symmetric-encryption 4.1.0.beta1 → 4.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 674089b02b1620226cd6282347185623f2e94584d31759a42200fed1288f4bc2
-  data.tar.gz: 35d96710285ed9190f5d75e36471489f137ae19ba64bc3bcebf3224020d75b30
+  metadata.gz: 825c28cf5b38d4cf22d26f4ed8196bbf1085ee0e09b372ab3c30aa055238902f
+  data.tar.gz: de736c34beb30c50e9316f0f85cade71b022caac4fe4ca94cc61c94d0c8fe1aa
 SHA512:
-  metadata.gz: 57a4050574792eaeca82e4c0174ed4676491e30c09186380f4f72c5d39c4fe6cd430ba025ae1b9ff6c4cfec7101b181787f6f295bb1b8c44269dddd0145cfb26
-  data.tar.gz: 9837704656992c51e9771e962331e04f0be6b0b2ba3b577f1196cb091cd426a800147ebbe424b9e6f9ebabaf012b635f0f480438112436b7f1eba55c04603f58
+  metadata.gz: 711727ec509464e8807f798f82c4944c25f37a2cd48ec190c93f4f0134437887c8355fedf199157727ffd7faaa1023146fa95946ee6f2f9ec8a648426ec68f60
+  data.tar.gz: 834ae0b58bd0ca3011b846a94709203ac648a6cd341c5f86f18c82fa4b4c9b16abfc400af9d3c7c0f0348b4127db7c425de56345738bfde0de5dae97666a4031

data/lib/symmetric_encryption/cipher.rb

@@ -133,8 +133,10 @@ module SymmetricEncryption
     #       compression
     def encrypt(str, random_iv: false, compress: false, header: always_add_header)
       return if str.nil?
+
       str = str.to_s
       return str if str.empty?
+
       encrypted = binary_encrypt(str, random_iv: random_iv, compress: compress, header: header)
       encode(encrypted)
     end
@@ -161,6 +163,7 @@ module SymmetricEncryption
       return unless decoded
 
       return decoded if decoded.empty?
+
       decrypted = binary_decrypt(decoded)
 
       # Try to force result to UTF-8 encoding, but if it is not valid, force it back to Binary
@@ -178,6 +181,7 @@ module SymmetricEncryption
     # Returned string is UTF8 encoded except for encoding :none
     def encode(binary_string)
       return binary_string if binary_string.nil? || (binary_string == '')
+
       encoder.encode(binary_string)
     end
 
@@ -187,6 +191,7 @@ module SymmetricEncryption
     # Returned string is Binary encoded
     def decode(encoded_string)
       return encoded_string if encoded_string.nil? || (encoded_string == '')
+
       encoder.decode(encoded_string)
     end
 
@@ -243,6 +248,7 @@ module SymmetricEncryption
     # See #encrypt to encrypt and encode the result as a string.
     def binary_encrypt(str, random_iv: false, compress: false, header: always_add_header)
       return if str.nil?
+
       string = str.to_s
       return string if string.empty?
 
@@ -300,6 +306,7 @@ module SymmetricEncryption
     #   is automatically set to the same UTF-8 or Binary encoding
     def binary_decrypt(encrypted_string, header: Header.new)
       return if encrypted_string.nil?
+
       str = encrypted_string.to_s
       str.force_encoding(SymmetricEncryption::BINARY_ENCODING)
       return str if str.empty?
@@ -309,8 +316,8 @@ module SymmetricEncryption
 
       openssl_cipher = ::OpenSSL::Cipher.new(header.cipher_name || cipher_name)
       openssl_cipher.decrypt
-      openssl_cipher.key = header.key || @key
-      if (iv = header.iv || @iv)
+      openssl_cipher.key  = header.key || @key
+      if (iv              = header.iv || @iv)
         openssl_cipher.iv = iv
       end
       result = openssl_cipher.update(data)

data/lib/symmetric_encryption/cli.rb

@@ -70,7 +70,7 @@ module SymmetricEncryption
     end
 
     def parser
-      @parser ||= OptionParser.new do |opts|
+      @parser     ||= OptionParser.new do |opts|
         opts.banner = <<~BANNER
           Symmetric Encryption v#{VERSION}
 
@@ -99,10 +99,14 @@ module SymmetricEncryption
           @prompt = true
         end
 
-        opts.on '-z', '--compress', 'Compress encrypted output file.' do
+        opts.on '-z', '--compress', 'Compress encrypted output file. [Default for encrypting files]' do
           @compress = true
         end
 
+        opts.on '-Z', '--no-compress', 'Does not compress the output file. [Default for encrypting strings]' do
+          @compress = false
+        end
+
         opts.on '-E', '--env ENVIRONMENT', "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
           @environment = environment
         end
@@ -208,7 +212,7 @@ module SymmetricEncryption
 
       config_file_does_not_exist!
       self.environments ||= %i[development test release production]
-      args              = {
+      args                = {
         app_name:     app_name,
         environments: environments,
         cipher_name:  cipher_name
@@ -250,7 +254,8 @@ module SymmetricEncryption
       config.each_pair do |env, cfg|
         next if environments && !environments.include?(env.to_sym)
         next unless ciphers = cfg[:ciphers]
-        highest = ciphers.max_by { |i| i[:version] }
+
+        highest             = ciphers.max_by { |i| i[:version] }
         ciphers.clear
         ciphers << highest
       end
@@ -264,7 +269,8 @@ module SymmetricEncryption
       config.each_pair do |env, cfg|
         next if environments && !environments.include?(env.to_sym)
         next unless ciphers = cfg[:ciphers]
-        highest = ciphers.max_by { |i| i[:version] }
+
+        highest             = ciphers.max_by { |i| i[:version] }
         ciphers.delete(highest)
         ciphers.unshift(highest)
       end
@@ -312,7 +318,7 @@ module SymmetricEncryption
 
         puts('Values do not match, please try again') if value1 != value2
       end
-
+      compress  = false if compress.nil?
       encrypted = SymmetricEncryption.cipher(version).encrypt(value1, compress: compress)
       output_file_name ? File.open(output_file_name, 'wb') { |f| f << encrypted } : puts("\n\nEncrypted: #{encrypted}\n\n")
     end
@@ -334,6 +340,7 @@ module SymmetricEncryption
     # Ensure that the config file does not already exist before generating a new one.
     def config_file_does_not_exist!
       return unless File.exist?(config_file_path)
+
       puts "\nConfiguration file already exists, please move or rename: #{config_file_path}\n\n"
       exit(-1)
     end

data/lib/symmetric_encryption/config.rb

@@ -53,8 +53,8 @@ module SymmetricEncryption
       env ||= defined?(Rails) ? Rails.env : ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
 
       unless file_name
-        root      = defined?(Rails) ? Rails.root : '.'
-        file_name =
+        root          = defined?(Rails) ? Rails.root : '.'
+        file_name     =
           if (env_var = ENV['SYMMETRIC_ENCRYPTION_CONFIG'])
             File.expand_path(env_var)
           else
@@ -101,6 +101,7 @@ module SymmetricEncryption
         object
       end
     end
+
     private_class_method :deep_symbolize_keys
 
     # Iterate through the Hash symbolizing all keys.
@@ -119,28 +120,29 @@ module SymmetricEncryption
         object
       end
     end
+
     private_class_method :deep_stringify_keys
 
     # Migrate old configuration format for this environment
     def self.migrate_old_formats!(config)
       # Inline single cipher before :ciphers
       unless config.key?(:ciphers)
-        inline_cipher = {}
+        inline_cipher                               = {}
         config.keys.each { |key| inline_cipher[key] = config.delete(key) }
-        config[:ciphers] = [inline_cipher]
+        config[:ciphers]                            = [inline_cipher]
       end
 
       # Copy Old :private_rsa_key into each ciphers config
       # Cipher.from_config replaces it with the RSA Kek
       if config[:private_rsa_key]
-        private_rsa_key = config.delete(:private_rsa_key)
+        private_rsa_key                                           = config.delete(:private_rsa_key)
         config[:ciphers].each { |cipher| cipher[:private_rsa_key] = private_rsa_key }
       end
 
       # Old :cipher_name
       config[:ciphers].each do |cipher|
         if (old_key_name_cipher = cipher.delete(:cipher))
-          cipher[:cipher_name] = old_key_name_cipher
+          cipher[:cipher_name]  = old_key_name_cipher
         end
 
         # Only temporarily used during v4 Beta process
@@ -156,6 +158,7 @@ module SymmetricEncryption
       end
       config
     end
+
     private_class_method :migrate_old_formats!
   end
 end

data/lib/symmetric_encryption/encoder.rb

@@ -36,12 +36,14 @@ module SymmetricEncryption
     class Base64
       def encode(binary_string)
         return binary_string if binary_string.nil? || (binary_string == '')
+
         encoded_string = ::Base64.encode64(binary_string)
         encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
       end
 
       def decode(encoded_string)
         return encoded_string if encoded_string.nil? || (encoded_string == '')
+
         decoded_string = ::Base64.decode64(encoded_string)
         decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
       end
@@ -50,12 +52,14 @@ module SymmetricEncryption
     class Base64Strict
       def encode(binary_string)
         return binary_string if binary_string.nil? || (binary_string == '')
+
         encoded_string = ::Base64.strict_encode64(binary_string)
         encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
       end
 
       def decode(encoded_string)
         return encoded_string if encoded_string.nil? || (encoded_string == '')
+
         decoded_string = ::Base64.decode64(encoded_string)
         decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
       end
@@ -64,12 +68,14 @@ module SymmetricEncryption
     class Base16
       def encode(binary_string)
         return binary_string if binary_string.nil? || (binary_string == '')
+
         encoded_string = binary_string.to_s.unpack('H*').first
         encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
       end
 
       def decode(encoded_string)
         return encoded_string if encoded_string.nil? || (encoded_string == '')
+
         decoded_string = [encoded_string].pack('H*')
         decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
       end

data/lib/symmetric_encryption/extensions/mongoid/encrypted.rb

@@ -1,3 +1,4 @@
+require 'mongoid'
 # Add :encrypted option for Mongoid models
 #
 # Example:

data/lib/symmetric_encryption/generator.rb

@@ -12,7 +12,7 @@ module SymmetricEncryption
       raise(ArgumentError, "Invalid type: #{type.inspect}. Valid types: #{SymmetricEncryption::COERCION_TYPES.inspect}") unless SymmetricEncryption::COERCION_TYPES.include?(type)
 
       if model.const_defined?(:EncryptedAttributes, _search_ancestors = false)
-        mod = model.const_get(:EncryptedAttributes)
+        mod                                                           = model.const_get(:EncryptedAttributes)
       else
         mod = model.const_set(:EncryptedAttributes, Module.new)
         model.send(:include, mod)

data/lib/symmetric_encryption/header.rb

@@ -38,6 +38,7 @@ module SymmetricEncryption
     # Note: The encoding of the supplied buffer is forced to binary if not already binary
     def self.present?(buffer)
       return false if buffer.nil? || (buffer == '')
+
       buffer.force_encoding(SymmetricEncryption::BINARY_ENCODING)
       buffer.start_with?(MAGIC_HEADER)
     end
@@ -112,6 +113,7 @@ module SymmetricEncryption
     def parse!(buffer)
       offset = parse(buffer)
       return if offset.zero?
+
       buffer.slice!(0..offset - 1)
       buffer
     end
@@ -151,7 +153,7 @@ module SymmetricEncryption
 
       # Remove header and extract flags
       self.version = buffer.getbyte(offset)
-      offset       += 1
+      offset      += 1
 
       unless cipher
         raise(
@@ -160,7 +162,7 @@ module SymmetricEncryption
         )
       end
 
-      flags  = buffer.getbyte(offset)
+      flags   = buffer.getbyte(offset)
       offset += 1
 
       self.compress = (flags & FLAG_COMPRESSED) != 0
@@ -195,7 +197,7 @@ module SymmetricEncryption
 
     # Returns [String] this header as a string
     def to_s
-      flags = 0
+      flags  = 0
       flags |= FLAG_COMPRESSED if compressed?
       flags |= FLAG_IV if iv
       flags |= FLAG_KEY if key
@@ -256,9 +258,9 @@ module SymmetricEncryption
       #   Exception when
       #   - offset exceeds length of buffer
       #   byteslice truncates when too long, but returns nil when start is beyond end of buffer
-      len    = buffer.byteslice(offset, 2).unpack('v').first
+      len     = buffer.byteslice(offset, 2).unpack('v').first
       offset += 2
-      out    = buffer.byteslice(offset, len)
+      out     = buffer.byteslice(offset, len)
       [out, offset + len]
     end
   end

data/lib/symmetric_encryption/key.rb

@@ -11,6 +11,7 @@ module SymmetricEncryption
 
     def encrypt(string)
       return if string.nil?
+
       string = string.to_s
       return string if string.empty?
 
@@ -26,6 +27,7 @@ module SymmetricEncryption
 
     def decrypt(encrypted_string)
       return if encrypted_string.nil?
+
       encrypted_string = encrypted_string.to_s
       encrypted_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
       return encrypted_string if encrypted_string.empty?

data/lib/symmetric_encryption/keystore/aws.rb

@@ -70,22 +70,22 @@ module SymmetricEncryption
       #   iv:          'T80pYzD0E6e/bJCdjZ6TiQ=='
       # }
       def self.generate_data_key(version: 0,
-        regions: Utils::Aws::AWS_US_REGIONS,
-        dek: nil,
-        cipher_name:,
-        app_name:,
-        environment:,
-        key_path:)
+                                 regions: Utils::Aws::AWS_US_REGIONS,
+                                 dek: nil,
+                                 cipher_name:,
+                                 app_name:,
+                                 environment:,
+                                 key_path:)
 
         # TODO: Also support generating environment variables instead of files.
 
         version >= 255 ? (version = 1) : (version += 1)
-        regions = Array(regions).dup
+        regions                   = Array(regions).dup
 
         master_key_alias = master_key_alias(app_name, environment)
 
         # File per region for holding the encrypted data key
-        key_files = regions.collect do |region|
+        key_files   = regions.collect do |region|
           file_name = "#{app_name}_#{environment}_#{region}_v#{version}.encrypted_key"
           {region: region, file_name: ::File.join(key_path, file_name)}
         end
@@ -146,7 +146,7 @@ module SymmetricEncryption
           region    = key_file[:region]
           file_name = key_file[:file_name]
 
-          raise(ArgumentError, "region and file_name are mandatory for each key_file entry") unless region && file_name
+          raise(ArgumentError, 'region and file_name are mandatory for each key_file entry') unless region && file_name
 
           encrypted_data_key = aws(region).encrypt(data_key)
           encoded_dek        = Base64.strict_encode64(encrypted_data_key)

data/lib/symmetric_encryption/keystore/environment.rb

@@ -10,7 +10,7 @@ module SymmetricEncryption
       def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil)
         version >= 255 ? (version = 1) : (version += 1)
 
-        kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
+        kek   = SymmetricEncryption::Key.new(cipher_name: cipher_name)
         dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
 
         key_env_var = "#{app_name}_#{environment}_v#{version}".upcase.tr('-', '_')
@@ -41,6 +41,7 @@ module SymmetricEncryption
       def read
         encrypted = ENV[key_env_var]
         raise "The Environment Variable #{key_env_var} must be set with the encrypted encryption key." unless encrypted
+
         binary = encoder.decode(encrypted)
         key_encrypting_key.decrypt(binary)
       end
@@ -49,7 +50,7 @@ module SymmetricEncryption
       def write(key)
         encrypted_key = key_encrypting_key.encrypt(key)
         puts "\n\n********************************************************************************"
-        puts "Set the environment variable as follows:"
+        puts 'Set the environment variable as follows:'
         puts "  export #{key_env_var}=\"#{encoder.encode(encrypted_key)}\""
         puts '********************************************************************************'
       end

data/lib/symmetric_encryption/keystore/file.rb

@@ -9,7 +9,7 @@ module SymmetricEncryption
       def self.generate_data_key(key_path:, cipher_name:, app_name:, environment:, version: 0, dek: nil)
         version >= 255 ? (version = 1) : (version += 1)
 
-        dek   ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
+        dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
         kek   = SymmetricEncryption::Key.new(cipher_name: cipher_name)
         kekek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
 

data/lib/symmetric_encryption/keystore/memory.rb

@@ -15,7 +15,7 @@ module SymmetricEncryption
       def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil)
         version >= 255 ? (version = 1) : (version += 1)
 
-        kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
+        kek   = SymmetricEncryption::Key.new(cipher_name: cipher_name)
         dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
 
         encrypted_key = new(key_encrypting_key: kek).write(dek.key)

data/lib/symmetric_encryption/keystore.rb

@@ -72,7 +72,7 @@ module SymmetricEncryption
 
         keystore_class = keystore ? constantize_symbol(keystore) : keystore_for(config)
 
-        args            = {
+        args = {
           cipher_name: cipher_name,
           app_name:    app_name,
           version:     version,
@@ -104,7 +104,7 @@ module SymmetricEncryption
         # Only generate new keys for keystore's that have a key encrypting key
         next unless config[:key_encrypting_key]
 
-        version = config.delete(:version) || 1
+        version  = config.delete(:version) || 1
         version -= 1
 
         always_add_header = config.delete(:always_add_header)
@@ -117,7 +117,7 @@ module SymmetricEncryption
         cipher_name    = key.cipher_name
         keystore_class = keystore_for(config)
 
-        args            = {
+        args = {
           cipher_name: cipher_name,
           app_name:    app_name,
           version:     version,
@@ -141,14 +141,14 @@ module SymmetricEncryption
     def self.dev_config
       {
         ciphers:
-          [
-            {
-              key:         '1234567890ABCDEF',
-              iv:          '1234567890ABCDEF',
-              cipher_name: 'aes-128-cbc',
-              version:     1
-            }
-          ]
+                 [
+                   {
+                     key:         '1234567890ABCDEF',
+                     iv:          '1234567890ABCDEF',
+                     cipher_name: 'aes-128-cbc',
+                     version:     1
+                   }
+                 ]
       }
     end
 
@@ -219,12 +219,12 @@ module SymmetricEncryption
 
       # Migrate old encrypted_iv
       if (encrypted_iv = config.delete(:encrypted_iv)) && private_rsa_key
-        encrypted_iv = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
-        config[:iv]  = ::Base64.decode64(encrypted_iv)
+        encrypted_iv   = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
+        config[:iv]    = ::Base64.decode64(encrypted_iv)
       end
 
       # Migrate old iv_filename
-      if (file_name = config.delete(:iv_filename)) && private_rsa_key
+      if (file_name  = config.delete(:iv_filename)) && private_rsa_key
         encrypted_iv = ::File.read(file_name)
         config[:iv]  = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
       end
@@ -233,10 +233,9 @@ module SymmetricEncryption
       config[:key_encrypting_key] = RSAKey.new(private_rsa_key) if private_rsa_key
 
       # Migrate old encrypted_key to new binary format
-      if (encrypted_key = config[:encrypted_key]) && private_rsa_key
+      if (encrypted_key        = config[:encrypted_key]) && private_rsa_key
         config[:encrypted_key] = ::Base64.decode64(encrypted_key)
       end
     end
-
   end
 end