symmetric-encryption 3.9.1 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +72 -0
- data/bin/symmetric-encryption +5 -0
- data/lib/symmetric_encryption/cipher.rb +162 -419
- data/lib/symmetric_encryption/cli.rb +343 -0
- data/lib/symmetric_encryption/coerce.rb +5 -20
- data/lib/symmetric_encryption/config.rb +128 -50
- data/lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb +2 -2
- data/lib/symmetric_encryption/generator.rb +3 -2
- data/lib/symmetric_encryption/header.rb +260 -0
- data/lib/symmetric_encryption/key.rb +106 -0
- data/lib/symmetric_encryption/keystore/environment.rb +90 -0
- data/lib/symmetric_encryption/keystore/file.rb +102 -0
- data/lib/symmetric_encryption/keystore/memory.rb +53 -0
- data/lib/symmetric_encryption/keystore.rb +126 -0
- data/lib/symmetric_encryption/railtie.rb +5 -7
- data/lib/symmetric_encryption/reader.rb +74 -55
- data/lib/symmetric_encryption/rsa_key.rb +24 -0
- data/lib/symmetric_encryption/symmetric_encryption.rb +64 -102
- data/lib/symmetric_encryption/utils/re_encrypt_files.rb +141 -0
- data/lib/symmetric_encryption/version.rb +1 -1
- data/lib/symmetric_encryption/writer.rb +104 -117
- data/lib/symmetric_encryption.rb +9 -4
- data/test/active_record_test.rb +61 -40
- data/test/cipher_test.rb +179 -236
- data/test/config/symmetric-encryption.yml +140 -82
- data/test/header_test.rb +218 -0
- data/test/key_test.rb +240 -0
- data/test/keystore/environment_test.rb +119 -0
- data/test/keystore/file_test.rb +125 -0
- data/test/keystore_test.rb +59 -0
- data/test/mongoid_test.rb +13 -13
- data/test/reader_test.rb +52 -53
- data/test/symmetric_encryption_test.rb +50 -135
- data/test/test_db.sqlite3 +0 -0
- data/test/writer_test.rb +52 -31
- metadata +24 -12
- data/examples/symmetric-encryption.yml +0 -108
- data/lib/rails/generators/symmetric_encryption/config/config_generator.rb +0 -22
- data/lib/rails/generators/symmetric_encryption/config/templates/symmetric-encryption.yml +0 -50
- data/lib/rails/generators/symmetric_encryption/heroku_config/heroku_config_generator.rb +0 -20
- data/lib/rails/generators/symmetric_encryption/heroku_config/templates/symmetric-encryption.yml +0 -78
- data/lib/rails/generators/symmetric_encryption/new_keys/new_keys_generator.rb +0 -14
- data/lib/symmetric_encryption/key_encryption_key.rb +0 -32
- data/lib/symmetric_encryption/railties/symmetric_encryption.rake +0 -84
- data/lib/symmetric_encryption/utils/re_encrypt_config_files.rb +0 -82
@@ -7,8 +7,12 @@ class SymmetricEncryptionTest < Minitest::Test
|
|
7
7
|
|
8
8
|
describe 'configuration' do
|
9
9
|
before do
|
10
|
-
config
|
11
|
-
|
10
|
+
config = SymmetricEncryption::Config.new(
|
11
|
+
file_name: File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'),
|
12
|
+
env: 'test'
|
13
|
+
)
|
14
|
+
@ciphers = config.ciphers
|
15
|
+
|
12
16
|
@cipher_v2, @cipher_v6, @cipher_v1, @cipher_v0 = @ciphers
|
13
17
|
end
|
14
18
|
|
@@ -105,8 +109,13 @@ class SymmetricEncryptionTest < Minitest::Test
|
|
105
109
|
end
|
106
110
|
|
107
111
|
it 'determine if string is encrypted' do
|
108
|
-
|
109
|
-
|
112
|
+
if encoding == :base64strict || encoding == :base64
|
113
|
+
assert SymmetricEncryption.encrypted?(@social_security_number_encrypted)
|
114
|
+
refute SymmetricEncryption.encrypted?(@social_security_number)
|
115
|
+
|
116
|
+
# Without a header it can only assume it is not encrypted
|
117
|
+
refute SymmetricEncryption.encrypted?(SymmetricEncryption.encrypt(@social_security_number, header: false))
|
118
|
+
end
|
110
119
|
end
|
111
120
|
end
|
112
121
|
end
|
@@ -115,7 +124,7 @@ class SymmetricEncryptionTest < Minitest::Test
|
|
115
124
|
before do
|
116
125
|
@social_security_number = '987654321'
|
117
126
|
# Encrypt data without a header and encode with base64 which has a trailing '\n'
|
118
|
-
@encrypted_0_ssn
|
127
|
+
@encrypted_0_ssn = SymmetricEncryption.cipher(0).encode(SymmetricEncryption.cipher(0).binary_encrypt(@social_security_number, header: false))
|
119
128
|
|
120
129
|
SymmetricEncryption.select_cipher do |encoded_str, decoded_str|
|
121
130
|
# Use cipher version 0 if the encoded string ends with "\n" otherwise
|
@@ -138,7 +147,7 @@ class SymmetricEncryptionTest < Minitest::Test
|
|
138
147
|
before do
|
139
148
|
@social_security_number = '987654321'
|
140
149
|
# Encrypt data without a header and encode with base64 which has a trailing '\n'
|
141
|
-
assert @encrypted_0_ssn = SymmetricEncryption.cipher(0).encode(SymmetricEncryption.cipher(0).binary_encrypt(@social_security_number,
|
150
|
+
assert @encrypted_0_ssn = SymmetricEncryption.cipher(0).encode(SymmetricEncryption.cipher(0).binary_encrypt(@social_security_number, header: false))
|
142
151
|
end
|
143
152
|
|
144
153
|
it 'decrypt string without a header using an old cipher' do
|
@@ -155,22 +164,19 @@ class SymmetricEncryptionTest < Minitest::Test
|
|
155
164
|
|
156
165
|
it 'encrypt and then decrypt using random iv' do
|
157
166
|
# Encrypt with random iv
|
158
|
-
assert encrypted = SymmetricEncryption.encrypt(@social_security_number, true)
|
159
|
-
assert_equal true, SymmetricEncryption.encrypted?(encrypted)
|
167
|
+
assert encrypted = SymmetricEncryption.encrypt(@social_security_number, random_iv: true)
|
160
168
|
assert_equal @social_security_number, SymmetricEncryption.decrypt(encrypted)
|
161
169
|
end
|
162
170
|
|
163
171
|
it 'encrypt and then decrypt using random iv with higher version' do
|
164
172
|
# Encrypt with random iv
|
165
|
-
assert encrypted = SymmetricEncryption.cipher(6).encrypt(@social_security_number, true)
|
166
|
-
assert_equal true, SymmetricEncryption.encrypted?(encrypted)
|
173
|
+
assert encrypted = SymmetricEncryption.cipher(6).encrypt(@social_security_number, random_iv: true)
|
167
174
|
assert_equal @social_security_number, SymmetricEncryption.decrypt(encrypted)
|
168
175
|
end
|
169
176
|
|
170
177
|
it 'encrypt and then decrypt using random iv with compression' do
|
171
178
|
# Encrypt with random iv and compress
|
172
|
-
assert encrypted = SymmetricEncryption.encrypt(@social_security_number, true, true)
|
173
|
-
assert_equal true, SymmetricEncryption.encrypted?(encrypted)
|
179
|
+
assert encrypted = SymmetricEncryption.encrypt(@social_security_number, random_iv: true, compress: true)
|
174
180
|
assert_equal @social_security_number, SymmetricEncryption.decrypt(encrypted)
|
175
181
|
end
|
176
182
|
end
|
@@ -182,144 +188,53 @@ class SymmetricEncryptionTest < Minitest::Test
|
|
182
188
|
end
|
183
189
|
|
184
190
|
it 'encrypt and decrypt value to and from a string' do
|
185
|
-
assert encrypted = SymmetricEncryption.encrypt(@social_security_number,
|
186
|
-
assert_equal
|
187
|
-
assert_equal @social_security_number, SymmetricEncryption.decrypt(encrypted, nil, :string)
|
188
|
-
end
|
189
|
-
end
|
190
|
-
|
191
|
-
describe 'integer' do
|
192
|
-
before do
|
193
|
-
@age = 21
|
191
|
+
assert encrypted = SymmetricEncryption.encrypt(@social_security_number, type: :string)
|
192
|
+
assert_equal @social_security_number, SymmetricEncryption.decrypt(encrypted, type: :string)
|
194
193
|
end
|
195
194
|
|
196
|
-
it '
|
197
|
-
|
198
|
-
assert_equal
|
199
|
-
assert_equal
|
200
|
-
end
|
201
|
-
end
|
202
|
-
|
203
|
-
describe 'float' do
|
204
|
-
before do
|
205
|
-
@miles = 2.5
|
195
|
+
it 'retains empty' do
|
196
|
+
encrypted = SymmetricEncryption.encrypt('', type: :string)
|
197
|
+
assert_equal '', encrypted
|
198
|
+
assert_equal '', SymmetricEncryption.decrypt(encrypted, type: :string)
|
206
199
|
end
|
207
200
|
|
208
|
-
it '
|
209
|
-
|
210
|
-
|
211
|
-
assert_equal @miles, SymmetricEncryption.decrypt(encrypted, nil, :float)
|
201
|
+
it 'retains nil' do
|
202
|
+
assert_nil encrypted = SymmetricEncryption.encrypt(nil, type: :string)
|
203
|
+
assert_nil SymmetricEncryption.decrypt(encrypted, type: :string)
|
212
204
|
end
|
213
205
|
end
|
214
206
|
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
end
|
231
|
-
|
232
|
-
it 'encrypt and decrypt value to and from a DateTime' do
|
233
|
-
assert encrypted = SymmetricEncryption.encrypt(@checked_in_at, false, false, :datetime)
|
234
|
-
assert_equal true, SymmetricEncryption.encrypted?(encrypted)
|
235
|
-
assert_equal @checked_in_at, SymmetricEncryption.decrypt(encrypted, nil, :datetime)
|
236
|
-
end
|
237
|
-
end
|
238
|
-
|
239
|
-
describe 'time' do
|
240
|
-
before do
|
241
|
-
@closing_time = Time.new(2013, 01, 01, 22, 30, 00, "-04:00")
|
242
|
-
end
|
243
|
-
|
244
|
-
it 'encrypt and decrypt value to and from a Time' do
|
245
|
-
assert encrypted = SymmetricEncryption.encrypt(@closing_time, false, false, :time)
|
246
|
-
assert_equal true, SymmetricEncryption.encrypted?(encrypted)
|
247
|
-
assert_equal @closing_time, SymmetricEncryption.decrypt(encrypted, nil, :time)
|
248
|
-
end
|
249
|
-
end
|
250
|
-
|
251
|
-
describe 'date' do
|
252
|
-
before do
|
253
|
-
@birthdate = Date.new(1927, 04, 01)
|
254
|
-
end
|
255
|
-
|
256
|
-
it 'encrypt and decrypt value to and from a Date' do
|
257
|
-
assert encrypted = SymmetricEncryption.encrypt(@birthdate, false, false, :date)
|
258
|
-
assert_equal true, SymmetricEncryption.encrypted?(encrypted)
|
259
|
-
assert_equal @birthdate, SymmetricEncryption.decrypt(encrypted, nil, :date)
|
260
|
-
end
|
261
|
-
end
|
262
|
-
|
263
|
-
describe 'boolean' do
|
264
|
-
describe 'when true' do
|
265
|
-
before do
|
266
|
-
@is_working = true
|
267
|
-
end
|
268
|
-
|
269
|
-
it 'encrypt and decrypt a true value to and from a boolean' do
|
270
|
-
assert encrypted = SymmetricEncryption.encrypt(@is_working, false, false, :boolean)
|
271
|
-
assert_equal true, SymmetricEncryption.encrypted?(encrypted)
|
272
|
-
assert_equal @is_working, SymmetricEncryption.decrypt(encrypted, nil, :boolean)
|
273
|
-
end
|
274
|
-
end
|
275
|
-
|
276
|
-
describe 'when false' do
|
277
|
-
before do
|
278
|
-
@is_broken = false
|
207
|
+
{
|
208
|
+
integer: 21,
|
209
|
+
float: 2.5,
|
210
|
+
decimal: BigDecimal.new('12.58'),
|
211
|
+
datetime: DateTime.new(2001, 11, 26, 20, 55, 54, "-5"),
|
212
|
+
time: Time.new(2013, 01, 01, 22, 30, 00, "-04:00"),
|
213
|
+
date: Date.new(1927, 04, 01),
|
214
|
+
boolean: true,
|
215
|
+
yaml: {:a => :b},
|
216
|
+
json: {'a' => 'b'}
|
217
|
+
}.each_pair do |type, value|
|
218
|
+
describe type.to_s do
|
219
|
+
it 'encrypt and decrypt' do
|
220
|
+
assert encrypted = SymmetricEncryption.encrypt(value, type: type)
|
221
|
+
assert_equal value, SymmetricEncryption.decrypt(encrypted, type: type)
|
279
222
|
end
|
280
223
|
|
281
|
-
it '
|
282
|
-
|
283
|
-
|
284
|
-
assert_equal @is_broken, SymmetricEncryption.decrypt(encrypted, nil, :boolean)
|
224
|
+
it 'retains nil' do
|
225
|
+
assert_nil encrypted = SymmetricEncryption.encrypt(nil, type: type)
|
226
|
+
assert_nil SymmetricEncryption.decrypt(encrypted, type: type)
|
285
227
|
end
|
286
228
|
end
|
287
|
-
|
288
|
-
describe 'when yaml' do
|
289
|
-
before do
|
290
|
-
@test = {:a => :b}
|
291
|
-
end
|
292
|
-
|
293
|
-
it 'encrypt and decrypt a false value to and from a boolean' do
|
294
|
-
assert encrypted = SymmetricEncryption.encrypt(@test, false, false, :yaml)
|
295
|
-
assert_equal true, SymmetricEncryption.encrypted?(encrypted)
|
296
|
-
assert_equal @test, SymmetricEncryption.decrypt(encrypted, nil, :yaml)
|
297
|
-
end
|
298
|
-
end
|
299
|
-
|
300
229
|
end
|
301
|
-
end
|
302
230
|
|
303
|
-
|
304
|
-
|
305
|
-
|
306
|
-
|
307
|
-
|
308
|
-
let(:config) do
|
309
|
-
{
|
310
|
-
private_rsa_key: 'rsa_key',
|
311
|
-
ciphers: [{version: 1, always_add_header: true, key: 'key', iv: 'iv'}]
|
312
|
-
}
|
313
|
-
end
|
314
|
-
|
315
|
-
it 'removes unused config keys before generate the random keys' do
|
316
|
-
SymmetricEncryption::Config.stub(:read_config, config) do
|
317
|
-
SymmetricEncryption::Cipher.stub(:generate_random_keys, cipher_config) do
|
318
|
-
SymmetricEncryption.generate_symmetric_key_files(file_path, 'test')
|
319
|
-
end
|
231
|
+
describe 'boolean false' do
|
232
|
+
it 'encrypt and decrypt' do
|
233
|
+
assert encrypted = SymmetricEncryption.encrypt(false, type: :boolean)
|
234
|
+
assert_equal false, SymmetricEncryption.decrypt(encrypted, type: :boolean)
|
320
235
|
end
|
321
236
|
end
|
237
|
+
|
322
238
|
end
|
323
239
|
end
|
324
|
-
|
325
240
|
end
|
data/test/test_db.sqlite3
CHANGED
Binary file
|
data/test/writer_test.rb
CHANGED
@@ -6,52 +6,73 @@ require 'stringio'
|
|
6
6
|
class WriterTest < Minitest::Test
|
7
7
|
describe SymmetricEncryption::Writer do
|
8
8
|
before do
|
9
|
-
@data
|
9
|
+
@data = [
|
10
10
|
"Hello World\n",
|
11
11
|
"Keep this secret\n",
|
12
12
|
'And keep going even further and further...'
|
13
13
|
]
|
14
|
-
@data_str
|
15
|
-
@data_len
|
16
|
-
@
|
17
|
-
@
|
14
|
+
@data_str = @data.inject('') { |sum, str| sum << str }
|
15
|
+
@data_len = @data_str.length
|
16
|
+
@file_name = '._test'
|
17
|
+
@source_file_name = '._source_test'
|
18
18
|
end
|
19
19
|
|
20
20
|
after do
|
21
|
-
File.delete(@
|
21
|
+
File.delete(@file_name) if File.exist?(@file_name)
|
22
|
+
File.delete(@source_file_name) if File.exist?(@source_file_name)
|
22
23
|
end
|
23
24
|
|
24
|
-
|
25
|
-
stream
|
26
|
-
|
27
|
-
|
28
|
-
assert_equal @data_len, file.size
|
29
|
-
file.close
|
30
|
-
|
31
|
-
assert_equal @data_len, written_len
|
32
|
-
result = stream.string
|
33
|
-
result.force_encoding('binary') if defined?(Encoding)
|
34
|
-
assert_equal @data_encrypted, result
|
35
|
-
end
|
36
|
-
|
37
|
-
it 'encrypt to string stream using .open' do
|
38
|
-
written_len = 0
|
39
|
-
stream = StringIO.new
|
40
|
-
SymmetricEncryption::Writer.open(stream) do |file|
|
25
|
+
describe '#write' do
|
26
|
+
it 'encrypt to string stream' do
|
27
|
+
stream = StringIO.new
|
28
|
+
file = SymmetricEncryption::Writer.new(stream)
|
41
29
|
written_len = @data.inject(0) { |sum, str| sum + file.write(str) }
|
42
30
|
assert_equal @data_len, file.size
|
31
|
+
file.close
|
32
|
+
|
33
|
+
assert_equal @data_len, written_len
|
34
|
+
assert_equal @data_str, SymmetricEncryption::Reader.read(StringIO.new(stream.string))
|
43
35
|
end
|
44
|
-
assert_equal @data_len, written_len
|
45
36
|
end
|
46
37
|
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
38
|
+
describe '.open' do
|
39
|
+
it 'encrypt to stream' do
|
40
|
+
written_len = 0
|
41
|
+
stream = StringIO.new
|
42
|
+
SymmetricEncryption::Writer.open(stream) do |file|
|
43
|
+
written_len = @data.inject(0) { |sum, str| sum + file.write(str) }
|
44
|
+
assert_equal @data_len, file.size
|
45
|
+
end
|
46
|
+
assert_equal @data_len, written_len
|
47
|
+
end
|
48
|
+
|
49
|
+
it 'encrypt to file' do
|
50
|
+
written_len = nil
|
51
|
+
SymmetricEncryption::Writer.open(@file_name) do |file|
|
52
|
+
written_len = @data.inject(0) { |sum, str| sum + file.write(str) }
|
53
|
+
assert_equal @data_len, file.size
|
54
|
+
end
|
55
|
+
assert_equal @data_len, written_len
|
56
|
+
assert_equal @data_str, SymmetricEncryption::Reader.read(@file_name)
|
52
57
|
end
|
53
|
-
assert_equal @data_len, written_len
|
54
|
-
assert_equal @data_encrypted, File.open(@filename, 'rb') { |f| f.read }
|
55
58
|
end
|
59
|
+
|
60
|
+
describe '.encrypt' do
|
61
|
+
it 'stream' do
|
62
|
+
target_stream = StringIO.new
|
63
|
+
source_stream = StringIO.new(@data_str)
|
64
|
+
source_bytes = SymmetricEncryption::Writer.encrypt(source: source_stream, target: target_stream)
|
65
|
+
assert_equal @data_len, source_bytes
|
66
|
+
assert_equal @data_str, SymmetricEncryption::Reader.read(StringIO.new(target_stream.string))
|
67
|
+
end
|
68
|
+
|
69
|
+
it 'file' do
|
70
|
+
File.open(@source_file_name, 'wb') { |f| f.write(@data_str) }
|
71
|
+
source_bytes = SymmetricEncryption::Writer.encrypt(source: @source_file_name, target: @file_name)
|
72
|
+
assert_equal @data_len, source_bytes
|
73
|
+
assert_equal @data_str, SymmetricEncryption::Reader.read(@file_name)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
56
77
|
end
|
57
78
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: symmetric-encryption
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 4.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Reid Morrison
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-08-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: coercible
|
@@ -28,22 +28,19 @@ description: Transparently encrypt ActiveRecord, Mongoid, and MongoMapper attrib
|
|
28
28
|
Encrypt passwords in configuration files. Encrypt entire files at rest.
|
29
29
|
email:
|
30
30
|
- reidmo@gmail.com
|
31
|
-
executables:
|
31
|
+
executables:
|
32
|
+
- symmetric-encryption
|
32
33
|
extensions: []
|
33
34
|
extra_rdoc_files: []
|
34
35
|
files:
|
35
36
|
- LICENSE.txt
|
36
37
|
- README.md
|
37
38
|
- Rakefile
|
38
|
-
-
|
39
|
-
- lib/rails/generators/symmetric_encryption/config/config_generator.rb
|
40
|
-
- lib/rails/generators/symmetric_encryption/config/templates/symmetric-encryption.yml
|
41
|
-
- lib/rails/generators/symmetric_encryption/heroku_config/heroku_config_generator.rb
|
42
|
-
- lib/rails/generators/symmetric_encryption/heroku_config/templates/symmetric-encryption.yml
|
43
|
-
- lib/rails/generators/symmetric_encryption/new_keys/new_keys_generator.rb
|
39
|
+
- bin/symmetric-encryption
|
44
40
|
- lib/symmetric-encryption.rb
|
45
41
|
- lib/symmetric_encryption.rb
|
46
42
|
- lib/symmetric_encryption/cipher.rb
|
43
|
+
- lib/symmetric_encryption/cli.rb
|
47
44
|
- lib/symmetric_encryption/coerce.rb
|
48
45
|
- lib/symmetric_encryption/config.rb
|
49
46
|
- lib/symmetric_encryption/encoder.rb
|
@@ -52,13 +49,18 @@ files:
|
|
52
49
|
- lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb
|
53
50
|
- lib/symmetric_encryption/extensions/mongoid/encrypted.rb
|
54
51
|
- lib/symmetric_encryption/generator.rb
|
55
|
-
- lib/symmetric_encryption/
|
52
|
+
- lib/symmetric_encryption/header.rb
|
53
|
+
- lib/symmetric_encryption/key.rb
|
54
|
+
- lib/symmetric_encryption/keystore.rb
|
55
|
+
- lib/symmetric_encryption/keystore/environment.rb
|
56
|
+
- lib/symmetric_encryption/keystore/file.rb
|
57
|
+
- lib/symmetric_encryption/keystore/memory.rb
|
56
58
|
- lib/symmetric_encryption/railtie.rb
|
57
|
-
- lib/symmetric_encryption/railties/symmetric_encryption.rake
|
58
59
|
- lib/symmetric_encryption/railties/symmetric_encryption_validator.rb
|
59
60
|
- lib/symmetric_encryption/reader.rb
|
61
|
+
- lib/symmetric_encryption/rsa_key.rb
|
60
62
|
- lib/symmetric_encryption/symmetric_encryption.rb
|
61
|
-
- lib/symmetric_encryption/utils/
|
63
|
+
- lib/symmetric_encryption/utils/re_encrypt_files.rb
|
62
64
|
- lib/symmetric_encryption/version.rb
|
63
65
|
- lib/symmetric_encryption/writer.rb
|
64
66
|
- test/active_record_test.rb
|
@@ -73,6 +75,11 @@ files:
|
|
73
75
|
- test/config/test_secondary_1.iv
|
74
76
|
- test/config/test_secondary_1.key
|
75
77
|
- test/encoder_test.rb
|
78
|
+
- test/header_test.rb
|
79
|
+
- test/key_test.rb
|
80
|
+
- test/keystore/environment_test.rb
|
81
|
+
- test/keystore/file_test.rb
|
82
|
+
- test/keystore_test.rb
|
76
83
|
- test/mongoid_test.rb
|
77
84
|
- test/reader_test.rb
|
78
85
|
- test/symmetric_encryption_test.rb
|
@@ -116,6 +123,11 @@ test_files:
|
|
116
123
|
- test/config/test_secondary_1.iv
|
117
124
|
- test/config/test_secondary_1.key
|
118
125
|
- test/encoder_test.rb
|
126
|
+
- test/header_test.rb
|
127
|
+
- test/key_test.rb
|
128
|
+
- test/keystore/environment_test.rb
|
129
|
+
- test/keystore/file_test.rb
|
130
|
+
- test/keystore_test.rb
|
119
131
|
- test/mongoid_test.rb
|
120
132
|
- test/reader_test.rb
|
121
133
|
- test/symmetric_encryption_test.rb
|
@@ -1,108 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Symmetric Encryption for Ruby
|
3
|
-
#
|
4
|
-
---
|
5
|
-
# For the development and test environments the test symmetric encryption keys
|
6
|
-
# can be placed directly in the source code.
|
7
|
-
# And therefore no key encryption key is required
|
8
|
-
development: &development_defaults
|
9
|
-
key: 1234567890ABCDEF
|
10
|
-
iv: 1234567890ABCDEF
|
11
|
-
cipher: aes-128-cbc
|
12
|
-
|
13
|
-
test:
|
14
|
-
<<: *development_defaults
|
15
|
-
|
16
|
-
production:
|
17
|
-
# Since the encryption key must NOT be stored along with the
|
18
|
-
# source code, only store the key encryption key here.
|
19
|
-
#
|
20
|
-
# Test Key encryption key, DO NOT use this key, generate a new one using
|
21
|
-
# SymmetricEncryption::KeyEncryptionKey.generate
|
22
|
-
# Or use the rails generator to create a new config file as described in the readme
|
23
|
-
private_rsa_key: |
|
24
|
-
-----BEGIN RSA PRIVATE KEY-----
|
25
|
-
MIIEpAIBAAKCAQEAxIL9H/jYUGpA38v6PowRSRJEo3aNVXULNM/QNRpx2DTf++KH
|
26
|
-
6DcuFTFcNSSSxG9n4y7tKi755be8N0uwCCuOzvXqfWmXYjbLwK3Ib2vm0btpHyvA
|
27
|
-
qxgqeJOOCxKdW/cUFLWn0tACUcEjVCNfWEGaFyvkOUuR7Ub9KfhbW9cZO3BxZMUf
|
28
|
-
IPGlHl/gWyf484sXygd+S7cpDTRRzo9RjG74DwfE0MFGf9a1fTkxnSgeOJ6asTOy
|
29
|
-
fp9tEToUlbglKaYGpOGHYQ9TV5ZsyJ9jRUyb4SP5wK2eK6dHTxTcHvT03kD90Hv4
|
30
|
-
WeKIXv3WOjkwNEyMdpnJJfSDb5oquQvCNi7ZSQIDAQABAoIBAQCbzR7TUoBugU+e
|
31
|
-
ICLvpC2wOYOh9kRoFLwlyv3QnH7WZFWRZzFJszYeJ1xr5etXQtyjCnmOkGAg+WOI
|
32
|
-
k8GlOKOpAuA/PpB/leJFiYL4lBwU/PmDdTT0cdx6bMKZlNCeMW8CXGQKiFDOcMqJ
|
33
|
-
0uGtH5YD+RChPIEeFsJxnC8SyZ9/t2ra7XnMGiCZvRXIUDSEIIsRx/mOymJ7bL+h
|
34
|
-
Lbp46IfXf6ZuIzwzoIk0JReV/r+wdmkAVDkrrMkCmVS4/X1wN/Tiik9/yvbsh/CL
|
35
|
-
ztC55eSIEjATkWxnXfPASZN6oUfQPEveGH3HzNjdncjH/Ho8FaNMIAfFpBhhLPi9
|
36
|
-
nG5sbH+BAoGBAOdoUyVoAA/QUa3/FkQaa7Ajjehe5MR5k6VtaGtcxrLiBjrNR7x+
|
37
|
-
nqlZlGvWDMiCz49dgj+G1Qk1bbYrZLRX/Hjeqy5dZOGLMfgf9eKUmS1rDwAzBMcj
|
38
|
-
M9jnnJEBx8HIlNzaR6wzp3GMd0rrccs660A8URvzkgo9qNbvMLq9vyUtAoGBANll
|
39
|
-
SY1Iv9uaIz8klTXU9YzYtsfUmgXzw7K8StPdbEbo8F1J3JPJB4D7QHF0ObIaSWuf
|
40
|
-
suZqLsvWlYGuJeyX2ntlBN82ORfvUdOrdrbDlmPyj4PfFVl0AK3U3Ai374DNrjKR
|
41
|
-
hF6YFm4TLDaJhUjeV5C43kbE1N2FAMS9LYtPJ44NAoGAFDGHZ/E+aCLerddfwwun
|
42
|
-
MBS6MnftcLPHTZ1RimTrNfsBXipBw1ItWEvn5s0kCm9X24PmdNK4TnhqHYaF4DL5
|
43
|
-
ZjbQK1idEA2Mi8GGPIKJJ2x7P6I0HYiV4qy7fe/w1ZlCXE90B7PuPbtrQY9wO7Ll
|
44
|
-
ipJ45X6I1PnyfOcckn8yafUCgYACtPAlgjJhWZn2v03cTbqA9nHQKyV/zXkyUIXd
|
45
|
-
/XPLrjrP7ouAi5A8WuSChR/yx8ECRgrEM65Be3qBEtoGCB4AS1G0NcigM6qhKBFi
|
46
|
-
VS0aMXr3+V8argcUIwJaWW/x+p2go48yXlJpLHPweeXe8mXEt4iM+QZte6p2yKQ4
|
47
|
-
h9PGQQKBgQCqSydmXBnXGIVTp2sH/2GnpxLYnDBpcJE0tM8bJ42HEQQgRThIChsn
|
48
|
-
PnGA91G9MVikYapgI0VYBHQOTsz8rTIUzsKwXG+TIaK+W84nxH5y6jUkjqwxZmAz
|
49
|
-
r1URaMAun2PfAB4g2N/kEZTExgeOGqXjFhvvjdzl97ux2cTyZhaTXg==
|
50
|
-
-----END RSA PRIVATE KEY-----
|
51
|
-
|
52
|
-
# List Symmetric Key Ciphers in the order of current / newest first
|
53
|
-
ciphers:
|
54
|
-
-
|
55
|
-
# Name of the file containing the encrypted key and iv.
|
56
|
-
key_filename: /etc/rails/.rails.key
|
57
|
-
iv_filename: /etc/rails/.rails.iv
|
58
|
-
|
59
|
-
# Encryption cipher
|
60
|
-
# Recommended values:
|
61
|
-
# aes-256-cbc
|
62
|
-
# 256 AES CBC Algorithm. Very strong
|
63
|
-
# Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
|
64
|
-
# JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
|
65
|
-
# aes-128-cbc
|
66
|
-
# 128 AES CBC Algorithm. Less strong.
|
67
|
-
# Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
|
68
|
-
# JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
|
69
|
-
cipher: aes-256-cbc
|
70
|
-
|
71
|
-
# Set the way the encrypted data is encoded:
|
72
|
-
# base64
|
73
|
-
# Encrypted data is returned in base64 encoding format
|
74
|
-
# Symmetric::Encryption.decrypt will also base64 decode any data prior
|
75
|
-
# to decrypting it
|
76
|
-
# base64strict
|
77
|
-
# As base64 except that does not contain any newlines
|
78
|
-
# This is the recommended setting
|
79
|
-
# none
|
80
|
-
# Encrypted data is returned as raw binary
|
81
|
-
# Although smaller than base64 it cannot be stored in MySQL text columns
|
82
|
-
# It can only be held in binary columns such as BINARY or BLOB
|
83
|
-
# Default: base64
|
84
|
-
encoding: base64strict
|
85
|
-
|
86
|
-
# Version of this key so that when a new key is supplied, old encrypted data can be decrypted
|
87
|
-
# using the correct key.
|
88
|
-
# Increment this version with every time a new key is generated.
|
89
|
-
version: 2
|
90
|
-
|
91
|
-
# Highly Recommended to always set this to true.
|
92
|
-
# Add a header to every encrypted message.
|
93
|
-
always_add_header: true
|
94
|
-
|
95
|
-
# OPTIONAL:
|
96
|
-
#
|
97
|
-
# Any previous Symmetric Encryption Keys
|
98
|
-
#
|
99
|
-
# Only used when old data still exists that requires old decryption keys
|
100
|
-
# to be used
|
101
|
-
-
|
102
|
-
key_filename: /etc/rails/.rails_old.key
|
103
|
-
iv_filename: /etc/rails/.rails_old.iv
|
104
|
-
cipher: aes-256-cbc
|
105
|
-
encoding: base64strict
|
106
|
-
version: 1
|
107
|
-
always_add_header: true
|
108
|
-
|
@@ -1,22 +0,0 @@
|
|
1
|
-
module SymmetricEncryption
|
2
|
-
module Generators
|
3
|
-
class ConfigGenerator < Rails::Generators::Base
|
4
|
-
desc 'Creates a SymmetricEncryption configuration file at config/symmetric-encryption.yml'
|
5
|
-
|
6
|
-
argument :key_path, type: :string, optional: false
|
7
|
-
|
8
|
-
def self.source_root
|
9
|
-
@_symmetric_encryption_source_root ||= File.expand_path('../templates', __FILE__)
|
10
|
-
end
|
11
|
-
|
12
|
-
def app_name
|
13
|
-
Rails::Application.subclasses.first.parent.to_s.underscore
|
14
|
-
end
|
15
|
-
|
16
|
-
def create_config_file
|
17
|
-
template 'symmetric-encryption.yml', File.join('config', 'symmetric-encryption.yml')
|
18
|
-
end
|
19
|
-
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
@@ -1,50 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# Symmetric Encryption for Ruby
|
3
|
-
#
|
4
|
-
---
|
5
|
-
# For the development and test environments the test symmetric encryption keys
|
6
|
-
# can be placed directly in the source code.
|
7
|
-
# And therefore no key encryption key is required
|
8
|
-
development: &development_defaults
|
9
|
-
key: 1234567890ABCDEF
|
10
|
-
iv: 1234567890ABCDEF
|
11
|
-
cipher_name: aes-128-cbc
|
12
|
-
encoding: :base64strict
|
13
|
-
always_add_header: true
|
14
|
-
|
15
|
-
test:
|
16
|
-
<<: *development_defaults
|
17
|
-
|
18
|
-
release:
|
19
|
-
# Since the encryption key must NOT be stored along with the
|
20
|
-
# source code, only store the key encryption key here.
|
21
|
-
private_rsa_key: |
|
22
|
-
<%= SymmetricEncryption::KeyEncryptionKey.generate.each_line.collect { |line| " #{line}" }.join('') %>
|
23
|
-
|
24
|
-
# List Symmetric Key files in the order of current / latest first
|
25
|
-
ciphers:
|
26
|
-
-
|
27
|
-
# Name of the file containing the encrypted key and iv.
|
28
|
-
key_filename: <%= File.join(key_path, "#{app_name}_release.key") %>
|
29
|
-
iv_filename: <%= File.join(key_path, "#{app_name}_release.iv") %>
|
30
|
-
cipher_name: aes-256-cbc
|
31
|
-
encoding: :base64strict
|
32
|
-
version: 1
|
33
|
-
always_add_header: true
|
34
|
-
|
35
|
-
production:
|
36
|
-
# Since the encryption key must NOT be stored along with the
|
37
|
-
# source code, only store the key encryption key here.
|
38
|
-
private_rsa_key: |
|
39
|
-
<%= SymmetricEncryption::KeyEncryptionKey.generate.each_line.collect { |line| " #{line}" }.join('') %>
|
40
|
-
|
41
|
-
# List Symmetric Key files in the order of current / latest first
|
42
|
-
ciphers:
|
43
|
-
-
|
44
|
-
# Name of the file containing the encrypted key and iv.
|
45
|
-
key_filename: <%= File.join(key_path, "#{app_name}_production.key") %>
|
46
|
-
iv_filename: <%= File.join(key_path, "#{app_name}_production.iv") %>
|
47
|
-
cipher_name: aes-256-cbc
|
48
|
-
encoding: :base64strict
|
49
|
-
version: 1
|
50
|
-
always_add_header: true
|
@@ -1,20 +0,0 @@
|
|
1
|
-
module SymmetricEncryption
|
2
|
-
module Generators
|
3
|
-
class HerokuConfigGenerator < Rails::Generators::Base
|
4
|
-
desc 'Creates a SymmetricEncryption configuration file at config/symmetric-encryption.yml for use in heroku'
|
5
|
-
|
6
|
-
def self.source_root
|
7
|
-
@_symmetric_encryption_source_root ||= File.expand_path('../templates', __FILE__)
|
8
|
-
end
|
9
|
-
|
10
|
-
def app_name
|
11
|
-
Rails::Application.subclasses.first.parent.to_s.underscore
|
12
|
-
end
|
13
|
-
|
14
|
-
def create_config_file
|
15
|
-
template 'symmetric-encryption.yml', File.join('config', 'symmetric-encryption.yml')
|
16
|
-
end
|
17
|
-
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|