symmetric-encryption 4.3.1 → 4.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +9 -9
  3. data/bin/symmetric-encryption +1 -1
  4. data/lib/symmetric-encryption.rb +1 -1
  5. data/lib/symmetric_encryption.rb +9 -9
  6. data/lib/symmetric_encryption/active_record/attr_encrypted.rb +1 -1
  7. data/lib/symmetric_encryption/cipher.rb +14 -10
  8. data/lib/symmetric_encryption/cli.rb +51 -51
  9. data/lib/symmetric_encryption/coerce.rb +3 -3
  10. data/lib/symmetric_encryption/config.rb +27 -26
  11. data/lib/symmetric_encryption/core.rb +22 -22
  12. data/lib/symmetric_encryption/encoder.rb +8 -8
  13. data/lib/symmetric_encryption/generator.rb +7 -3
  14. data/lib/symmetric_encryption/header.rb +12 -12
  15. data/lib/symmetric_encryption/key.rb +1 -1
  16. data/lib/symmetric_encryption/keystore.rb +20 -20
  17. data/lib/symmetric_encryption/keystore/aws.rb +6 -6
  18. data/lib/symmetric_encryption/keystore/environment.rb +4 -4
  19. data/lib/symmetric_encryption/keystore/file.rb +17 -3
  20. data/lib/symmetric_encryption/keystore/gcp.rb +6 -6
  21. data/lib/symmetric_encryption/keystore/heroku.rb +1 -1
  22. data/lib/symmetric_encryption/keystore/memory.rb +1 -1
  23. data/lib/symmetric_encryption/railtie.rb +6 -6
  24. data/lib/symmetric_encryption/railties/mongoid_encrypted.rb +3 -3
  25. data/lib/symmetric_encryption/railties/symmetric_encryption_validator.rb +1 -1
  26. data/lib/symmetric_encryption/reader.rb +13 -13
  27. data/lib/symmetric_encryption/rsa_key.rb +1 -1
  28. data/lib/symmetric_encryption/symmetric_encryption.rb +23 -17
  29. data/lib/symmetric_encryption/utils/aws.rb +8 -8
  30. data/lib/symmetric_encryption/utils/files.rb +3 -3
  31. data/lib/symmetric_encryption/utils/re_encrypt_files.rb +5 -5
  32. data/lib/symmetric_encryption/version.rb +1 -1
  33. data/lib/symmetric_encryption/writer.rb +17 -11
  34. metadata +3 -3
@@ -1,4 +1,4 @@
1
- require 'aws-sdk-kms'
1
+ require "aws-sdk-kms"
2
2
  module SymmetricEncryption
3
3
  module Keystore
4
4
  # Support AWS Key Management Service (KMS)
@@ -82,12 +82,12 @@ module SymmetricEncryption
82
82
  # TODO: Also support generating environment variables instead of files.
83
83
 
84
84
  version >= 255 ? (version = 1) : (version += 1)
85
- regions = Array(regions).dup
85
+ regions = Array(regions).dup
86
86
 
87
87
  master_key_alias = master_key_alias(app_name, environment)
88
88
 
89
89
  # File per region for holding the encrypted data key
90
- key_files = regions.collect do |region|
90
+ key_files = regions.collect do |region|
91
91
  file_name = "#{app_name}_#{environment}_#{region}_v#{version}.encrypted_key"
92
92
  {region: region, file_name: ::File.join(key_path, file_name)}
93
93
  end
@@ -119,9 +119,9 @@ module SymmetricEncryption
119
119
  def initialize(region: nil, key_files:, master_key_alias:, key_encrypting_key: nil)
120
120
  @key_files = key_files
121
121
  @master_key_alias = master_key_alias
122
- @region = region || ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION'] || ::Aws.config[:region]
122
+ @region = region || ENV["AWS_REGION"] || ENV["AWS_DEFAULT_REGION"] || ::Aws.config[:region]
123
123
  if key_encrypting_key
124
- raise(SymmetricEncryption::ConfigError, 'AWS KMS keystore encrypts the key itself, so does not support supplying a key_encrypting_key')
124
+ raise(SymmetricEncryption::ConfigError, "AWS KMS keystore encrypts the key itself, so does not support supplying a key_encrypting_key")
125
125
  end
126
126
  end
127
127
 
@@ -143,7 +143,7 @@ module SymmetricEncryption
143
143
  region = key_file[:region]
144
144
  file_name = key_file[:file_name]
145
145
 
146
- raise(ArgumentError, 'region and file_name are mandatory for each key_file entry') unless region && file_name
146
+ raise(ArgumentError, "region and file_name are mandatory for each key_file entry") unless region && file_name
147
147
 
148
148
  encrypted_data_key = aws(region).encrypt(data_key)
149
149
  write_encoded_to_file(file_name, encrypted_data_key)
@@ -10,10 +10,10 @@ module SymmetricEncryption
10
10
  def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args)
11
11
  version >= 255 ? (version = 1) : (version += 1)
12
12
 
13
- kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
13
+ kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
14
14
  dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
15
15
 
16
- key_env_var = "#{app_name}_#{environment}_v#{version}".upcase.tr('-', '_')
16
+ key_env_var = "#{app_name}_#{environment}_v#{version}".upcase.tr("-", "_")
17
17
  new(key_env_var: key_env_var, key_encrypting_key: kek).write(dek.key)
18
18
 
19
19
  {
@@ -50,9 +50,9 @@ module SymmetricEncryption
50
50
  def write(key)
51
51
  encrypted_key = key_encrypting_key.encrypt(key)
52
52
  puts "\n\n********************************************************************************"
53
- puts 'Set the environment variable as follows:'
53
+ puts "Set the environment variable as follows:"
54
54
  puts " export #{key_env_var}=\"#{encoder.encode(encrypted_key)}\""
55
- puts '********************************************************************************'
55
+ puts "********************************************************************************"
56
56
  end
57
57
 
58
58
  private
@@ -2,6 +2,7 @@ module SymmetricEncryption
2
2
  module Keystore
3
3
  class File
4
4
  include Utils::Files
5
+ ALLOWED_PERMISSIONS = %w[100600 100400].freeze
5
6
 
6
7
  attr_accessor :file_name, :key_encrypting_key
7
8
 
@@ -12,7 +13,7 @@ module SymmetricEncryption
12
13
  version >= 255 ? (version = 1) : (version += 1)
13
14
 
14
15
  dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
15
- kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
16
+ kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
16
17
  kekek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
17
18
 
18
19
  dek_file_name = ::File.join(key_path, "#{app_name}_#{environment}_v#{version}.encrypted_key")
@@ -56,6 +57,13 @@ module SymmetricEncryption
56
57
  "Symmetric Encryption key file '#{file_name}' has the wrong "\
57
58
  "permissions: #{::File.stat(file_name).mode.to_s(8)}. Expected 100600 or 100400.")
58
59
  end
60
+ unless owned?
61
+ raise(SymmetricEncryption::ConfigError,
62
+ "Symmetric Encryption key file '#{file_name}' has the wrong "\
63
+ "owner (#{stat.uid}) or group (#{stat.gid}). "\
64
+ "Expected it to be owned by current user "\
65
+ "#{ENV['USER'] || ENV['USERNAME']}.")
66
+ end
59
67
 
60
68
  data = read_from_file(file_name)
61
69
  key_encrypting_key ? key_encrypting_key.decrypt(data) : data
@@ -73,9 +81,15 @@ module SymmetricEncryption
73
81
  # has the correct mode - readable and writable by its owner and no one
74
82
  # else, much like the keys one has in ~/.ssh
75
83
  def correct_permissions?
76
- stat = ::File.stat(file_name)
84
+ ALLOWED_PERMISSIONS.include?(stat.mode.to_s(8))
85
+ end
86
+
87
+ def owned?
88
+ stat.owned?
89
+ end
77
90
 
78
- stat.owned? && %w[100600 100400].include?(stat.mode.to_s(8))
91
+ def stat
92
+ ::File.stat(file_name)
79
93
  end
80
94
  end
81
95
  end
@@ -1,4 +1,4 @@
1
- require 'google/cloud/kms/v1'
1
+ require "google/cloud/kms/v1"
2
2
 
3
3
  module SymmetricEncryption
4
4
  module Keystore
@@ -68,21 +68,21 @@ module SymmetricEncryption
68
68
  end
69
69
 
70
70
  def project_id
71
- @project_id ||= ENV['GOOGLE_CLOUD_PROJECT']
72
- raise 'GOOGLE_CLOUD_PROJECT must be set' if @project_id.nil?
71
+ @project_id ||= ENV["GOOGLE_CLOUD_PROJECT"]
72
+ raise "GOOGLE_CLOUD_PROJECT must be set" if @project_id.nil?
73
73
 
74
74
  @project_id
75
75
  end
76
76
 
77
77
  def credentials
78
- @credentials ||= ENV['GOOGLE_CLOUD_KEYFILE']
79
- raise 'GOOGLE_CLOUD_KEYFILE must be set' if @credentials.nil?
78
+ @credentials ||= ENV["GOOGLE_CLOUD_KEYFILE"]
79
+ raise "GOOGLE_CLOUD_KEYFILE must be set" if @credentials.nil?
80
80
 
81
81
  @credentials
82
82
  end
83
83
 
84
84
  def location_id
85
- @location_id ||= ENV['GOOGLE_CLOUD_LOCATION'] || 'global'
85
+ @location_id ||= ENV["GOOGLE_CLOUD_LOCATION"] || "global"
86
86
  end
87
87
  end
88
88
  end
@@ -15,7 +15,7 @@ module SymmetricEncryption
15
15
  puts "\n\n********************************************************************************"
16
16
  puts "Add the environment key to Heroku:\n\n"
17
17
  puts " heroku config:add #{key_env_var}=#{encoder.encode(encrypted_key)}"
18
- puts '********************************************************************************'
18
+ puts "********************************************************************************"
19
19
  end
20
20
  end
21
21
  end
@@ -15,7 +15,7 @@ module SymmetricEncryption
15
15
  def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args)
16
16
  version >= 255 ? (version = 1) : (version += 1)
17
17
 
18
- kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
18
+ kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
19
19
  dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
20
20
 
21
21
  encrypted_key = new(key_encrypting_key: kek).write(dek.key)
@@ -29,19 +29,19 @@ module SymmetricEncryption #:nodoc:
29
29
  config.before_configuration do
30
30
  # Check if already configured
31
31
  unless ::SymmetricEncryption.cipher?
32
- parent_method = Module.method_defined?(:module_parent) ? 'module_parent' : 'parent'
33
- app_name = Rails::Application.subclasses.first.send(parent_method).to_s.underscore
34
- env_var = ENV['SYMMETRIC_ENCRYPTION_CONFIG']
35
- config_file =
32
+ parent_method = Module.method_defined?(:module_parent) ? "module_parent" : "parent"
33
+ app_name = Rails::Application.subclasses.first.send(parent_method).to_s.underscore
34
+ env_var = ENV["SYMMETRIC_ENCRYPTION_CONFIG"]
35
+ config_file =
36
36
  if env_var
37
37
  Pathname.new(File.expand_path(env_var))
38
38
  else
39
- Rails.root.join('config', 'symmetric-encryption.yml')
39
+ Rails.root.join("config", "symmetric-encryption.yml")
40
40
  end
41
41
 
42
42
  if config_file.file?
43
43
  begin
44
- ::SymmetricEncryption::Config.load!(file_name: config_file, env: ENV['SYMMETRIC_ENCRYPTION_ENV'] || Rails.env)
44
+ ::SymmetricEncryption::Config.load!(file_name: config_file, env: ENV["SYMMETRIC_ENCRYPTION_ENV"] || Rails.env)
45
45
  rescue ArgumentError => e
46
46
  puts "\nSymmetric Encryption not able to read keys."
47
47
  puts "#{e.class.name} #{e.message}"
@@ -1,4 +1,4 @@
1
- require 'mongoid'
1
+ require "mongoid"
2
2
  # Add :encrypted option for Mongoid models
3
3
  #
4
4
  # Example:
@@ -95,8 +95,8 @@ Mongoid::Fields.option :encrypted do |model, field, options|
95
95
 
96
96
  # Support overriding the name of the decrypted attribute
97
97
  decrypted_field_name = options.delete(:decrypt_as)
98
- if decrypted_field_name.nil? && encrypted_field_name.to_s.start_with?('encrypted_')
99
- decrypted_field_name = encrypted_field_name.to_s['encrypted_'.length..-1]
98
+ if decrypted_field_name.nil? && encrypted_field_name.to_s.start_with?("encrypted_")
99
+ decrypted_field_name = encrypted_field_name.to_s["encrypted_".length..-1]
100
100
  end
101
101
 
102
102
  if decrypted_field_name.nil?
@@ -15,6 +15,6 @@ class SymmetricEncryptionValidator < ActiveModel::EachValidator
15
15
  def validate_each(record, attribute, value)
16
16
  return if value.blank? || SymmetricEncryption.encrypted?(value)
17
17
 
18
- record.errors.add(attribute, 'must be a value encrypted using SymmetricEncryption.encrypt')
18
+ record.errors.add(attribute, "must be a value encrypted using SymmetricEncryption.encrypt")
19
19
  end
20
20
  end
@@ -1,4 +1,4 @@
1
- require 'openssl'
1
+ require "openssl"
2
2
 
3
3
  module SymmetricEncryption
4
4
  # Read from encrypted files and other IO streams
@@ -60,7 +60,7 @@ module SymmetricEncryption
60
60
  # csv.close if csv
61
61
  # end
62
62
  def self.open(file_name_or_stream, buffer_size: 16_384, **args, &block)
63
- ios = file_name_or_stream.is_a?(String) ? ::File.open(file_name_or_stream, 'rb') : file_name_or_stream
63
+ ios = file_name_or_stream.is_a?(String) ? ::File.open(file_name_or_stream, "rb") : file_name_or_stream
64
64
 
65
65
  begin
66
66
  file = new(ios, buffer_size: buffer_size, **args)
@@ -104,7 +104,7 @@ module SymmetricEncryption
104
104
 
105
105
  # Returns [true|false] whether the file contains the encryption header
106
106
  def self.header_present?(file_name)
107
- ::File.open(file_name, 'rb') { |file| new(file).header_present? }
107
+ ::File.open(file_name, "rb") { |file| new(file).header_present? }
108
108
  end
109
109
 
110
110
  # After opening a file Returns [true|false] whether the file being
@@ -120,9 +120,9 @@ module SymmetricEncryption
120
120
  @version = version
121
121
  @header_present = false
122
122
  @closed = false
123
- @read_buffer = ''.b
123
+ @read_buffer = "".b
124
124
 
125
- raise(ArgumentError, 'Buffer size cannot be smaller than 128') unless @buffer_size >= 128
125
+ raise(ArgumentError, "Buffer size cannot be smaller than 128") unless @buffer_size >= 128
126
126
 
127
127
  read_header
128
128
  end
@@ -185,10 +185,10 @@ module SymmetricEncryption
185
185
  # At end of file, it returns nil if no more data is available, or the last
186
186
  # remaining bytes
187
187
  def read(length = nil, outbuf = nil)
188
- data = outbuf.to_s.clear
188
+ data = outbuf.nil? ? "" : outbuf.clear
189
189
  remaining_length = length
190
190
 
191
- until remaining_length == 0 || eof?
191
+ until remaining_length&.zero? || eof?
192
192
  read_block(remaining_length) if @read_buffer.empty?
193
193
 
194
194
  if remaining_length && remaining_length < @read_buffer.length
@@ -209,7 +209,7 @@ module SymmetricEncryption
209
209
  # Raises EOFError on eof
210
210
  # The stream must be opened for reading or an IOError will be raised.
211
211
  def readline(sep_string = "\n")
212
- gets(sep_string) || raise(EOFError, 'End of file reached when trying to read a line')
212
+ gets(sep_string) || raise(EOFError, "End of file reached when trying to read a line")
213
213
  end
214
214
 
215
215
  # Reads a single decrypted line from the file up to and including the optional sep_string.
@@ -226,8 +226,8 @@ module SymmetricEncryption
226
226
  read_block
227
227
  end
228
228
  index ||= -1
229
- data = @read_buffer.slice!(0..index)
230
- @pos += data.length
229
+ data = @read_buffer.slice!(0..index)
230
+ @pos += data.length
231
231
  return nil if data.empty? && eof?
232
232
 
233
233
  data
@@ -310,7 +310,7 @@ module SymmetricEncryption
310
310
  @pos = 0
311
311
 
312
312
  # Read first block and check for the header
313
- buf = @ios.read(@buffer_size, @output_buffer ||= ''.b)
313
+ buf = @ios.read(@buffer_size, @output_buffer ||= "".b)
314
314
 
315
315
  # Use cipher specified in header, or global cipher if it has no header
316
316
  iv, key, cipher_name, cipher = nil
@@ -340,7 +340,7 @@ module SymmetricEncryption
340
340
 
341
341
  # Read a block of data and append the decrypted data in the read buffer
342
342
  def read_block(length = nil)
343
- buf = @ios.read(length || @buffer_size, @output_buffer ||= ''.b)
343
+ buf = @ios.read(length || @buffer_size, @output_buffer ||= "".b)
344
344
  decrypt(buf)
345
345
  end
346
346
 
@@ -356,7 +356,7 @@ module SymmetricEncryption
356
356
  def decrypt(buf)
357
357
  return if buf.nil? || buf.empty?
358
358
 
359
- @read_buffer << @stream_cipher.update(buf, @cipher_buffer ||= ''.b)
359
+ @read_buffer << @stream_cipher.update(buf, @cipher_buffer ||= "".b)
360
360
  @read_buffer << @stream_cipher.final if @ios.eof?
361
361
  end
362
362
  end
@@ -1,4 +1,4 @@
1
- require 'openssl'
1
+ require "openssl"
2
2
  module SymmetricEncryption
3
3
  # DEPRECATED - Internal use only
4
4
  class RSAKey
@@ -1,8 +1,8 @@
1
- require 'base64'
2
- require 'openssl'
3
- require 'zlib'
4
- require 'yaml'
5
- require 'erb'
1
+ require "base64"
2
+ require "openssl"
3
+ require "zlib"
4
+ require "yaml"
5
+ require "erb"
6
6
 
7
7
  # Encrypt using 256 Bit AES CBC symmetric key and initialization vector
8
8
  # The symmetric key is protected using the private key below and must
@@ -32,7 +32,9 @@ module SymmetricEncryption
32
32
  # cipher: 'aes-128-cbc'
33
33
  # )
34
34
  def self.cipher=(cipher)
35
- raise(ArgumentError, 'Cipher must respond to :encrypt and :decrypt') unless cipher.nil? || (cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt))
35
+ unless cipher.nil? || (cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt))
36
+ raise(ArgumentError, "Cipher must respond to :encrypt and :decrypt")
37
+ end
36
38
 
37
39
  @cipher = cipher
38
40
  end
@@ -45,7 +47,7 @@ module SymmetricEncryption
45
47
  unless cipher?
46
48
  raise(
47
49
  SymmetricEncryption::ConfigError,
48
- 'Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data'
50
+ "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data"
49
51
  )
50
52
  end
51
53
 
@@ -61,10 +63,12 @@ module SymmetricEncryption
61
63
 
62
64
  # Set the Secondary Symmetric Ciphers Array to be used
63
65
  def self.secondary_ciphers=(secondary_ciphers)
64
- raise(ArgumentError, 'secondary_ciphers must be a collection') unless secondary_ciphers.respond_to? :each
66
+ raise(ArgumentError, "secondary_ciphers must be a collection") unless secondary_ciphers.respond_to? :each
65
67
 
66
68
  secondary_ciphers.each do |cipher|
67
- raise(ArgumentError, 'secondary_ciphers can only consist of SymmetricEncryption::Ciphers') unless cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt)
69
+ unless cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt)
70
+ raise(ArgumentError, "secondary_ciphers can only consist of SymmetricEncryption::Ciphers")
71
+ end
68
72
  end
69
73
  @secondary_ciphers = secondary_ciphers
70
74
  end
@@ -121,7 +125,7 @@ module SymmetricEncryption
121
125
  # the incorrect key. Clearly the data returned is garbage, but it still
122
126
  # successfully returns a string of data
123
127
  def self.decrypt(encrypted_and_encoded_string, version: nil, type: :string)
124
- return encrypted_and_encoded_string if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == '')
128
+ return encrypted_and_encoded_string if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == "")
125
129
 
126
130
  str = encrypted_and_encoded_string.to_s
127
131
 
@@ -150,14 +154,16 @@ module SymmetricEncryption
150
154
  end
151
155
 
152
156
  # Try to force result to UTF-8 encoding, but if it is not valid, force it back to Binary
153
- decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING) unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
157
+ unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
158
+ decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING)
159
+ end
154
160
  Coerce.coerce_from_string(decrypted, type)
155
161
  end
156
162
 
157
163
  # Returns the header for the encrypted string
158
164
  # Returns [nil] if no header is present
159
165
  def self.header(encrypted_and_encoded_string)
160
- return if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == '')
166
+ return if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == "")
161
167
 
162
168
  # Decode before decrypting supplied string
163
169
  decoded = cipher.encoder.decode(encrypted_and_encoded_string.to_s)
@@ -212,7 +218,7 @@ module SymmetricEncryption
212
218
  # the coercible gem is available in the path.
213
219
  # Default: :string
214
220
  def self.encrypt(str, random_iv: SymmetricEncryption.randomize_iv?, compress: false, type: :string, header: cipher.always_add_header)
215
- return str if str.nil? || (str == '')
221
+ return str if str.nil? || (str == "")
216
222
 
217
223
  # Encrypt and then encode the supplied string
218
224
  cipher.encrypt(Coerce.coerce_to_string(str, type), random_iv: random_iv, compress: compress, header: header)
@@ -241,7 +247,7 @@ module SymmetricEncryption
241
247
  # * This method only works reliably when the encrypted data includes the symmetric encryption header.
242
248
  # * nil and '' are considered "encrypted" so that validations do not blow up on empty values.
243
249
  def self.encrypted?(encrypted_data)
244
- return false if encrypted_data.nil? || (encrypted_data == '')
250
+ return false if encrypted_data.nil? || (encrypted_data == "")
245
251
 
246
252
  @header ||= SymmetricEncryption.cipher.encoded_magic_header
247
253
  encrypted_data.to_s.start_with?(@header)
@@ -290,12 +296,12 @@ module SymmetricEncryption
290
296
 
291
297
  # Generate a Random password
292
298
  def self.random_password(size = 22)
293
- require 'securerandom' unless defined?(SecureRandom)
299
+ require "securerandom" unless defined?(SecureRandom)
294
300
  SecureRandom.urlsafe_base64(size)
295
301
  end
296
302
 
297
- BINARY_ENCODING = Encoding.find('binary')
298
- UTF8_ENCODING = Encoding.find('UTF-8')
303
+ BINARY_ENCODING = Encoding.find("binary")
304
+ UTF8_ENCODING = Encoding.find("UTF-8")
299
305
 
300
306
  # Defaults
301
307
  @cipher = nil
@@ -1,5 +1,5 @@
1
- require 'base64'
2
- require 'aws-sdk-kms'
1
+ require "base64"
2
+ require "aws-sdk-kms"
3
3
  module SymmetricEncryption
4
4
  module Utils
5
5
  # Wrap the AWS KMS client so that it automatically creates the Customer Master Key,
@@ -13,8 +13,8 @@ module SymmetricEncryption
13
13
 
14
14
  # TODO: Map to OpenSSL ciphers
15
15
  AWS_KEY_SPEC_MAP = {
16
- 'aes-256-cbc' => 'AES_256',
17
- 'aes-128-cbc' => 'AES_128'
16
+ "aes-256-cbc" => "AES_256",
17
+ "aes-128-cbc" => "AES_128"
18
18
  }.freeze
19
19
 
20
20
  # TODO: Move to Keystore::Aws
@@ -101,7 +101,7 @@ module SymmetricEncryption
101
101
  def whoami
102
102
  @whoami ||= `whoami`.strip
103
103
  rescue StandardError
104
- @whoami = 'unknown'
104
+ @whoami = "unknown"
105
105
  end
106
106
 
107
107
  # Creates a new Customer Master Key for Symmetric Encryption use.
@@ -109,10 +109,10 @@ module SymmetricEncryption
109
109
  # TODO: Add error handling and retry
110
110
 
111
111
  resp = client.create_key(
112
- description: 'Symmetric Encryption for Ruby Customer Masker Key',
112
+ description: "Symmetric Encryption for Ruby Customer Masker Key",
113
113
  tags: [
114
- {tag_key: 'CreatedAt', tag_value: Time.now.to_s},
115
- {tag_key: 'CreatedBy', tag_value: whoami}
114
+ {tag_key: "CreatedAt", tag_value: Time.now.to_s},
115
+ {tag_key: "CreatedBy", tag_value: whoami}
116
116
  ]
117
117
  )
118
118
  resp.key_metadata.key_id