symmetric-encryption 4.3.1 → 4.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 860217558341999072c177c7d848fa6315667a7fcb12d9e1d9a518ecda43a2c4
-  data.tar.gz: f0aa6a3419a15edfba8fcc37b72a1282057efbbe09653a7a04ff4687dcc87bd6
+  metadata.gz: 4054c7a61802055fd46d4effd1f3222369a1b46f23aeeadaae0322d392b7dcc1
+  data.tar.gz: b367ad236ab6f52d97bf28425f1c7bb1fc824b1c573c6528adb276f842dd97ee
 SHA512:
-  metadata.gz: 870814f9d0d82dbd3edb405da82017c1d3533c4c7402e7ed0f9ac5e797a3c5e98500ac81912926076c84ddb90e3f287c097db65e5ff5202a22e5b053cfd83ba5
-  data.tar.gz: eba6e94c5ed7755795ac8bbfcf83cd0a08d6206888bcfbdc30d33bcc61dcb7403ae7afe0c6d187608cf02550f0a3bce6eeefeb464ac860b1b1d64282e4d047be
+  metadata.gz: 2e0318de85ab6308c6dc7748d0096b18693d3b1cd8266ac7920a8033f9c220981b222a1d2e594bcd6f2d08700c40dbbc6e32159ab2b235b6f2b58ff5bb2dc4a2
+  data.tar.gz: 5a29bd465b788a8e28e3f84435fb5d03355fcd9d31fded9d4700eea47cec1a02dd2675c84b36d72fe2e16a9ee4dbafa2b8b401519cebf58c17abaaf9741f9aae

data/Rakefile

@@ -1,30 +1,30 @@
 # Setup bundler to avoid having to run bundle exec all the time.
-require 'rubygems'
-require 'bundler/setup'
+require "rubygems"
+require "bundler/setup"
 
-require 'rake/testtask'
-require_relative 'lib/symmetric_encryption/version'
+require "rake/testtask"
+require_relative "lib/symmetric_encryption/version"
 
 task :gem do
-  system 'gem build symmetric-encryption.gemspec'
+  system "gem build symmetric-encryption.gemspec"
 end
 
 task publish: :gem do
   system "git tag -a v#{SymmetricEncryption::VERSION} -m 'Tagging #{SymmetricEncryption::VERSION}'"
-  system 'git push --tags'
+  system "git push --tags"
   system "gem push symmetric-encryption-#{SymmetricEncryption::VERSION}.gem"
   system "rm symmetric-encryption-#{SymmetricEncryption::VERSION}.gem"
 end
 
 Rake::TestTask.new(:test) do |t|
-  t.pattern = 'test/**/*_test.rb'
+  t.pattern = "test/**/*_test.rb"
   t.verbose = true
   t.warning = false
 end
 
 # By default run tests against all appraisals
-if !ENV['APPRAISAL_INITIALIZED'] && !ENV['TRAVIS']
-  require 'appraisal'
+if !ENV["APPRAISAL_INITIALIZED"] && !ENV["TRAVIS"]
+  require "appraisal"
   task default: :appraisal
 else
   task default: :test

data/bin/symmetric-encryption

@@ -1,5 +1,5 @@
 #!/usr/bin/env ruby
 
-require 'symmetric_encryption'
+require "symmetric_encryption"
 
 SymmetricEncryption::CLI.run!(ARGV)

data/lib/symmetric-encryption.rb

@@ -1 +1 @@
-require 'symmetric_encryption'
+require "symmetric_encryption"

data/lib/symmetric_encryption.rb

@@ -1,19 +1,19 @@
-require 'symmetric_encryption/core'
+require "symmetric_encryption/core"
 
 # Add extensions. Gems are no longer order dependent.
 begin
-  require 'rails'
-  require 'symmetric_encryption/railtie'
+  require "rails"
+  require "symmetric_encryption/railtie"
 rescue LoadError
 end
 
 begin
-  require 'active_support'
+  require "active_support"
   ActiveSupport.on_load(:active_record) do
-    require 'symmetric_encryption/active_record/attr_encrypted'
-    require 'symmetric_encryption/railties/symmetric_encryption_validator'
+    require "symmetric_encryption/active_record/attr_encrypted"
+    require "symmetric_encryption/railties/symmetric_encryption_validator"
 
-    if ActiveRecord.version >= Gem::Version.new('5.0.0')
+    if ActiveRecord.version >= Gem::Version.new("5.0.0")
       ActiveRecord::Type.register(:encrypted, SymmetricEncryption::ActiveRecord::EncryptedAttribute)
     end
 
@@ -21,8 +21,8 @@ begin
   end
 
   ActiveSupport.on_load(:mongoid) do
-    require 'symmetric_encryption/railties/mongoid_encrypted'
-    require 'symmetric_encryption/railties/symmetric_encryption_validator'
+    require "symmetric_encryption/railties/mongoid_encrypted"
+    require "symmetric_encryption/railties/symmetric_encryption_validator"
   end
 rescue LoadError
 end

data/lib/symmetric_encryption/active_record/attr_encrypted.rb

@@ -51,7 +51,7 @@ module SymmetricEncryption
           random_iv = true if random_iv.nil? && SymmetricEncryption.randomize_iv?
 
           if random_iv.nil?
-            warn('attr_encrypted() no longer allows a default value for option `random_iv`. Add `random_iv: false` if it is required.')
+            warn("attr_encrypted() no longer allows a default value for option `random_iv`. Add `random_iv: false` if it is required.")
           end
 
           attributes.each do |attribute|

data/lib/symmetric_encryption/cipher.rb

@@ -1,4 +1,4 @@
-require 'openssl'
+require "openssl"
 module SymmetricEncryption
   # Hold all information related to encryption keys
   # as well as encrypt and decrypt data using those keys.
@@ -12,7 +12,7 @@ module SymmetricEncryption
     attr_writer :key
 
     # Returns [Cipher] from a cipher config instance.
-    def self.from_config(cipher_name: 'aes-256-cbc',
+    def self.from_config(cipher_name: "aes-256-cbc",
                          version: 0,
                          always_add_header: true,
                          encoding: :base64strict,
@@ -72,7 +72,7 @@ module SymmetricEncryption
     #     Default: true
     def initialize(key:,
                    iv: nil,
-                   cipher_name: 'aes-256-cbc',
+                   cipher_name: "aes-256-cbc",
                    version: 0,
                    always_add_header: true,
                    encoding: :base64strict)
@@ -84,7 +84,9 @@ module SymmetricEncryption
       @version           = version.to_i
       @always_add_header = always_add_header
 
-      raise(ArgumentError, "Cipher version has a valid range of 0 to 255. #{@version} is too high, or negative") if (@version > 255) || @version.negative?
+      if (@version > 255) || @version.negative?
+        raise(ArgumentError, "Cipher version has a valid range of 0 to 255. #{@version} is too high, or negative")
+      end
     end
 
     # Change the encoding
@@ -167,7 +169,9 @@ module SymmetricEncryption
       decrypted = binary_decrypt(decoded)
 
       # Try to force result to UTF-8 encoding, but if it is not valid, force it back to Binary
-      decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING) unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
+      unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
+        decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING)
+      end
 
       decrypted
     end
@@ -180,7 +184,7 @@ module SymmetricEncryption
     #
     # Returned string is UTF8 encoded except for encoding :none
     def encode(binary_string)
-      return binary_string if binary_string.nil? || (binary_string == '')
+      return binary_string if binary_string.nil? || (binary_string == "")
 
       encoder.encode(binary_string)
     end
@@ -190,7 +194,7 @@ module SymmetricEncryption
     #
     # Returned string is Binary encoded
     def decode(encoded_string)
-      return encoded_string if encoded_string.nil? || (encoded_string == '')
+      return encoded_string if encoded_string.nil? || (encoded_string == "")
 
       encoder.decode(encoded_string)
     end
@@ -316,8 +320,8 @@ module SymmetricEncryption
 
       openssl_cipher = ::OpenSSL::Cipher.new(header.cipher_name || cipher_name)
       openssl_cipher.decrypt
-      openssl_cipher.key  = header.key || @key
-      if (iv              = header.iv || @iv)
+      openssl_cipher.key = header.key || @key
+      if (iv = header.iv || @iv)
         openssl_cipher.iv = iv
       end
       result = openssl_cipher.update(data)
@@ -327,7 +331,7 @@ module SymmetricEncryption
 
     # Returns the magic header after applying the encoding in this cipher
     def encoded_magic_header
-      @encoded_magic_header ||= encoder.encode(SymmetricEncryption::Header::MAGIC_HEADER).delete('=').strip
+      @encoded_magic_header ||= encoder.encode(SymmetricEncryption::Header::MAGIC_HEADER).delete("=").strip
     end
 
     # Returns [String] object represented as a string, filtering out the key

data/lib/symmetric_encryption/cli.rb

@@ -1,5 +1,5 @@
-require 'optparse'
-require 'fileutils'
+require "optparse"
+require "fileutils"
 module SymmetricEncryption
   class CLI
     attr_reader :key_path, :app_name, :encrypt, :config_file_path,
@@ -16,11 +16,11 @@ module SymmetricEncryption
 
     def initialize(argv)
       @version          = current_version
-      @environment      = ENV['SYMMETRIC_ENCRYPTION_ENV'] || ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
-      @config_file_path = File.expand_path(ENV['SYMMETRIC_ENCRYPTION_CONFIG'] || 'config/symmetric-encryption.yml')
-      @app_name         = 'symmetric-encryption'
+      @environment      = ENV["SYMMETRIC_ENCRYPTION_ENV"] || ENV["RACK_ENV"] || ENV["RAILS_ENV"] || "development"
+      @config_file_path = File.expand_path(ENV["SYMMETRIC_ENCRYPTION_CONFIG"] || "config/symmetric-encryption.yml")
+      @app_name         = "symmetric-encryption"
       @key_path         = "#{ENV['HOME']}/.symmetric-encryption"
-      @cipher_name      = 'aes-256-cbc'
+      @cipher_name      = "aes-256-cbc"
       @rolling_deploy   = false
       @prompt           = false
       @show_version     = false
@@ -34,7 +34,7 @@ module SymmetricEncryption
     end
 
     def run!
-      raise(ArgumentError, 'Cannot cleanup keys and rotate keys at the same time') if cleanup_keys && rotate_keys
+      raise(ArgumentError, "Cannot cleanup keys and rotate keys at the same time") if cleanup_keys && rotate_keys
 
       if show_version
         puts "Symmetric Encryption v#{VERSION}"
@@ -70,7 +70,7 @@ module SymmetricEncryption
     end
 
     def parser
-      @parser     ||= OptionParser.new do |opts|
+      @parser ||= OptionParser.new do |opts|
         opts.banner = <<~BANNER
           Symmetric Encryption v#{VERSION}
 
@@ -83,113 +83,113 @@ module SymmetricEncryption
           symmetric-encryption [options]
         BANNER
 
-        opts.on '-e', '--encrypt [FILE_NAME]', 'Encrypt a file, or read from stdin if no file name is supplied.' do |file_name|
+        opts.on "-e", "--encrypt [FILE_NAME]", "Encrypt a file, or read from stdin if no file name is supplied." do |file_name|
           @encrypt = file_name || STDIN
         end
 
-        opts.on '-d', '--decrypt [FILE_NAME]', 'Decrypt a file, or read from stdin if no file name is supplied.' do |file_name|
+        opts.on "-d", "--decrypt [FILE_NAME]", "Decrypt a file, or read from stdin if no file name is supplied." do |file_name|
           @decrypt = file_name || STDIN
         end
 
-        opts.on '-o', '--output FILE_NAME', 'Write encrypted or decrypted file to this file, otherwise output goes to stdout.' do |file_name|
+        opts.on "-o", "--output FILE_NAME", "Write encrypted or decrypted file to this file, otherwise output goes to stdout." do |file_name|
           @output_file_name = file_name
         end
 
-        opts.on '-P', '--prompt', 'When encrypting or decrypting, prompt for a string encrypt or decrypt.' do
+        opts.on "-P", "--prompt", "When encrypting or decrypting, prompt for a string encrypt or decrypt." do
           @prompt = true
         end
 
-        opts.on '-z', '--compress', 'Compress encrypted output file. [Default for encrypting files]' do
+        opts.on "-z", "--compress", "Compress encrypted output file. [Default for encrypting files]" do
           @compress = true
         end
 
-        opts.on '-Z', '--no-compress', 'Does not compress the output file. [Default for encrypting strings]' do
+        opts.on "-Z", "--no-compress", "Does not compress the output file. [Default for encrypting strings]" do
           @compress = false
         end
 
-        opts.on '-E', '--env ENVIRONMENT', "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
+        opts.on "-E", "--env ENVIRONMENT", "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
           @environment = environment
         end
 
-        opts.on '-c', '--config CONFIG_FILE_PATH', 'File name & path to the Symmetric Encryption configuration file. Default: config/symmetric-encryption.yml or Env var: `SYMMETRIC_ENCRYPTION_CONFIG`' do |path|
+        opts.on "-c", "--config CONFIG_FILE_PATH", "File name & path to the Symmetric Encryption configuration file. Default: config/symmetric-encryption.yml or Env var: `SYMMETRIC_ENCRYPTION_CONFIG`" do |path|
           @config_file_path = path
         end
 
-        opts.on '-m', '--migrate', 'Migrate configuration file to new format.' do
+        opts.on "-m", "--migrate", "Migrate configuration file to new format." do
           @migrate = true
         end
 
-        opts.on '-r', '--re-encrypt [PATTERN]', 'ReEncrypt all files matching the pattern. Default:  "**/*.{yml,rb}"' do |pattern|
-          @re_encrypt = pattern || '**/*.{yml,rb}'
+        opts.on "-r", "--re-encrypt [PATTERN]", 'ReEncrypt all files matching the pattern. Default:  "**/*.{yml,rb}"' do |pattern|
+          @re_encrypt = pattern || "**/*.{yml,rb}"
         end
 
-        opts.on '-n', '--new-password [SIZE]', 'Generate a new random password using only characters that are URL-safe base64. Default size is 22.' do |size|
+        opts.on "-n", "--new-password [SIZE]", "Generate a new random password using only characters that are URL-safe base64. Default size is 22." do |size|
           @random_password = (size || 22).to_i
         end
 
-        opts.on '-g', '--generate', 'Generate a new configuration file and encryption keys for every environment.' do |config|
+        opts.on "-g", "--generate", "Generate a new configuration file and encryption keys for every environment." do |config|
           @generate = config
         end
 
-        opts.on '-s', '--keystore heroku|environment|file|aws|gcp', 'Which keystore to use during generation or re-encryption.' do |keystore|
-          @keystore = (keystore || 'file').downcase.to_sym
+        opts.on "-s", "--keystore heroku|environment|file|aws|gcp", "Which keystore to use during generation or re-encryption." do |keystore|
+          @keystore = (keystore || "file").downcase.to_sym
         end
 
-        opts.on '-B', '--regions [us-east-1,us-east-2,us-west-1,us-west-2]', 'AWS KMS Regions to encrypt data key with.' do |regions|
-          @regions = regions.to_s.split(',').collect(&:strip) if regions
+        opts.on "-B", "--regions [us-east-1,us-east-2,us-west-1,us-west-2]", "AWS KMS Regions to encrypt data key with." do |regions|
+          @regions = regions.to_s.split(",").collect(&:strip) if regions
         end
 
-        opts.on '-K', '--key-path KEY_PATH', 'Output path in which to write generated key files. Default: ~/.symmetric-encryption' do |path|
+        opts.on "-K", "--key-path KEY_PATH", "Output path in which to write generated key files. Default: ~/.symmetric-encryption" do |path|
           @key_path = path
         end
 
-        opts.on '-a', '--app-name NAME', 'Application name to use when generating a new configuration. Default: symmetric-encryption' do |name|
+        opts.on "-a", "--app-name NAME", "Application name to use when generating a new configuration. Default: symmetric-encryption" do |name|
           @app_name = name
         end
 
-        opts.on '-S', '--environments ENVIRONMENTS', 'Comma separated list of environments for which to generate the config file. Default: development,test,release,production' do |environments|
-          @environments = environments.split(',').collect(&:strip).collect(&:to_sym)
+        opts.on "-S", "--environments ENVIRONMENTS", "Comma separated list of environments for which to generate the config file. Default: development,test,release,production" do |environments|
+          @environments = environments.split(",").collect(&:strip).collect(&:to_sym)
         end
 
-        opts.on '-C', '--cipher-name NAME', 'Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc' do |name|
+        opts.on "-C", "--cipher-name NAME", "Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc" do |name|
           @cipher_name = name
         end
 
-        opts.on '-R', '--rotate-keys', 'Generates a new encryption key version, encryption key files, and updates the configuration file.' do
+        opts.on "-R", "--rotate-keys", "Generates a new encryption key version, encryption key files, and updates the configuration file." do
           @rotate_keys = true
         end
 
-        opts.on '-U', '--rotate-kek', 'Replace the existing key encrypting keys only, the data encryption key is not changed, and updates the configuration file.' do
+        opts.on "-U", "--rotate-kek", "Replace the existing key encrypting keys only, the data encryption key is not changed, and updates the configuration file." do
           @rotate_kek = true
         end
 
-        opts.on '-D', '--rolling-deploy', 'During key rotation, support a rolling deploy by placing the new key second in the list so that it is not activated yet.' do
+        opts.on "-D", "--rolling-deploy", "During key rotation, support a rolling deploy by placing the new key second in the list so that it is not activated yet." do
           @rolling_deploy = true
         end
 
-        opts.on '-A', '--activate-key', 'Activates the key by moving the key with the highest version to the top.' do
+        opts.on "-A", "--activate-key", "Activates the key by moving the key with the highest version to the top." do
           @activate_key = true
         end
 
-        opts.on '-X', '--cleanup-keys', 'Removes all encryption keys, except the one with the highest version from the configuration file.' do
+        opts.on "-X", "--cleanup-keys", "Removes all encryption keys, except the one with the highest version from the configuration file." do
           @cleanup_keys = true
         end
 
-        opts.on '-V', '--key-version NUMBER', 'Encryption key version to use when encrypting or re-encrypting. Default: (Current global version).' do |number|
+        opts.on "-V", "--key-version NUMBER", "Encryption key version to use when encrypting or re-encrypting. Default: (Current global version)." do |number|
           @version = number.to_i
         end
 
-        opts.on '-L', '--ciphers', 'List available OpenSSL ciphers.' do
+        opts.on "-L", "--ciphers", "List available OpenSSL ciphers." do
           puts "OpenSSL v#{OpenSSL::VERSION}. Available Ciphers:"
           puts OpenSSL::Cipher.ciphers.join("\n")
           exit
         end
 
-        opts.on '-v', '--version', 'Display Symmetric Encryption version.' do
+        opts.on "-v", "--version", "Display Symmetric Encryption version." do
           @show_version = true
         end
 
-        opts.on('-h', '--help', 'Prints this help.') do
+        opts.on("-h", "--help", "Prints this help.") do
           puts opts
           exit
         end
@@ -212,7 +212,7 @@ module SymmetricEncryption
 
       config_file_does_not_exist!
       self.environments ||= %i[development test release production]
-      args                = {
+      args = {
         app_name:     app_name,
         environments: environments,
         cipher_name:  cipher_name
@@ -255,7 +255,7 @@ module SymmetricEncryption
         next if environments && !environments.include?(env.to_sym)
         next unless ciphers = cfg[:ciphers]
 
-        highest             = ciphers.max_by { |i| i[:version] }
+        highest = ciphers.max_by { |i| i[:version] }
         ciphers.clear
         ciphers << highest
       end
@@ -270,7 +270,7 @@ module SymmetricEncryption
         next if environments && !environments.include?(env.to_sym)
         next unless ciphers = cfg[:ciphers]
 
-        highest             = ciphers.max_by { |i| i[:version] }
+        highest = ciphers.max_by { |i| i[:version] }
         ciphers.delete(highest)
         ciphers.unshift(highest)
       end
@@ -289,22 +289,22 @@ module SymmetricEncryption
 
     def decrypt_string
       begin
-        require 'highline'
+        require "highline"
       rescue LoadError
         puts("\nPlease install gem highline before using the command line task to decrypt an entered string.\n   gem install \"highline\"\n\n")
         exit(-2)
       end
 
-      encrypted = HighLine.new.ask('Enter the value to decrypt:')
+      encrypted = HighLine.new.ask("Enter the value to decrypt:")
       text      = SymmetricEncryption.cipher(version).decrypt(encrypted)
 
       puts("\n\nEncrypted: #{encrypted}")
-      output_file_name ? File.open(output_file_name, 'wb') { |f| f << text } : puts("Decrypted: #{text}\n\n")
+      output_file_name ? File.open(output_file_name, "wb") { |f| f << text } : puts("Decrypted: #{text}\n\n")
     end
 
     def encrypt_string
       begin
-        require 'highline'
+        require "highline"
       rescue LoadError
         puts("\nPlease install gem highline before using the command line task to encrypt an entered string.\n   gem install \"highline\"\n\n")
         exit(-2)
@@ -313,14 +313,14 @@ module SymmetricEncryption
       value2 = 0
 
       while value1 != value2
-        value1 = HighLine.new.ask('Enter the value to encrypt:') { |q| q.echo = '*' }
-        value2 = HighLine.new.ask('Re-enter the value to encrypt:') { |q| q.echo = '*' }
+        value1 = HighLine.new.ask("Enter the value to encrypt:") { |q| q.echo = "*" }
+        value2 = HighLine.new.ask("Re-enter the value to encrypt:") { |q| q.echo = "*" }
 
-        puts('Values do not match, please try again') if value1 != value2
+        puts("Values do not match, please try again") if value1 != value2
       end
       compress  = false if compress.nil?
       encrypted = SymmetricEncryption.cipher(version).encrypt(value1, compress: compress)
-      output_file_name ? File.open(output_file_name, 'wb') { |f| f << encrypted } : puts("\n\nEncrypted: #{encrypted}\n\n")
+      output_file_name ? File.open(output_file_name, "wb") { |f| f << encrypted } : puts("\n\nEncrypted: #{encrypted}\n\n")
     end
 
     def gen_random_password(size)
@@ -328,7 +328,7 @@ module SymmetricEncryption
       puts("\nGenerated Password: #{p}")
       encrypted = SymmetricEncryption.encrypt(p)
       puts("Encrypted: #{encrypted}\n\n")
-      File.open(output_file_name, 'wb') { |f| f << encrypted } if output_file_name
+      File.open(output_file_name, "wb") { |f| f << encrypted } if output_file_name
     end
 
     def current_version