symmetric-encryption 0.0.1

data/LICENSE.txt

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2012 Clarity Services, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/README.md

@@ -0,0 +1,57 @@
+symmetric-encryption
+====================
+
+* http://github.com/ClarityServices/symmetric-encryption
+
+### Introduction
+
+Any project that wants to meet PCI compliance has to ensure that the data is encrypted
+whilst in flight and at rest. Amongst many other other requirements all passwords
+in configuration files have to be encrypted
+
+This Gem helps achieve compliance by supporting encryption of data in a simple
+and consistent way
+
+### Features
+
+* Encryption of passwords in configuration files
+* attr_encrypted replacement
+* Externalization of symmetric encryption keys so that they are not in the
+  source code
+
+### Install
+
+  gem install symmetric-encryption
+
+Meta
+----
+
+* Code: `git clone git://github.com/ClarityServices/symmetric-encryption.git`
+* Home: <https://github.com/ClarityServices/symmetric-encryption>
+* Docs: TODO <http://ClarityServices.github.com/symmetric-encryption/>
+* Bugs: <http://github.com/reidmorrison/symmetric-encryption/issues>
+* Gems: <http://rubygems.org/gems/symmetric-encryption>
+
+This project uses [Semantic Versioning](http://semver.org/).
+
+Authors
+-------
+
+Reid Morrison :: reidmo@gmail.com :: @reidmorrison
+
+License
+-------
+
+Copyright 2012 Clarity Services, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/Rakefile

@@ -0,0 +1,31 @@
+require 'rake/clean'
+require 'rake/testtask'
+require 'date'
+
+desc "Build gem"
+task :gem  do |t|
+  gemspec = Gem::Specification.new do |s|
+    s.name        = 'symmetric-encryption'
+    s.version     = '0.0.1'
+    s.platform    = Gem::Platform::RUBY
+    s.authors     = ['Reid Morrison']
+    s.email       = ['reidmo@gmail.com']
+    s.homepage    = 'https://github.com/ClarityServices/symmetric-encryption'
+    s.date        = Date.today.to_s
+    s.summary     = "Symmetric Encryption for Ruby, and Ruby on Rails"
+    s.description = "Symmetric Encryption is a library to seamlessly enable symmetric encryption in a project, written in Ruby."
+    s.files       = FileList["./**/*"].exclude('*.gem', './nbproject/*').map{|f| f.sub(/^\.\//, '')}
+    s.has_rdoc    = true
+  end
+  Gem::Builder.new(gemspec).build
+end
+
+desc "Run Test Suite"
+task :test do
+  Rake::TestTask.new(:functional) do |t|
+    t.test_files = FileList['test/*_test.rb']
+    t.verbose    = true
+  end
+
+  Rake::Task['functional'].invoke
+end

data/lib/symmetric-encryption.rb

@@ -0,0 +1,5 @@
+require 'symmetric/encryption'
+if defined?(Rails)
+  require 'symmetric/railtie'
+  require "symmetric/extensions/active_record/base"
+end

data/lib/symmetric/encryption.rb

@@ -0,0 +1,221 @@
+require 'base64'
+require 'openssl'
+require 'zlib'
+
+module Symmetric
+
+  # Encrypt using 256 Bit AES CBC symmetric key and initialization vector
+  # The symmetric key is protected using the private key below and must
+  # be distributed separately from the application
+  class Encryption
+
+    # Binary encrypted data includes this magic header so that we can quickly
+    # identify binary data versus base64 encoded data that does not have this header
+    unless defined? MAGIC_HEADER
+      MAGIC_HEADER = '@EnC'
+      MAGIC_HEADER_SIZE = MAGIC_HEADER.size
+    end
+
+    # Set the Symmetric Cipher to be used
+    def self.cipher=(cipher)
+      @@cipher = cipher
+    end
+
+    # Returns the Symmetric Cipher being used
+    def self.cipher
+      @@cipher
+    end
+
+    # Set the Symmetric Key to use for encryption and decryption
+    def self.key=(key)
+      @@key = key
+    end
+
+    # Set the Initialization Vector to use with Symmetric Key
+    def self.iv=(iv)
+      @@iv = iv
+    end
+
+    # Defaults
+    @@key = nil
+    @@iv = nil
+
+    # Load the Encryption Configuration from a YAML file
+    #  filename: Name of file to read.
+    #        Mandatory for non-Rails apps
+    #        Default: Rails.root/config/symmetry.yml
+    def self.load!(filename=nil, environment=nil)
+      config = YAML.load_file(filename || File.join(Rails.root, "config", "symmetric-encryption.yml"))[environment || Rails.env]
+      self.cipher = config['cipher'] || 'aes-256-cbc'
+      symmetric_key = config['symmetric_key']
+      symmetric_iv = config['symmetric_iv']
+
+      # Hard coded symmetric_key?
+      if symmetric_key
+        self.key = symmetric_key
+        self.iv = symmetric_iv
+      else
+        load_keys(config['key_filename'], config['iv_filename'], config['private_key'])
+      end
+
+    end
+
+    # Load the symmetric key to use for encrypting and decrypting data
+    # Call from environment.rb before calling encrypt or decrypt
+    #
+    # private_key: Key used to unlock file containing the actual symmetric key
+    def self.load_keys(key_filename, iv_filename, private_key)
+      # Load Encrypted Symmetric keys
+      encrypted_key = File.read(key_filename)
+      encrypted_iv = File.read(iv_filename)
+
+      # Decrypt Symmetric Key
+      rsa = OpenSSL::PKey::RSA.new(private_key)
+      @@key = rsa.private_decrypt(encrypted_key)
+      @@iv = rsa.private_decrypt(encrypted_iv)
+      nil
+    end
+
+    # Generate new random keys for use with this Encryption library
+    #
+    # Creates:
+    #   2048 bit Private Key private.key
+    #   2048 bit Public Key public.key
+    #
+    #   Symmetric Key .key
+    #   and initilization vector .iv
+    #       which is encrypted with the above Public key
+    #
+    # Note: Existing files will be overwritten
+    def self.generate_key_files(symmetric_keys_path='.', rsa_keys_path='.', cipher='aes-256-cbc')
+      # Generate Asymmetric key pair
+      new_key = OpenSSL::PKey::RSA.generate(2048)
+      # To ensure compatibility with C openssl code, remove RSA from pub file headers
+      pub_key = new_key.public_key.export.gsub('RSA PUBLIC','PUBLIC')
+      File.open(File.join(rsa_keys_path, 'public.key'), 'w') {|file| file.write(pub_key)}
+      File.open(File.join(rsa_keys_path, 'private.key'), 'w') {|file| file.write(new_key.to_pem)}
+
+      # Generate Symmetric Key
+      cipher = OpenSSL::Cipher::Cipher.new(cipher)
+      cipher.encrypt
+      @@key = cipher.random_key
+      @@iv = cipher.random_iv
+
+      # Save symmetric key after encrypting it with the private asymmetric key
+      File.open(File.join(symmetric_keys_path, '.key'), 'wb') {|file| file.write( OpenSSL::PKey::RSA.new(new_key.public_key).public_encrypt(@@key) ) }
+      File.open(File.join(symmetric_keys_path, '.iv'), 'wb') {|file| file.write( OpenSSL::PKey::RSA.new(new_key.public_key).public_encrypt(@@iv) ) }
+      Rails.logger.info("Generated new Private, Public and Symmetric Key for encryption. Please copy #{filename} to the other servers.")
+    end
+
+    # Generate a 22 character random password
+    def self.random_password
+      Base64.encode64(OpenSSL::Cipher::Cipher.new('aes-128-cbc').random_key)[0..-4]
+    end
+
+    # AES Symmetric Decryption of supplied string
+    #  Returns decrypted string
+    #  Returns nil if the supplied str is nil
+    #  Returns "" if it is a string and it is empty
+    def self.decrypt(str)
+      return str if str.nil? || (str.is_a?(String) && str.empty?)
+      self.crypt(:decrypt, Base64.decode64(str))
+    end
+
+    # AES Symmetric Encryption of supplied string
+    #  Returns result as a Base64 encoded string
+    #  Returns nil if the supplied str is nil
+    #  Returns "" if it is a string and it is empty
+    def self.encrypt(str)
+      return str if str.nil? || (str.is_a?(String) && str.empty?)
+      Base64.encode64(self.crypt(:encrypt, str))
+    end
+
+    # Invokes decrypt
+    #  Returns decrypted String
+    #  Return nil if it fails to decrypt a String
+    #
+    # Useful for example when decoding passwords encrypted using a key from a
+    # different environment. I.e. We cannot decode production passwords
+    # in the test or development environments but still need to be able to load
+    # YAML config files that contain encrypted development and production passwords
+    def self.try_decrypt(str)
+      self.decrypt(str) rescue nil
+    end
+
+    # AES Symmetric Encryption of supplied string
+    #  Returns result as a binary encrypted string
+    #  Returns nil if the supplied str is nil or empty
+    # Parameters
+    #  compress => Whether to compress the supplied string using zip before
+    #              encrypting
+    #              true | false
+    #              Default false
+    def self.encrypt_binary(str, compress=false)
+      return nil if str.nil? || (str.is_a?(String) && str.empty?)
+      # Bit Layout
+      # 15    => Compressed?
+      # 0..14 => Version number of encryption key/algorithm currently 0
+      flags = 0 # Same as 0b0000_0000_0000_0000
+      # If the data is to be compressed before being encrypted, set the flag and
+      # compress using zlib. Only compress if data is greater than 15 chars
+      str = str.to_s unless str.is_a?(String)
+      if compress && str.length > 15
+        flags |= 0b1000_0000_0000_0000
+        begin
+          ostream = StringIO.new
+          gz = Zlib::GzipWriter.new(ostream)
+          gz.write(str)
+          str = ostream.string
+        ensure
+          gz.close
+        end
+      end
+      return nil unless encrypted = self.crypt(:encrypt, str)
+      # Resulting buffer consists of:
+      #   '@EnC'
+      #   unsigned short (32 bits) in little endian format for flags above
+      #   'actual encrypted buffer data'
+      "#{MAGIC_HEADER}#{[flags].pack('v')}#{encrypted}"
+    end
+
+    # AES Symmetric Decryption of supplied Binary string
+    #  Returns decrypted string
+    #  Returns nil if the supplied str is nil
+    #  Returns "" if it is a string and it is empty
+    def self.decrypt_binary(str)
+      return str if str.nil? || (str.is_a?(String) && str.empty?)
+      str = str.to_s unless str.is_a?(String)
+      encrypted = if str.starts_with? MAGIC_HEADER
+        # Remove header and extract flags
+        header, flags = str.unpack(@@unpack ||= "A#{MAGIC_HEADER_SIZE}v")
+        # Uncompress if data is compressed and remove header
+        if flags & 0b1000_0000_0000_0000
+          begin
+            gz = Zlib::GzipReader.new(StringIO.new(str[MAGIC_HEADER_SIZE,-1]))
+            gz.read
+          ensure
+            gz.close
+          end
+        else
+          str[MAGIC_HEADER_SIZE,-1]
+        end
+      else
+        Base64.decode64(str)
+      end
+      self.crypt(:decrypt, encrypted)
+    end
+
+    protected
+
+    def self.crypt(cipher_method, string) #:nodoc:
+      openssl_cipher = OpenSSL::Cipher::Cipher.new(self.cipher)
+      openssl_cipher.send(cipher_method)
+      raise "Encryption.key must be set before calling Encryption encrypt or decrypt" unless @@key
+      openssl_cipher.key = @@key
+      openssl_cipher.iv = @@iv if @@iv
+      result = openssl_cipher.update(string.to_s)
+      result << openssl_cipher.final
+    end
+
+  end
+end

data/lib/symmetric/extensions/active_record/base.rb

@@ -0,0 +1,144 @@
+module ActiveRecord #:nodoc:
+  class Base
+
+    class << self # Class methods
+      # Much lighter weight encryption for Rails attributes matching the
+      # attr_encrypted interface using Symmetry::Encryption
+      #
+      # The regular attr_encrypted gem uses Encryptor that adds encryption to
+      # every Ruby object which is a complete overkill for this simple use-case
+      #
+      # Params:
+      # * symbolic names of each method to create which has a corresponding
+      #   method already defined in rails starting with: encrypted_
+      # * Followed by an option hash:
+      #      :marshal => Whether this element should be converted to YAML before encryption
+      #                  true or false
+      #                  Default: false
+      #
+      def attr_encrypted(*params)
+        # Ensure ActiveRecord has created all its methods first
+        # Ignore failures since the table may not yet actually exist
+        define_attribute_methods rescue nil
+
+        options = params.last.is_a?(Hash) ? params.pop : {}
+
+        params.each do |attribute|
+          # Generate unencrypted attribute with getter and setter
+          class_eval <<-UNENCRYPTED_GETTER
+            def #{attribute}
+              @#{attribute} = ::Symmetric::Encryption.decrypt(self.encrypted_#{attribute}) if @#{attribute}.nil? && !self.encrypted_#{attribute}.nil?
+              @#{attribute}
+            end
+          UNENCRYPTED_GETTER
+
+          # Encrypt value immediately when unencrypted value is set
+          # Unencrypted value is also kept for performance reasons
+          class_eval <<-UNENCRYPTED_SETTER
+            def #{attribute}=(value)
+              self.encrypted_#{attribute} = ::Symmetric::Encryption.encrypt(value#{".to_yaml" if options[:marshal]})
+              @#{attribute} = value
+            end
+          UNENCRYPTED_SETTER
+
+          encrypted_attributes[attribute.to_sym] = "encrypted_#{attribute}".to_sym
+        end
+      end
+
+      # Contains a hash of encrypted attributes with virtual attribute names as keys and real attribute
+      # names as values
+      #
+      # Example
+      #
+      #   class User < ActiveRecord::Base
+      #     attr_encrypted :email
+      #   end
+      #
+      #   User.encrypted_attributes # { :email => :encrypted_email }
+      def encrypted_attributes
+        @encrypted_attributes ||= superclass.respond_to?(:encrypted_attributes) ? superclass.encrypted_attributes.dup : {}
+      end
+
+      # Return the name of all encrypted virtual attributes as an Array of symbols
+      # Example: [:email, :password]
+      def encrypted_keys
+        @encrypted_keys ||= encrypted_attributes.keys
+      end
+
+      # Return the name of all encrypted columns as an Array of symbols
+      # Example: [:encrypted_email, :encrypted_password]
+      def encrypted_columns
+        @encrypted_columns ||= encrypted_attributes.values
+      end
+
+      # Returns whether an attribute has been configured to be encrypted
+      #
+      # Example
+      #
+      #   class User < ActiveRecord::Base
+      #     attr_accessor :name
+      #     attr_encrypted :email
+      #   end
+      #
+      #   User.encrypted_attribute?(:name) # false
+      #   User.encrypted_attribute?(:email) # true
+      def encrypted_attribute?(attribute)
+        encrypted_keys.include?(attribute)
+      end
+
+      # Returns whether the attribute is the database column to hold the
+      # encrypted data for a matching encrypted attribute
+      #
+      # Example
+      #
+      #   class User < ActiveRecord::Base
+      #     attr_accessor :name
+      #     attr_encrypted :email
+      #   end
+      #
+      #   User.encrypted_column?(:encrypted_name) # false
+      #   User.encrypted_column?(:encrypted_email) # true
+      def encrypted_column?(attribute)
+        encrypted_columns.include?(attribute)
+      end
+
+      protected
+
+      # Allows you to use dynamic methods like <tt>find_by_email</tt> or <tt>scoped_by_email</tt> for
+      # encrypted attributes
+      #
+      # This is useful for encrypting fields like email addresses. Your user's email addresses
+      # are encrypted in the database, but you can still look up a user by email for logging in
+      #
+      # Example
+      #
+      #   class User < ActiveRecord::Base
+      #     attr_encrypted :email
+      #   end
+      #
+      #   User.find_by_email_and_password('test@example.com', 'testing')
+      #   # results in a call to
+      #   User.find_by_encrypted_email_and_password('the_encrypted_version_of_test@example.com', 'testing')
+      def method_missing_with_attr_encrypted(method, *args, &block)
+        if match = /^(find|scoped)_(all_by|by)_([_a-zA-Z]\w*)$/.match(method.to_s)
+          attribute_names = match.captures.last.split('_and_')
+          attribute_names.each_with_index do |attribute, index|
+            encrypted_name = "encrypted_#{attribute}"
+            if instance_methods.include? encrypted_name #.to_sym in 1.9
+              args[index] = ::Symmetric::Encryption.encrypt(args[index])
+              attribute_names[index] = encrypted_name
+            end
+          end
+          method = "#{match.captures[0]}_#{match.captures[1]}_#{attribute_names.join('_and_')}".to_sym
+        end
+        method_missing_without_attr_encrypted(method, *args, &block)
+      end
+
+      alias_method_chain :method_missing, :attr_encrypted
+      #Equivalent to:
+      #  alias_method :method_missing_without_attr_encrypted, :attr_encrypted # new, old
+      #  alias_method :attr_encrypted, :method_missing_with_attr_encrypted
+
+    end
+  end
+end

data/lib/symmetric/railtie.rb

@@ -0,0 +1,42 @@
+# encoding: utf-8
+module Symmetric #:nodoc:
+  class Railtie < Rails::Railtie #:nodoc:
+
+    # Exposes Symmetric Encryption's configuration to the Rails application configuration.
+    #
+    # @example Set up configuration in the Rails app.
+    #   module MyApplication
+    #     class Application < Rails::Application
+    #       config.symmetric_encryption.cipher = 'aes-256-cbc'
+    #     end
+    #   end
+    #config.symmetric_encryption = ::Symmetric::Config
+
+    rake_tasks do
+      load "symmetric/railties/symmetric-encryption.rake"
+    end
+
+    # Initialize Symmetry. This will look for a symmetry.yml in the config
+    # directory and configure Symmetry appropriately.
+    #
+    # @example symmetry.yml
+    #
+    #   development:
+    #     cipher: aes-256-cbc
+    #     symmetric_key: 1234567890ABCDEF1234567890ABCDEF
+    #     symmetric_iv: 1234567890ABCDEF
+    #
+    initializer "load symmetry encryption keys" do
+      config.before_initialize do
+        config_file = Rails.root.join("config", "symmetric-encryption.yml")
+        if config_file.file?
+          ::Symmetric::Encryption.load!(config_file, Rails.env)
+        else
+          puts "\nSymmetric Encryption config not found. Create a config file at: config/symmetric-encryption.yml"
+          #            puts "to generate one run: rails generate symmetric-encryption:config\n\n"
+        end
+      end
+    end
+
+  end
+end

data/lib/symmetric/railties/symmetric-encryption.rake

@@ -0,0 +1,33 @@
+namespace 'symmetric-encryption' do
+
+  desc 'Decrypt the supplied string. Example: VALUE="Hello World" rake symmetric-encryption:decrypt'
+  task :decrypt do
+    puts "\nEncrypted: #{ENV['VALUE']}"
+    puts "Decrypted: #{Symmetric::Encryption.decrypt(ENV['VALUE'])}\n\n"
+  end
+
+  desc 'Encrypt a value, such as a password. Example: rake symmetric-encryption:encrypt'
+  task :encrypt do
+    require 'highline'
+    password1 = nil
+    password2 = 0
+
+    while password1 != password2
+      password1 = HighLine.new.ask("Enter the value to encrypt:") { |q| q.echo = "*" }
+      password2 = HighLine.new.ask("Re-enter the value to encrypt:") { |q| q.echo = "*" }
+
+      if (password1 != password2)
+        puts "Passwords do not match, please try again"
+      end
+    end
+    puts "\nEncrypted: #{Symmetric::Encryption.encrypt(password1)}\n\n"
+  end
+
+  desc 'Generate a random password and display its encrypted form'
+  task :random_password do
+    p = Symmetric::Encryption.random_password
+    puts "\nGenerated Password: #{p}"
+    puts "Encrypted: #{Symmetric::Encryption.encrypt(p)}\n\n"
+  end
+
+end

data/nbproject/private/private.properties

@@ -0,0 +1,3 @@
+file.reference.symmetry-lib=/Users/rmorrison/Sandbox/symmetry/lib
+file.reference.symmetry-test=/Users/rmorrison/Sandbox/symmetry/test
+platform.active=JRuby

data/nbproject/private/private.xml

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project-private xmlns="http://www.netbeans.org/ns/project-private/1">
+    <editor-bookmarks xmlns="http://www.netbeans.org/ns/editor-bookmarks/1"/>
+</project-private>

data/nbproject/private/rake-d.txt

@@ -0,0 +1,4 @@
+clean=
+clobber=
+gem=
+test=

data/test/encryption_test.rb

@@ -0,0 +1,102 @@
+# Allow examples to be run in-place without requiring a gem install
+$LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
+
+require 'rubygems'
+require 'test/unit'
+require 'shoulda'
+require 'symmetric-encryption'
+require 'yaml'
+
+# #TODO Need to supply the model and migrations for this test
+class User
+  attr_encrypted :bank_account_number
+  attr_encrypted :social_security_number
+end
+
+# Unit Test for Symmetric::Encryption
+#
+class EncryptionTest <  ActiveSupport::TestCase
+  context 'the Symmetric::Encryption Library' do
+
+    setup do
+      @bank_account_number = "1234567890"
+      @bank_account_number_encrypted = "V8Dg6zeeIpDg4+qrn2mjlA==\n"
+
+      @social_security_number = "987654321"
+      @social_security_number_encrypted = "Qd0qzN6oVuATJQBTf8X6tg==\n"
+
+      @user = User.new(
+        # Encrypted Attribute
+        :bank_account_number              => @bank_account_number,
+        # Encrypted Attribute
+        :social_security_number           => @social_security_number
+      )
+    end
+
+    should "encrypt simple string" do
+      assert_equal @social_security_number_encrypted, Symmetric::Encryption.encrypt(@social_security_number)
+    end
+
+    should "decrypt string" do
+      assert_equal @social_security_number, Symmetric::Encryption.decrypt(@social_security_number_encrypted)
+    end
+
+    should "have encrypted methods" do
+      assert_equal true, @user.respond_to?(:encrypted_bank_account_number)
+      assert_equal true, @user.respond_to?(:encrypted_social_security_number)
+      assert_equal false, @user.respond_to?(:encrypted_name)
+    end
+
+    should "have unencrypted values" do
+      assert_equal @bank_account_number, @user.bank_account_number
+      assert_equal @social_security_number, @user.social_security_number
+    end
+
+    should "have encrypted values" do
+      assert_equal @bank_account_number_encrypted, @user.encrypted_bank_account_number
+      assert_equal @social_security_number_encrypted, @user.encrypted_social_security_number
+    end
+
+    should "encrypt" do
+      user = User.new
+      user.bank_account_number = @bank_account_number
+      assert_equal @bank_account_number, user.bank_account_number
+      assert_equal @bank_account_number_encrypted, user.encrypted_bank_account_number
+    end
+
+    should "allow lookups using unencrypted or encrypted column name" do
+      user_id = @user.save!
+
+      inq = User.find_by_bank_account_number(@bank_account_number)
+      assert_equal @bank_account_number, inq.bank_account_number
+      assert_equal @bank_account_number_encrypted, inq.encrypted_bank_account_number
+
+      User.delete(user_id)
+    end
+
+    should "return encrypted attributes for the class" do
+      expect = {:social_security_number=>:encrypted_social_security_number, :bank_account_number=>:encrypted_bank_account_number, :check_bank_account_number=>:encrypted_check_bank_account_number}
+      result = User.encrypted_attributes
+      expect.each_pair {|k,v| assert_equal expect[k], result[k]}
+    end
+
+    should "return encrypted keys for the class" do
+      expect = [:social_security_number, :bank_account_number, :check_bank_account_number]
+      result = User.encrypted_keys
+      expect.each {|val| assert_equal true, result.include?(val)}
+
+      # Also check encrypted_attribute?
+      expect.each {|val| assert_equal true, User.encrypted_attribute?(val)}
+    end
+
+    should "return encrypted columns for the class" do
+      expect = [:encrypted_social_security_number, :encrypted_bank_account_number, :encrypted_check_bank_account_number]
+      result = User.encrypted_columns
+      expect.each {|val| assert_equal true, result.include?(val)}
+
+      # Also check encrypted_column?
+      expect.each {|val| assert_equal true, User.encrypted_column?(val)}
+    end
+
+  end
+end

metadata

@@ -0,0 +1,68 @@
+--- !ruby/object:Gem::Specification 
+name: symmetric-encryption
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.0.1
+platform: ruby
+authors: 
+  - Reid Morrison
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2012-01-18 00:00:00 Z
+dependencies: []
+
+description: Symmetric Encryption is a library to seamlessly enable symmetric encryption in a project, written in Ruby.
+email: 
+  - reidmo@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+  - LICENSE.txt
+  - Rakefile
+  - README.md
+  - symmetric-encryption-0.0.1.gem
+  - lib/symmetric-encryption.rb
+  - lib/symmetric/encryption.rb
+  - lib/symmetric/railtie.rb
+  - lib/symmetric/extensions/active_record/base.rb
+  - lib/symmetric/railties/symmetric-encryption.rake
+  - nbproject/private/config.properties
+  - nbproject/private/private.properties
+  - nbproject/private/private.xml
+  - nbproject/private/rake-d.txt
+  - test/encryption_test.rb
+homepage: https://github.com/ClarityServices/symmetric-encryption
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+  - lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.8.9
+signing_key: 
+specification_version: 3
+summary: Symmetric Encryption for Ruby, and Ruby on Rails
+test_files: []
+