# # Symmetric Encryption for Ruby # --- # For the development and test environments the test symmetric encryption keys # can be placed directly in the source code. # And therefore no RSA private key is required development: &development_defaults key: 1234567890ABCDEF1234567890ABCDEF iv: 1234567890ABCDEF cipher_name: aes-128-cbc encoding: :base64strict test: <<: *development_defaults <% cipher_name = 'aes-256-cbc' rsa_key = OpenSSL::PKey::RSA.generate(2048) key_pair = SymmetricEncryption::Cipher.random_key_pair(cipher_name) iv = ::Base64.strict_encode64(key_pair[:iv]) encrypted_key = ::Base64.strict_encode64(rsa_key.public_encrypt(key_pair[:key])) puts "\n\n********************************************************************************" puts "Add the release environment key to Heroku: (Optional)\n\n" puts " heroku config:add RELEASE_KEY1=#{encrypted_key}\n\n" -%> release: # Since the key to encrypt and decrypt with must NOT be stored along with the # source code, we only hold a RSA key that is used to unlock the file # containing the actual symmetric encryption key private_rsa_key: | <%= rsa_key.to_s.each_line.collect { |line| " #{line}" }.join('') %> # List Symmetric Key files in the order of current / latest first ciphers: - # Filename containing Symmetric Encryption Key encrypted using the # RSA public key derived from the private key above encrypted_key: "<%= '<' + "%= ENV['RELEASE_KEY1'] %" + '>' %>" iv: "<%= iv %>" cipher_name: <%= cipher_name %> encoding: :base64strict version: 1 always_add_header: true <% cipher_name = 'aes-256-cbc' rsa_key = OpenSSL::PKey::RSA.generate(2048) key_pair = SymmetricEncryption::Cipher.random_key_pair(cipher_name) iv = ::Base64.strict_encode64(key_pair[:iv]) encrypted_key = ::Base64.strict_encode64(rsa_key.public_encrypt(key_pair[:key])) puts "Add the production key to Heroku:\n\n" puts " heroku config:add PRODUCTION_KEY1=#{encrypted_key}\n\n" puts "********************************************************************************\n\n\n" -%> production: # Since the key to encrypt and decrypt with must NOT be stored along with the # source code, we only hold a RSA key that is used to unlock the file # containing the actual symmetric encryption key private_rsa_key: | <%= rsa_key.to_s.each_line.collect { |line| " #{line}" }.join('') %> # List Symmetric Key files in the order of current / latest first ciphers: - # Filename containing Symmetric Encryption Key encrypted using the # RSA public key derived from the private key above encrypted_key: "<%= '<' + "%= ENV['PRODUCTION_KEY1'] %" + '>' %>" iv: "<%= iv %>" cipher_name: <%= cipher_name %> encoding: :base64strict version: 1 always_add_header: true