Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add generator to generate default configuration file

Replace rake task to generate key files with Rails generator
Add :base64strict mode to exclude newlines in encrypted fields
Make :base64strict the default mode in generated config files
  • Loading branch information...
commit d4085ba2e2cd20f1a0603b7f97b21f212c42eff3 1 parent 8fa44de
@reidmorrison authored
View
168 README.md
@@ -138,97 +138,34 @@ specified environment
Note: Passwords must be encrypted in the environment in which they will be used.
Since each environment should have its own symmetric encryption keys
-## Install
+## Installation
- gem install symmetric-encryption
-
-## Configuration
-
-### Generating the RSA Private key
+### Add to an existing Rails project
+Add the following line to Gemfile
-To protect the files holding the Symmetric Encryption keys, symmetric-encryption uses 2048 bit RSA
-encryption.
+ gem 'symmetric-encryption'
-Generate the RSA Private key as follows
+Install the Gem with bundler
- openssl genrsa 2048
+ bundle install
-Paste the output into the configuration created below
+## Rails Configuration
### Creating the configuration file
-Create a configuration file in config/symmetric-encryption.yml per the following example:
+The configuration file contains the path to the production encryption key files.
+Generally in development and test the files are not created, so supply the full path
+to these files in production. Once the config file has been generated it can be
+modified as needed.
- #
- # Symmetric Encryption for Ruby
- #
- ---
- # For the development and test environments the test symmetric encryption keys
- # can be placed directly in the source code.
- # And therefore no RSA private key is required
- development: &development_defaults
- key: 1234567890ABCDEF1234567890ABCDEF
- iv: 1234567890ABCDEF
- cipher: aes-128-cbc
+Generate the configuration file:
- test:
- <<: *development_defaults
+ rails generate symmetric_encryption:config /etc/rails/keys
- production:
- # Since the key to encrypt and decrypt with must NOT be stored along with the
- # source code, we only hold a RSA key that is used to unlock the file
- # containing the actual symmetric encryption key
- #
- # Sample RSA Key, DO NOT use this RSA key, generate a new one using
- # openssl genrsa 2048
- private_rsa_key: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEAxIL9H/jYUGpA38v6PowRSRJEo3aNVXULNM/QNRpx2DTf++KH
- 6DcuFTFcNSSSxG9n4y7tKi755be8N0uwCCuOzvXqfWmXYjbLwK3Ib2vm0btpHyvA
- qxgqeJOOCxKdW/cUFLWn0tACUcEjVCNfWEGaFyvkOUuR7Ub9KfhbW9cZO3BxZMUf
- IPGlHl/gWyf484sXygd+S7cpDTRRzo9RjG74DwfE0MFGf9a1fTkxnSgeOJ6asTOy
- fp9tEToUlbglKaYGpOGHYQ9TV5ZsyJ9jRUyb4SP5wK2eK6dHTxTcHvT03kD90Hv4
- WeKIXv3WOjkwNEyMdpnJJfSDb5oquQvCNi7ZSQIDAQABAoIBAQCbzR7TUoBugU+e
- ICLvpC2wOYOh9kRoFLwlyv3QnH7WZFWRZzFJszYeJ1xr5etXQtyjCnmOkGAg+WOI
- k8GlOKOpAuA/PpB/leJFiYL4lBwU/PmDdTT0cdx6bMKZlNCeMW8CXGQKiFDOcMqJ
- 0uGtH5YD+RChPIEeFsJxnC8SyZ9/t2ra7XnMGiCZvRXIUDSEIIsRx/mOymJ7bL+h
- Lbp46IfXf6ZuIzwzoIk0JReV/r+wdmkAVDkrrMkCmVS4/X1wN/Tiik9/yvbsh/CL
- ztC55eSIEjATkWxnXfPASZN6oUfQPEveGH3HzNjdncjH/Ho8FaNMIAfFpBhhLPi9
- nG5sbH+BAoGBAOdoUyVoAA/QUa3/FkQaa7Ajjehe5MR5k6VtaGtcxrLiBjrNR7x+
- nqlZlGvWDMiCz49dgj+G1Qk1bbYrZLRX/Hjeqy5dZOGLMfgf9eKUmS1rDwAzBMcj
- M9jnnJEBx8HIlNzaR6wzp3GMd0rrccs660A8URvzkgo9qNbvMLq9vyUtAoGBANll
- SY1Iv9uaIz8klTXU9YzYtsfUmgXzw7K8StPdbEbo8F1J3JPJB4D7QHF0ObIaSWuf
- suZqLsvWlYGuJeyX2ntlBN82ORfvUdOrdrbDlmPyj4PfFVl0AK3U3Ai374DNrjKR
- hF6YFm4TLDaJhUjeV5C43kbE1N2FAMS9LYtPJ44NAoGAFDGHZ/E+aCLerddfwwun
- MBS6MnftcLPHTZ1RimTrNfsBXipBw1ItWEvn5s0kCm9X24PmdNK4TnhqHYaF4DL5
- ZjbQK1idEA2Mi8GGPIKJJ2x7P6I0HYiV4qy7fe/w1ZlCXE90B7PuPbtrQY9wO7Ll
- ipJ45X6I1PnyfOcckn8yafUCgYACtPAlgjJhWZn2v03cTbqA9nHQKyV/zXkyUIXd
- /XPLrjrP7ouAi5A8WuSChR/yx8ECRgrEM65Be3qBEtoGCB4AS1G0NcigM6qhKBFi
- VS0aMXr3+V8argcUIwJaWW/x+p2go48yXlJpLHPweeXe8mXEt4iM+QZte6p2yKQ4
- h9PGQQKBgQCqSydmXBnXGIVTp2sH/2GnpxLYnDBpcJE0tM8bJ42HEQQgRThIChsn
- PnGA91G9MVikYapgI0VYBHQOTsz8rTIUzsKwXG+TIaK+W84nxH5y6jUkjqwxZmAz
- r1URaMAun2PfAB4g2N/kEZTExgeOGqXjFhvvjdzl97ux2cTyZhaTXg==
- -----END RSA PRIVATE KEY-----
+Note: Ignore the warning about "Symmetric Encryption config not found" since it is
+being generated
- # List Symmetric Key files in the order of current / latest first
- ciphers:
- -
- # Filename containing Symmetric Encryption Key encrypted using the
- # RSA public key derived from the private key above
- key_filename: /etc/rails/.rails.key
- iv_filename: /etc/rails/.rails.iv
-
- # Encryption cipher
- # Recommended values:
- # aes-256-cbc
- # 256 AES CBC Algorithm. Very strong
- # Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
- # JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
- # aes-128-cbc
- # 128 AES CBC Algorithm. Less strong.
- # Ruby 1.8.7 MRI Approximately 100,000 encryptions or decryptions per second
- # JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
- cipher: aes-256-cbc
+#### Save to version control
This configuration file should be checked into the source code control system.
It does Not include the Symmetric Encryption keys. They will be generated in the
@@ -236,22 +173,44 @@ next step.
### Generating and securing the Symmetric Encryption keys
+Once development and testing is complete we need to generate secure encryption
+key files for production. It is recommended that the step below be run on only
+one of the production servers. The generated key files must then be copied to
+all the production web servers.
+
+Note: Do not run this step more than once, otherwise new keys will be generated
+and any encrypted data will no longer be accessible.
+
+Note: Do not run this step on more than one server in each environment otherwise
+each server will be encrypting with it's own key and the servers will not be able
+to decrypt data encrypted on another server. Just copy the generated files to each
+server
+
The symmetric encryption key consists of the key itself and an optional
initialization vector.
-To generate the keys run the following Rake task in each environment:
+To generate the keys run the following Rake task once only in each environment:
- RAILS_ENV=production rake symmetric_encryption:generate_symmetric_keys
+ rails generate symmetric_encryption:new_keys production
Replace 'production' as necessary for each environment.
Make sure that the current user has read and write access to the folder listed
-in the configuration option symmetric_key_filename above.
+in the config file option key_filename.
+
+Note: Ignore the warning about the key files "not found or readable" since they
+are being generated
Once the Symmetric Encryption keys have been generated, secure them further by
-making the files read-only to the Rails user and not readable by any other user
+making the files read-only to the Rails user and not readable by any other user.
+Change ownership of the keys to the rails user and only give it access to read the key files:
+
+ chown rails /etc/rails/keys/*
+ chmod 0400 /etc/rails/keys/*
- chmod ...
+Change 'rails' above to the userid under which your Rails processes are run
+and update the path to the one supplied when generating the config file or
+look in the config file itself
When running multiple Rails servers in a particular environment copy the same
key files to every server in that environment. I.e. All Rails servers in each
@@ -261,8 +220,16 @@ Note: The generate step above must only be run once in each environment
## Using in non-Rails environments
-symmetric-encryption can also be used in non-Rails environment. At application
-startup, run the code below to initialize symmetric-encryption prior to
+SymmetricEncryption can also be used in non-Rails environment.
+
+Install SymmetricEncryption
+
+ gem install symmetric-encryption
+
+Manually create a symmetric-encryption.yml configuration file based on the
+one supplied in examples/symmetric-encryption.yml.
+
+At application startup, run the code below to initialize symmetric-encryption prior to
attempting to encrypt or decrypt any data
require 'symmetric-encryption'
@@ -309,8 +276,8 @@ Create a configuration file in config/symmetric-encryption.yml per the following
# can be placed directly in the source code.
# And therefore no RSA private key is required
development: &development_defaults
- key: 1234567890ABCDEF1234567890ABCDEF
- iv: 1234567890ABCDEF
+ key: 1234567890ABCDEF1234567890ABCDEF
+ iv: 1234567890ABCDEF
cipher: aes-128-cbc
test:
@@ -358,7 +325,7 @@ Create a configuration file in config/symmetric-encryption.yml per the following
# Filename containing Symmetric Encryption Key encrypted using the
# RSA public key derived from the private key above
key_filename: /etc/rails/.rails.key
- iv_filename: /etc/rails/.rails.iv
+ iv_filename: /etc/rails/.rails.iv
# Encryption cipher
# Recommended values:
@@ -380,10 +347,17 @@ Create a configuration file in config/symmetric-encryption.yml per the following
# Only used when old data still exists that requires old decryption keys
# to be used
key_filename: /etc/rails/.rails_old.key
- iv_filename: /etc/rails/.rails_old.iv
- cipher: aes-256-cbc
+ iv_filename: /etc/rails/.rails_old.iv
+ cipher: aes-256-cbc
-## Possible Future Enhancements
+## Future Enhancements
+
+* Ability to randomly generate a new initialization vector (iv) with every
+ encryption and put the iv in the encrypted data as its header
+
+* With file encryption randomly generate a new key and initialization vector (iv) with every
+ file encryption and put the key and iv in the encrypted data as its header which
+ is encrypted using the global key and iv
Submit an issue ticket to request any of the following features:
@@ -395,16 +369,6 @@ Submit an issue ticket to request any of the following features:
data exceeds some predefined size. And automatically decompressing the data
during decryption
-* Make attr_encrypted auto-detect the encrypted column type and Base64 encode
- when type is CHAR and store as binary when type is BINARY or BLOB
-
-* Create rake task / generator to generate a sample configuration file
- with a new RSA Private key already in it
-
-* Ability to change SymmetricEncryption configuration options from custom
- Rails initializers, rather than having everything in the config file.
- For example config.symmetric_encryption.cipher = 'aes-128-cbc'
-
Meta
----
View
32 examples/symmetric-encryption.yml
@@ -68,6 +68,21 @@ production:
# JRuby 1.6.7 with Ruby 1.8.7 Approximately 22,000 encryptions or decryptions per second
cipher: aes-256-cbc
+ # Set the way the encrypted data is encoded:
+ # base64
+ # Encrypted data is returned in base64 encoding format
+ # Symmetric::Encryption.decrypt will also base64 decode any data prior
+ # to decrypting it
+ # base64strict
+ # As base64 except that does not contain any newlines
+ # This is the recommended setting
+ # none
+ # Encrypted data is returned as raw binary
+ # Although smaller than base64 it cannot be stored in MySQL text columns
+ # It can only be held in binary columns such as BINARY or BLOB
+ # Default: base64
+ encoding: base64strict
+
# FUTURE ENHANCEMENT:
#
# By adding a version indicator all encrypted data will include
@@ -86,20 +101,6 @@ production:
# Default: 0
#version: 0
- # FUTURE ENHANCEMENT:
- #
- # Set the way the encrypted data is encoded:
- # base64
- # Encrypted data is returned in base64 encoding format
- # Symmetric::Encryption.decrypt will also base64 decode any data prior
- # to decrypting it
- # binary
- # Encrypted data is returned as raw binary
- # Although smaller than base64 it cannot be stored in MySQL text columns
- # It can only be held in binary columns such as BINARY or BLOB
- # Default: base64
- #encoding: base64
-
# OPTIONAL:
#
# Any previous Symmetric Encryption Keys
@@ -108,4 +109,5 @@ production:
# to be used
- key_filename: /etc/rails/.rails_old.key
iv_filename: /etc/rails/.rails_old.iv
- cipher: aes-256-cbc
+ cipher: aes-256-cbc
+ encoding: base64strict
View
22 lib/rails/generators/symmetric_encryption/config/config_generator.rb
@@ -0,0 +1,22 @@
+module SymmetricEncryption
+ module Generators
+ class ConfigGenerator < Rails::Generators::Base
+ desc "Creates a SymmetricEncryption configuration file at config/symmetric-encryption.yml"
+
+ argument :key_path, :type => :string, :optional => false
+
+ def self.source_root
+ @_symmetric_encryption_source_root ||= File.expand_path("../templates", __FILE__)
+ end
+
+ def app_name
+ Rails::Application.subclasses.first.parent.to_s.underscore
+ end
+
+ def create_config_file
+ template 'symmetric-encryption.yml', File.join('config', "symmetric-encryption.yml")
+ end
+
+ end
+ end
+end
View
50 lib/rails/generators/symmetric_encryption/config/templates/symmetric-encryption.yml
@@ -0,0 +1,50 @@
+#
+# Symmetric Encryption for Ruby
+#
+---
+# For the development and test environments the test symmetric encryption keys
+# can be placed directly in the source code.
+# And therefore no RSA private key is required
+development: &development_defaults
+ key: 1234567890ABCDEF1234567890ABCDEF
+ iv: 1234567890ABCDEF
+ cipher: aes-128-cbc
+
+test:
+ <<: *development_defaults
+
+release:
+ # Since the key to encrypt and decrypt with must NOT be stored along with the
+ # source code, we only hold a RSA key that is used to unlock the file
+ # containing the actual symmetric encryption key
+ private_rsa_key: |
+<%= OpenSSL::PKey::RSA.generate(2048).to_s.collect { |line| " #{line}" }.join('') %>
+
+ # List Symmetric Key files in the order of current / latest first
+ ciphers:
+ -
+ # Filename containing Symmetric Encryption Key encrypted using the
+ # RSA public key derived from the private key above
+ key_filename: <%= File.join(key_path, "#{app_name}_release.key") %>
+ iv_filename: <%= File.join(key_path, "#{app_name}_release.iv") %>
+ cipher: aes-256-cbc
+ # Base64 encode encrypted data without newlines
+ encoding: base64strict
+
+production:
+ # Since the key to encrypt and decrypt with must NOT be stored along with the
+ # source code, we only hold a RSA key that is used to unlock the file
+ # containing the actual symmetric encryption key
+ private_rsa_key: |
+<%= OpenSSL::PKey::RSA.generate(2048).to_s.collect { |line| " #{line}" }.join('') %>
+
+ # List Symmetric Key files in the order of current / latest first
+ ciphers:
+ -
+ # Filename containing Symmetric Encryption Key encrypted using the
+ # RSA public key derived from the private key above
+ key_filename: <%= File.join(key_path, "#{app_name}_production.key") %>
+ iv_filename: <%= File.join(key_path, "#{app_name}_production.iv") %>
+ cipher: aes-256-cbc
+ # Base64 encode encrypted data without newlines
+ encoding: base64strict
View
14 lib/rails/generators/symmetric_encryption/new_keys/new_keys_generator.rb
@@ -0,0 +1,14 @@
+module SymmetricEncryption
+ module Generators
+ class NewKeysGenerator < Rails::Generators::Base
+ desc "Generate new Symmetric key and initialization vector based on values in config/symmetric-encryption.yml"
+
+ argument :environment, :type => :string, :optional => false
+
+ def create_config_file
+ SymmetricEncryption.generate_symmetric_key_files(File.join('config', "symmetric-encryption.yml"), environment)
+ end
+
+ end
+ end
+end
View
10 lib/symmetric_encryption/cipher.rb
@@ -7,10 +7,11 @@ module SymmetricEncryption
# threads at the same time without needing an instance of Cipher per thread
class Cipher
# Cipher to use for encryption and decryption
- attr_reader :cipher, :version
+ attr_reader :cipher, :version, :version
+ attr_accessor :encoding
- # Future Use:
- # attr_accessor :encoding, :version
+ # Available encodings
+ ENCODINGS = [:none, :base64, :base64strict]
# Generate a new Symmetric Key pair
#
@@ -43,6 +44,9 @@ def initialize(parms={})
@iv = parms[:iv]
@cipher = parms[:cipher] || 'aes-256-cbc'
@version = parms[:version]
+ @encoding = (parms[:encoding] || :base64).to_sym
+
+ raise("Invalid Encoding: #{@encoding}") unless ENCODINGS.include?(@encoding)
end
# AES Symmetric Encryption of supplied string
View
12 lib/symmetric_encryption/railtie.rb
@@ -7,10 +7,14 @@ class Railtie < Rails::Railtie #:nodoc:
# @example Set up configuration in the Rails app.
# module MyApplication
# class Application < Rails::Application
- # config.symmetric_encryption.cipher = 'aes-256-cbc'
+ # config.symmetric_encryption.cipher = SymmetricEncryption::Cipher.new(
+ # :key => '1234567890ABCDEF1234567890ABCDEF',
+ # :iv => '1234567890ABCDEF',
+ # :cipher => 'aes-128-cbc'
+ # )
# end
# end
- #config.symmetric_encryption = ::SymmetricEncryption::Config
+ config.symmetric_encryption = ::SymmetricEncryption
rake_tasks do
load "symmetric_encryption/railties/symmetric_encryption.rake"
@@ -33,8 +37,8 @@ class Railtie < Rails::Railtie #:nodoc:
if config_file.file?
::SymmetricEncryption.load!(config_file, Rails.env)
else
- puts "\nSymmetric Encryption config not found. Create a config file at: config/symmetric-encryption.yml"
- # puts "to generate one run: rails generate symmetric-encryption:config\n\n"
+ puts "\nSymmetric Encryption config not found."
+ puts "To generate one for the first time: rails generate symmetric_encryption:config\n\n"
end
end
View
5 lib/symmetric_encryption/railties/symmetric_encryption.rake
@@ -23,11 +23,6 @@ namespace :symmetric_encryption do
puts "\nEncrypted: #{SymmetricEncryption.encrypt(password1)}\n\n"
end
- desc 'Generate new Symmetric key and initialization vector. Example: RAILS_ENV=production rake symmetric_encryption:generate_symmetric_keys'
- task :generate_symmetric_keys do
- SymmetricEncryption.generate_symmetric_key_files
- end
-
desc 'Generate a random password and display its encrypted form. Example: rake symmetric_encryption:random_password'
task :random_password => :environment do
p = SymmetricEncryption.random_password
View
72 lib/symmetric_encryption/symmetric_encryption.rb
@@ -65,13 +65,19 @@ def self.secondary_ciphers
#
def self.decrypt(str)
raise "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data" unless @@cipher
- binary = ::Base64.decode64(str) if str
+
+ # Decode data first based on encoding setting
+ case @@cipher.encoding
+ when :base64, :base64strict
+ str = ::Base64.decode64(str) if str
+ end
+
begin
- @@cipher.decrypt(binary)
+ @@cipher.decrypt(str)
rescue OpenSSL::Cipher::CipherError => exc
@@secondary_ciphers.each do |cipher|
begin
- return cipher.decrypt(binary)
+ return cipher.decrypt(str)
rescue OpenSSL::Cipher::CipherError
end
end
@@ -87,11 +93,18 @@ def self.encrypt(str)
raise "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data" unless @@cipher
# Encrypt data as a binary string
- result = @@cipher.encrypt(str)
-
- # Base 64 Encoding of binary data
- result = ::Base64.encode64(result) if result
- result
+ if result = @@cipher.encrypt(str)
+ # Now encode data based on encoding setting
+ case @@cipher.encoding
+ when :base64
+ # Base 64 Encoding of binary data
+ ::Base64.encode64(result)
+ when :base64strict
+ ::Base64.encode64(result).gsub(/\n/, '')
+ else
+ result
+ end
+ end
end
# Invokes decrypt
@@ -117,11 +130,9 @@ def self.try_decrypt(str)
def self.encrypted?(encrypted_data)
raise "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data" unless @@cipher
- # First make sure Base64 encoded data still ends with "\n" since it could be used in a key field somewhere
- return false unless encrypted_data.end_with?("\n")
-
# For now have to decrypt it fully
- !try_decrypt(encrypted_data).nil?
+ result = try_decrypt(encrypted_data)
+ !(result.nil? || result == '')
end
# Load the Encryption Configuration from a YAML file
@@ -142,11 +153,7 @@ def self.load!(filename=nil, environment=nil)
else
private_rsa_key = config[:private_rsa_key]
@@cipher, *@@secondary_ciphers = config[:ciphers].collect do |cipher_conf|
- cipher_from_encrypted_files(
- private_rsa_key,
- cipher_conf[:cipher],
- cipher_conf[:key_filename],
- cipher_conf[:iv_filename])
+ cipher_from_encrypted_files(private_rsa_key, cipher_conf)
end
end
@@ -164,7 +171,7 @@ def self.load!(filename=nil, environment=nil)
# and initilization vector .iv
# which is encrypted with the above Public key
#
- # Warning: Existing files will be overwritten
+ # Existing key files will be renamed if present
def self.generate_symmetric_key_files(filename=nil, environment=nil)
config = read_config(filename, environment)
cipher_cfg = config[:ciphers].first
@@ -239,6 +246,7 @@ def self.read_config(filename=nil, environment=nil)
:cipher => cipher_cfg['cipher'] || default_cipher,
:key_filename => key_filename,
:iv_filename => iv_filename,
+ :encoding => cipher_cfg['encoding']
}
end
@@ -271,18 +279,34 @@ def self.read_config(filename=nil, environment=nil)
# iv_filename
# Optional. Name of file containing symmetric key initialization vector
# encrypted using the public key matching the supplied private_key
- def self.cipher_from_encrypted_files(private_rsa_key, cipher, key_filename, iv_filename = nil)
+ def self.cipher_from_encrypted_files(private_rsa_key, cipher_conf)
# Load Encrypted Symmetric keys
- encrypted_key = File.read(key_filename)
- encrypted_iv = File.read(iv_filename) if iv_filename
+ key_filename = cipher_conf[:key_filename]
+ encrypted_key = begin
+ File.read(key_filename)
+ rescue Errno::ENOENT
+ puts "\nSymmetric Encryption key file: '#{key_filename}' not found or readable."
+ puts "To generate the keys for the first time run: rails generate symmetric_encryption:new_keys\n\n"
+ return
+ end
+
+ iv_filename = cipher_conf[:iv_filename]
+ encrypted_iv = begin
+ File.read(iv_filename) if iv_filename
+ rescue Errno::ENOENT
+ puts "\nSymmetric Encryption initialization vector file: '#{iv_filename}' not found or readable."
+ puts "To generate the keys for the first time run: rails generate symmetric_encryption:new_keys\n\n"
+ return
+ end
# Decrypt Symmetric Keys
rsa = OpenSSL::PKey::RSA.new(private_rsa_key)
iv = rsa.private_decrypt(encrypted_iv) if iv_filename
Cipher.new(
- :key => rsa.private_decrypt(encrypted_key),
- :iv => iv,
- :cipher => cipher
+ :key => rsa.private_decrypt(encrypted_key),
+ :iv => iv,
+ :cipher => cipher_conf[:cipher],
+ :encoding => cipher_conf[:encoding]
)
end
View
2  lib/symmetric_encryption/version.rb
@@ -1,4 +1,4 @@
# encoding: utf-8
module SymmetricEncryption #:nodoc
- VERSION = "0.7.2"
+ VERSION = "0.8.0"
end
View
4 test/attr_encrypted_test.rb
@@ -51,10 +51,10 @@ class AttrEncryptedTest < Test::Unit::TestCase
setup do
@bank_account_number = "1234567890"
- @bank_account_number_encrypted = "L94ArJeFlJrZp6SYsvoOGA==\n"
+ @bank_account_number_encrypted = "L94ArJeFlJrZp6SYsvoOGA=="
@social_security_number = "987654321"
- @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA==\n"
+ @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA=="
@user = User.new(
# Encrypted Attribute
View
4 test/config/symmetric-encryption.yml
@@ -39,9 +39,13 @@ test:
- key_filename: /Users/rmorrison/Sandbox/symmetric-encryption/test/config/test_new.key
iv_filename: /Users/rmorrison/Sandbox/symmetric-encryption/test/config/test_new.iv
cipher: aes-128-cbc
+ # Base64 encode encrypted data without newlines
+ encoding: base64strict
# Previous Symmetric Encryption Key
- key_filename: /Users/rmorrison/Sandbox/symmetric-encryption/test/config/test_secondary_1.key
iv_filename: /Users/rmorrison/Sandbox/symmetric-encryption/test/config/test_secondary_1.iv
cipher: aes-128-cbc
+ # Base64 encode encrypted data without newlines
+ encoding: base64
View
10 test/field_encrypted_test.rb
@@ -39,19 +39,19 @@ class FieldEncryptedTest < Test::Unit::TestCase
context 'the SymmetricEncryption Library' do
setup do
@bank_account_number = "1234567890"
- @bank_account_number_encrypted = "L94ArJeFlJrZp6SYsvoOGA==\n"
+ @bank_account_number_encrypted = "L94ArJeFlJrZp6SYsvoOGA=="
@social_security_number = "987654321"
- @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA==\n"
+ @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA=="
@integer = 32768
- @integer_encrypted = "FA3smFQEKqB/ITv+A0xACg==\n"
+ @integer_encrypted = "FA3smFQEKqB/ITv+A0xACg=="
@float = 0.9867
- @float_encrypted = "z7Pwt2JDp74d+u0IXFAdrQ==\n"
+ @float_encrypted = "z7Pwt2JDp74d+u0IXFAdrQ=="
@date = Date.parse('20120320')
- @date_encrypted = "WTkSPHo5ApSSHBJMxxWt2A==\n"
+ @date_encrypted = "WTkSPHo5ApSSHBJMxxWt2A=="
# #TODO Intercept passing in attributes to create etc.
@user = MongoidUser.new(
View
33 test/symmetric_encryption_test.rb
@@ -24,11 +24,42 @@ class SymmetricEncryptionTest < Test::Unit::TestCase
end
end
- context 'SymmetricEncryption tests' do
+ context 'Base64 encoding tests' do
setup do
@social_security_number = "987654321"
@social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA==\n"
@social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow==\n"
+ @encoding = SymmetricEncryption.cipher.encoding
+ SymmetricEncryption.cipher.encoding = :base64
+ end
+
+ teardown do
+ SymmetricEncryption.cipher.encoding = @encoding
+ end
+
+ should "encrypt simple string" do
+ assert_equal @social_security_number_encrypted, SymmetricEncryption.encrypt(@social_security_number)
+ end
+
+ should "decrypt string" do
+ assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted)
+ end
+
+ should "determine if string is encrypted" do
+ assert_equal true, SymmetricEncryption.encrypted?(@social_security_number_encrypted)
+ assert_equal false, SymmetricEncryption.encrypted?(@social_security_number)
+ end
+
+ should "decrypt with secondary key when first one fails" do
+ assert_equal @social_security_number, SymmetricEncryption.decrypt(@social_security_number_encrypted)
+ end
+ end
+
+ context 'Base64Strict tests' do
+ setup do
+ @social_security_number = "987654321"
+ @social_security_number_encrypted = "S+8X1NRrqdfEIQyFHVPuVA=="
+ @social_security_number_encrypted_with_secondary_1 = "D1UCu38pqJ3jc0GvwJHiow=="
end
should "encrypt simple string" do
Please sign in to comment.
Something went wrong with that request. Please try again.