symmetric-encryption 4.3.1 → 4.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Rakefile +9 -9
- data/bin/symmetric-encryption +1 -1
- data/lib/symmetric-encryption.rb +1 -1
- data/lib/symmetric_encryption.rb +9 -9
- data/lib/symmetric_encryption/active_record/attr_encrypted.rb +1 -1
- data/lib/symmetric_encryption/cipher.rb +14 -10
- data/lib/symmetric_encryption/cli.rb +51 -51
- data/lib/symmetric_encryption/coerce.rb +3 -3
- data/lib/symmetric_encryption/config.rb +27 -26
- data/lib/symmetric_encryption/core.rb +22 -22
- data/lib/symmetric_encryption/encoder.rb +8 -8
- data/lib/symmetric_encryption/generator.rb +7 -3
- data/lib/symmetric_encryption/header.rb +12 -12
- data/lib/symmetric_encryption/key.rb +1 -1
- data/lib/symmetric_encryption/keystore.rb +20 -20
- data/lib/symmetric_encryption/keystore/aws.rb +6 -6
- data/lib/symmetric_encryption/keystore/environment.rb +4 -4
- data/lib/symmetric_encryption/keystore/file.rb +17 -3
- data/lib/symmetric_encryption/keystore/gcp.rb +6 -6
- data/lib/symmetric_encryption/keystore/heroku.rb +1 -1
- data/lib/symmetric_encryption/keystore/memory.rb +1 -1
- data/lib/symmetric_encryption/railtie.rb +6 -6
- data/lib/symmetric_encryption/railties/mongoid_encrypted.rb +3 -3
- data/lib/symmetric_encryption/railties/symmetric_encryption_validator.rb +1 -1
- data/lib/symmetric_encryption/reader.rb +13 -13
- data/lib/symmetric_encryption/rsa_key.rb +1 -1
- data/lib/symmetric_encryption/symmetric_encryption.rb +23 -17
- data/lib/symmetric_encryption/utils/aws.rb +8 -8
- data/lib/symmetric_encryption/utils/files.rb +3 -3
- data/lib/symmetric_encryption/utils/re_encrypt_files.rb +5 -5
- data/lib/symmetric_encryption/version.rb +1 -1
- data/lib/symmetric_encryption/writer.rb +17 -11
- metadata +3 -3
|
@@ -6,7 +6,7 @@ module SymmetricEncryption
|
|
|
6
6
|
attr_reader :file_name
|
|
7
7
|
|
|
8
8
|
def read_file_and_decode(file_name)
|
|
9
|
-
raise(SymmetricEncryption::ConfigError,
|
|
9
|
+
raise(SymmetricEncryption::ConfigError, "file_name is mandatory for each key_file entry") unless file_name
|
|
10
10
|
|
|
11
11
|
raise(SymmetricEncryption::ConfigError, "File #{file_name} could not be found") unless ::File.exist?(file_name)
|
|
12
12
|
|
|
@@ -31,12 +31,12 @@ module SymmetricEncryption
|
|
|
31
31
|
key_path = ::File.dirname(file_name)
|
|
32
32
|
::FileUtils.mkdir_p(key_path) unless ::File.directory?(key_path)
|
|
33
33
|
::File.rename(file_name, "#{file_name}.#{Time.now.to_i}") if ::File.exist?(file_name)
|
|
34
|
-
::File.open(file_name,
|
|
34
|
+
::File.open(file_name, "wb", 0o600) { |file| file.write(data) }
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
# Read from the file, raising an exception if it is not found
|
|
38
38
|
def read_from_file(file_name)
|
|
39
|
-
::File.open(file_name,
|
|
39
|
+
::File.open(file_name, "rb", &:read)
|
|
40
40
|
rescue Errno::ENOENT
|
|
41
41
|
raise(SymmetricEncryption::ConfigError, "Symmetric Encryption key file: '#{file_name}' not found or readable")
|
|
42
42
|
end
|
|
@@ -55,21 +55,21 @@ module SymmetricEncryption
|
|
|
55
55
|
lines = File.read(file_name)
|
|
56
56
|
hits, output_lines = re_encrypt_lines(lines)
|
|
57
57
|
|
|
58
|
-
File.open(file_name,
|
|
58
|
+
File.open(file_name, "wb") { |file| file.write(output_lines) } if hits.positive?
|
|
59
59
|
hits
|
|
60
60
|
end
|
|
61
61
|
|
|
62
62
|
# Replaces instances of encrypted data within lines of text with re-encrypted values
|
|
63
63
|
def re_encrypt_lines(lines)
|
|
64
64
|
hits = 0
|
|
65
|
-
output_lines =
|
|
65
|
+
output_lines = ""
|
|
66
66
|
r = regexp
|
|
67
67
|
lines.each_line do |line|
|
|
68
68
|
line.force_encoding(SymmetricEncryption::UTF8_ENCODING)
|
|
69
69
|
output_lines <<
|
|
70
70
|
if line.valid_encoding? && (result = line.match(r))
|
|
71
|
-
encrypted
|
|
72
|
-
new_value
|
|
71
|
+
encrypted = result[0]
|
|
72
|
+
new_value = re_encrypt(encrypted)
|
|
73
73
|
if new_value != encrypted
|
|
74
74
|
hits += 1
|
|
75
75
|
line.gsub(encrypted, new_value)
|
|
@@ -133,7 +133,7 @@ module SymmetricEncryption
|
|
|
133
133
|
# Returns [Integer] encrypted file key version.
|
|
134
134
|
# Returns [nil] if the file is not encrypted or does not have a header.
|
|
135
135
|
def encrypted_file_version(file_name)
|
|
136
|
-
::File.open(file_name,
|
|
136
|
+
::File.open(file_name, "rb") do |file|
|
|
137
137
|
reader = SymmetricEncryption::Reader.new(file)
|
|
138
138
|
reader.version if reader.header_present?
|
|
139
139
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "openssl"
|
|
2
2
|
|
|
3
3
|
module SymmetricEncryption
|
|
4
4
|
# Write to encrypted files and other IO streams.
|
|
@@ -49,7 +49,7 @@ module SymmetricEncryption
|
|
|
49
49
|
# end
|
|
50
50
|
def self.open(file_name_or_stream, compress: nil, **args)
|
|
51
51
|
if file_name_or_stream.is_a?(String)
|
|
52
|
-
file_name_or_stream = ::File.open(file_name_or_stream,
|
|
52
|
+
file_name_or_stream = ::File.open(file_name_or_stream, "wb")
|
|
53
53
|
compress = !(/\.(zip|gz|gzip|xls.|)\z/i === file_name_or_stream) if compress.nil?
|
|
54
54
|
else
|
|
55
55
|
compress = true if compress.nil?
|
|
@@ -97,15 +97,21 @@ module SymmetricEncryption
|
|
|
97
97
|
def initialize(ios, version: nil, cipher_name: nil, header: true, random_key: true, random_iv: true, compress: false)
|
|
98
98
|
# Compress is only used at this point for setting the flag in the header
|
|
99
99
|
@ios = ios
|
|
100
|
-
raise(ArgumentError,
|
|
101
|
-
|
|
100
|
+
raise(ArgumentError, "When :random_key is true, :random_iv must also be true") if random_key && !random_iv
|
|
101
|
+
if cipher_name && !random_key && !random_iv
|
|
102
|
+
raise(ArgumentError, "Cannot supply a :cipher_name unless both :random_key and :random_iv are true")
|
|
103
|
+
end
|
|
102
104
|
|
|
103
105
|
# Cipher to encrypt the random_key, or the entire file
|
|
104
106
|
cipher = SymmetricEncryption.cipher(version)
|
|
105
|
-
|
|
107
|
+
unless cipher
|
|
108
|
+
raise(SymmetricEncryption::CipherError, "Cipher with version:#{version} not found in any of the configured SymmetricEncryption ciphers")
|
|
109
|
+
end
|
|
106
110
|
|
|
107
111
|
# Force header if compressed or using random iv, key
|
|
108
|
-
|
|
112
|
+
if (header == true) || compress || random_key || random_iv
|
|
113
|
+
header = Header.new(version: cipher.version, compress: compress, cipher_name: cipher_name)
|
|
114
|
+
end
|
|
109
115
|
|
|
110
116
|
@stream_cipher = ::OpenSSL::Cipher.new(cipher_name || cipher.cipher_name)
|
|
111
117
|
@stream_cipher.encrypt
|
|
@@ -158,8 +164,8 @@ module SymmetricEncryption
|
|
|
158
164
|
def write(data)
|
|
159
165
|
return unless data
|
|
160
166
|
|
|
161
|
-
bytes
|
|
162
|
-
@size
|
|
167
|
+
bytes = data.to_s
|
|
168
|
+
@size += bytes.size
|
|
163
169
|
partial = @stream_cipher.update(bytes)
|
|
164
170
|
@ios.write(partial) unless partial.empty?
|
|
165
171
|
data.length
|
|
@@ -168,9 +174,9 @@ module SymmetricEncryption
|
|
|
168
174
|
def write(data)
|
|
169
175
|
return unless data
|
|
170
176
|
|
|
171
|
-
bytes
|
|
172
|
-
@size
|
|
173
|
-
partial = @stream_cipher.update(bytes, @cipher_buffer ||=
|
|
177
|
+
bytes = data.to_s
|
|
178
|
+
@size += bytes.size
|
|
179
|
+
partial = @stream_cipher.update(bytes, @cipher_buffer ||= "".b)
|
|
174
180
|
@ios.write(partial) unless partial.empty?
|
|
175
181
|
data.length
|
|
176
182
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: symmetric-encryption
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.3.
|
|
4
|
+
version: 4.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Reid Morrison
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-04-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: coercible
|
|
@@ -87,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
87
87
|
- !ruby/object:Gem::Version
|
|
88
88
|
version: '0'
|
|
89
89
|
requirements: []
|
|
90
|
-
rubygems_version: 3.
|
|
90
|
+
rubygems_version: 3.1.2
|
|
91
91
|
signing_key:
|
|
92
92
|
specification_version: 4
|
|
93
93
|
summary: Encrypt ActiveRecord and Mongoid attributes, files and passwords in configuration
|