symmetric-encryption 4.2.1 → 4.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 40e60b20cfaf40c1b3ad68fb05b12fd766886ac3d4527a02c8d456906e45b705
-  data.tar.gz: 3c87cffcfc26fe8a057619b3559c3f93ff5a3951c219eb90deb1c2054ae4495f
+  metadata.gz: d5499f0c6e33fc5eee0a2295623edd3bf35a247e1a6263a3e93f2c4e57219f22
+  data.tar.gz: ea3495cf8f5fe6b388725cd424ed13dc8b982c4ad225e78c7056f8d0f0d70cab
 SHA512:
-  metadata.gz: 479105df621736ea8ccaddc73129f4c6d9ebad8a6918a793044d9d3329f547e3a7cbd404719bcbd9918a5cedb0c18694f22173201e799ab70d3a8032a7a90ac6
-  data.tar.gz: dd8fd1b290bc1e2e55311234e8a06660dbc6f0849382189bc9408432caa519f973a1cbb7835eb97805136699eaf357772531cb7dfe6dbe2a62c33b4600c141f5
+  metadata.gz: a8a920045c6b813bb55e8a518727ffdaf03b0b5857f5326d8b6003946d81fb162f28eea69617934622626de66cbfbeaf27b464c5d7baa21e07332e2c7098f7e4
+  data.tar.gz: bb2a832909e3a81b1e357a4ec650e7f1fd93e81ab08a0a0f3664b586bc0bf60f1a821c26831f456138e77a7a29575bc976890f608ac10461a51e5fd86dbd2699

data/lib/symmetric_encryption.rb

@@ -10,10 +10,14 @@ end
 begin
   require 'active_support'
   ActiveSupport.on_load(:active_record) do
-    require 'symmetric_encryption/railties/attr_encrypted'
+    require 'symmetric_encryption/active_record/attr_encrypted'
     require 'symmetric_encryption/railties/symmetric_encryption_validator'
 
-    ActiveRecord::Base.include(SymmetricEncryption::Railties::AttrEncrypted)
+    if ActiveRecord.version >= Gem::Version.new('5.0.0')
+      ActiveRecord::Type.register(:encrypted, SymmetricEncryption::ActiveRecord::EncryptedAttribute)
+    end
+
+    ActiveRecord::Base.include(SymmetricEncryption::ActiveRecord::AttrEncrypted)
   end
 
   ActiveSupport.on_load(:mongoid) do

data/lib/symmetric_encryption/{railties → active_record}/attr_encrypted.rb

@@ -1,5 +1,5 @@
 module SymmetricEncryption
-  module Railties
+  module ActiveRecord
     module AttrEncrypted
       def self.included(base)
         base.extend ClassMethods
@@ -39,7 +39,7 @@ module SymmetricEncryption
         #       compression
         #       Note: Adds a 6 byte header prior to encoding, only if :random_iv is false
         #       Default: false
-        def attr_encrypted(*params)
+        def attr_encrypted(*attributes, random_iv: nil, type: :string, compress: false)
           # Ensure ActiveRecord has created all its methods first
           # Ignore failures since the table may not yet actually exist
           begin
@@ -48,10 +48,21 @@ module SymmetricEncryption
             nil
           end
 
-          options = params.last.is_a?(Hash) ? params.pop.dup : {}
+          random_iv = true if random_iv.nil? && SymmetricEncryption.randomize_iv?
 
-          params.each do |attribute|
-            SymmetricEncryption::Generator.generate_decrypted_accessors(self, attribute, "encrypted_#{attribute}", options)
+          if random_iv.nil?
+            warn("attr_encrypted() no longer allows a default value for option `random_iv`. Add `random_iv: false` if it is required.")
+          end
+
+          attributes.each do |attribute|
+            SymmetricEncryption::Generator.generate_decrypted_accessors(
+              self,
+              attribute,
+              "encrypted_#{attribute}",
+              random_iv: random_iv,
+              type:      type,
+              compress:  compress
+            )
             encrypted_attributes[attribute.to_sym] = "encrypted_#{attribute}".to_sym
           end
         end

data/lib/symmetric_encryption/active_record/encrypted_attribute.rb

@@ -0,0 +1,37 @@
+module SymmetricEncryption
+  module ActiveRecord
+    class EncryptedAttribute < ::ActiveModel::Type::String
+      def initialize(random_iv: true, compress: false, type: :string)
+        @random_iv      = random_iv
+        @compress       = compress
+        @encrypted_type = type
+      end
+
+      def deserialize(value)
+        return if value.nil?
+
+        SymmetricEncryption.decrypt(value, type: encrypted_type)
+      end
+
+      def serialize(value)
+        return if value.nil?
+
+        SymmetricEncryption.encrypt(
+          value,
+          type:      encrypted_type,
+          compress:  compress,
+          random_iv: random_iv
+        )
+      end
+
+      private
+
+      # Symmetric Encryption uses coercible gem to handle casting
+      def cast_value(value)
+        value
+      end
+
+      attr_reader :random_iv, :compress, :encrypted_type
+    end
+  end
+end

data/lib/symmetric_encryption/cipher.rb

@@ -58,7 +58,7 @@ module SymmetricEncryption
     #       Return as raw binary data string. Note: String can contain embedded nulls
     #     Default: :base64strict
     #
-    #   version [Fixnum]
+    #   version [Integer]
     #     Optional. The version number of this encryption key
     #     Used by SymmetricEncryption to select the correct key when decrypting data
     #     Valid Range: 0..255
@@ -131,7 +131,7 @@ module SymmetricEncryption
     #     * Should only be used for large strings since compression overhead and
     #       the overhead of adding the encryption header may exceed any benefits of
     #       compression
-    def encrypt(str, random_iv: false, compress: false, header: always_add_header)
+    def encrypt(str, random_iv: SymmetricEncryption.randomize_iv?, compress: false, header: always_add_header)
       return if str.nil?
 
       str = str.to_s
@@ -246,7 +246,7 @@ module SymmetricEncryption
     #     Default: `always_add_header`
     #
     # See #encrypt to encrypt and encode the result as a string.
-    def binary_encrypt(str, random_iv: false, compress: false, header: always_add_header)
+    def binary_encrypt(str, random_iv: SymmetricEncryption.randomize_iv?, compress: false, header: always_add_header)
       return if str.nil?
 
       string = str.to_s

data/lib/symmetric_encryption/core.rb

@@ -13,6 +13,7 @@ module SymmetricEncryption
   autoload :Coerce,                 'symmetric_encryption/coerce'
   autoload :Config,                 'symmetric_encryption/config'
   autoload :Encoder,                'symmetric_encryption/encoder'
+  autoload :EncryptedStringType,    'symmetric_encryption/types/encrypted_string_type'
   autoload :Generator,              'symmetric_encryption/generator'
   autoload :Header,                 'symmetric_encryption/header'
   autoload :Key,                    'symmetric_encryption/key'
@@ -21,6 +22,9 @@ module SymmetricEncryption
   autoload :Writer,                 'symmetric_encryption/writer'
   autoload :CLI,                    'symmetric_encryption/cli'
   autoload :Keystore,               'symmetric_encryption/keystore'
+  module ActiveRecord
+    autoload :EncryptedAttribute,   'symmetric_encryption/active_record/encrypted_attribute'
+  end
   module Utils
     autoload :Aws,                  'symmetric_encryption/utils/aws'
     autoload :Files,                'symmetric_encryption/utils/files'

data/lib/symmetric_encryption/railtie.rb

@@ -29,13 +29,15 @@ module SymmetricEncryption #:nodoc:
     config.before_configuration do
       # Check if already configured
       unless ::SymmetricEncryption.cipher?
-        app_name      = Rails::Application.subclasses.first.parent.to_s.underscore
-        config_file   =
-          if (env_var = ENV['SYMMETRIC_ENCRYPTION_CONFIG'])
-            Pathname.new File.expand_path(env_var)
+        app_name    = Rails::Application.subclasses.first.parent.to_s.underscore
+        env_var     = ENV['SYMMETRIC_ENCRYPTION_CONFIG']
+        config_file =
+          if env_var
+            Pathname.new(File.expand_path(env_var))
           else
             Rails.root.join('config', 'symmetric-encryption.yml')
           end
+
         if config_file.file?
           begin
             ::SymmetricEncryption::Config.load!(file_name: config_file, env: ENV['SYMMETRIC_ENCRYPTION_ENV'] || Rails.env)
@@ -45,10 +47,8 @@ module SymmetricEncryption #:nodoc:
             puts "To generate a new config file and key files: symmetric-encryption --generate --app-name #{app_name}\n\n"
             raise(exc)
           end
-        else
-          puts "\nSymmetric Encryption config not found."
-          puts "To generate a new config file and key files: symmetric-encryption --generate --app-name #{app_name}\n\n"
         end
+
       end
     end
   end

data/lib/symmetric_encryption/symmetric_encryption.rb

@@ -8,11 +8,6 @@ require 'erb'
 # The symmetric key is protected using the private key below and must
 # be distributed separately from the application
 module SymmetricEncryption
-  # Defaults
-  @@cipher            = nil
-  @@secondary_ciphers = []
-  @@select_cipher     = nil
-
   # List of types supported when encrypting or decrypting data
   #
   # Each type maps to the built-in Ruby types as follows:
@@ -39,7 +34,7 @@ module SymmetricEncryption
   def self.cipher=(cipher)
     raise(ArgumentError, 'Cipher must respond to :encrypt and :decrypt') unless cipher.nil? || (cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt))
 
-    @@cipher = cipher
+    @cipher = cipher
   end
 
   # Returns the Primary Symmetric Cipher being used
@@ -54,14 +49,14 @@ module SymmetricEncryption
       )
     end
 
-    return @@cipher if version.nil? || (@@cipher.version == version)
+    return @cipher if version.nil? || (@cipher.version == version)
 
-    secondary_ciphers.find { |c| c.version == version } || (@@cipher if version.zero?)
+    secondary_ciphers.find { |c| c.version == version } || (@cipher if version.zero?)
   end
 
   # Returns whether a primary cipher has been set
   def self.cipher?
-    !@@cipher.nil?
+    !@cipher.nil?
   end
 
   # Set the Secondary Symmetric Ciphers Array to be used
@@ -71,12 +66,23 @@ module SymmetricEncryption
     secondary_ciphers.each do |cipher|
       raise(ArgumentError, 'secondary_ciphers can only consist of SymmetricEncryption::Ciphers') unless cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt)
     end
-    @@secondary_ciphers = secondary_ciphers
+    @secondary_ciphers = secondary_ciphers
   end
 
   # Returns the Primary Symmetric Cipher being used
   def self.secondary_ciphers
-    @@secondary_ciphers
+    @secondary_ciphers
+  end
+
+  # Whether to randomize the iv by default.
+  # true: Generate a new random IV by default. [HIGHLY RECOMMENDED]
+  # false: Do not generate a new random IV by default.
+  def self.randomize_iv?
+    @randomize_iv
+  end
+
+  def self.randomize_iv=(randomize_iv)
+    @randomize_iv = randomize_iv
   end
 
   # Decrypt supplied string.
@@ -133,9 +139,9 @@ module SymmetricEncryption
           if version
             # Supplied version takes preference
             cipher(version)
-          elsif @@select_cipher
+          elsif @select_cipher
             # Use cipher_selector if present to decide which cipher to use
-            @@select_cipher.call(str, decoded)
+            @select_cipher.call(str, decoded)
           else
             # Global cipher
             cipher
@@ -172,10 +178,12 @@ module SymmetricEncryption
   #     to convert it to a string
   #
   #   random_iv [true|false]
-  #     Whether the encypted value should use a random IV every time the
-  #     field is encrypted.
-  #     It is recommended to set this to true where feasible. If the encrypted
-  #     value could be used as part of a SQL where clause, or as part
+  #     Mandatory unless `SymmetricEncryption.randomize_iv = true` has been called.
+  #
+  #     Whether the encrypted value should use a random IV every time the field is encrypted.
+  #     It is recommended to set this to true where possible.
+  #
+  #     If the encrypted value could be used as part of a SQL where clause, or as part
   #     of any lookup, then it must be false.
   #     Setting random_iv to true will result in a different encrypted output for
   #     the same input string.
@@ -203,7 +211,7 @@ module SymmetricEncryption
   #     Note: If type is set to something other than :string, it's expected that
   #       the coercible gem is available in the path.
   #     Default: :string
-  def self.encrypt(str, random_iv: false, compress: false, type: :string, header: cipher.always_add_header)
+  def self.encrypt(str, random_iv: SymmetricEncryption.randomize_iv?, compress: false, type: :string, header: cipher.always_add_header)
     return str if str.nil? || (str == '')
 
     # Encrypt and then encode the supplied string
@@ -265,7 +273,7 @@ module SymmetricEncryption
   #     encoded_str.end_with?("\n") ? SymmetricEncryption.cipher(0) : SymmetricEncryption.cipher
   #   end
   def self.select_cipher(&block)
-    @@select_cipher = block || nil
+    @select_cipher = block || nil
   end
 
   # Load the Encryption Configuration from a YAML file
@@ -288,4 +296,10 @@ module SymmetricEncryption
 
   BINARY_ENCODING = Encoding.find('binary')
   UTF8_ENCODING   = Encoding.find('UTF-8')
+
+  # Defaults
+  @cipher            = nil
+  @secondary_ciphers = []
+  @select_cipher     = nil
+  @random_iv         = false
 end

data/lib/symmetric_encryption/version.rb

@@ -1,3 +1,3 @@
 module SymmetricEncryption
-  VERSION = '4.2.1'.freeze
+  VERSION = '4.3.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: symmetric-encryption
 version: !ruby/object:Gem::Version
-  version: 4.2.1
+  version: 4.3.0
 platform: ruby
 authors:
 - Reid Morrison
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-04-04 00:00:00.000000000 Z
+date: 2019-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: coercible
@@ -38,6 +38,8 @@ files:
 - bin/symmetric-encryption
 - lib/symmetric-encryption.rb
 - lib/symmetric_encryption.rb
+- lib/symmetric_encryption/active_record/attr_encrypted.rb
+- lib/symmetric_encryption/active_record/encrypted_attribute.rb
 - lib/symmetric_encryption/cipher.rb
 - lib/symmetric_encryption/cli.rb
 - lib/symmetric_encryption/coerce.rb
@@ -56,7 +58,6 @@ files:
 - lib/symmetric_encryption/keystore/heroku.rb
 - lib/symmetric_encryption/keystore/memory.rb
 - lib/symmetric_encryption/railtie.rb
-- lib/symmetric_encryption/railties/attr_encrypted.rb
 - lib/symmetric_encryption/railties/mongoid_encrypted.rb
 - lib/symmetric_encryption/railties/symmetric_encryption_validator.rb
 - lib/symmetric_encryption/reader.rb
@@ -86,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.2
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Encrypt ActiveRecord and Mongoid attributes, files and passwords in configuration