symmetric-encryption 4.3.1 → 4.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Rakefile +9 -9
- data/bin/symmetric-encryption +1 -1
- data/lib/symmetric-encryption.rb +1 -1
- data/lib/symmetric_encryption.rb +9 -9
- data/lib/symmetric_encryption/active_record/attr_encrypted.rb +1 -1
- data/lib/symmetric_encryption/cipher.rb +14 -10
- data/lib/symmetric_encryption/cli.rb +51 -51
- data/lib/symmetric_encryption/coerce.rb +3 -3
- data/lib/symmetric_encryption/config.rb +27 -26
- data/lib/symmetric_encryption/core.rb +22 -22
- data/lib/symmetric_encryption/encoder.rb +8 -8
- data/lib/symmetric_encryption/generator.rb +7 -3
- data/lib/symmetric_encryption/header.rb +12 -12
- data/lib/symmetric_encryption/key.rb +1 -1
- data/lib/symmetric_encryption/keystore.rb +20 -20
- data/lib/symmetric_encryption/keystore/aws.rb +6 -6
- data/lib/symmetric_encryption/keystore/environment.rb +4 -4
- data/lib/symmetric_encryption/keystore/file.rb +17 -3
- data/lib/symmetric_encryption/keystore/gcp.rb +6 -6
- data/lib/symmetric_encryption/keystore/heroku.rb +1 -1
- data/lib/symmetric_encryption/keystore/memory.rb +1 -1
- data/lib/symmetric_encryption/railtie.rb +6 -6
- data/lib/symmetric_encryption/railties/mongoid_encrypted.rb +3 -3
- data/lib/symmetric_encryption/railties/symmetric_encryption_validator.rb +1 -1
- data/lib/symmetric_encryption/reader.rb +13 -13
- data/lib/symmetric_encryption/rsa_key.rb +1 -1
- data/lib/symmetric_encryption/symmetric_encryption.rb +23 -17
- data/lib/symmetric_encryption/utils/aws.rb +8 -8
- data/lib/symmetric_encryption/utils/files.rb +3 -3
- data/lib/symmetric_encryption/utils/re_encrypt_files.rb +5 -5
- data/lib/symmetric_encryption/version.rb +1 -1
- data/lib/symmetric_encryption/writer.rb +17 -11
- metadata +3 -3
@@ -6,7 +6,7 @@ module SymmetricEncryption
|
|
6
6
|
attr_reader :file_name
|
7
7
|
|
8
8
|
def read_file_and_decode(file_name)
|
9
|
-
raise(SymmetricEncryption::ConfigError,
|
9
|
+
raise(SymmetricEncryption::ConfigError, "file_name is mandatory for each key_file entry") unless file_name
|
10
10
|
|
11
11
|
raise(SymmetricEncryption::ConfigError, "File #{file_name} could not be found") unless ::File.exist?(file_name)
|
12
12
|
|
@@ -31,12 +31,12 @@ module SymmetricEncryption
|
|
31
31
|
key_path = ::File.dirname(file_name)
|
32
32
|
::FileUtils.mkdir_p(key_path) unless ::File.directory?(key_path)
|
33
33
|
::File.rename(file_name, "#{file_name}.#{Time.now.to_i}") if ::File.exist?(file_name)
|
34
|
-
::File.open(file_name,
|
34
|
+
::File.open(file_name, "wb", 0o600) { |file| file.write(data) }
|
35
35
|
end
|
36
36
|
|
37
37
|
# Read from the file, raising an exception if it is not found
|
38
38
|
def read_from_file(file_name)
|
39
|
-
::File.open(file_name,
|
39
|
+
::File.open(file_name, "rb", &:read)
|
40
40
|
rescue Errno::ENOENT
|
41
41
|
raise(SymmetricEncryption::ConfigError, "Symmetric Encryption key file: '#{file_name}' not found or readable")
|
42
42
|
end
|
@@ -55,21 +55,21 @@ module SymmetricEncryption
|
|
55
55
|
lines = File.read(file_name)
|
56
56
|
hits, output_lines = re_encrypt_lines(lines)
|
57
57
|
|
58
|
-
File.open(file_name,
|
58
|
+
File.open(file_name, "wb") { |file| file.write(output_lines) } if hits.positive?
|
59
59
|
hits
|
60
60
|
end
|
61
61
|
|
62
62
|
# Replaces instances of encrypted data within lines of text with re-encrypted values
|
63
63
|
def re_encrypt_lines(lines)
|
64
64
|
hits = 0
|
65
|
-
output_lines =
|
65
|
+
output_lines = ""
|
66
66
|
r = regexp
|
67
67
|
lines.each_line do |line|
|
68
68
|
line.force_encoding(SymmetricEncryption::UTF8_ENCODING)
|
69
69
|
output_lines <<
|
70
70
|
if line.valid_encoding? && (result = line.match(r))
|
71
|
-
encrypted
|
72
|
-
new_value
|
71
|
+
encrypted = result[0]
|
72
|
+
new_value = re_encrypt(encrypted)
|
73
73
|
if new_value != encrypted
|
74
74
|
hits += 1
|
75
75
|
line.gsub(encrypted, new_value)
|
@@ -133,7 +133,7 @@ module SymmetricEncryption
|
|
133
133
|
# Returns [Integer] encrypted file key version.
|
134
134
|
# Returns [nil] if the file is not encrypted or does not have a header.
|
135
135
|
def encrypted_file_version(file_name)
|
136
|
-
::File.open(file_name,
|
136
|
+
::File.open(file_name, "rb") do |file|
|
137
137
|
reader = SymmetricEncryption::Reader.new(file)
|
138
138
|
reader.version if reader.header_present?
|
139
139
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
require
|
1
|
+
require "openssl"
|
2
2
|
|
3
3
|
module SymmetricEncryption
|
4
4
|
# Write to encrypted files and other IO streams.
|
@@ -49,7 +49,7 @@ module SymmetricEncryption
|
|
49
49
|
# end
|
50
50
|
def self.open(file_name_or_stream, compress: nil, **args)
|
51
51
|
if file_name_or_stream.is_a?(String)
|
52
|
-
file_name_or_stream = ::File.open(file_name_or_stream,
|
52
|
+
file_name_or_stream = ::File.open(file_name_or_stream, "wb")
|
53
53
|
compress = !(/\.(zip|gz|gzip|xls.|)\z/i === file_name_or_stream) if compress.nil?
|
54
54
|
else
|
55
55
|
compress = true if compress.nil?
|
@@ -97,15 +97,21 @@ module SymmetricEncryption
|
|
97
97
|
def initialize(ios, version: nil, cipher_name: nil, header: true, random_key: true, random_iv: true, compress: false)
|
98
98
|
# Compress is only used at this point for setting the flag in the header
|
99
99
|
@ios = ios
|
100
|
-
raise(ArgumentError,
|
101
|
-
|
100
|
+
raise(ArgumentError, "When :random_key is true, :random_iv must also be true") if random_key && !random_iv
|
101
|
+
if cipher_name && !random_key && !random_iv
|
102
|
+
raise(ArgumentError, "Cannot supply a :cipher_name unless both :random_key and :random_iv are true")
|
103
|
+
end
|
102
104
|
|
103
105
|
# Cipher to encrypt the random_key, or the entire file
|
104
106
|
cipher = SymmetricEncryption.cipher(version)
|
105
|
-
|
107
|
+
unless cipher
|
108
|
+
raise(SymmetricEncryption::CipherError, "Cipher with version:#{version} not found in any of the configured SymmetricEncryption ciphers")
|
109
|
+
end
|
106
110
|
|
107
111
|
# Force header if compressed or using random iv, key
|
108
|
-
|
112
|
+
if (header == true) || compress || random_key || random_iv
|
113
|
+
header = Header.new(version: cipher.version, compress: compress, cipher_name: cipher_name)
|
114
|
+
end
|
109
115
|
|
110
116
|
@stream_cipher = ::OpenSSL::Cipher.new(cipher_name || cipher.cipher_name)
|
111
117
|
@stream_cipher.encrypt
|
@@ -158,8 +164,8 @@ module SymmetricEncryption
|
|
158
164
|
def write(data)
|
159
165
|
return unless data
|
160
166
|
|
161
|
-
bytes
|
162
|
-
@size
|
167
|
+
bytes = data.to_s
|
168
|
+
@size += bytes.size
|
163
169
|
partial = @stream_cipher.update(bytes)
|
164
170
|
@ios.write(partial) unless partial.empty?
|
165
171
|
data.length
|
@@ -168,9 +174,9 @@ module SymmetricEncryption
|
|
168
174
|
def write(data)
|
169
175
|
return unless data
|
170
176
|
|
171
|
-
bytes
|
172
|
-
@size
|
173
|
-
partial = @stream_cipher.update(bytes, @cipher_buffer ||=
|
177
|
+
bytes = data.to_s
|
178
|
+
@size += bytes.size
|
179
|
+
partial = @stream_cipher.update(bytes, @cipher_buffer ||= "".b)
|
174
180
|
@ios.write(partial) unless partial.empty?
|
175
181
|
data.length
|
176
182
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: symmetric-encryption
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.3.
|
4
|
+
version: 4.3.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Reid Morrison
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-04-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: coercible
|
@@ -87,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
87
87
|
- !ruby/object:Gem::Version
|
88
88
|
version: '0'
|
89
89
|
requirements: []
|
90
|
-
rubygems_version: 3.
|
90
|
+
rubygems_version: 3.1.2
|
91
91
|
signing_key:
|
92
92
|
specification_version: 4
|
93
93
|
summary: Encrypt ActiveRecord and Mongoid attributes, files and passwords in configuration
|