symmetric-encryption 3.9.1 → 4.0.0.beta3

data/lib/rails/generators/symmetric_encryption/heroku_config/templates/symmetric-encryption.yml

@@ -1,78 +0,0 @@
-#
-# Symmetric Encryption for Ruby
-#
----
-# For the development and test environments the test symmetric encryption keys
-# can be placed directly in the source code.
-# And therefore no key encryption key is required
-development:   &development_defaults
-  key:         1234567890ABCDEF
-  iv:          1234567890ABCDEF
-  cipher_name: aes-128-cbc
-  encoding:    :base64strict
-
-test:
-  <<: *development_defaults
-
-<%
-rsa_key       = SymmetricEncryption::KeyEncryptionKey.generate
-cipher_conf   = SymmetricEncryption::Cipher.generate_random_keys(private_rsa_key: rsa_key, encrypted_key: '', encrypted_iv: '')
-cipher_name   = cipher_conf[:cipher_name]
-encrypted_iv  = cipher_conf[:encrypted_iv]
-encrypted_key = cipher_conf[:encrypted_key]
-
-puts "\n\n********************************************************************************"
-puts "Add the release environment key to Heroku: (Optional)\n\n"
-puts "  heroku config:add RELEASE_KEY1=#{encrypted_key}\n\n"
-puts "\n\n********************************************************************************"
-puts "Add the release environment key to Heroku: (Optional)\n\n"
-puts "  heroku config:add RELEASE_IV1=#{encrypted_iv}\n\n"
--%>
-release:
-  # Key encryption key
-  # Key used to secure the encryption key when it is stored in a file or encrypted.
-  private_rsa_key: |
-<%= rsa_key.each_line.collect { |line| "    #{line}" }.join('') %>
-
-  # List Symmetric Key files in the order of current / latest first
-  ciphers:
-    -
-      # Filename containing Symmetric Encryption Key encrypted using the
-      # key encryption key above (private_rsa_key).
-      encrypted_key:     "<%= '<' + "%= ENV['RELEASE_KEY1'] %" + '>' %>"
-      encrypted_iv:      "<%= '<' + "%= ENV['RELEASE_IV1'] %" + '>' %>"
-      cipher_name:       <%=  cipher_name %>
-      encoding:          :base64strict
-      version:           1
-      always_add_header: true
-
-<%
-rsa_key       = SymmetricEncryption::KeyEncryptionKey.generate
-cipher_conf   = SymmetricEncryption::Cipher.generate_random_keys(private_rsa_key: rsa_key, encrypted_key: '', encrypted_iv: '')
-cipher_name   = cipher_conf[:cipher_name]
-encrypted_iv  = cipher_conf[:encrypted_iv]
-encrypted_key = cipher_conf[:encrypted_key]
-
-puts "Add the production key to Heroku:\n\n"
-puts "  heroku config:add PRODUCTION_KEY1=#{encrypted_key}\n\n"
-puts "********************************************************************************\n\n\n"
-puts "Add the production key to Heroku:\n\n"
-puts "  heroku config:add PRODUCTION_IV1=#{encrypted_iv}\n\n"
-puts "********************************************************************************\n\n\n"
--%>
-production:
-  # Since the encryption key must NOT be stored along with the
-  # source code, only store the key encryption key here.
-  private_rsa_key: |
-<%= rsa_key.each_line.collect { |line| "    #{line}" }.join('') %>
-
-  # List Symmetric Key files in the order of current / latest first
-  ciphers:
-    -
-      # Encrypted key is supplied via an environment variable.
-      encrypted_key:     "<%= '<' + "%= ENV['PRODUCTION_KEY1'] %" + '>' %>"
-      encrypted_iv:      "<%= '<' + "%= ENV['PRODUCTION_IV1'] %" + '>' %>"
-      cipher_name:       <%=  cipher_name %>
-      encoding:          :base64strict
-      version:           1
-      always_add_header: true

data/lib/rails/generators/symmetric_encryption/new_keys/new_keys_generator.rb

@@ -1,14 +0,0 @@
-module SymmetricEncryption
-  module Generators
-    class NewKeysGenerator < Rails::Generators::Base
-      desc 'Generate new Symmetric key and initialization vector based on values in config/symmetric-encryption.yml'
-
-      argument :environment, type: :string, optional: false
-
-      def create_config_file
-        SymmetricEncryption.generate_symmetric_key_files(File.join('config', 'symmetric-encryption.yml'), environment)
-      end
-
-    end
-  end
-end

data/lib/symmetric_encryption/key_encryption_key.rb

@@ -1,32 +0,0 @@
-require 'openssl'
-module SymmetricEncryption
-  # Class that manages the key that is used to encrypt the encryption key.
-  # Currently uses RSA asymmetric encryption to secure the key.
-  #
-  # Note:
-  #   No encoding or decoding is performed.
-  class KeyEncryptionKey
-    # Returns [String] a new key encryption key.
-    def self.generate(options = {})
-      options = options.dup
-      size    = options.delete(:size) || 2048
-      OpenSSL::PKey::RSA.generate(size).to_s
-    end
-
-    def initialize(key_encryption_key)
-      @rsa = OpenSSL::PKey::RSA.new(key_encryption_key)
-    end
-
-    def encrypt(key)
-      rsa.public_encrypt(key)
-    end
-
-    def decrypt(encrypted_key)
-      rsa.private_decrypt(encrypted_key)
-    end
-
-    private
-
-    attr_reader :rsa
-  end
-end

data/lib/symmetric_encryption/railties/symmetric_encryption.rake

@@ -1,84 +0,0 @@
-namespace :symmetric_encryption do
-
-  desc 'Decrypt the supplied string. Example: VALUE="_encrypted_string_" rake symmetric_encryption:decrypt'
-  task :decrypt => :environment do
-    puts "\nEncrypted: #{ENV['VALUE']}"
-    puts "Decrypted: #{SymmetricEncryption.decrypt(ENV['VALUE'])}\n\n"
-  end
-
-  desc 'Encrypt a value, such as a password. Example: rake symmetric_encryption:encrypt'
-  task :encrypt => :environment do
-    begin
-      require 'highline'
-    rescue LoadError
-      raise(SymmetricEncryption::ConfigError, "Please install gem highline before using the command line task to encrypt an entered string.\n   gem install \"highline\"")
-    end
-    password1 = nil
-    password2 = 0
-
-    while password1 != password2
-      password1 = HighLine.new.ask('Enter the value to encrypt:') { |q| q.echo = '*' }
-      password2 = HighLine.new.ask('Re-enter the value to encrypt:') { |q| q.echo = '*' }
-
-      if (password1 != password2)
-        puts 'Passwords do not match, please try again'
-      end
-    end
-    puts "\nEncrypted: #{SymmetricEncryption.encrypt(password1)}\n\n"
-  end
-
-  desc 'Generate a random password and display its encrypted form. Example: rake symmetric_encryption:random_password'
-  task :random_password => :environment do
-    p = SymmetricEncryption.random_password
-    puts "\nGenerated Password: #{p}"
-    puts "Encrypted: #{SymmetricEncryption.encrypt(p)}\n\n"
-  end
-
-  desc 'Decrypt a file. Example: INFILE="encrypted_filename" OUTFILE="filename" rake symmetric_encryption:decrypt_file'
-  task :decrypt_file => :environment do
-    input_filename  = ENV['INFILE']
-    output_filename = ENV['OUTFILE']
-    block_size      = ENV['BLOCKSIZE'] || 65535
-
-    if input_filename && output_filename
-      puts "\nDecrypting file: #{input_filename} and writing to: #{output_filename}\n\n"
-      ::File.open(output_filename, 'wb') do |output_file|
-        SymmetricEncryption::Reader.open(input_filename) do |input_file|
-          while !input_file.eof?
-            output_file.write(input_file.read(block_size))
-          end
-        end
-      end
-      puts "\n#{output_filename} now contains the decrypted contents of #{input_filename}\n\n"
-    else
-      puts 'Missing input and/or output filename. Usage:'
-      puts '  INFILE="encrypted_filename" OUTFILE="filename" rake symmetric_encryption:decrypt_file'
-    end
-  end
-
-  desc 'Encrypt a file. Example: INFILE="filename" OUTFILE="encrypted_filename" rake symmetric_encryption:encrypt_file'
-  task :encrypt_file => :environment do
-    input_filename  = ENV['INFILE']
-    output_filename = ENV['OUTFILE']
-    compress        = (ENV['COMPRESS'] != nil)
-    block_size      = ENV['BLOCKSIZE'] || 65535
-
-    if input_filename && output_filename
-      puts "\nEncrypting file: #{input_filename} and writing to: #{output_filename}\n\n"
-      ::File.open(input_filename, 'rb') do |input_file|
-        SymmetricEncryption::Writer.open(output_filename, compress: compress) do |output_file|
-          while !input_file.eof?
-            output_file.write(input_file.read(block_size))
-          end
-        end
-      end
-      puts "\n#{output_filename} now contains the encrypted #{"and compressed " if compress}contents of #{input_filename}\n\n"
-    else
-      puts 'Missing input and/or output filename. Usage:'
-      puts '  INFILE="filename" OUTFILE="encrypted_filename" rake symmetric_encryption:encrypt_file'
-      puts 'To compress the file before encrypting:'
-      puts '  COMPRESS=1 INFILE="filename" OUTFILE="encrypted_filename" rake symmetric_encryption:encrypt_file'
-    end
-  end
-
-end

data/lib/symmetric_encryption/utils/re_encrypt_config_files.rb

@@ -1,82 +0,0 @@
-# Used for re-encrypting encrypted passwords stored in configuration files.
-#
-# Search for `SymmetricEncryption.try_decrypt` in config files and replace the
-# encrypted value with one encrypted using the new encryption key.
-#
-# Example:
-#   re_encrypt = SymmetricEncryption::Utils::ReEncryptConfigFiles.new(version: 4)
-#   re_encrypt.process_directory('../../**/*.yml')
-module SymmetricEncryption
-  module Utils
-    class ReEncryptConfigFiles
-      DEFAULT_REGEXP = /\A(.*)SymmetricEncryption.try_decrypt[\s\(\"\'].([\w@=+\/\\]+)[\'\"](.*)\Z/
-
-      attr_accessor :cipher, :path, :search_regexp
-
-      # Parameters:
-      #   version: [Integer]
-      #     Version of the encryption key to use when re-encrypting the value.
-      #     Default: Default cipher ( first in the list of configured ciphers )
-      def initialize(params={})
-        params         = params.dup
-        version        = params.delete(:version)
-        @path          = params.delete(:path)
-        @search_regexp = params.delete(:search_regexp) || DEFAULT_REGEXP
-        @cipher        = SymmetricEncryption.cipher(version)
-        raise(ArgumentError, "Undefined encryption key version: #{version}") if @cipher.nil?
-        raise(ArgumentError, "Unknown parameters: #{params.inspect}") if params.size > 0
-      end
-
-      # Re-encrypt the supplied enctrypted value with the new cipher
-      def re_encrypt(encrypted)
-        if unencrypted = SymmetricEncryption.try_decrypt(encrypted)
-          cipher.encrypt(unencrypted)
-        else
-          encrypted
-        end
-      end
-
-      # Process a single file.
-      #
-      # Returns [true|false] whether the file was modified
-      def process_file(file_name)
-        match        = false
-        lines        = File.read(file_name)
-        output_lines = ''
-        lines.each_line do |line|
-          if result = line.match(search_regexp)
-            before_str = result[1]
-            encrypted  = result[2]
-            after_str  = result[3]
-            after_str  = after_str[1..-1] if after_str.starts_with?(')')
-            new_value  = re_encrypt(encrypted)
-            if new_value != encrypted
-              match = true
-              output_lines << "#{before_str}SymmetricEncryption.try_decrypt('#{new_value}')#{after_str}\n"
-            else
-              output_lines << line
-            end
-          else
-            output_lines << line
-          end
-        end
-        if match
-          File.open(file_name, 'wb') { |file| file.write(output_lines) }
-        end
-        match
-      end
-
-      # Process a directory of files.
-      #
-      # Parameters:
-      #   path: [String]
-      #     Search path to look for files in.
-      #     Example: '../../**/*.yml'
-      def process_directory(path)
-        Dir[path].each do |file_name|
-          process_file(file_name)
-        end
-      end
-    end
-  end
-end