symmetric-encryption 4.3.2 → 4.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4054c7a61802055fd46d4effd1f3222369a1b46f23aeeadaae0322d392b7dcc1
4
- data.tar.gz: b367ad236ab6f52d97bf28425f1c7bb1fc824b1c573c6528adb276f842dd97ee
3
+ metadata.gz: cc6728652282c5b73acde1b45427e7dbce0092ceecc197a052f5364b83c53e28
4
+ data.tar.gz: dad8b275ffd46adf20d2b3f51c7673b79e1cc359750626d4207f203a207c14f0
5
5
  SHA512:
6
- metadata.gz: 2e0318de85ab6308c6dc7748d0096b18693d3b1cd8266ac7920a8033f9c220981b222a1d2e594bcd6f2d08700c40dbbc6e32159ab2b235b6f2b58ff5bb2dc4a2
7
- data.tar.gz: 5a29bd465b788a8e28e3f84435fb5d03355fcd9d31fded9d4700eea47cec1a02dd2675c84b36d72fe2e16a9ee4dbafa2b8b401519cebf58c17abaaf9741f9aae
6
+ metadata.gz: efd513c2c0b22b5252583a3d8207d89f907b695f6edf6c75d0f7a2c9177e8d32d5566d7228f36b7039318d4e72380f4cee4090048cf40f7bf50a492bf525fcc5
7
+ data.tar.gz: bac21c5250923fd85134cc3a59e220ec2c87c85e4dc7f4efef280110c01852dd202256bcad5671d96dd7c7424c531b2bd237f0f9f85d5ac22bce24415ab6fcde
data/README.md CHANGED
@@ -1,9 +1,9 @@
1
1
  # Symmetric Encryption
2
- ![](https://img.shields.io/gem/v/symmetric-encryption.svg) ![](https://img.shields.io/travis/rocketjob/symmetric-encryption.svg) ![](https://img.shields.io/gem/dt/symmetric-encryption.svg) ![](https://img.shields.io/badge/status-production%20ready-blue.svg)
2
+ [![Gem Version](https://img.shields.io/gem/v/symmetric-encryption.svg)](https://rubygems.org/gems/symmetric-encryption) [![Build Status](https://github.com/reidmorrison/symmetric-encryption/workflows/build/badge.svg)](https://github.com/reidmorrison/symmetric-encryption/actions?query=workflow%3Abuild) [![Downloads](https://img.shields.io/gem/dt/symmetric-encryption.svg)](https://rubygems.org/gems/symmetric-encryption) [![License](https://img.shields.io/badge/license-Apache%202.0-brightgreen.svg)](http://opensource.org/licenses/Apache-2.0) ![](https://img.shields.io/badge/status-Production%20Ready-blue.svg)
3
3
 
4
- * http://github.com/rocketjob/symmetric-encryption
4
+ * https://encryption.rocketjob.io/
5
5
 
6
- Transparently encrypt ActiveRecord, Mongoid, and MongoMapper attributes. Encrypt passwords in configuration files. Encrypt entire files at rest.
6
+ Transparently encrypt ActiveRecord, and Mongoid attributes. Encrypt passwords in configuration files. Encrypt entire files at rest.
7
7
 
8
8
  ## Introduction
9
9
 
@@ -19,9 +19,7 @@ expose all the encryption algorithms supported by OpenSSL.
19
19
 
20
20
  ## Documentation
21
21
 
22
- [Symmetric Encryption Guide](http://rocketjob.github.io/symmetric-encryption)
23
-
24
- [Reference Documentation](http://www.rubydoc.info/gems/symmetric-encryption/)
22
+ [Symmetric Encryption Guide](https://encryption.rocketjob.io/)
25
23
 
26
24
  ## Rocket Job
27
25
 
@@ -168,7 +166,7 @@ may have backward compatibility issues:
168
166
 
169
167
  [Reid Morrison](https://github.com/reidmorrison)
170
168
 
171
- [Contributors](https://github.com/rocketjob/symmetric-encryption/graphs/contributors)
169
+ [Contributors](https://github.com/reidmorrison/symmetric-encryption/graphs/contributors)
172
170
 
173
171
  ## Versioning
174
172
 
@@ -50,6 +50,8 @@ module SymmetricEncryption
50
50
  # This is the recommended format since newlines in the values to
51
51
  # SQL queries are cumbersome. Also the newline reformatting is unnecessary
52
52
  # It is not the default for backward compatibility
53
+ # :base64urlsafe
54
+ # Same as base64strict except that base64urlsafe uses '-' instead of '+' and '_' instead of '/'.
53
55
  # :base64
54
56
  # Return as a base64 encoded string
55
57
  # :base16
@@ -84,9 +86,9 @@ module SymmetricEncryption
84
86
  @version = version.to_i
85
87
  @always_add_header = always_add_header
86
88
 
87
- if (@version > 255) || @version.negative?
88
- raise(ArgumentError, "Cipher version has a valid range of 0 to 255. #{@version} is too high, or negative")
89
- end
89
+ return unless (@version > 255) || @version.negative?
90
+
91
+ raise(ArgumentError, "Cipher version has a valid range of 0 to 255. #{@version} is too high, or negative")
90
92
  end
91
93
 
92
94
  # Change the encoding
@@ -114,7 +116,7 @@ module SymmetricEncryption
114
116
  # to convert it to a string
115
117
  #
116
118
  # random_iv [true|false]
117
- # Whether the encypted value should use a random IV every time the
119
+ # Whether the encrypted value should use a random IV every time the
118
120
  # field is encrypted.
119
121
  # Notes:
120
122
  # * Setting random_iv to true will result in a different encrypted output for
@@ -74,7 +74,7 @@ module SymmetricEncryption
74
74
  opts.banner = <<~BANNER
75
75
  Symmetric Encryption v#{VERSION}
76
76
 
77
- For more information, see: https://rocketjob.github.io/symmetric-encryption/
77
+ For more information, see: https://encryption.rocketjob.io/
78
78
 
79
79
  Note:
80
80
  It is recommended to backup the current configuration file, or place it in version control before running
@@ -91,7 +91,8 @@ module SymmetricEncryption
91
91
  @decrypt = file_name || STDIN
92
92
  end
93
93
 
94
- opts.on "-o", "--output FILE_NAME", "Write encrypted or decrypted file to this file, otherwise output goes to stdout." do |file_name|
94
+ opts.on "-o", "--output FILE_NAME",
95
+ "Write encrypted or decrypted file to this file, otherwise output goes to stdout." do |file_name|
95
96
  @output_file_name = file_name
96
97
  end
97
98
 
@@ -107,11 +108,13 @@ module SymmetricEncryption
107
108
  @compress = false
108
109
  end
109
110
 
110
- opts.on "-E", "--env ENVIRONMENT", "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
111
+ opts.on "-E", "--env ENVIRONMENT",
112
+ "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
111
113
  @environment = environment
112
114
  end
113
115
 
114
- opts.on "-c", "--config CONFIG_FILE_PATH", "File name & path to the Symmetric Encryption configuration file. Default: config/symmetric-encryption.yml or Env var: `SYMMETRIC_ENCRYPTION_CONFIG`" do |path|
116
+ opts.on "-c", "--config CONFIG_FILE_PATH",
117
+ "File name & path to the Symmetric Encryption configuration file. Default: config/symmetric-encryption.yml or Env var: `SYMMETRIC_ENCRYPTION_CONFIG`" do |path|
115
118
  @config_file_path = path
116
119
  end
117
120
 
@@ -119,11 +122,13 @@ module SymmetricEncryption
119
122
  @migrate = true
120
123
  end
121
124
 
122
- opts.on "-r", "--re-encrypt [PATTERN]", 'ReEncrypt all files matching the pattern. Default: "**/*.{yml,rb}"' do |pattern|
125
+ opts.on "-r", "--re-encrypt [PATTERN]",
126
+ 'ReEncrypt all files matching the pattern. Default: "**/*.{yml,rb}"' do |pattern|
123
127
  @re_encrypt = pattern || "**/*.{yml,rb}"
124
128
  end
125
129
 
126
- opts.on "-n", "--new-password [SIZE]", "Generate a new random password using only characters that are URL-safe base64. Default size is 22." do |size|
130
+ opts.on "-n", "--new-password [SIZE]",
131
+ "Generate a new random password using only characters that are URL-safe base64. Default size is 22." do |size|
127
132
  @random_password = (size || 22).to_i
128
133
  end
129
134
 
@@ -131,39 +136,48 @@ module SymmetricEncryption
131
136
  @generate = config
132
137
  end
133
138
 
134
- opts.on "-s", "--keystore heroku|environment|file|aws|gcp", "Which keystore to use during generation or re-encryption." do |keystore|
139
+ opts.on "-s", "--keystore heroku|environment|file|aws|gcp",
140
+ "Which keystore to use during generation or re-encryption." do |keystore|
135
141
  @keystore = (keystore || "file").downcase.to_sym
136
142
  end
137
143
 
138
- opts.on "-B", "--regions [us-east-1,us-east-2,us-west-1,us-west-2]", "AWS KMS Regions to encrypt data key with." do |regions|
144
+ opts.on "-B", "--regions [us-east-1,us-east-2,us-west-1,us-west-2]",
145
+ "AWS KMS Regions to encrypt data key with." do |regions|
139
146
  @regions = regions.to_s.split(",").collect(&:strip) if regions
140
147
  end
141
148
 
142
- opts.on "-K", "--key-path KEY_PATH", "Output path in which to write generated key files. Default: ~/.symmetric-encryption" do |path|
149
+ opts.on "-K", "--key-path KEY_PATH",
150
+ "Output path in which to write generated key files. Default: ~/.symmetric-encryption" do |path|
143
151
  @key_path = path
144
152
  end
145
153
 
146
- opts.on "-a", "--app-name NAME", "Application name to use when generating a new configuration. Default: symmetric-encryption" do |name|
154
+ opts.on "-a", "--app-name NAME",
155
+ "Application name to use when generating a new configuration. Default: symmetric-encryption" do |name|
147
156
  @app_name = name
148
157
  end
149
158
 
150
- opts.on "-S", "--environments ENVIRONMENTS", "Comma separated list of environments for which to generate the config file. Default: development,test,release,production" do |environments|
159
+ opts.on "-S", "--environments ENVIRONMENTS",
160
+ "Comma separated list of environments for which to generate the config file. Default: development,test,release,production" do |environments|
151
161
  @environments = environments.split(",").collect(&:strip).collect(&:to_sym)
152
162
  end
153
163
 
154
- opts.on "-C", "--cipher-name NAME", "Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc" do |name|
164
+ opts.on "-C", "--cipher-name NAME",
165
+ "Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc" do |name|
155
166
  @cipher_name = name
156
167
  end
157
168
 
158
- opts.on "-R", "--rotate-keys", "Generates a new encryption key version, encryption key files, and updates the configuration file." do
169
+ opts.on "-R", "--rotate-keys",
170
+ "Generates a new encryption key version, encryption key files, and updates the configuration file." do
159
171
  @rotate_keys = true
160
172
  end
161
173
 
162
- opts.on "-U", "--rotate-kek", "Replace the existing key encrypting keys only, the data encryption key is not changed, and updates the configuration file." do
174
+ opts.on "-U", "--rotate-kek",
175
+ "Replace the existing key encrypting keys only, the data encryption key is not changed, and updates the configuration file." do
163
176
  @rotate_kek = true
164
177
  end
165
178
 
166
- opts.on "-D", "--rolling-deploy", "During key rotation, support a rolling deploy by placing the new key second in the list so that it is not activated yet." do
179
+ opts.on "-D", "--rolling-deploy",
180
+ "During key rotation, support a rolling deploy by placing the new key second in the list so that it is not activated yet." do
167
181
  @rolling_deploy = true
168
182
  end
169
183
 
@@ -171,11 +185,13 @@ module SymmetricEncryption
171
185
  @activate_key = true
172
186
  end
173
187
 
174
- opts.on "-X", "--cleanup-keys", "Removes all encryption keys, except the one with the highest version from the configuration file." do
188
+ opts.on "-X", "--cleanup-keys",
189
+ "Removes all encryption keys, except the one with the highest version from the configuration file." do
175
190
  @cleanup_keys = true
176
191
  end
177
192
 
178
- opts.on "-V", "--key-version NUMBER", "Encryption key version to use when encrypting or re-encrypting. Default: (Current global version)." do |number|
193
+ opts.on "-V", "--key-version NUMBER",
194
+ "Encryption key version to use when encrypting or re-encrypting. Default: (Current global version)." do |number|
179
195
  @version = number.to_i
180
196
  end
181
197
 
@@ -237,7 +253,8 @@ module SymmetricEncryption
237
253
  end
238
254
 
239
255
  config = Config.read_file(config_file_path)
240
- SymmetricEncryption::Keystore.rotate_keys!(config, environments: environments || [], app_name: app_name, rolling_deploy: rolling_deploy, keystore: keystore)
256
+ SymmetricEncryption::Keystore.rotate_keys!(config, environments: environments || [], app_name: app_name,
257
+ rolling_deploy: rolling_deploy, keystore: keystore)
241
258
  Config.write_file(config_file_path, config)
242
259
  puts "Existing configuration file updated with new keys: #{config_file_path}"
243
260
  end
@@ -280,7 +297,8 @@ module SymmetricEncryption
280
297
  end
281
298
 
282
299
  def encrypt_file(input_file_name)
283
- SymmetricEncryption::Writer.encrypt(source: input_file_name, target: output_file_name || STDOUT, compress: compress, version: version)
300
+ SymmetricEncryption::Writer.encrypt(source: input_file_name, target: output_file_name || STDOUT, compress: compress,
301
+ version: version)
284
302
  end
285
303
 
286
304
  def decrypt_file(input_file_name)
@@ -27,7 +27,7 @@ module SymmetricEncryption
27
27
 
28
28
  # Reads the entire configuration for all environments from the supplied file name.
29
29
  def self.read_file(file_name)
30
- config = YAML.load(ERB.new(File.new(file_name).read).result)
30
+ config = load_yaml(ERB.new(File.new(file_name).read).result)
31
31
  config = deep_symbolize_keys(config)
32
32
  config.each_pair { |_env, cfg| SymmetricEncryption::Config.send(:migrate_old_formats!, cfg) }
33
33
  config
@@ -75,7 +75,7 @@ module SymmetricEncryption
75
75
  begin
76
76
  raise(ConfigError, "Cannot find config file: #{file_name}") unless File.exist?(file_name)
77
77
 
78
- env_config = YAML.load(ERB.new(File.new(file_name).read).result)[env]
78
+ env_config = self.class.load_yaml(ERB.new(File.new(file_name).read).result)[env]
79
79
  raise(ConfigError, "Cannot find environment: #{env} in config file: #{file_name}") unless env_config
80
80
 
81
81
  env_config = self.class.send(:deep_symbolize_keys, env_config)
@@ -83,7 +83,7 @@ module SymmetricEncryption
83
83
  end
84
84
  end
85
85
 
86
- # Returns [Array(SymmetricEncrytion::Cipher)] ciphers specified in the configuration file.
86
+ # Returns [Array(SymmetricEncryption::Cipher)] ciphers specified in the configuration file.
87
87
  def ciphers
88
88
  @ciphers ||= config[:ciphers].collect { |cipher_config| Cipher.from_config(**cipher_config) }
89
89
  end
@@ -163,5 +163,11 @@ module SymmetricEncryption
163
163
  end
164
164
 
165
165
  private_class_method :migrate_old_formats!
166
+
167
+ def self.load_yaml(src)
168
+ return YAML.safe_load(src, permitted_classes: [Symbol], aliases: true) if Psych::VERSION.to_i >= 4
169
+
170
+ YAML.load(src)
171
+ end
166
172
  end
167
173
  end
@@ -25,6 +25,7 @@ module SymmetricEncryption
25
25
  module ActiveRecord
26
26
  autoload :EncryptedAttribute, "symmetric_encryption/active_record/encrypted_attribute"
27
27
  end
28
+
28
29
  module Utils
29
30
  autoload :Aws, "symmetric_encryption/utils/aws"
30
31
  autoload :Files, "symmetric_encryption/utils/files"
@@ -6,6 +6,8 @@ module SymmetricEncryption
6
6
  Base64.new
7
7
  when :base64strict
8
8
  Base64Strict.new
9
+ when :base64urlsafe
10
+ Base64UrlSafe.new
9
11
  when :base16
10
12
  Base16.new
11
13
  when :none
@@ -65,6 +67,22 @@ module SymmetricEncryption
65
67
  end
66
68
  end
67
69
 
70
+ class Base64UrlSafe
71
+ def encode(binary_string)
72
+ return binary_string if binary_string.nil? || (binary_string == "")
73
+
74
+ encoded_string = ::Base64.urlsafe_encode64(binary_string)
75
+ encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
76
+ end
77
+
78
+ def decode(encoded_string)
79
+ return encoded_string if encoded_string.nil? || (encoded_string == "")
80
+
81
+ decoded_string = ::Base64.urlsafe_decode64(encoded_string)
82
+ decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
83
+ end
84
+ end
85
+
68
86
  class Base16
69
87
  def encode(binary_string)
70
88
  return binary_string if binary_string.nil? || (binary_string == "")
@@ -167,29 +167,29 @@ module SymmetricEncryption
167
167
 
168
168
  self.compress = (flags & FLAG_COMPRESSED) != 0
169
169
 
170
- if (flags & FLAG_IV) != 0
171
- self.iv, offset = read_string(buffer, offset)
172
- else
170
+ if (flags & FLAG_IV).zero?
173
171
  self.iv = nil
172
+ else
173
+ self.iv, offset = read_string(buffer, offset)
174
174
  end
175
175
 
176
- if (flags & FLAG_KEY) != 0
176
+ if (flags & FLAG_KEY).zero?
177
+ self.key = nil
178
+ else
177
179
  encrypted_key, offset = read_string(buffer, offset)
178
180
  self.key = cipher.binary_decrypt(encrypted_key)
179
- else
180
- self.key = nil
181
181
  end
182
182
 
183
- if (flags & FLAG_CIPHER_NAME) != 0
184
- self.cipher_name, offset = read_string(buffer, offset)
185
- else
183
+ if (flags & FLAG_CIPHER_NAME).zero?
186
184
  self.cipher_name = nil
185
+ else
186
+ self.cipher_name, offset = read_string(buffer, offset)
187
187
  end
188
188
 
189
- if (flags & FLAG_AUTH_TAG) != 0
190
- self.auth_tag, offset = read_string(buffer, offset)
191
- else
189
+ if (flags & FLAG_AUTH_TAG).zero?
192
190
  self.auth_tag = nil
191
+ else
192
+ self.auth_tag, offset = read_string(buffer, offset)
193
193
  end
194
194
 
195
195
  offset
@@ -70,13 +70,9 @@ module SymmetricEncryption
70
70
  # ],
71
71
  # iv: 'T80pYzD0E6e/bJCdjZ6TiQ=='
72
72
  # }
73
- def self.generate_data_key(version: 0,
73
+ def self.generate_data_key(cipher_name:, app_name:, environment:, key_path:, version: 0,
74
74
  regions: Utils::Aws::AWS_US_REGIONS,
75
75
  dek: nil,
76
- cipher_name:,
77
- app_name:,
78
- environment:,
79
- key_path:,
80
76
  **_args)
81
77
 
82
78
  # TODO: Also support generating environment variables instead of files.
@@ -116,12 +112,13 @@ module SymmetricEncryption
116
112
 
117
113
  # Stores the Encryption key in a file.
118
114
  # Secures the Encryption key by encrypting it with a key encryption key.
119
- def initialize(region: nil, key_files:, master_key_alias:, key_encrypting_key: nil)
115
+ def initialize(key_files:, master_key_alias:, region: nil, key_encrypting_key: nil)
120
116
  @key_files = key_files
121
117
  @master_key_alias = master_key_alias
122
118
  @region = region || ENV["AWS_REGION"] || ENV["AWS_DEFAULT_REGION"] || ::Aws.config[:region]
123
119
  if key_encrypting_key
124
- raise(SymmetricEncryption::ConfigError, "AWS KMS keystore encrypts the key itself, so does not support supplying a key_encrypting_key")
120
+ raise(SymmetricEncryption::ConfigError,
121
+ "AWS KMS keystore encrypts the key itself, so does not support supplying a key_encrypting_key")
125
122
  end
126
123
  end
127
124
 
@@ -5,7 +5,7 @@ module SymmetricEncryption
5
5
  class Gcp
6
6
  include Utils::Files
7
7
 
8
- def self.generate_data_key(version: 0, cipher_name:, app_name:, environment:, key_path:)
8
+ def self.generate_data_key(cipher_name:, app_name:, environment:, key_path:, version: 0)
9
9
  version >= 255 ? (version = 1) : (version += 1)
10
10
 
11
11
  dek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
@@ -46,7 +46,8 @@ module SymmetricEncryption
46
46
  end
47
47
 
48
48
  def crypto_key
49
- @crypto_key ||= self.class::KMS::KeyManagementServiceClient.crypto_key_path(project_id, location_id, app_name, environment.to_s)
49
+ @crypto_key ||= self.class::KMS::KeyManagementServiceClient.crypto_key_path(project_id, location_id, app_name,
50
+ environment.to_s)
50
51
  end
51
52
 
52
53
  private
@@ -35,7 +35,7 @@ module SymmetricEncryption
35
35
 
36
36
  # Stores the Encryption key in a string.
37
37
  # Secures the Encryption key by encrypting it with a key encryption key.
38
- def initialize(encrypted_key: nil, key_encrypting_key:)
38
+ def initialize(key_encrypting_key:, encrypted_key: nil)
39
39
  @encrypted_key = encrypted_key
40
40
  @key_encrypting_key = key_encrypting_key
41
41
  end
@@ -56,7 +56,7 @@ module SymmetricEncryption
56
56
  # Notes:
57
57
  # * iv_filename is no longer supported and is removed when creating a new random cipher.
58
58
  # * `iv` does not need to be encrypted and is included in the clear.
59
- def self.rotate_keys!(full_config, environments: [], app_name:, rolling_deploy: false, keystore: nil)
59
+ def self.rotate_keys!(full_config, app_name:, environments: [], rolling_deploy: false, keystore: nil)
60
60
  full_config.each_pair do |environment, cfg|
61
61
  # Only rotate keys for specified environments. Default, all
62
62
  next if !environments.empty? && !environments.include?(environment.to_sym)
@@ -95,7 +95,7 @@ module SymmetricEncryption
95
95
  # Rotates just the key encrypting keys for the current cipher version.
96
96
  # The existing data encryption key is not changed, it is secured using the
97
97
  # new key encrypting keys.
98
- def self.rotate_key_encrypting_keys!(full_config, environments: [], app_name:)
98
+ def self.rotate_key_encrypting_keys!(full_config, app_name:, environments: [])
99
99
  full_config.each_pair do |environment, cfg|
100
100
  # Only rotate keys for specified environments. Default, all
101
101
  next if !environments.empty? && !environments.include?(environment.to_sym)
@@ -156,7 +156,7 @@ module SymmetricEncryption
156
156
  # Returns [Key] by recursively navigating the config tree.
157
157
  #
158
158
  # Supports N level deep key encrypting keys.
159
- def self.read_key(key: nil, iv:, key_encrypting_key: nil, cipher_name: "aes-256-cbc", keystore: nil, version: 0, **args)
159
+ def self.read_key(iv:, key: nil, key_encrypting_key: nil, cipher_name: "aes-256-cbc", keystore: nil, version: 0, **args)
160
160
  if key_encrypting_key.is_a?(Hash)
161
161
  # Recurse up the chain returning the parent key_encrypting_key
162
162
  key_encrypting_key = read_key(cipher_name: cipher_name, **key_encrypting_key)
@@ -100,7 +100,8 @@ Mongoid::Fields.option :encrypted do |model, field, options|
100
100
  end
101
101
 
102
102
  if decrypted_field_name.nil?
103
- raise(ArgumentError, "SymmetricEncryption for Mongoid. Encryption enabled for field #{encrypted_field_name}. It must either start with 'encrypted_' or the option :decrypt_as must be supplied")
103
+ raise(ArgumentError,
104
+ "SymmetricEncryption for Mongoid. Encryption enabled for field #{encrypted_field_name}. It must either start with 'encrypted_' or the option :decrypt_as must be supplied")
104
105
  end
105
106
 
106
107
  SymmetricEncryption::Generator.generate_decrypted_accessors(model, decrypted_field_name, encrypted_field_name, options)
@@ -70,11 +70,11 @@ module SymmetricEncryption
70
70
  if line.valid_encoding? && (result = line.match(r))
71
71
  encrypted = result[0]
72
72
  new_value = re_encrypt(encrypted)
73
- if new_value != encrypted
73
+ if new_value == encrypted
74
+ line
75
+ else
74
76
  hits += 1
75
77
  line.gsub(encrypted, new_value)
76
- else
77
- line
78
78
  end
79
79
  else
80
80
  line
@@ -1,3 +1,3 @@
1
1
  module SymmetricEncryption
2
- VERSION = "4.3.2".freeze
2
+ VERSION = "4.5.0".freeze
3
3
  end
@@ -51,8 +51,8 @@ module SymmetricEncryption
51
51
  if file_name_or_stream.is_a?(String)
52
52
  file_name_or_stream = ::File.open(file_name_or_stream, "wb")
53
53
  compress = !(/\.(zip|gz|gzip|xls.|)\z/i === file_name_or_stream) if compress.nil?
54
- else
55
- compress = true if compress.nil?
54
+ elsif compress.nil?
55
+ compress = true
56
56
  end
57
57
 
58
58
  begin
@@ -105,7 +105,8 @@ module SymmetricEncryption
105
105
  # Cipher to encrypt the random_key, or the entire file
106
106
  cipher = SymmetricEncryption.cipher(version)
107
107
  unless cipher
108
- raise(SymmetricEncryption::CipherError, "Cipher with version:#{version} not found in any of the configured SymmetricEncryption ciphers")
108
+ raise(SymmetricEncryption::CipherError,
109
+ "Cipher with version:#{version} not found in any of the configured SymmetricEncryption ciphers")
109
110
  end
110
111
 
111
112
  # Force header if compressed or using random iv, key
@@ -17,7 +17,10 @@ begin
17
17
  ActiveRecord::Type.register(:encrypted, SymmetricEncryption::ActiveRecord::EncryptedAttribute)
18
18
  end
19
19
 
20
- ActiveRecord::Base.include(SymmetricEncryption::ActiveRecord::AttrEncrypted)
20
+ # Remove old way of defining attributes with Rails 7 since it conflicts with the method names.
21
+ if ActiveRecord.version <= Gem::Version.new("7.0.0")
22
+ ActiveRecord::Base.include(SymmetricEncryption::ActiveRecord::AttrEncrypted)
23
+ end
21
24
  end
22
25
 
23
26
  ActiveSupport.on_load(:mongoid) do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: symmetric-encryption
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.3.2
4
+ version: 4.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Reid Morrison
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-04 00:00:00.000000000 Z
11
+ date: 2022-04-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: coercible
@@ -24,9 +24,8 @@ dependencies:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: '1.0'
27
- description:
27
+ description:
28
28
  email:
29
- - reidmo@gmail.com
30
29
  executables:
31
30
  - symmetric-encryption
32
31
  extensions: []
@@ -68,11 +67,11 @@ files:
68
67
  - lib/symmetric_encryption/utils/re_encrypt_files.rb
69
68
  - lib/symmetric_encryption/version.rb
70
69
  - lib/symmetric_encryption/writer.rb
71
- homepage: http://rocketjob.github.io/symmetric-encryption/
70
+ homepage: https://encryption.rocketjob.io
72
71
  licenses:
73
72
  - Apache-2.0
74
73
  metadata: {}
75
- post_install_message:
74
+ post_install_message:
76
75
  rdoc_options: []
77
76
  require_paths:
78
77
  - lib
@@ -87,8 +86,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
87
86
  - !ruby/object:Gem::Version
88
87
  version: '0'
89
88
  requirements: []
90
- rubygems_version: 3.1.2
91
- signing_key:
89
+ rubygems_version: 3.3.7
90
+ signing_key:
92
91
  specification_version: 4
93
92
  summary: Encrypt ActiveRecord and Mongoid attributes, files and passwords in configuration
94
93
  files.