symmetric-encryption 4.3.2 → 4.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +5 -5
- data/lib/symmetric_encryption/cipher.rb +4 -4
- data/lib/symmetric_encryption/cli.rb +37 -19
- data/lib/symmetric_encryption/config.rb +1 -1
- data/lib/symmetric_encryption/core.rb +1 -0
- data/lib/symmetric_encryption/header.rb +12 -12
- data/lib/symmetric_encryption/keystore.rb +3 -3
- data/lib/symmetric_encryption/keystore/aws.rb +4 -7
- data/lib/symmetric_encryption/keystore/gcp.rb +3 -2
- data/lib/symmetric_encryption/keystore/memory.rb +1 -1
- data/lib/symmetric_encryption/railties/mongoid_encrypted.rb +2 -1
- data/lib/symmetric_encryption/utils/re_encrypt_files.rb +3 -3
- data/lib/symmetric_encryption/version.rb +1 -1
- data/lib/symmetric_encryption/writer.rb +4 -3
- metadata +8 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 48319cdd25b04f6722c7bb4f3baf282a4fa76b4a06041ec1065fdade1677f2a4
|
|
4
|
+
data.tar.gz: 59e09a6dcefa9759c8c4c196b396f7068b80dddd77936716dde1a5d218d272f2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 49d434857542e8e91e5311cc01145658a293a9aaefd432d3ef948fed9d041bf3675b114a0c4d132865ff4c5ea7b1d54cdff1cbdae2b9a282c463ca4bfcbc2ab7
|
|
7
|
+
data.tar.gz: 163c0baeaaac833f092cf07614f55d48e49932b494a126b90e9f00b7432b877d38b0e341e58e25747e91762a5cd48734a10f7dde1df26e2a1f0affa6379044f3
|
data/README.md
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
# Symmetric Encryption
|
|
2
|
-
 ](https://rubygems.org/gems/symmetric-encryption) [](https://github.com/reidmorrison/symmetric-encryption/actions?query=workflow%3Abuild) [](https://rubygems.org/gems/symmetric-encryption) [](http://opensource.org/licenses/Apache-2.0) 
|
|
3
3
|
|
|
4
|
-
*
|
|
4
|
+
* https://encryption.rocketjob.io/
|
|
5
5
|
|
|
6
|
-
Transparently encrypt ActiveRecord,
|
|
6
|
+
Transparently encrypt ActiveRecord, and Mongoid attributes. Encrypt passwords in configuration files. Encrypt entire files at rest.
|
|
7
7
|
|
|
8
8
|
## Introduction
|
|
9
9
|
|
|
@@ -19,7 +19,7 @@ expose all the encryption algorithms supported by OpenSSL.
|
|
|
19
19
|
|
|
20
20
|
## Documentation
|
|
21
21
|
|
|
22
|
-
[Symmetric Encryption Guide](
|
|
22
|
+
[Symmetric Encryption Guide](https://encryption.rocketjob.io/)
|
|
23
23
|
|
|
24
24
|
[Reference Documentation](http://www.rubydoc.info/gems/symmetric-encryption/)
|
|
25
25
|
|
|
@@ -168,7 +168,7 @@ may have backward compatibility issues:
|
|
|
168
168
|
|
|
169
169
|
[Reid Morrison](https://github.com/reidmorrison)
|
|
170
170
|
|
|
171
|
-
[Contributors](https://github.com/
|
|
171
|
+
[Contributors](https://github.com/reidmorrison/symmetric-encryption/graphs/contributors)
|
|
172
172
|
|
|
173
173
|
## Versioning
|
|
174
174
|
|
|
@@ -84,9 +84,9 @@ module SymmetricEncryption
|
|
|
84
84
|
@version = version.to_i
|
|
85
85
|
@always_add_header = always_add_header
|
|
86
86
|
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
87
|
+
return unless (@version > 255) || @version.negative?
|
|
88
|
+
|
|
89
|
+
raise(ArgumentError, "Cipher version has a valid range of 0 to 255. #{@version} is too high, or negative")
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
# Change the encoding
|
|
@@ -114,7 +114,7 @@ module SymmetricEncryption
|
|
|
114
114
|
# to convert it to a string
|
|
115
115
|
#
|
|
116
116
|
# random_iv [true|false]
|
|
117
|
-
# Whether the
|
|
117
|
+
# Whether the encrypted value should use a random IV every time the
|
|
118
118
|
# field is encrypted.
|
|
119
119
|
# Notes:
|
|
120
120
|
# * Setting random_iv to true will result in a different encrypted output for
|
|
@@ -74,7 +74,7 @@ module SymmetricEncryption
|
|
|
74
74
|
opts.banner = <<~BANNER
|
|
75
75
|
Symmetric Encryption v#{VERSION}
|
|
76
76
|
|
|
77
|
-
For more information, see: https://rocketjob.
|
|
77
|
+
For more information, see: https://encryption.rocketjob.io/
|
|
78
78
|
|
|
79
79
|
Note:
|
|
80
80
|
It is recommended to backup the current configuration file, or place it in version control before running
|
|
@@ -91,7 +91,8 @@ module SymmetricEncryption
|
|
|
91
91
|
@decrypt = file_name || STDIN
|
|
92
92
|
end
|
|
93
93
|
|
|
94
|
-
opts.on "-o", "--output FILE_NAME",
|
|
94
|
+
opts.on "-o", "--output FILE_NAME",
|
|
95
|
+
"Write encrypted or decrypted file to this file, otherwise output goes to stdout." do |file_name|
|
|
95
96
|
@output_file_name = file_name
|
|
96
97
|
end
|
|
97
98
|
|
|
@@ -107,11 +108,13 @@ module SymmetricEncryption
|
|
|
107
108
|
@compress = false
|
|
108
109
|
end
|
|
109
110
|
|
|
110
|
-
opts.on "-E", "--env ENVIRONMENT",
|
|
111
|
+
opts.on "-E", "--env ENVIRONMENT",
|
|
112
|
+
"Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
|
|
111
113
|
@environment = environment
|
|
112
114
|
end
|
|
113
115
|
|
|
114
|
-
opts.on "-c", "--config CONFIG_FILE_PATH",
|
|
116
|
+
opts.on "-c", "--config CONFIG_FILE_PATH",
|
|
117
|
+
"File name & path to the Symmetric Encryption configuration file. Default: config/symmetric-encryption.yml or Env var: `SYMMETRIC_ENCRYPTION_CONFIG`" do |path|
|
|
115
118
|
@config_file_path = path
|
|
116
119
|
end
|
|
117
120
|
|
|
@@ -119,11 +122,13 @@ module SymmetricEncryption
|
|
|
119
122
|
@migrate = true
|
|
120
123
|
end
|
|
121
124
|
|
|
122
|
-
opts.on "-r", "--re-encrypt [PATTERN]",
|
|
125
|
+
opts.on "-r", "--re-encrypt [PATTERN]",
|
|
126
|
+
'ReEncrypt all files matching the pattern. Default: "**/*.{yml,rb}"' do |pattern|
|
|
123
127
|
@re_encrypt = pattern || "**/*.{yml,rb}"
|
|
124
128
|
end
|
|
125
129
|
|
|
126
|
-
opts.on "-n", "--new-password [SIZE]",
|
|
130
|
+
opts.on "-n", "--new-password [SIZE]",
|
|
131
|
+
"Generate a new random password using only characters that are URL-safe base64. Default size is 22." do |size|
|
|
127
132
|
@random_password = (size || 22).to_i
|
|
128
133
|
end
|
|
129
134
|
|
|
@@ -131,39 +136,48 @@ module SymmetricEncryption
|
|
|
131
136
|
@generate = config
|
|
132
137
|
end
|
|
133
138
|
|
|
134
|
-
opts.on "-s", "--keystore heroku|environment|file|aws|gcp",
|
|
139
|
+
opts.on "-s", "--keystore heroku|environment|file|aws|gcp",
|
|
140
|
+
"Which keystore to use during generation or re-encryption." do |keystore|
|
|
135
141
|
@keystore = (keystore || "file").downcase.to_sym
|
|
136
142
|
end
|
|
137
143
|
|
|
138
|
-
opts.on "-B", "--regions [us-east-1,us-east-2,us-west-1,us-west-2]",
|
|
144
|
+
opts.on "-B", "--regions [us-east-1,us-east-2,us-west-1,us-west-2]",
|
|
145
|
+
"AWS KMS Regions to encrypt data key with." do |regions|
|
|
139
146
|
@regions = regions.to_s.split(",").collect(&:strip) if regions
|
|
140
147
|
end
|
|
141
148
|
|
|
142
|
-
opts.on "-K", "--key-path KEY_PATH",
|
|
149
|
+
opts.on "-K", "--key-path KEY_PATH",
|
|
150
|
+
"Output path in which to write generated key files. Default: ~/.symmetric-encryption" do |path|
|
|
143
151
|
@key_path = path
|
|
144
152
|
end
|
|
145
153
|
|
|
146
|
-
opts.on "-a", "--app-name NAME",
|
|
154
|
+
opts.on "-a", "--app-name NAME",
|
|
155
|
+
"Application name to use when generating a new configuration. Default: symmetric-encryption" do |name|
|
|
147
156
|
@app_name = name
|
|
148
157
|
end
|
|
149
158
|
|
|
150
|
-
opts.on "-S", "--environments ENVIRONMENTS",
|
|
159
|
+
opts.on "-S", "--environments ENVIRONMENTS",
|
|
160
|
+
"Comma separated list of environments for which to generate the config file. Default: development,test,release,production" do |environments|
|
|
151
161
|
@environments = environments.split(",").collect(&:strip).collect(&:to_sym)
|
|
152
162
|
end
|
|
153
163
|
|
|
154
|
-
opts.on "-C", "--cipher-name NAME",
|
|
164
|
+
opts.on "-C", "--cipher-name NAME",
|
|
165
|
+
"Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc" do |name|
|
|
155
166
|
@cipher_name = name
|
|
156
167
|
end
|
|
157
168
|
|
|
158
|
-
opts.on "-R", "--rotate-keys",
|
|
169
|
+
opts.on "-R", "--rotate-keys",
|
|
170
|
+
"Generates a new encryption key version, encryption key files, and updates the configuration file." do
|
|
159
171
|
@rotate_keys = true
|
|
160
172
|
end
|
|
161
173
|
|
|
162
|
-
opts.on "-U", "--rotate-kek",
|
|
174
|
+
opts.on "-U", "--rotate-kek",
|
|
175
|
+
"Replace the existing key encrypting keys only, the data encryption key is not changed, and updates the configuration file." do
|
|
163
176
|
@rotate_kek = true
|
|
164
177
|
end
|
|
165
178
|
|
|
166
|
-
opts.on "-D", "--rolling-deploy",
|
|
179
|
+
opts.on "-D", "--rolling-deploy",
|
|
180
|
+
"During key rotation, support a rolling deploy by placing the new key second in the list so that it is not activated yet." do
|
|
167
181
|
@rolling_deploy = true
|
|
168
182
|
end
|
|
169
183
|
|
|
@@ -171,11 +185,13 @@ module SymmetricEncryption
|
|
|
171
185
|
@activate_key = true
|
|
172
186
|
end
|
|
173
187
|
|
|
174
|
-
opts.on "-X", "--cleanup-keys",
|
|
188
|
+
opts.on "-X", "--cleanup-keys",
|
|
189
|
+
"Removes all encryption keys, except the one with the highest version from the configuration file." do
|
|
175
190
|
@cleanup_keys = true
|
|
176
191
|
end
|
|
177
192
|
|
|
178
|
-
opts.on "-V", "--key-version NUMBER",
|
|
193
|
+
opts.on "-V", "--key-version NUMBER",
|
|
194
|
+
"Encryption key version to use when encrypting or re-encrypting. Default: (Current global version)." do |number|
|
|
179
195
|
@version = number.to_i
|
|
180
196
|
end
|
|
181
197
|
|
|
@@ -237,7 +253,8 @@ module SymmetricEncryption
|
|
|
237
253
|
end
|
|
238
254
|
|
|
239
255
|
config = Config.read_file(config_file_path)
|
|
240
|
-
SymmetricEncryption::Keystore.rotate_keys!(config, environments: environments || [], app_name: app_name,
|
|
256
|
+
SymmetricEncryption::Keystore.rotate_keys!(config, environments: environments || [], app_name: app_name,
|
|
257
|
+
rolling_deploy: rolling_deploy, keystore: keystore)
|
|
241
258
|
Config.write_file(config_file_path, config)
|
|
242
259
|
puts "Existing configuration file updated with new keys: #{config_file_path}"
|
|
243
260
|
end
|
|
@@ -280,7 +297,8 @@ module SymmetricEncryption
|
|
|
280
297
|
end
|
|
281
298
|
|
|
282
299
|
def encrypt_file(input_file_name)
|
|
283
|
-
SymmetricEncryption::Writer.encrypt(source: input_file_name, target: output_file_name || STDOUT, compress: compress,
|
|
300
|
+
SymmetricEncryption::Writer.encrypt(source: input_file_name, target: output_file_name || STDOUT, compress: compress,
|
|
301
|
+
version: version)
|
|
284
302
|
end
|
|
285
303
|
|
|
286
304
|
def decrypt_file(input_file_name)
|
|
@@ -83,7 +83,7 @@ module SymmetricEncryption
|
|
|
83
83
|
end
|
|
84
84
|
end
|
|
85
85
|
|
|
86
|
-
# Returns [Array(
|
|
86
|
+
# Returns [Array(SymmetricEncryption::Cipher)] ciphers specified in the configuration file.
|
|
87
87
|
def ciphers
|
|
88
88
|
@ciphers ||= config[:ciphers].collect { |cipher_config| Cipher.from_config(**cipher_config) }
|
|
89
89
|
end
|
|
@@ -25,6 +25,7 @@ module SymmetricEncryption
|
|
|
25
25
|
module ActiveRecord
|
|
26
26
|
autoload :EncryptedAttribute, "symmetric_encryption/active_record/encrypted_attribute"
|
|
27
27
|
end
|
|
28
|
+
|
|
28
29
|
module Utils
|
|
29
30
|
autoload :Aws, "symmetric_encryption/utils/aws"
|
|
30
31
|
autoload :Files, "symmetric_encryption/utils/files"
|
|
@@ -167,29 +167,29 @@ module SymmetricEncryption
|
|
|
167
167
|
|
|
168
168
|
self.compress = (flags & FLAG_COMPRESSED) != 0
|
|
169
169
|
|
|
170
|
-
if (flags & FLAG_IV)
|
|
171
|
-
self.iv, offset = read_string(buffer, offset)
|
|
172
|
-
else
|
|
170
|
+
if (flags & FLAG_IV).zero?
|
|
173
171
|
self.iv = nil
|
|
172
|
+
else
|
|
173
|
+
self.iv, offset = read_string(buffer, offset)
|
|
174
174
|
end
|
|
175
175
|
|
|
176
|
-
if (flags & FLAG_KEY)
|
|
176
|
+
if (flags & FLAG_KEY).zero?
|
|
177
|
+
self.key = nil
|
|
178
|
+
else
|
|
177
179
|
encrypted_key, offset = read_string(buffer, offset)
|
|
178
180
|
self.key = cipher.binary_decrypt(encrypted_key)
|
|
179
|
-
else
|
|
180
|
-
self.key = nil
|
|
181
181
|
end
|
|
182
182
|
|
|
183
|
-
if (flags & FLAG_CIPHER_NAME)
|
|
184
|
-
self.cipher_name, offset = read_string(buffer, offset)
|
|
185
|
-
else
|
|
183
|
+
if (flags & FLAG_CIPHER_NAME).zero?
|
|
186
184
|
self.cipher_name = nil
|
|
185
|
+
else
|
|
186
|
+
self.cipher_name, offset = read_string(buffer, offset)
|
|
187
187
|
end
|
|
188
188
|
|
|
189
|
-
if (flags & FLAG_AUTH_TAG)
|
|
190
|
-
self.auth_tag, offset = read_string(buffer, offset)
|
|
191
|
-
else
|
|
189
|
+
if (flags & FLAG_AUTH_TAG).zero?
|
|
192
190
|
self.auth_tag = nil
|
|
191
|
+
else
|
|
192
|
+
self.auth_tag, offset = read_string(buffer, offset)
|
|
193
193
|
end
|
|
194
194
|
|
|
195
195
|
offset
|
|
@@ -56,7 +56,7 @@ module SymmetricEncryption
|
|
|
56
56
|
# Notes:
|
|
57
57
|
# * iv_filename is no longer supported and is removed when creating a new random cipher.
|
|
58
58
|
# * `iv` does not need to be encrypted and is included in the clear.
|
|
59
|
-
def self.rotate_keys!(full_config, environments: [],
|
|
59
|
+
def self.rotate_keys!(full_config, app_name:, environments: [], rolling_deploy: false, keystore: nil)
|
|
60
60
|
full_config.each_pair do |environment, cfg|
|
|
61
61
|
# Only rotate keys for specified environments. Default, all
|
|
62
62
|
next if !environments.empty? && !environments.include?(environment.to_sym)
|
|
@@ -95,7 +95,7 @@ module SymmetricEncryption
|
|
|
95
95
|
# Rotates just the key encrypting keys for the current cipher version.
|
|
96
96
|
# The existing data encryption key is not changed, it is secured using the
|
|
97
97
|
# new key encrypting keys.
|
|
98
|
-
def self.rotate_key_encrypting_keys!(full_config, environments: []
|
|
98
|
+
def self.rotate_key_encrypting_keys!(full_config, app_name:, environments: [])
|
|
99
99
|
full_config.each_pair do |environment, cfg|
|
|
100
100
|
# Only rotate keys for specified environments. Default, all
|
|
101
101
|
next if !environments.empty? && !environments.include?(environment.to_sym)
|
|
@@ -156,7 +156,7 @@ module SymmetricEncryption
|
|
|
156
156
|
# Returns [Key] by recursively navigating the config tree.
|
|
157
157
|
#
|
|
158
158
|
# Supports N level deep key encrypting keys.
|
|
159
|
-
def self.read_key(key: nil,
|
|
159
|
+
def self.read_key(iv:, key: nil, key_encrypting_key: nil, cipher_name: "aes-256-cbc", keystore: nil, version: 0, **args)
|
|
160
160
|
if key_encrypting_key.is_a?(Hash)
|
|
161
161
|
# Recurse up the chain returning the parent key_encrypting_key
|
|
162
162
|
key_encrypting_key = read_key(cipher_name: cipher_name, **key_encrypting_key)
|
|
@@ -70,13 +70,9 @@ module SymmetricEncryption
|
|
|
70
70
|
# ],
|
|
71
71
|
# iv: 'T80pYzD0E6e/bJCdjZ6TiQ=='
|
|
72
72
|
# }
|
|
73
|
-
def self.generate_data_key(version: 0,
|
|
73
|
+
def self.generate_data_key(cipher_name:, app_name:, environment:, key_path:, version: 0,
|
|
74
74
|
regions: Utils::Aws::AWS_US_REGIONS,
|
|
75
75
|
dek: nil,
|
|
76
|
-
cipher_name:,
|
|
77
|
-
app_name:,
|
|
78
|
-
environment:,
|
|
79
|
-
key_path:,
|
|
80
76
|
**_args)
|
|
81
77
|
|
|
82
78
|
# TODO: Also support generating environment variables instead of files.
|
|
@@ -116,12 +112,13 @@ module SymmetricEncryption
|
|
|
116
112
|
|
|
117
113
|
# Stores the Encryption key in a file.
|
|
118
114
|
# Secures the Encryption key by encrypting it with a key encryption key.
|
|
119
|
-
def initialize(region: nil,
|
|
115
|
+
def initialize(key_files:, master_key_alias:, region: nil, key_encrypting_key: nil)
|
|
120
116
|
@key_files = key_files
|
|
121
117
|
@master_key_alias = master_key_alias
|
|
122
118
|
@region = region || ENV["AWS_REGION"] || ENV["AWS_DEFAULT_REGION"] || ::Aws.config[:region]
|
|
123
119
|
if key_encrypting_key
|
|
124
|
-
raise(SymmetricEncryption::ConfigError,
|
|
120
|
+
raise(SymmetricEncryption::ConfigError,
|
|
121
|
+
"AWS KMS keystore encrypts the key itself, so does not support supplying a key_encrypting_key")
|
|
125
122
|
end
|
|
126
123
|
end
|
|
127
124
|
|
|
@@ -5,7 +5,7 @@ module SymmetricEncryption
|
|
|
5
5
|
class Gcp
|
|
6
6
|
include Utils::Files
|
|
7
7
|
|
|
8
|
-
def self.generate_data_key(
|
|
8
|
+
def self.generate_data_key(cipher_name:, app_name:, environment:, key_path:, version: 0)
|
|
9
9
|
version >= 255 ? (version = 1) : (version += 1)
|
|
10
10
|
|
|
11
11
|
dek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
|
|
@@ -46,7 +46,8 @@ module SymmetricEncryption
|
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
def crypto_key
|
|
49
|
-
@crypto_key ||= self.class::KMS::KeyManagementServiceClient.crypto_key_path(project_id, location_id, app_name,
|
|
49
|
+
@crypto_key ||= self.class::KMS::KeyManagementServiceClient.crypto_key_path(project_id, location_id, app_name,
|
|
50
|
+
environment.to_s)
|
|
50
51
|
end
|
|
51
52
|
|
|
52
53
|
private
|
|
@@ -35,7 +35,7 @@ module SymmetricEncryption
|
|
|
35
35
|
|
|
36
36
|
# Stores the Encryption key in a string.
|
|
37
37
|
# Secures the Encryption key by encrypting it with a key encryption key.
|
|
38
|
-
def initialize(encrypted_key: nil
|
|
38
|
+
def initialize(key_encrypting_key:, encrypted_key: nil)
|
|
39
39
|
@encrypted_key = encrypted_key
|
|
40
40
|
@key_encrypting_key = key_encrypting_key
|
|
41
41
|
end
|
|
@@ -100,7 +100,8 @@ Mongoid::Fields.option :encrypted do |model, field, options|
|
|
|
100
100
|
end
|
|
101
101
|
|
|
102
102
|
if decrypted_field_name.nil?
|
|
103
|
-
raise(ArgumentError,
|
|
103
|
+
raise(ArgumentError,
|
|
104
|
+
"SymmetricEncryption for Mongoid. Encryption enabled for field #{encrypted_field_name}. It must either start with 'encrypted_' or the option :decrypt_as must be supplied")
|
|
104
105
|
end
|
|
105
106
|
|
|
106
107
|
SymmetricEncryption::Generator.generate_decrypted_accessors(model, decrypted_field_name, encrypted_field_name, options)
|
|
@@ -70,11 +70,11 @@ module SymmetricEncryption
|
|
|
70
70
|
if line.valid_encoding? && (result = line.match(r))
|
|
71
71
|
encrypted = result[0]
|
|
72
72
|
new_value = re_encrypt(encrypted)
|
|
73
|
-
if new_value
|
|
73
|
+
if new_value == encrypted
|
|
74
|
+
line
|
|
75
|
+
else
|
|
74
76
|
hits += 1
|
|
75
77
|
line.gsub(encrypted, new_value)
|
|
76
|
-
else
|
|
77
|
-
line
|
|
78
78
|
end
|
|
79
79
|
else
|
|
80
80
|
line
|
|
@@ -51,8 +51,8 @@ module SymmetricEncryption
|
|
|
51
51
|
if file_name_or_stream.is_a?(String)
|
|
52
52
|
file_name_or_stream = ::File.open(file_name_or_stream, "wb")
|
|
53
53
|
compress = !(/\.(zip|gz|gzip|xls.|)\z/i === file_name_or_stream) if compress.nil?
|
|
54
|
-
|
|
55
|
-
compress = true
|
|
54
|
+
elsif compress.nil?
|
|
55
|
+
compress = true
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
begin
|
|
@@ -105,7 +105,8 @@ module SymmetricEncryption
|
|
|
105
105
|
# Cipher to encrypt the random_key, or the entire file
|
|
106
106
|
cipher = SymmetricEncryption.cipher(version)
|
|
107
107
|
unless cipher
|
|
108
|
-
raise(SymmetricEncryption::CipherError,
|
|
108
|
+
raise(SymmetricEncryption::CipherError,
|
|
109
|
+
"Cipher with version:#{version} not found in any of the configured SymmetricEncryption ciphers")
|
|
109
110
|
end
|
|
110
111
|
|
|
111
112
|
# Force header if compressed or using random iv, key
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: symmetric-encryption
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.3.
|
|
4
|
+
version: 4.3.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Reid Morrison
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-08-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: coercible
|
|
@@ -24,9 +24,8 @@ dependencies:
|
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '1.0'
|
|
27
|
-
description:
|
|
27
|
+
description:
|
|
28
28
|
email:
|
|
29
|
-
- reidmo@gmail.com
|
|
30
29
|
executables:
|
|
31
30
|
- symmetric-encryption
|
|
32
31
|
extensions: []
|
|
@@ -68,11 +67,11 @@ files:
|
|
|
68
67
|
- lib/symmetric_encryption/utils/re_encrypt_files.rb
|
|
69
68
|
- lib/symmetric_encryption/version.rb
|
|
70
69
|
- lib/symmetric_encryption/writer.rb
|
|
71
|
-
homepage:
|
|
70
|
+
homepage: https://encryption.rocketjob.io
|
|
72
71
|
licenses:
|
|
73
72
|
- Apache-2.0
|
|
74
73
|
metadata: {}
|
|
75
|
-
post_install_message:
|
|
74
|
+
post_install_message:
|
|
76
75
|
rdoc_options: []
|
|
77
76
|
require_paths:
|
|
78
77
|
- lib
|
|
@@ -87,8 +86,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
87
86
|
- !ruby/object:Gem::Version
|
|
88
87
|
version: '0'
|
|
89
88
|
requirements: []
|
|
90
|
-
rubygems_version: 3.
|
|
91
|
-
signing_key:
|
|
89
|
+
rubygems_version: 3.2.22
|
|
90
|
+
signing_key:
|
|
92
91
|
specification_version: 4
|
|
93
92
|
summary: Encrypt ActiveRecord and Mongoid attributes, files and passwords in configuration
|
|
94
93
|
files.
|