lockbox with blind_index not finding Argon2
csbarton opened this issue · 10 comments
As per https://stackoverflow.com/questions/60178133/rails-devise-and-lockbox-error-could-not-find-argon2?sem=2 I am trying to implement the lockbox gem to encrypt Devise User emails.
After working through https://ankane.org/securing-user-emails-lockbox (with ""add_column :users, :email_ciphertext, :text"" in the migration) I try to create a new user.
In the rails console I get:
2.6.1 :001 > n=User.new
=> #<User id: nil, created_at: nil, updated_at: nil, registered: nil, email_bidx: nil>
2.6.1 :002 > n.id = 1
=> 1
2.6.1 :003 > n.email = "1@1.com"
Traceback (most recent call last):
16: from (irb):3
15: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/blind_index-2.0.0/lib/blind_index/model.rb:78:in `block (4 levels) in blind_index'
14: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/blind_index-2.0.0/lib/blind_index/model.rb:68:in `block (3 levels) in blind_index'
13: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/blind_index-2.0.0/lib/blind_index/model.rb:64:in `block (3 levels) in blind_index'
12: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/blind_index-2.0.0/lib/blind_index.rb:67:in `generate_bidx'
11: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf.rb:38:in `argon2id'
10: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf.rb:47:in `kdf'
9: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/activesupport-5.0.7.2/lib/active_support/dependencies.rb:293:in `require'
8: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/activesupport-5.0.7.2/lib/active_support/dependencies.rb:259:in `load_dependency'
7: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/activesupport-5.0.7.2/lib/active_support/dependencies.rb:293:in `block in require'
6: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/activesupport-5.0.7.2/lib/active_support/dependencies.rb:293:in `require'
5: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf/ffi.rb:1:in `<top (required)>'
4: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf/ffi.rb:2:in `<module:Argon2>'
3: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf/ffi.rb:3:in `<module:KDF>'
2: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf/ffi.rb:7:in `<module:FFI>'
1: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf/ffi.rb:12:in `rescue in <module:FFI>'
LoadError (Could not find Argon2)
It would be great to get lockbox working with blind_index as they seem like a good solution for my encryption.
Thanks
Chris Barton
Hey @csbarton, thanks for the report. Can you open a fresh Rails console, set ENV["ARGON2_KDF_DEBUG"] = "1", and paste that error and stacktrace?
Also, what operating system are you on?
Hey Andrew,
I'm using Linux Debian: Debian GNU/Linux 9.9 (stretch). Accessed through Crostini on a chromebook.
It doesn't look to me that the argon2 env variable changed the stacktrace:
2.6.1 :001 > ENV["ARGON2_KDF_DEBUG"] = "1" => "1" 2.6.1 :002 > User.all User Load (1.2ms) SELECT "users".* FROM "users" => #<ActiveRecord::Relation []> 2.6.1 :003 > n=User.new => #<User id: nil, created_at: nil, updated_at: nil, registered: nil, email_bidx: nil> 2.6.1 :004 > n.email = "new@test.com" Traceback (most recent call last): 16: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/blind_index-2.0.0/lib/blind_index/model.rb:68:in `block (3 levels) in blind_index' 15: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/blind_index-2.0.0/lib/blind_index/model.rb:64:in `block (3 levels) in blind_index' 14: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/blind_index-2.0.0/lib/blind_index.rb:67:in `generate_bidx' 13: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf.rb:38:in `argon2id' 12: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf.rb:47:in `kdf' 11: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/activesupport-5.0.7.2/lib/active_support/dependencies.rb:293:in `require' 10: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/activesupport-5.0.7.2/lib/active_support/dependencies.rb:259:in `load_dependency' 9: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/activesupport-5.0.7.2/lib/active_support/dependencies.rb:293:in `block in require' 8: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/activesupport-5.0.7.2/lib/active_support/dependencies.rb:293:in `require' 7: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf/ffi.rb:1:in `<top (required)>' 6: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf/ffi.rb:2:in `<module:Argon2>' 5: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf/ffi.rb:3:in `<module:KDF>' 4: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf/ffi.rb:8:in `<module:FFI>' 3: from /home/csbarton/.rvm/rubies/ruby-2.6.1/lib/ruby/2.6.0/fiddle.rb:47:in `dlopen' 2: from /home/csbarton/.rvm/rubies/ruby-2.6.1/lib/ruby/2.6.0/fiddle.rb:47:in `new' 1: from /home/csbarton/.rvm/rubies/ruby-2.6.1/lib/ruby/2.6.0/fiddle.rb:47:in `initialize' Fiddle::DLError (/lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.25' not found (required by /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/vendor/libargon2.so))
sorry for the formatting...
Cheers,
Chris
better formatted... and reopened.
2.6.1 :001 > ENV["ARGON2_KDF_DEBUG"] = "1"
=> "1"
2.6.1 :002 > User.all
User Load (1.2ms) SELECT "users".* FROM "users"
=> #<ActiveRecord::Relation []>
2.6.1 :003 > n=User.new
=> #<User id: nil, created_at: nil, updated_at: nil, registered: nil, email_bidx: nil>
2.6.1 :004 > n.email = "new@test.com"
Traceback (most recent call last):
16: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/blind_index-2.0.0/lib/blind_index/model.rb:68:in `block (3 levels) in blind_index'
15: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/blind_index-2.0.0/lib/blind_index/model.rb:64:in `block (3 levels) in blind_index'
14: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/blind_index-2.0.0/lib/blind_index.rb:67:in `generate_bidx'
13: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf.rb:38:in `argon2id'
12: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf.rb:47:in `kdf'
11: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/activesupport-5.0.7.2/lib/active_support/dependencies.rb:293:in `require'
10: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/activesupport-5.0.7.2/lib/active_support/dependencies.rb:259:in `load_dependency'
9: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/activesupport-5.0.7.2/lib/active_support/dependencies.rb:293:in `block in require'
8: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/activesupport-5.0.7.2/lib/active_support/dependencies.rb:293:in `require'
7: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf/ffi.rb:1:in `<top (required)>'
6: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf/ffi.rb:2:in `<module:Argon2>'
5: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf/ffi.rb:3:in `<module:KDF>'
4: from /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/lib/argon2/kdf/ffi.rb:8:in `<module:FFI>'
3: from /home/csbarton/.rvm/rubies/ruby-2.6.1/lib/ruby/2.6.0/fiddle.rb:47:in `dlopen'
2: from /home/csbarton/.rvm/rubies/ruby-2.6.1/lib/ruby/2.6.0/fiddle.rb:47:in `new'
1: from /home/csbarton/.rvm/rubies/ruby-2.6.1/lib/ruby/2.6.0/fiddle.rb:47:in `initialize'
Fiddle::DLError (/lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.25' not found (required by /home/csbarton/.rvm/gems/ruby-2.6.1/gems/argon2-kdf-0.1.1/vendor/libargon2.so))
Cheers,
Chris
no, sorry... stack trace was different.
Chris
It looks like Debian Stretch uses glibc 2.24. I think I need to compile the shared object against an old version of glibc for compatibility. In the meantime, you should be able to use:
gem 'blind_index', '< 2'That fixed it. Will push out a new version shortly.
Hey Andrew,
yes that worked.
I'll use blind_index (1.0.2) for now and keep and eye on wheter I can upgrade to 2.0.0.
I've also had a quick look at upgrading glibc to 2.25... however I think this is a bit beyond me, if at all possible.
Thanks for your help with this!
Cheers,
Chris
np. No need to try and upgrade glibc - the shared object that's shipped with the library just needs to be built with the earliest version possible for maximum portability.
I just pushed a new version of the argon2-kdf gem (0.1.2). It usually takes 15 minutes or so for it to be available through Rubygems. Give that a shot and let me know.
Great. My gem file is now
gem 'lockbox' gem 'blind_index' , '>=2' gem 'argon2' #the default algorithm for encryption using lockbox gem
And it worked when I with the updated argon2-kdf gem
Fetching argon2-kdf 0.1.2 (was 0.1.1) Installing argon2-kdf 0.1.2 (was 0.1.1)
Thanks again for your help with this! Do you want to respond to the stack overflow question? It seems a bit redundant now... unless other people out there are using even earlier versions of Linux.
Cheers,
Chris
Great, thanks for confirming. Responded on Stack Overflow. Also, fwiw, you don't need the argon2 gem for Blind Index 2.0 (and it's not used for Lockbox).