symmetric-encryption 4.2.1 → 4.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +5 -7
- data/Rakefile +9 -9
- data/bin/symmetric-encryption +1 -1
- data/lib/symmetric-encryption.rb +1 -1
- data/lib/symmetric_encryption/{railties → active_record}/attr_encrypted.rb +16 -5
- data/lib/symmetric_encryption/active_record/encrypted_attribute.rb +37 -0
- data/lib/symmetric_encryption/cipher.rb +20 -14
- data/lib/symmetric_encryption/cli.rb +72 -54
- data/lib/symmetric_encryption/coerce.rb +3 -3
- data/lib/symmetric_encryption/config.rb +28 -27
- data/lib/symmetric_encryption/core.rb +25 -20
- data/lib/symmetric_encryption/encoder.rb +26 -8
- data/lib/symmetric_encryption/generator.rb +7 -3
- data/lib/symmetric_encryption/header.rb +24 -24
- data/lib/symmetric_encryption/key.rb +1 -1
- data/lib/symmetric_encryption/keystore/aws.rb +10 -13
- data/lib/symmetric_encryption/keystore/environment.rb +5 -5
- data/lib/symmetric_encryption/keystore/file.rb +27 -9
- data/lib/symmetric_encryption/keystore/gcp.rb +21 -18
- data/lib/symmetric_encryption/keystore/heroku.rb +1 -1
- data/lib/symmetric_encryption/keystore/memory.rb +3 -3
- data/lib/symmetric_encryption/keystore.rb +23 -23
- data/lib/symmetric_encryption/railtie.rb +12 -11
- data/lib/symmetric_encryption/railties/mongoid_encrypted.rb +5 -4
- data/lib/symmetric_encryption/railties/symmetric_encryption_validator.rb +1 -1
- data/lib/symmetric_encryption/reader.rb +13 -13
- data/lib/symmetric_encryption/rsa_key.rb +1 -1
- data/lib/symmetric_encryption/symmetric_encryption.rb +56 -36
- data/lib/symmetric_encryption/utils/aws.rb +8 -10
- data/lib/symmetric_encryption/utils/files.rb +3 -3
- data/lib/symmetric_encryption/utils/re_encrypt_files.rb +11 -11
- data/lib/symmetric_encryption/version.rb +1 -1
- data/lib/symmetric_encryption/writer.rb +20 -13
- data/lib/symmetric_encryption.rb +13 -9
- metadata +10 -10
@@ -55,26 +55,26 @@ module SymmetricEncryption
|
|
55
55
|
lines = File.read(file_name)
|
56
56
|
hits, output_lines = re_encrypt_lines(lines)
|
57
57
|
|
58
|
-
File.open(file_name,
|
58
|
+
File.open(file_name, "wb") { |file| file.write(output_lines) } if hits.positive?
|
59
59
|
hits
|
60
60
|
end
|
61
61
|
|
62
62
|
# Replaces instances of encrypted data within lines of text with re-encrypted values
|
63
63
|
def re_encrypt_lines(lines)
|
64
64
|
hits = 0
|
65
|
-
output_lines =
|
65
|
+
output_lines = ""
|
66
66
|
r = regexp
|
67
67
|
lines.each_line do |line|
|
68
68
|
line.force_encoding(SymmetricEncryption::UTF8_ENCODING)
|
69
69
|
output_lines <<
|
70
70
|
if line.valid_encoding? && (result = line.match(r))
|
71
|
-
encrypted
|
72
|
-
new_value
|
73
|
-
if new_value
|
71
|
+
encrypted = result[0]
|
72
|
+
new_value = re_encrypt(encrypted)
|
73
|
+
if new_value == encrypted
|
74
|
+
line
|
75
|
+
else
|
74
76
|
hits += 1
|
75
77
|
line.gsub(encrypted, new_value)
|
76
|
-
else
|
77
|
-
line
|
78
78
|
end
|
79
79
|
else
|
80
80
|
line
|
@@ -117,8 +117,8 @@ module SymmetricEncryption
|
|
117
117
|
begin
|
118
118
|
count = re_encrypt_contents(file_name)
|
119
119
|
puts "Re-encrypted #{count} encrypted value(s) in: #{file_name}" if count.positive?
|
120
|
-
rescue StandardError =>
|
121
|
-
puts "Failed re-encrypting the file contents of: #{file_name}. #{
|
120
|
+
rescue StandardError => e
|
121
|
+
puts "Failed re-encrypting the file contents of: #{file_name}. #{e.class.name}: #{e.message}"
|
122
122
|
end
|
123
123
|
end
|
124
124
|
end
|
@@ -127,13 +127,13 @@ module SymmetricEncryption
|
|
127
127
|
private
|
128
128
|
|
129
129
|
def regexp
|
130
|
-
@regexp ||=
|
130
|
+
@regexp ||= %r{#{SymmetricEncryption.cipher.encoded_magic_header}([A-Za-z0-9+/]+[=\\n]*)}
|
131
131
|
end
|
132
132
|
|
133
133
|
# Returns [Integer] encrypted file key version.
|
134
134
|
# Returns [nil] if the file is not encrypted or does not have a header.
|
135
135
|
def encrypted_file_version(file_name)
|
136
|
-
::File.open(file_name,
|
136
|
+
::File.open(file_name, "rb") do |file|
|
137
137
|
reader = SymmetricEncryption::Reader.new(file)
|
138
138
|
reader.version if reader.header_present?
|
139
139
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
require
|
1
|
+
require "openssl"
|
2
2
|
|
3
3
|
module SymmetricEncryption
|
4
4
|
# Write to encrypted files and other IO streams.
|
@@ -49,10 +49,10 @@ module SymmetricEncryption
|
|
49
49
|
# end
|
50
50
|
def self.open(file_name_or_stream, compress: nil, **args)
|
51
51
|
if file_name_or_stream.is_a?(String)
|
52
|
-
file_name_or_stream = ::File.open(file_name_or_stream,
|
52
|
+
file_name_or_stream = ::File.open(file_name_or_stream, "wb")
|
53
53
|
compress = !(/\.(zip|gz|gzip|xls.|)\z/i === file_name_or_stream) if compress.nil?
|
54
|
-
|
55
|
-
compress = true
|
54
|
+
elsif compress.nil?
|
55
|
+
compress = true
|
56
56
|
end
|
57
57
|
|
58
58
|
begin
|
@@ -97,15 +97,22 @@ module SymmetricEncryption
|
|
97
97
|
def initialize(ios, version: nil, cipher_name: nil, header: true, random_key: true, random_iv: true, compress: false)
|
98
98
|
# Compress is only used at this point for setting the flag in the header
|
99
99
|
@ios = ios
|
100
|
-
raise(ArgumentError,
|
101
|
-
|
100
|
+
raise(ArgumentError, "When :random_key is true, :random_iv must also be true") if random_key && !random_iv
|
101
|
+
if cipher_name && !random_key && !random_iv
|
102
|
+
raise(ArgumentError, "Cannot supply a :cipher_name unless both :random_key and :random_iv are true")
|
103
|
+
end
|
102
104
|
|
103
105
|
# Cipher to encrypt the random_key, or the entire file
|
104
106
|
cipher = SymmetricEncryption.cipher(version)
|
105
|
-
|
107
|
+
unless cipher
|
108
|
+
raise(SymmetricEncryption::CipherError,
|
109
|
+
"Cipher with version:#{version} not found in any of the configured SymmetricEncryption ciphers")
|
110
|
+
end
|
106
111
|
|
107
112
|
# Force header if compressed or using random iv, key
|
108
|
-
|
113
|
+
if (header == true) || compress || random_key || random_iv
|
114
|
+
header = Header.new(version: cipher.version, compress: compress, cipher_name: cipher_name)
|
115
|
+
end
|
109
116
|
|
110
117
|
@stream_cipher = ::OpenSSL::Cipher.new(cipher_name || cipher.cipher_name)
|
111
118
|
@stream_cipher.encrypt
|
@@ -158,8 +165,8 @@ module SymmetricEncryption
|
|
158
165
|
def write(data)
|
159
166
|
return unless data
|
160
167
|
|
161
|
-
bytes
|
162
|
-
@size
|
168
|
+
bytes = data.to_s
|
169
|
+
@size += bytes.size
|
163
170
|
partial = @stream_cipher.update(bytes)
|
164
171
|
@ios.write(partial) unless partial.empty?
|
165
172
|
data.length
|
@@ -168,9 +175,9 @@ module SymmetricEncryption
|
|
168
175
|
def write(data)
|
169
176
|
return unless data
|
170
177
|
|
171
|
-
bytes
|
172
|
-
@size
|
173
|
-
partial = @stream_cipher.update(bytes, @cipher_buffer ||=
|
178
|
+
bytes = data.to_s
|
179
|
+
@size += bytes.size
|
180
|
+
partial = @stream_cipher.update(bytes, @cipher_buffer ||= "".b)
|
174
181
|
@ios.write(partial) unless partial.empty?
|
175
182
|
data.length
|
176
183
|
end
|
data/lib/symmetric_encryption.rb
CHANGED
@@ -1,24 +1,28 @@
|
|
1
|
-
require
|
1
|
+
require "symmetric_encryption/core"
|
2
2
|
|
3
3
|
# Add extensions. Gems are no longer order dependent.
|
4
4
|
begin
|
5
|
-
require
|
6
|
-
require
|
5
|
+
require "rails"
|
6
|
+
require "symmetric_encryption/railtie"
|
7
7
|
rescue LoadError
|
8
8
|
end
|
9
9
|
|
10
10
|
begin
|
11
|
-
require
|
11
|
+
require "active_support"
|
12
12
|
ActiveSupport.on_load(:active_record) do
|
13
|
-
require
|
14
|
-
require
|
13
|
+
require "symmetric_encryption/active_record/attr_encrypted"
|
14
|
+
require "symmetric_encryption/railties/symmetric_encryption_validator"
|
15
15
|
|
16
|
-
ActiveRecord::
|
16
|
+
if ActiveRecord.version >= Gem::Version.new("5.0.0")
|
17
|
+
ActiveRecord::Type.register(:encrypted, SymmetricEncryption::ActiveRecord::EncryptedAttribute)
|
18
|
+
end
|
19
|
+
|
20
|
+
ActiveRecord::Base.include(SymmetricEncryption::ActiveRecord::AttrEncrypted)
|
17
21
|
end
|
18
22
|
|
19
23
|
ActiveSupport.on_load(:mongoid) do
|
20
|
-
require
|
21
|
-
require
|
24
|
+
require "symmetric_encryption/railties/mongoid_encrypted"
|
25
|
+
require "symmetric_encryption/railties/symmetric_encryption_validator"
|
22
26
|
end
|
23
27
|
rescue LoadError
|
24
28
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: symmetric-encryption
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Reid Morrison
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-10-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: coercible
|
@@ -24,9 +24,8 @@ dependencies:
|
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '1.0'
|
27
|
-
description:
|
27
|
+
description:
|
28
28
|
email:
|
29
|
-
- reidmo@gmail.com
|
30
29
|
executables:
|
31
30
|
- symmetric-encryption
|
32
31
|
extensions: []
|
@@ -38,6 +37,8 @@ files:
|
|
38
37
|
- bin/symmetric-encryption
|
39
38
|
- lib/symmetric-encryption.rb
|
40
39
|
- lib/symmetric_encryption.rb
|
40
|
+
- lib/symmetric_encryption/active_record/attr_encrypted.rb
|
41
|
+
- lib/symmetric_encryption/active_record/encrypted_attribute.rb
|
41
42
|
- lib/symmetric_encryption/cipher.rb
|
42
43
|
- lib/symmetric_encryption/cli.rb
|
43
44
|
- lib/symmetric_encryption/coerce.rb
|
@@ -56,7 +57,6 @@ files:
|
|
56
57
|
- lib/symmetric_encryption/keystore/heroku.rb
|
57
58
|
- lib/symmetric_encryption/keystore/memory.rb
|
58
59
|
- lib/symmetric_encryption/railtie.rb
|
59
|
-
- lib/symmetric_encryption/railties/attr_encrypted.rb
|
60
60
|
- lib/symmetric_encryption/railties/mongoid_encrypted.rb
|
61
61
|
- lib/symmetric_encryption/railties/symmetric_encryption_validator.rb
|
62
62
|
- lib/symmetric_encryption/reader.rb
|
@@ -67,11 +67,11 @@ files:
|
|
67
67
|
- lib/symmetric_encryption/utils/re_encrypt_files.rb
|
68
68
|
- lib/symmetric_encryption/version.rb
|
69
69
|
- lib/symmetric_encryption/writer.rb
|
70
|
-
homepage:
|
70
|
+
homepage: https://encryption.rocketjob.io
|
71
71
|
licenses:
|
72
72
|
- Apache-2.0
|
73
73
|
metadata: {}
|
74
|
-
post_install_message:
|
74
|
+
post_install_message:
|
75
75
|
rdoc_options: []
|
76
76
|
require_paths:
|
77
77
|
- lib
|
@@ -86,8 +86,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
86
86
|
- !ruby/object:Gem::Version
|
87
87
|
version: '0'
|
88
88
|
requirements: []
|
89
|
-
rubygems_version: 3.
|
90
|
-
signing_key:
|
89
|
+
rubygems_version: 3.2.22
|
90
|
+
signing_key:
|
91
91
|
specification_version: 4
|
92
92
|
summary: Encrypt ActiveRecord and Mongoid attributes, files and passwords in configuration
|
93
93
|
files.
|