symmetric-encryption 4.1.0.beta1 → 4.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/symmetric_encryption/cipher.rb +9 -2
- data/lib/symmetric_encryption/cli.rb +13 -6
- data/lib/symmetric_encryption/config.rb +9 -6
- data/lib/symmetric_encryption/encoder.rb +6 -0
- data/lib/symmetric_encryption/extensions/mongoid/encrypted.rb +1 -0
- data/lib/symmetric_encryption/generator.rb +1 -1
- data/lib/symmetric_encryption/header.rb +7 -5
- data/lib/symmetric_encryption/key.rb +2 -0
- data/lib/symmetric_encryption/keystore/aws.rb +9 -9
- data/lib/symmetric_encryption/keystore/environment.rb +3 -2
- data/lib/symmetric_encryption/keystore/file.rb +1 -1
- data/lib/symmetric_encryption/keystore/memory.rb +1 -1
- data/lib/symmetric_encryption/keystore.rb +15 -16
- data/lib/symmetric_encryption/railtie.rb +7 -2
- data/lib/symmetric_encryption/railties/symmetric_encryption_validator.rb +1 -0
- data/lib/symmetric_encryption/reader.rb +50 -58
- data/lib/symmetric_encryption/symmetric_encryption.rb +2 -1
- data/lib/symmetric_encryption/utils/aws.rb +6 -4
- data/lib/symmetric_encryption/utils/re_encrypt_files.rb +2 -2
- data/lib/symmetric_encryption/version.rb +1 -1
- data/lib/symmetric_encryption/writer.rb +33 -27
- data/lib/symmetric_encryption.rb +26 -5
- data/test/active_record_test.rb +25 -25
- data/test/cipher_test.rb +3 -3
- data/test/header_test.rb +1 -1
- data/test/keystore/aws_test.rb +7 -7
- data/test/keystore/file_test.rb +1 -1
- data/test/keystore_test.rb +2 -2
- data/test/mongoid_test.rb +15 -15
- data/test/reader_test.rb +28 -8
- data/test/symmetric_encryption_test.rb +2 -2
- data/test/test_db.sqlite3 +0 -0
- data/test/utils/aws_test.rb +1 -2
- data/test/writer_test.rb +48 -46
- metadata +23 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 825c28cf5b38d4cf22d26f4ed8196bbf1085ee0e09b372ab3c30aa055238902f
|
4
|
+
data.tar.gz: de736c34beb30c50e9316f0f85cade71b022caac4fe4ca94cc61c94d0c8fe1aa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 711727ec509464e8807f798f82c4944c25f37a2cd48ec190c93f4f0134437887c8355fedf199157727ffd7faaa1023146fa95946ee6f2f9ec8a648426ec68f60
|
7
|
+
data.tar.gz: 834ae0b58bd0ca3011b846a94709203ac648a6cd341c5f86f18c82fa4b4c9b16abfc400af9d3c7c0f0348b4127db7c425de56345738bfde0de5dae97666a4031
|
@@ -133,8 +133,10 @@ module SymmetricEncryption
|
|
133
133
|
# compression
|
134
134
|
def encrypt(str, random_iv: false, compress: false, header: always_add_header)
|
135
135
|
return if str.nil?
|
136
|
+
|
136
137
|
str = str.to_s
|
137
138
|
return str if str.empty?
|
139
|
+
|
138
140
|
encrypted = binary_encrypt(str, random_iv: random_iv, compress: compress, header: header)
|
139
141
|
encode(encrypted)
|
140
142
|
end
|
@@ -161,6 +163,7 @@ module SymmetricEncryption
|
|
161
163
|
return unless decoded
|
162
164
|
|
163
165
|
return decoded if decoded.empty?
|
166
|
+
|
164
167
|
decrypted = binary_decrypt(decoded)
|
165
168
|
|
166
169
|
# Try to force result to UTF-8 encoding, but if it is not valid, force it back to Binary
|
@@ -178,6 +181,7 @@ module SymmetricEncryption
|
|
178
181
|
# Returned string is UTF8 encoded except for encoding :none
|
179
182
|
def encode(binary_string)
|
180
183
|
return binary_string if binary_string.nil? || (binary_string == '')
|
184
|
+
|
181
185
|
encoder.encode(binary_string)
|
182
186
|
end
|
183
187
|
|
@@ -187,6 +191,7 @@ module SymmetricEncryption
|
|
187
191
|
# Returned string is Binary encoded
|
188
192
|
def decode(encoded_string)
|
189
193
|
return encoded_string if encoded_string.nil? || (encoded_string == '')
|
194
|
+
|
190
195
|
encoder.decode(encoded_string)
|
191
196
|
end
|
192
197
|
|
@@ -243,6 +248,7 @@ module SymmetricEncryption
|
|
243
248
|
# See #encrypt to encrypt and encode the result as a string.
|
244
249
|
def binary_encrypt(str, random_iv: false, compress: false, header: always_add_header)
|
245
250
|
return if str.nil?
|
251
|
+
|
246
252
|
string = str.to_s
|
247
253
|
return string if string.empty?
|
248
254
|
|
@@ -300,6 +306,7 @@ module SymmetricEncryption
|
|
300
306
|
# is automatically set to the same UTF-8 or Binary encoding
|
301
307
|
def binary_decrypt(encrypted_string, header: Header.new)
|
302
308
|
return if encrypted_string.nil?
|
309
|
+
|
303
310
|
str = encrypted_string.to_s
|
304
311
|
str.force_encoding(SymmetricEncryption::BINARY_ENCODING)
|
305
312
|
return str if str.empty?
|
@@ -309,8 +316,8 @@ module SymmetricEncryption
|
|
309
316
|
|
310
317
|
openssl_cipher = ::OpenSSL::Cipher.new(header.cipher_name || cipher_name)
|
311
318
|
openssl_cipher.decrypt
|
312
|
-
openssl_cipher.key
|
313
|
-
if (iv
|
319
|
+
openssl_cipher.key = header.key || @key
|
320
|
+
if (iv = header.iv || @iv)
|
314
321
|
openssl_cipher.iv = iv
|
315
322
|
end
|
316
323
|
result = openssl_cipher.update(data)
|
@@ -70,7 +70,7 @@ module SymmetricEncryption
|
|
70
70
|
end
|
71
71
|
|
72
72
|
def parser
|
73
|
-
@parser
|
73
|
+
@parser ||= OptionParser.new do |opts|
|
74
74
|
opts.banner = <<~BANNER
|
75
75
|
Symmetric Encryption v#{VERSION}
|
76
76
|
|
@@ -99,10 +99,14 @@ module SymmetricEncryption
|
|
99
99
|
@prompt = true
|
100
100
|
end
|
101
101
|
|
102
|
-
opts.on '-z', '--compress', 'Compress encrypted output file.' do
|
102
|
+
opts.on '-z', '--compress', 'Compress encrypted output file. [Default for encrypting files]' do
|
103
103
|
@compress = true
|
104
104
|
end
|
105
105
|
|
106
|
+
opts.on '-Z', '--no-compress', 'Does not compress the output file. [Default for encrypting strings]' do
|
107
|
+
@compress = false
|
108
|
+
end
|
109
|
+
|
106
110
|
opts.on '-E', '--env ENVIRONMENT', "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
|
107
111
|
@environment = environment
|
108
112
|
end
|
@@ -208,7 +212,7 @@ module SymmetricEncryption
|
|
208
212
|
|
209
213
|
config_file_does_not_exist!
|
210
214
|
self.environments ||= %i[development test release production]
|
211
|
-
args
|
215
|
+
args = {
|
212
216
|
app_name: app_name,
|
213
217
|
environments: environments,
|
214
218
|
cipher_name: cipher_name
|
@@ -250,7 +254,8 @@ module SymmetricEncryption
|
|
250
254
|
config.each_pair do |env, cfg|
|
251
255
|
next if environments && !environments.include?(env.to_sym)
|
252
256
|
next unless ciphers = cfg[:ciphers]
|
253
|
-
|
257
|
+
|
258
|
+
highest = ciphers.max_by { |i| i[:version] }
|
254
259
|
ciphers.clear
|
255
260
|
ciphers << highest
|
256
261
|
end
|
@@ -264,7 +269,8 @@ module SymmetricEncryption
|
|
264
269
|
config.each_pair do |env, cfg|
|
265
270
|
next if environments && !environments.include?(env.to_sym)
|
266
271
|
next unless ciphers = cfg[:ciphers]
|
267
|
-
|
272
|
+
|
273
|
+
highest = ciphers.max_by { |i| i[:version] }
|
268
274
|
ciphers.delete(highest)
|
269
275
|
ciphers.unshift(highest)
|
270
276
|
end
|
@@ -312,7 +318,7 @@ module SymmetricEncryption
|
|
312
318
|
|
313
319
|
puts('Values do not match, please try again') if value1 != value2
|
314
320
|
end
|
315
|
-
|
321
|
+
compress = false if compress.nil?
|
316
322
|
encrypted = SymmetricEncryption.cipher(version).encrypt(value1, compress: compress)
|
317
323
|
output_file_name ? File.open(output_file_name, 'wb') { |f| f << encrypted } : puts("\n\nEncrypted: #{encrypted}\n\n")
|
318
324
|
end
|
@@ -334,6 +340,7 @@ module SymmetricEncryption
|
|
334
340
|
# Ensure that the config file does not already exist before generating a new one.
|
335
341
|
def config_file_does_not_exist!
|
336
342
|
return unless File.exist?(config_file_path)
|
343
|
+
|
337
344
|
puts "\nConfiguration file already exists, please move or rename: #{config_file_path}\n\n"
|
338
345
|
exit(-1)
|
339
346
|
end
|
@@ -53,8 +53,8 @@ module SymmetricEncryption
|
|
53
53
|
env ||= defined?(Rails) ? Rails.env : ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
|
54
54
|
|
55
55
|
unless file_name
|
56
|
-
root
|
57
|
-
file_name
|
56
|
+
root = defined?(Rails) ? Rails.root : '.'
|
57
|
+
file_name =
|
58
58
|
if (env_var = ENV['SYMMETRIC_ENCRYPTION_CONFIG'])
|
59
59
|
File.expand_path(env_var)
|
60
60
|
else
|
@@ -101,6 +101,7 @@ module SymmetricEncryption
|
|
101
101
|
object
|
102
102
|
end
|
103
103
|
end
|
104
|
+
|
104
105
|
private_class_method :deep_symbolize_keys
|
105
106
|
|
106
107
|
# Iterate through the Hash symbolizing all keys.
|
@@ -119,28 +120,29 @@ module SymmetricEncryption
|
|
119
120
|
object
|
120
121
|
end
|
121
122
|
end
|
123
|
+
|
122
124
|
private_class_method :deep_stringify_keys
|
123
125
|
|
124
126
|
# Migrate old configuration format for this environment
|
125
127
|
def self.migrate_old_formats!(config)
|
126
128
|
# Inline single cipher before :ciphers
|
127
129
|
unless config.key?(:ciphers)
|
128
|
-
inline_cipher
|
130
|
+
inline_cipher = {}
|
129
131
|
config.keys.each { |key| inline_cipher[key] = config.delete(key) }
|
130
|
-
config[:ciphers]
|
132
|
+
config[:ciphers] = [inline_cipher]
|
131
133
|
end
|
132
134
|
|
133
135
|
# Copy Old :private_rsa_key into each ciphers config
|
134
136
|
# Cipher.from_config replaces it with the RSA Kek
|
135
137
|
if config[:private_rsa_key]
|
136
|
-
private_rsa_key
|
138
|
+
private_rsa_key = config.delete(:private_rsa_key)
|
137
139
|
config[:ciphers].each { |cipher| cipher[:private_rsa_key] = private_rsa_key }
|
138
140
|
end
|
139
141
|
|
140
142
|
# Old :cipher_name
|
141
143
|
config[:ciphers].each do |cipher|
|
142
144
|
if (old_key_name_cipher = cipher.delete(:cipher))
|
143
|
-
cipher[:cipher_name]
|
145
|
+
cipher[:cipher_name] = old_key_name_cipher
|
144
146
|
end
|
145
147
|
|
146
148
|
# Only temporarily used during v4 Beta process
|
@@ -156,6 +158,7 @@ module SymmetricEncryption
|
|
156
158
|
end
|
157
159
|
config
|
158
160
|
end
|
161
|
+
|
159
162
|
private_class_method :migrate_old_formats!
|
160
163
|
end
|
161
164
|
end
|
@@ -36,12 +36,14 @@ module SymmetricEncryption
|
|
36
36
|
class Base64
|
37
37
|
def encode(binary_string)
|
38
38
|
return binary_string if binary_string.nil? || (binary_string == '')
|
39
|
+
|
39
40
|
encoded_string = ::Base64.encode64(binary_string)
|
40
41
|
encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
|
41
42
|
end
|
42
43
|
|
43
44
|
def decode(encoded_string)
|
44
45
|
return encoded_string if encoded_string.nil? || (encoded_string == '')
|
46
|
+
|
45
47
|
decoded_string = ::Base64.decode64(encoded_string)
|
46
48
|
decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
|
47
49
|
end
|
@@ -50,12 +52,14 @@ module SymmetricEncryption
|
|
50
52
|
class Base64Strict
|
51
53
|
def encode(binary_string)
|
52
54
|
return binary_string if binary_string.nil? || (binary_string == '')
|
55
|
+
|
53
56
|
encoded_string = ::Base64.strict_encode64(binary_string)
|
54
57
|
encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
|
55
58
|
end
|
56
59
|
|
57
60
|
def decode(encoded_string)
|
58
61
|
return encoded_string if encoded_string.nil? || (encoded_string == '')
|
62
|
+
|
59
63
|
decoded_string = ::Base64.decode64(encoded_string)
|
60
64
|
decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
|
61
65
|
end
|
@@ -64,12 +68,14 @@ module SymmetricEncryption
|
|
64
68
|
class Base16
|
65
69
|
def encode(binary_string)
|
66
70
|
return binary_string if binary_string.nil? || (binary_string == '')
|
71
|
+
|
67
72
|
encoded_string = binary_string.to_s.unpack('H*').first
|
68
73
|
encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
|
69
74
|
end
|
70
75
|
|
71
76
|
def decode(encoded_string)
|
72
77
|
return encoded_string if encoded_string.nil? || (encoded_string == '')
|
78
|
+
|
73
79
|
decoded_string = [encoded_string].pack('H*')
|
74
80
|
decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
|
75
81
|
end
|
@@ -12,7 +12,7 @@ module SymmetricEncryption
|
|
12
12
|
raise(ArgumentError, "Invalid type: #{type.inspect}. Valid types: #{SymmetricEncryption::COERCION_TYPES.inspect}") unless SymmetricEncryption::COERCION_TYPES.include?(type)
|
13
13
|
|
14
14
|
if model.const_defined?(:EncryptedAttributes, _search_ancestors = false)
|
15
|
-
mod
|
15
|
+
mod = model.const_get(:EncryptedAttributes)
|
16
16
|
else
|
17
17
|
mod = model.const_set(:EncryptedAttributes, Module.new)
|
18
18
|
model.send(:include, mod)
|
@@ -38,6 +38,7 @@ module SymmetricEncryption
|
|
38
38
|
# Note: The encoding of the supplied buffer is forced to binary if not already binary
|
39
39
|
def self.present?(buffer)
|
40
40
|
return false if buffer.nil? || (buffer == '')
|
41
|
+
|
41
42
|
buffer.force_encoding(SymmetricEncryption::BINARY_ENCODING)
|
42
43
|
buffer.start_with?(MAGIC_HEADER)
|
43
44
|
end
|
@@ -112,6 +113,7 @@ module SymmetricEncryption
|
|
112
113
|
def parse!(buffer)
|
113
114
|
offset = parse(buffer)
|
114
115
|
return if offset.zero?
|
116
|
+
|
115
117
|
buffer.slice!(0..offset - 1)
|
116
118
|
buffer
|
117
119
|
end
|
@@ -151,7 +153,7 @@ module SymmetricEncryption
|
|
151
153
|
|
152
154
|
# Remove header and extract flags
|
153
155
|
self.version = buffer.getbyte(offset)
|
154
|
-
offset
|
156
|
+
offset += 1
|
155
157
|
|
156
158
|
unless cipher
|
157
159
|
raise(
|
@@ -160,7 +162,7 @@ module SymmetricEncryption
|
|
160
162
|
)
|
161
163
|
end
|
162
164
|
|
163
|
-
flags
|
165
|
+
flags = buffer.getbyte(offset)
|
164
166
|
offset += 1
|
165
167
|
|
166
168
|
self.compress = (flags & FLAG_COMPRESSED) != 0
|
@@ -195,7 +197,7 @@ module SymmetricEncryption
|
|
195
197
|
|
196
198
|
# Returns [String] this header as a string
|
197
199
|
def to_s
|
198
|
-
flags
|
200
|
+
flags = 0
|
199
201
|
flags |= FLAG_COMPRESSED if compressed?
|
200
202
|
flags |= FLAG_IV if iv
|
201
203
|
flags |= FLAG_KEY if key
|
@@ -256,9 +258,9 @@ module SymmetricEncryption
|
|
256
258
|
# Exception when
|
257
259
|
# - offset exceeds length of buffer
|
258
260
|
# byteslice truncates when too long, but returns nil when start is beyond end of buffer
|
259
|
-
len
|
261
|
+
len = buffer.byteslice(offset, 2).unpack('v').first
|
260
262
|
offset += 2
|
261
|
-
out
|
263
|
+
out = buffer.byteslice(offset, len)
|
262
264
|
[out, offset + len]
|
263
265
|
end
|
264
266
|
end
|
@@ -11,6 +11,7 @@ module SymmetricEncryption
|
|
11
11
|
|
12
12
|
def encrypt(string)
|
13
13
|
return if string.nil?
|
14
|
+
|
14
15
|
string = string.to_s
|
15
16
|
return string if string.empty?
|
16
17
|
|
@@ -26,6 +27,7 @@ module SymmetricEncryption
|
|
26
27
|
|
27
28
|
def decrypt(encrypted_string)
|
28
29
|
return if encrypted_string.nil?
|
30
|
+
|
29
31
|
encrypted_string = encrypted_string.to_s
|
30
32
|
encrypted_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
|
31
33
|
return encrypted_string if encrypted_string.empty?
|
@@ -70,22 +70,22 @@ module SymmetricEncryption
|
|
70
70
|
# iv: 'T80pYzD0E6e/bJCdjZ6TiQ=='
|
71
71
|
# }
|
72
72
|
def self.generate_data_key(version: 0,
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
73
|
+
regions: Utils::Aws::AWS_US_REGIONS,
|
74
|
+
dek: nil,
|
75
|
+
cipher_name:,
|
76
|
+
app_name:,
|
77
|
+
environment:,
|
78
|
+
key_path:)
|
79
79
|
|
80
80
|
# TODO: Also support generating environment variables instead of files.
|
81
81
|
|
82
82
|
version >= 255 ? (version = 1) : (version += 1)
|
83
|
-
regions
|
83
|
+
regions = Array(regions).dup
|
84
84
|
|
85
85
|
master_key_alias = master_key_alias(app_name, environment)
|
86
86
|
|
87
87
|
# File per region for holding the encrypted data key
|
88
|
-
key_files
|
88
|
+
key_files = regions.collect do |region|
|
89
89
|
file_name = "#{app_name}_#{environment}_#{region}_v#{version}.encrypted_key"
|
90
90
|
{region: region, file_name: ::File.join(key_path, file_name)}
|
91
91
|
end
|
@@ -146,7 +146,7 @@ module SymmetricEncryption
|
|
146
146
|
region = key_file[:region]
|
147
147
|
file_name = key_file[:file_name]
|
148
148
|
|
149
|
-
raise(ArgumentError,
|
149
|
+
raise(ArgumentError, 'region and file_name are mandatory for each key_file entry') unless region && file_name
|
150
150
|
|
151
151
|
encrypted_data_key = aws(region).encrypt(data_key)
|
152
152
|
encoded_dek = Base64.strict_encode64(encrypted_data_key)
|
@@ -10,7 +10,7 @@ module SymmetricEncryption
|
|
10
10
|
def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil)
|
11
11
|
version >= 255 ? (version = 1) : (version += 1)
|
12
12
|
|
13
|
-
kek
|
13
|
+
kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
|
14
14
|
dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
|
15
15
|
|
16
16
|
key_env_var = "#{app_name}_#{environment}_v#{version}".upcase.tr('-', '_')
|
@@ -41,6 +41,7 @@ module SymmetricEncryption
|
|
41
41
|
def read
|
42
42
|
encrypted = ENV[key_env_var]
|
43
43
|
raise "The Environment Variable #{key_env_var} must be set with the encrypted encryption key." unless encrypted
|
44
|
+
|
44
45
|
binary = encoder.decode(encrypted)
|
45
46
|
key_encrypting_key.decrypt(binary)
|
46
47
|
end
|
@@ -49,7 +50,7 @@ module SymmetricEncryption
|
|
49
50
|
def write(key)
|
50
51
|
encrypted_key = key_encrypting_key.encrypt(key)
|
51
52
|
puts "\n\n********************************************************************************"
|
52
|
-
puts
|
53
|
+
puts 'Set the environment variable as follows:'
|
53
54
|
puts " export #{key_env_var}=\"#{encoder.encode(encrypted_key)}\""
|
54
55
|
puts '********************************************************************************'
|
55
56
|
end
|
@@ -9,7 +9,7 @@ module SymmetricEncryption
|
|
9
9
|
def self.generate_data_key(key_path:, cipher_name:, app_name:, environment:, version: 0, dek: nil)
|
10
10
|
version >= 255 ? (version = 1) : (version += 1)
|
11
11
|
|
12
|
-
dek
|
12
|
+
dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
|
13
13
|
kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
|
14
14
|
kekek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
|
15
15
|
|
@@ -15,7 +15,7 @@ module SymmetricEncryption
|
|
15
15
|
def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil)
|
16
16
|
version >= 255 ? (version = 1) : (version += 1)
|
17
17
|
|
18
|
-
kek
|
18
|
+
kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
|
19
19
|
dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
|
20
20
|
|
21
21
|
encrypted_key = new(key_encrypting_key: kek).write(dek.key)
|
@@ -72,7 +72,7 @@ module SymmetricEncryption
|
|
72
72
|
|
73
73
|
keystore_class = keystore ? constantize_symbol(keystore) : keystore_for(config)
|
74
74
|
|
75
|
-
args
|
75
|
+
args = {
|
76
76
|
cipher_name: cipher_name,
|
77
77
|
app_name: app_name,
|
78
78
|
version: version,
|
@@ -104,7 +104,7 @@ module SymmetricEncryption
|
|
104
104
|
# Only generate new keys for keystore's that have a key encrypting key
|
105
105
|
next unless config[:key_encrypting_key]
|
106
106
|
|
107
|
-
version
|
107
|
+
version = config.delete(:version) || 1
|
108
108
|
version -= 1
|
109
109
|
|
110
110
|
always_add_header = config.delete(:always_add_header)
|
@@ -117,7 +117,7 @@ module SymmetricEncryption
|
|
117
117
|
cipher_name = key.cipher_name
|
118
118
|
keystore_class = keystore_for(config)
|
119
119
|
|
120
|
-
args
|
120
|
+
args = {
|
121
121
|
cipher_name: cipher_name,
|
122
122
|
app_name: app_name,
|
123
123
|
version: version,
|
@@ -141,14 +141,14 @@ module SymmetricEncryption
|
|
141
141
|
def self.dev_config
|
142
142
|
{
|
143
143
|
ciphers:
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
144
|
+
[
|
145
|
+
{
|
146
|
+
key: '1234567890ABCDEF',
|
147
|
+
iv: '1234567890ABCDEF',
|
148
|
+
cipher_name: 'aes-128-cbc',
|
149
|
+
version: 1
|
150
|
+
}
|
151
|
+
]
|
152
152
|
}
|
153
153
|
end
|
154
154
|
|
@@ -219,12 +219,12 @@ module SymmetricEncryption
|
|
219
219
|
|
220
220
|
# Migrate old encrypted_iv
|
221
221
|
if (encrypted_iv = config.delete(:encrypted_iv)) && private_rsa_key
|
222
|
-
encrypted_iv
|
223
|
-
config[:iv]
|
222
|
+
encrypted_iv = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
|
223
|
+
config[:iv] = ::Base64.decode64(encrypted_iv)
|
224
224
|
end
|
225
225
|
|
226
226
|
# Migrate old iv_filename
|
227
|
-
if (file_name
|
227
|
+
if (file_name = config.delete(:iv_filename)) && private_rsa_key
|
228
228
|
encrypted_iv = ::File.read(file_name)
|
229
229
|
config[:iv] = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
|
230
230
|
end
|
@@ -233,10 +233,9 @@ module SymmetricEncryption
|
|
233
233
|
config[:key_encrypting_key] = RSAKey.new(private_rsa_key) if private_rsa_key
|
234
234
|
|
235
235
|
# Migrate old encrypted_key to new binary format
|
236
|
-
if (encrypted_key
|
236
|
+
if (encrypted_key = config[:encrypted_key]) && private_rsa_key
|
237
237
|
config[:encrypted_key] = ::Base64.decode64(encrypted_key)
|
238
238
|
end
|
239
239
|
end
|
240
|
-
|
241
240
|
end
|
242
241
|
end
|