid Morrison
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-11-05 00:00:00.000000000 Z
+date: 2013-03-07 00:00:00.000000000 Z
 dependencies: []
 description: SymmetricEncryption supports encrypting ActiveRecord data, Mongoid data,
   passwords in configuration files, encrypting and decrypting of large files through
@@ -20,11 +19,17 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
 - examples/symmetric-encryption.yml
 - lib/rails/generators/symmetric_encryption/config/config_generator.rb
 - lib/rails/generators/symmetric_encryption/config/templates/symmetric-encryption.yml
 - lib/rails/generators/symmetric_encryption/new_keys/new_keys_generator.rb
 - lib/symmetric-encryption.rb
+- lib/symmetric_encryption.rb
 - lib/symmetric_encryption/cipher.rb
 - lib/symmetric_encryption/extensions/active_record/base.rb
 - lib/symmetric_encryption/extensions/mongoid/fields.rb
@@ -35,16 +40,13 @@ files:
 - lib/symmetric_encryption/symmetric_encryption.rb
 - lib/symmetric_encryption/version.rb
 - lib/symmetric_encryption/writer.rb
-- lib/symmetric_encryption.rb
-- LICENSE.txt
 - nbproject/private/config.properties
 - nbproject/private/private.properties
 - nbproject/private/private.xml
 - nbproject/private/rake-d.txt
 - nbproject/project.properties
 - nbproject/project.xml
-- Rakefile
-- README.md
+- test.rb
 - test/attr_encrypted_test.rb
 - test/cipher_test.rb
 - test/config/database.yml
@@ -58,30 +60,30 @@ files:
 - test/field_encrypted_test.rb
 - test/reader_test.rb
 - test/symmetric_encryption_test.rb
+- test/test_db.sqlite3
 - test/writer_test.rb
-- test.rb
 homepage: https://github.com/ClarityServices/symmetric-encryption
-licenses: []
+licenses:
+- Apache License V2.0
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 2.0.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Symmetric Encryption for Ruby, and Ruby on Rails
 test_files: []