Permalink
Browse files

Add ability to generate Symmetric Keys for each environment with rake…

… task
  • Loading branch information...
1 parent f4ce85a commit 1f9ea89a093c13d2d4bae25781578043ba069e04 @reidmorrison reidmorrison committed Jan 19, 2012
Showing with 34 additions and 26 deletions.
  1. +24 −21 lib/symmetric/encryption.rb
  2. +9 −4 lib/symmetric/railties/symmetric_encryption.rake
  3. +1 −1 lib/symmetric/version.rb
@@ -55,9 +55,8 @@ def self.load!(filename=nil, environment=nil)
self.key = symmetric_key
self.iv = symmetric_iv
else
- load_keys(config['key_filename'], config['iv_filename'], config['private_key'])
+ load_keys(config['symmetric_key_filename'], config['symmetric_iv_filename'], config['private_rsa_key'])
end
-
end
# Load the symmetric key to use for encrypting and decrypting data
@@ -76,35 +75,39 @@ def self.load_keys(key_filename, iv_filename, private_key)
nil
end
- # Generate new random keys for use with this Encryption library
- #
- # Creates:
- # 2048 bit Private Key private.key
- # 2048 bit Public Key public.key
+ # Generate new random symmetric keys for use with this Encryption library
#
- # Symmetric Key .key
+ # Creates Symmetric Key .key
# and initilization vector .iv
# which is encrypted with the above Public key
#
# Note: Existing files will be overwritten
- def self.generate_key_files(symmetric_keys_path='.', rsa_keys_path='.', cipher='aes-256-cbc')
- # Generate Asymmetric key pair
- new_key = OpenSSL::PKey::RSA.generate(2048)
+ def self.generate_symmetric_key_files(filename=nil, environment=nil)
+ # Temporary: Generate private key manually for now. Will automate soon.
+ #new_key = OpenSSL::PKey::RSA.generate(2048)
+
+ filename ||= File.join(Rails.root, "config", "symmetric-encryption.yml")
+ environment ||= (Rails.env || ENV['RAILS'])
+ config = YAML.load_file(filename)[environment]
+
+ raise "Missing mandatory 'key_filename' for environment:#{environment} in #{filename}" unless key_filename = config['symmetric_key_filename']
+ iv_filename = config['symmetric_iv_filename']
+ raise "Missing mandatory 'private_key' for environment:#{environment} in #{filename}" unless private_key = config['private_rsa_key']
+ rsa_key = OpenSSL::PKey::RSA.new(private_key)
+
# To ensure compatibility with C openssl code, remove RSA from pub file headers
- pub_key = new_key.public_key.export.gsub('RSA PUBLIC','PUBLIC')
- File.open(File.join(rsa_keys_path, 'public.key'), 'w') {|file| file.write(pub_key)}
- File.open(File.join(rsa_keys_path, 'private.key'), 'w') {|file| file.write(new_key.to_pem)}
+ #File.open(File.join(rsa_keys_path, 'private.key'), 'w') {|file| file.write(new_key.to_pem)}
# Generate Symmetric Key
- cipher = OpenSSL::Cipher::Cipher.new(cipher)
- cipher.encrypt
- @@key = cipher.random_key
- @@iv = cipher.random_iv
+ openssl_cipher = OpenSSL::Cipher::Cipher.new(config['cipher'] || 'aes-256-cbc')
+ openssl_cipher.encrypt
+ @@key = openssl_cipher.random_key
+ @@iv = openssl_cipher.random_iv if iv_filename
# Save symmetric key after encrypting it with the private asymmetric key
- File.open(File.join(symmetric_keys_path, '.key'), 'wb') {|file| file.write( OpenSSL::PKey::RSA.new(new_key.public_key).public_encrypt(@@key) ) }
- File.open(File.join(symmetric_keys_path, '.iv'), 'wb') {|file| file.write( OpenSSL::PKey::RSA.new(new_key.public_key).public_encrypt(@@iv) ) }
- Rails.logger.info("Generated new Private, Public and Symmetric Key for encryption. Please copy #{filename} to the other servers.")
+ File.open(key_filename, 'wb') {|file| file.write( rsa_key.public_encrypt(@@key) ) }
+ File.open(iv_filename, 'wb') {|file| file.write( rsa_key.public_encrypt(@@iv) ) } if iv_filename
+ puts("Generated new Symmetric Key for encryption. Please copy #{key_filename} and #{iv_filename} to the other web servers in #{environment}.")
end
# Generate a 22 character random password
@@ -1,13 +1,13 @@
namespace :symmetric_encryption do
- desc 'Decrypt the supplied string. Example: VALUE="Hello World" rake symmetric_encryption:decrypt'
- task :decrypt do
+ desc 'Decrypt the supplied string. Example: VALUE="_encrypted_string_" rake symmetric_encryption:decrypt'
+ task :decrypt => :environment do
puts "\nEncrypted: #{ENV['VALUE']}"
puts "Decrypted: #{Symmetric::Encryption.decrypt(ENV['VALUE'])}\n\n"
end
desc 'Encrypt a value, such as a password. Example: rake symmetric_encryption:encrypt'
- task :encrypt do
+ task :encrypt => :environment do
require 'highline'
password1 = nil
password2 = 0
@@ -23,8 +23,13 @@ namespace :symmetric_encryption do
puts "\nEncrypted: #{Symmetric::Encryption.encrypt(password1)}\n\n"
end
+ desc 'Generate new Symmetric key and initialization vector. Example: RAILS_ENV=production rake symmetric_encryption:generate_symmetric_keys'
+ task :generate_symmetric_keys do
+ Symmetric::Encryption.generate_symmetric_key_files
+ end
+
desc 'Generate a random password and display its encrypted form. Example: rake symmetric_encryption:random_password'
- task :random_password do
+ task :random_password => :environment do
p = Symmetric::Encryption.random_password
puts "\nGenerated Password: #{p}"
puts "Encrypted: #{Symmetric::Encryption.encrypt(p)}\n\n"
View
@@ -1,4 +1,4 @@
# encoding: utf-8
module Symmetric #:nodoc
- VERSION = "0.1.0"
+ VERSION = "0.1.1"
end

0 comments on commit 1f9ea89

Please sign in to comment.