From efcb7b8c4bee1d55f953bc2b60d1f8ab0b23756e Mon Sep 17 00:00:00 2001
From: cktricky <ken.johnson@nvisiumsecurity.com>
Date: Wed, 13 Nov 2013 18:24:26 -0500
Subject: [PATCH] working on encryption

---
 app/models/key_management.rb                  |  5 +++
 app/models/work_info.rb                       | 32 ++++++++++++++++---
 config/initializers/key.rb                    |  5 +++
 .../20131113200708_create_key_managements.rb  | 10 ++++++
 db/schema.rb                                  |  9 +++++-
 db/seeds.rb                                   | 31 +++++++++++++++---
 spec/models/key_management_spec.rb            |  5 +++
 7 files changed, 88 insertions(+), 9 deletions(-)
 create mode 100644 app/models/key_management.rb
 create mode 100644 config/initializers/key.rb
 create mode 100644 db/migrate/20131113200708_create_key_managements.rb
 create mode 100644 spec/models/key_management_spec.rb

diff --git a/app/models/key_management.rb b/app/models/key_management.rb
new file mode 100644
index 0000000..80bf527
--- /dev/null
+++ b/app/models/key_management.rb
@@ -0,0 +1,5 @@
+class KeyManagement < ActiveRecord::Base
+  attr_accessible :iv, :user_id
+  belongs_to :work_info
+  
+end
diff --git a/app/models/work_info.rb b/app/models/work_info.rb
index 364ea3f..f1fb5fd 100644
--- a/app/models/work_info.rb
+++ b/app/models/work_info.rb
@@ -1,20 +1,44 @@
 class WorkInfo < ActiveRecord::Base
   attr_accessible :DoB, :SSN, :bonuses, :income, :years_worked
   belongs_to :user
-  #before_save :encrypt_ssn
+  has_one :key_management, :foreign_key => :user_id, :primary_key => :user_id, :dependent => :destroy
+  before_save :encrypt_ssn
+ 
   
   # We should probably use this
   def last_four
     "***-**-" << self.SSN[-4,4]
   end
   
-  def encrypt_ssn(data)
+  def encrypt_ssn
+     aes = OpenSSL::Cipher::Cipher.new(cipher_type)
+     aes.encrypt
+     aes.key = key
+     aes.iv = iv if iv != nil
+     self.encrypted_ssn = aes.update(self.SSN) + aes.final
+     self.SSN = nil
   end
   
-  def decrypt_ssn(encrypted_data)
+  def decrypt_ssn
+     aes = OpenSSL::Cipher::Cipher.new(cipher_type)
+     aes.decrypt
+     aes.key = key
+     aes.iv = iv if iv != nil
+     aes.update(self.encrypted_ssn) + aes.final
   end
   
-  def cipher_mode
+  def key
+    raise "Key Missing" if !(KEY)
+    KEY
+  end
+  
+  def iv
+    "asdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdf"
+    #self.key_management.iv
+    #raise "No IV for this User" if !(key_management.iv)
+  end
+  
+  def cipher_type
     'aes-256-cbc'
   end
   
diff --git a/config/initializers/key.rb b/config/initializers/key.rb
new file mode 100644
index 0000000..5f43875
--- /dev/null
+++ b/config/initializers/key.rb
@@ -0,0 +1,5 @@
+if Rails.env.production?
+  # Specify env variable/location/etc. to retrieve key from
+elsif Rails.env.development?
+  KEY = "123456789101112123456789101112123456789101112"
+end
\ No newline at end of file
diff --git a/db/migrate/20131113200708_create_key_managements.rb b/db/migrate/20131113200708_create_key_managements.rb
new file mode 100644
index 0000000..96ce247
--- /dev/null
+++ b/db/migrate/20131113200708_create_key_managements.rb
@@ -0,0 +1,10 @@
+class CreateKeyManagements < ActiveRecord::Migration
+  def change
+    create_table :key_managements do |t|
+      t.string :iv
+      t.integer :user_id
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index e98c34e..b7ded3a 100755
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,13 +11,20 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20131112235256) do
+ActiveRecord::Schema.define(:version => 20131113200708) do
 
   create_table "benefits", :force => true do |t|
     t.datetime "created_at", :null => false
     t.datetime "updated_at", :null => false
   end
 
+  create_table "key_managements", :force => true do |t|
+    t.string   "iv"
+    t.integer  "user_id"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
   create_table "messages", :force => true do |t|
     t.integer  "creator_id"
     t.integer  "receiver_id"
diff --git a/db/seeds.rb b/db/seeds.rb
index 3533d20..8583174 100755
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -184,6 +184,21 @@ paid_time_off = [
     }   
   ]
   
+  key_mgmt = [
+    {
+      :user_id => 2,
+    },
+    {
+      :user_id => 3,
+    },
+    {
+      :user_id => 4,
+    },
+    {
+      :user_id => 5,    
+    }   
+  ]
+  
   performance = [
     {
       :user_id => 2,
@@ -289,12 +304,12 @@ schedule.each do |event|
   sched.save
 end
 
-work_info.each do |wi|
-  info = WorkInfo.new(wi.reject {|k| k == :user_id})
-  info.user_id = wi[:user_id]
-  info.save
+key_mgmt.each do |key|
+  KeyManagement.create(:user_id => key[:user_id], :iv => Digest::SHA2.new.to_s)
 end
 
+
+
 performance.each do |perf|
   p = Performance.new(perf.reject {|k| k == :user_id})
   p.user_id = perf[:user_id]
@@ -306,3 +321,11 @@ messages.each do |message|
   m.creator_id = message[:creator_id]
   m.save
 end
+
+
+work_info.each do |wi|
+  info = WorkInfo.new(wi.reject {|k| k == :user_id})
+  info.user_id = wi[:user_id]
+  info.save
+end
+
diff --git a/spec/models/key_management_spec.rb b/spec/models/key_management_spec.rb
new file mode 100644
index 0000000..dd0b900
--- /dev/null
+++ b/spec/models/key_management_spec.rb
@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe KeyManagement do
+  pending "add some examples to (or delete) #{__FILE__}"
+end