symmetric-encryption 4.2.1 → 4.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +5 -7
- data/Rakefile +9 -9
- data/bin/symmetric-encryption +1 -1
- data/lib/symmetric-encryption.rb +1 -1
- data/lib/symmetric_encryption/{railties → active_record}/attr_encrypted.rb +16 -5
- data/lib/symmetric_encryption/active_record/encrypted_attribute.rb +37 -0
- data/lib/symmetric_encryption/cipher.rb +20 -14
- data/lib/symmetric_encryption/cli.rb +72 -54
- data/lib/symmetric_encryption/coerce.rb +3 -3
- data/lib/symmetric_encryption/config.rb +28 -27
- data/lib/symmetric_encryption/core.rb +25 -20
- data/lib/symmetric_encryption/encoder.rb +26 -8
- data/lib/symmetric_encryption/generator.rb +7 -3
- data/lib/symmetric_encryption/header.rb +24 -24
- data/lib/symmetric_encryption/key.rb +1 -1
- data/lib/symmetric_encryption/keystore/aws.rb +10 -13
- data/lib/symmetric_encryption/keystore/environment.rb +5 -5
- data/lib/symmetric_encryption/keystore/file.rb +27 -9
- data/lib/symmetric_encryption/keystore/gcp.rb +21 -18
- data/lib/symmetric_encryption/keystore/heroku.rb +1 -1
- data/lib/symmetric_encryption/keystore/memory.rb +3 -3
- data/lib/symmetric_encryption/keystore.rb +23 -23
- data/lib/symmetric_encryption/railtie.rb +12 -11
- data/lib/symmetric_encryption/railties/mongoid_encrypted.rb +5 -4
- data/lib/symmetric_encryption/railties/symmetric_encryption_validator.rb +1 -1
- data/lib/symmetric_encryption/reader.rb +13 -13
- data/lib/symmetric_encryption/rsa_key.rb +1 -1
- data/lib/symmetric_encryption/symmetric_encryption.rb +56 -36
- data/lib/symmetric_encryption/utils/aws.rb +8 -10
- data/lib/symmetric_encryption/utils/files.rb +3 -3
- data/lib/symmetric_encryption/utils/re_encrypt_files.rb +11 -11
- data/lib/symmetric_encryption/version.rb +1 -1
- data/lib/symmetric_encryption/writer.rb +20 -13
- data/lib/symmetric_encryption.rb +13 -9
- metadata +10 -10
@@ -55,26 +55,26 @@ module SymmetricEncryption
|
|
55
55
|
lines = File.read(file_name)
|
56
56
|
hits, output_lines = re_encrypt_lines(lines)
|
57
57
|
|
58
|
-
File.open(file_name,
|
58
|
+
File.open(file_name, "wb") { |file| file.write(output_lines) } if hits.positive?
|
59
59
|
hits
|
60
60
|
end
|
61
61
|
|
62
62
|
# Replaces instances of encrypted data within lines of text with re-encrypted values
|
63
63
|
def re_encrypt_lines(lines)
|
64
64
|
hits = 0
|
65
|
-
output_lines =
|
65
|
+
output_lines = ""
|
66
66
|
r = regexp
|
67
67
|
lines.each_line do |line|
|
68
68
|
line.force_encoding(SymmetricEncryption::UTF8_ENCODING)
|
69
69
|
output_lines <<
|
70
70
|
if line.valid_encoding? && (result = line.match(r))
|
71
|
-
encrypted
|
72
|
-
new_value
|
73
|
-
if new_value
|
71
|
+
encrypted = result[0]
|
72
|
+
new_value = re_encrypt(encrypted)
|
73
|
+
if new_value == encrypted
|
74
|
+
line
|
75
|
+
else
|
74
76
|
hits += 1
|
75
77
|
line.gsub(encrypted, new_value)
|
76
|
-
else
|
77
|
-
line
|
78
78
|
end
|
79
79
|
else
|
80
80
|
line
|
@@ -117,8 +117,8 @@ module SymmetricEncryption
|
|
117
117
|
begin
|
118
118
|
count = re_encrypt_contents(file_name)
|
119
119
|
puts "Re-encrypted #{count} encrypted value(s) in: #{file_name}" if count.positive?
|
120
|
-
rescue StandardError =>
|
121
|
-
puts "Failed re-encrypting the file contents of: #{file_name}. #{
|
120
|
+
rescue StandardError => e
|
121
|
+
puts "Failed re-encrypting the file contents of: #{file_name}. #{e.class.name}: #{e.message}"
|
122
122
|
end
|
123
123
|
end
|
124
124
|
end
|
@@ -127,13 +127,13 @@ module SymmetricEncryption
|
|
127
127
|
private
|
128
128
|
|
129
129
|
def regexp
|
130
|
-
@regexp ||=
|
130
|
+
@regexp ||= %r{#{SymmetricEncryption.cipher.encoded_magic_header}([A-Za-z0-9+/]+[=\\n]*)}
|
131
131
|
end
|
132
132
|
|
133
133
|
# Returns [Integer] encrypted file key version.
|
134
134
|
# Returns [nil] if the file is not encrypted or does not have a header.
|
135
135
|
def encrypted_file_version(file_name)
|
136
|
-
::File.open(file_name,
|
136
|
+
::File.open(file_name, "rb") do |file|
|
137
137
|
reader = SymmetricEncryption::Reader.new(file)
|
138
138
|
reader.version if reader.header_present?
|
139
139
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
require
|
1
|
+
require "openssl"
|
2
2
|
|
3
3
|
module SymmetricEncryption
|
4
4
|
# Write to encrypted files and other IO streams.
|
@@ -49,10 +49,10 @@ module SymmetricEncryption
|
|
49
49
|
# end
|
50
50
|
def self.open(file_name_or_stream, compress: nil, **args)
|
51
51
|
if file_name_or_stream.is_a?(String)
|
52
|
-
file_name_or_stream = ::File.open(file_name_or_stream,
|
52
|
+
file_name_or_stream = ::File.open(file_name_or_stream, "wb")
|
53
53
|
compress = !(/\.(zip|gz|gzip|xls.|)\z/i === file_name_or_stream) if compress.nil?
|
54
|
-
|
55
|
-
compress = true
|
54
|
+
elsif compress.nil?
|
55
|
+
compress = true
|
56
56
|
end
|
57
57
|
|
58
58
|
begin
|
@@ -97,15 +97,22 @@ module SymmetricEncryption
|
|
97
97
|
def initialize(ios, version: nil, cipher_name: nil, header: true, random_key: true, random_iv: true, compress: false)
|
98
98
|
# Compress is only used at this point for setting the flag in the header
|
99
99
|
@ios = ios
|
100
|
-
raise(ArgumentError,
|
101
|
-
|
100
|
+
raise(ArgumentError, "When :random_key is true, :random_iv must also be true") if random_key && !random_iv
|
101
|
+
if cipher_name && !random_key && !random_iv
|
102
|
+
raise(ArgumentError, "Cannot supply a :cipher_name unless both :random_key and :random_iv are true")
|
103
|
+
end
|
102
104
|
|
103
105
|
# Cipher to encrypt the random_key, or the entire file
|
104
106
|
cipher = SymmetricEncryption.cipher(version)
|
105
|
-
|
107
|
+
unless cipher
|
108
|
+
raise(SymmetricEncryption::CipherError,
|
109
|
+
"Cipher with version:#{version} not found in any of the configured SymmetricEncryption ciphers")
|
110
|
+
end
|
106
111
|
|
107
112
|
# Force header if compressed or using random iv, key
|
108
|
-
|
113
|
+
if (header == true) || compress || random_key || random_iv
|
114
|
+
header = Header.new(version: cipher.version, compress: compress, cipher_name: cipher_name)
|
115
|
+
end
|
109
116
|
|
110
117
|
@stream_cipher = ::OpenSSL::Cipher.new(cipher_name || cipher.cipher_name)
|
111
118
|
@stream_cipher.encrypt
|
@@ -158,8 +165,8 @@ module SymmetricEncryption
|
|
158
165
|
def write(data)
|
159
166
|
return unless data
|
160
167
|
|
161
|
-
bytes
|
162
|
-
@size
|
168
|
+
bytes = data.to_s
|
169
|
+
@size += bytes.size
|
163
170
|
partial = @stream_cipher.update(bytes)
|
164
171
|
@ios.write(partial) unless partial.empty?
|
165
172
|
data.length
|
@@ -168,9 +175,9 @@ module SymmetricEncryption
|
|
168
175
|
def write(data)
|
169
176
|
return unless data
|
170
177
|
|
171
|
-
bytes
|
172
|
-
@size
|
173
|
-
partial = @stream_cipher.update(bytes, @cipher_buffer ||=
|
178
|
+
bytes = data.to_s
|
179
|
+
@size += bytes.size
|
180
|
+
partial = @stream_cipher.update(bytes, @cipher_buffer ||= "".b)
|
174
181
|
@ios.write(partial) unless partial.empty?
|
175
182
|
data.length
|
176
183
|
end
|
data/lib/symmetric_encryption.rb
CHANGED
@@ -1,24 +1,28 @@
|
|
1
|
-
require
|
1
|
+
require "symmetric_encryption/core"
|
2
2
|
|
3
3
|
# Add extensions. Gems are no longer order dependent.
|
4
4
|
begin
|
5
|
-
require
|
6
|
-
require
|
5
|
+
require "rails"
|
6
|
+
require "symmetric_encryption/railtie"
|
7
7
|
rescue LoadError
|
8
8
|
end
|
9
9
|
|
10
10
|
begin
|
11
|
-
require
|
11
|
+
require "active_support"
|
12
12
|
ActiveSupport.on_load(:active_record) do
|
13
|
-
require
|
14
|
-
require
|
13
|
+
require "symmetric_encryption/active_record/attr_encrypted"
|
14
|
+
require "symmetric_encryption/railties/symmetric_encryption_validator"
|
15
15
|
|
16
|
-
ActiveRecord::
|
16
|
+
if ActiveRecord.version >= Gem::Version.new("5.0.0")
|
17
|
+
ActiveRecord::Type.register(:encrypted, SymmetricEncryption::ActiveRecord::EncryptedAttribute)
|
18
|
+
end
|
19
|
+
|
20
|
+
ActiveRecord::Base.include(SymmetricEncryption::ActiveRecord::AttrEncrypted)
|
17
21
|
end
|
18
22
|
|
19
23
|
ActiveSupport.on_load(:mongoid) do
|
20
|
-
require
|
21
|
-
require
|
24
|
+
require "symmetric_encryption/railties/mongoid_encrypted"
|
25
|
+
require "symmetric_encryption/railties/symmetric_encryption_validator"
|
22
26
|
end
|
23
27
|
rescue LoadError
|
24
28
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: symmetric-encryption
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Reid Morrison
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-10-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: coercible
|
@@ -24,9 +24,8 @@ dependencies:
|
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '1.0'
|
27
|
-
description:
|
27
|
+
description:
|
28
28
|
email:
|
29
|
-
- reidmo@gmail.com
|
30
29
|
executables:
|
31
30
|
- symmetric-encryption
|
32
31
|
extensions: []
|
@@ -38,6 +37,8 @@ files:
|
|
38
37
|
- bin/symmetric-encryption
|
39
38
|
- lib/symmetric-encryption.rb
|
40
39
|
- lib/symmetric_encryption.rb
|
40
|
+
- lib/symmetric_encryption/active_record/attr_encrypted.rb
|
41
|
+
- lib/symmetric_encryption/active_record/encrypted_attribute.rb
|
41
42
|
- lib/symmetric_encryption/cipher.rb
|
42
43
|
- lib/symmetric_encryption/cli.rb
|
43
44
|
- lib/symmetric_encryption/coerce.rb
|
@@ -56,7 +57,6 @@ files:
|
|
56
57
|
- lib/symmetric_encryption/keystore/heroku.rb
|
57
58
|
- lib/symmetric_encryption/keystore/memory.rb
|
58
59
|
- lib/symmetric_encryption/railtie.rb
|
59
|
-
- lib/symmetric_encryption/railties/attr_encrypted.rb
|
60
60
|
- lib/symmetric_encryption/railties/mongoid_encrypted.rb
|
61
61
|
- lib/symmetric_encryption/railties/symmetric_encryption_validator.rb
|
62
62
|
- lib/symmetric_encryption/reader.rb
|
@@ -67,11 +67,11 @@ files:
|
|
67
67
|
- lib/symmetric_encryption/utils/re_encrypt_files.rb
|
68
68
|
- lib/symmetric_encryption/version.rb
|
69
69
|
- lib/symmetric_encryption/writer.rb
|
70
|
-
homepage:
|
70
|
+
homepage: https://encryption.rocketjob.io
|
71
71
|
licenses:
|
72
72
|
- Apache-2.0
|
73
73
|
metadata: {}
|
74
|
-
post_install_message:
|
74
|
+
post_install_message:
|
75
75
|
rdoc_options: []
|
76
76
|
require_paths:
|
77
77
|
- lib
|
@@ -86,8 +86,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
86
86
|
- !ruby/object:Gem::Version
|
87
87
|
version: '0'
|
88
88
|
requirements: []
|
89
|
-
rubygems_version: 3.
|
90
|
-
signing_key:
|
89
|
+
rubygems_version: 3.2.22
|
90
|
+
signing_key:
|
91
91
|
specification_version: 4
|
92
92
|
summary: Encrypt ActiveRecord and Mongoid attributes, files and passwords in configuration
|
93
93
|
files.
|