can 0.10.13

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d06281ea5c30184ab441e8e55e192b5f283e592926440f5a0e9c7fd99c7632fe
+  data.tar.gz: a10271e0b9fc97618632b9d733578825e3e156e319cd976149431a97beb83c7e
+SHA512:
+  metadata.gz: 166a03130bbb9e6078fc4fb4e87a57cae1e07fdd4fd70b959737a9c42f4b0e9a47b43fe1ff625bd3896ee225638e950e50c4294b9ac41655aa187d338984ffd1
+  data.tar.gz: 564ee2b2a40f920820195f480fbaa238921657f303198307e9d914964278a77f65c46e3c2c66e0bbf95eefa00d9a6754601e234f4252af2f3f76a715c32234c7

data/.gitignore

@@ -0,0 +1 @@
+pkg/

data/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+
+gemspec

data/README.md

@@ -0,0 +1,95 @@
+# Can
+
+A small cli tool that stores encrypted goods.
+
+It uses symmetric cryptography with the cipher `AES-256-CBC`. The file database
+of secrets is ascii based so feel free to commit it.
+
+
+# Installation
+
+    gem install can
+
+
+# Usage
+
+    % can set test ok       # Stores a secret
+    Key test was stored.
+    % can get test          # Copy that secret to the clipboard
+    Password:
+    Key test was copied to the clipboard.
+
+
+## Commands
+
+    % can
+    Commands:
+      can decrypt DATA         # Decrypts data
+      can encrypt DATA         # Encrypts data
+      can get KEY              # Copies a KEY to the clipboard
+      can help [COMMAND]       # Describe available commands or one specific command
+      can ls [TAG]             # Lists all keys (filter optionally by TAG)
+      can password             # Change the can password
+      can random [LENGTH]      # Generates a random password
+      can rename KEY NEW_NAME  # Renames a secret
+      can rm KEY               # Removes a key
+      can set KEY [VALUE]      # Stores a value (empty VALUE show the prompt; use '@rando...
+      can tag KEY TAG          # Tags a key
+      can tags [KEY]           # Show all tags (filter for a key)
+      can untag KEY TAG        # Untags a tag from a key
+      can version              # Show the current version
+
+    Options:
+      -p, [--password=PASSWORD]
+      -v, [--verbose], [--no-verbose]
+      -f, [--file=FILE]
+
+
+## Using another can file
+
+Use the `CAN_FILE` environment variable or pass the `--file FILE` or `-f FILE`
+param option to use another can file:
+
+    % export CAN_FILE="$HOME/secrets/main.can"
+    % can ls --file $HOME/secrets/main.can
+    % can ls -f $HOME/secrets/main.can
+    aws-root
+    azure-aad
+    vpn-demo
+
+
+## Default lookup files
+
+If you don't pass an explicit `--file` or `-f` the default ones are checked in
+order. The first one to exist is used:
+
+    ~/.config/can/main.can
+    ~/.can
+
+
+## Default lookup directories
+
+If you pass an explicit file (via the `--file` or `-f` flags) *without* a `.can`
+file extension the following directories are checked. The first one to have a
+file that exists with a `<dir>/<file>.can` match is used:
+
+    ~/.config/can
+    /etc/can
+
+
+## Avoid the password prompt
+
+Use the `CAN_PASSWORD` environment variable to avoid the password prompt:
+
+    % export CAN_PASSWORD="secret"
+    % can ls
+    aws-root
+    azure-aad
+    vpn-demo
+
+Or pass it as a arg option (`-p` or `--password`):
+
+    % can ls -p secret
+    aws-root
+    azure-aad
+    vpn-demo

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+task default: [
+  :release,
+]

data/bin/can

@@ -0,0 +1,330 @@
+#!/usr/bin/env ruby
+$LOAD_PATH.unshift File.expand_path(File.dirname(__FILE__)) + "/../lib"
+
+require "thor"
+require "can"
+require "io/console"
+require "json"
+require "tablelize"
+
+DIRS = [
+  "#{ENV['HOME']}/.config/can",
+  "/etc/can",
+]
+
+FILES = [
+  "#{ENV['HOME']}/.config/can/main.can",
+  "#{ENV['HOME']}/.can",
+]
+
+module Can
+  class Cli < Thor
+    class_option :password, aliases: "-p"
+    class_option :verbose, aliases: "-v", :type => :boolean
+    class_option :file, aliases: "-f"
+
+    desc "version", "Show the current version"
+    def version
+      puts VERSION
+      latest = Util.latest()
+      debug "Remote version: #{latest}"
+      if Gem::Version.new(latest) > Gem::Version.new(VERSION)
+        STDERR.puts "New version #{latest} available."
+      end
+    end
+
+    # desc "dump", "Show all the contents"
+    # def dump
+    #   init
+    #   p @can.all()
+    # end
+
+    # desc "info", "Show the current state of affairs"
+    # def info
+    #   init
+    #   # options[:verbose] = true
+    #   ENV["CAN_DEBUG"] = "1"
+    #   _info()
+    # end
+
+    desc "ls [TAG]", "Lists all keys (filter optionally by TAG)"
+    option :short, :type => :boolean, aliases: "-s"
+    def ls(tag=nil)
+      init
+      rows = [["KEY", "LEN", "CREATED", "TAGS"]]
+      empty = true
+
+      @can.all().each do |key, entry|
+        empty = false
+        next if tag and (not entry["tags"] or not entry["tags"].include?(tag))
+        if options[:short]
+          puts key
+          next
+        end
+
+        if entry.class == Hash
+          value = entry["value"]
+          created = entry["created"]
+          entry["tags"] = entry["tags"] || []
+          tags = entry["tags"].join(" ")
+        else
+          value = entry
+          created = ""
+          tags = ""
+        end
+
+        rows << [key, value.size, created, tags]
+        # if options[:values]
+        #   rows << [key, value, created, tags]
+        # else
+        #   rows << [key, value.size, created, tags]
+        # end
+      end
+
+      if empty
+        puts "The can file #{@file} is empty."
+        return
+      end
+
+      Tablelize::table(rows) if not options[:short]
+    end
+
+    desc "get KEY", "Copies a KEY to the clipboard"
+    def get(key)
+      init
+      entry = @can.get(key) or abort "Key #{key} does not exist."
+      copy(val(entry))
+      puts "Key #{key} was copied to the clipboard."
+    end
+
+    desc "rename KEY NEW_NAME", "Renames a secret"
+    def rename(key, new_name)
+      init
+      entry = @can.get(key) or abort "Key #{key} does not exist."
+      @can.rename key, new_name
+      puts "Key #{key} was renamed to #{new_name}."
+    end
+
+    desc "password", "Change the can password"
+    def password
+      init
+      pass1 = ask("New password: ")
+      pass2 = ask("Confirm password: ")
+      if pass1 != pass2
+        puts "Passwords don't match."
+        abort
+      end
+      @can.password pass1
+      puts "Can password was changed."
+    end
+
+    desc "set KEY [VALUE]", "Stores a value (empty VALUE show the prompt; use '@random' for a random value)"
+    def set(key, value=nil)
+      init
+      clipboard = false
+      if value == "@random"
+        clipboard = true
+        value = random(60, true)
+      end
+      value = value || ask("Value: ")
+      @can.set key, value
+      if clipboard
+        copy(value)
+        puts "Key #{key} was stored and copied to the clipboard."
+      else
+        puts "Key #{key} was stored."
+      end
+    end
+
+    desc "rm KEY", "Removes a key"
+    def rm(key)
+      init
+      @can.exists(key) or abort "Key #{key} does not exist."
+      @can.remove key
+      puts "Key #{key} was deleted."
+    end
+
+    desc "tag KEY TAG", "Tags a key"
+    def tag(key, tag)
+      init
+      @can.exists(key) or abort "Key #{key} does not exist."
+      ok = @can.tag(key, tag)
+      puts "Tag #{tag} was added to #{key}." if ok
+      puts "Tag #{tag} already exists on #{key}." unless ok
+    end
+
+    desc "tags [KEY]", "Show all tags (filter for a key)"
+    def tags(key=nil)
+      init
+      if key
+        @can.exists(key) or abort "Key #{key} does not exist."
+        entry = @can.get(key)
+        tags = entry["tags"] || []
+      else
+        tags = []
+        @can.all().each do |key, entry|
+          entry["tags"] = entry["tags"] || []
+          tags = tags | entry["tags"]
+        end
+      end
+
+      puts tags.uniq.join("\n")
+    end
+
+    desc "untag KEY TAG", "Untags a tag from a key"
+    def untag(key, tag)
+      init
+      @can.exists(key) or abort "Key #{key} does not exist."
+      ok = @can.untag(key, tag)
+      puts "Tag #{tag} was removed from #{key}." if ok
+      puts "Tag #{tag} doesn't exist on #{key}." unless ok
+    end
+
+    desc "migrate", "Migrates to new format"
+    def migrate()
+      init
+      count = @can.migrate()
+      puts "Keys migrated: #{count}."
+    end
+
+    desc "encrypt DATA", "Encrypts data"
+    def encrypt(data)
+      init
+      puts @can.encrypt(data)
+    end
+
+    desc "decrypt DATA", "Decrypts data"
+    def decrypt(data)
+      init
+      puts @can.decrypt(data)
+    end
+
+    desc "random [LENGTH]", "Generates a random password"
+    option :symbols, :type => :boolean, aliases: "-s"
+    def random(length=60, capture=false)
+      info
+      length  = length.to_i
+      chars   = ("0".."9").to_a + ("A".."Z").to_a + ("a".."z").to_a
+      # chars  += ("!".."?").to_a if options[:symbols]
+      chars  += %w(! ? # $ @ % & ~ _ - + = : . ; , æ ø å\\ / \( \) { } < >).to_a \
+        if options[:symbols]
+      chars.delete(["'", '"'])
+      # pass = chars.sort_by { rand }.join[0...length]
+      pass = []
+      (1 .. length).each do
+        pass << chars[rand(chars.size)]
+      end
+      pass = pass.join()
+      return pass if capture
+      puts pass
+    end
+
+    # def method_missing name, *args
+    #   name  = name.to_s
+    #   value = args[0]
+    #   if value
+    #     set name, value
+    #   else
+    #     get name
+    #   end
+    # end
+
+    private
+    def info()
+      # latest = Can::Util::latest()
+      debug "Can version: #{VERSION}"
+      # debug "Latest version: #{latest}"
+      debug "Check files #{FILES}"
+      debug "Check dirs #{DIRS}"
+      debug "Using file #{@file}"
+      debug "Using options #{options}"
+      debug "Using verbose mode (goes to stderr)"
+    end
+
+    def init()
+      @file = options[:file] || ENV.fetch("CAN_FILE", nil)
+
+      if @file == nil or @file.length == 0
+        FILES.each do |file|
+          debug "Checking file #{file}"
+          if File.file?(file)
+            @file = file
+            debug "Using file #{file}"
+            break
+          end
+        end
+
+      elsif File.extname(@file) != ".can"
+        DIRS.each do |dir|
+          file = "#{dir}/#{@file}.can"
+          debug "Checking file #{file}"
+          if File.file?(file)
+            @file = file
+            debug "Using file #{file}"
+            break
+          end
+        end
+
+      end
+
+      raise "Cound't find a valid can file (#{@file})." if not File.file?(@file)
+
+      info()
+
+      return if check(options[:password], "options")
+      return if check(ENV.fetch("CAN_PASSWORD", nil), "environment")
+      return if check(ask(), "prompt")
+      abort
+    end
+
+    def check(password, source)
+      return if not password or password.length < 1
+
+      @can = Can::Store.new(@file, password)
+      begin
+        @can.all()
+        debug "Opened with password from #{source}"
+        debug "Can format: v#{@can.format()}"
+        return true
+      rescue
+        debug "Failed to open with password from #{source}"
+        raise "Wrong password"
+      end
+    end
+
+    def val(value)
+      return value["value"] if value.class == Hash
+      value
+    end
+
+    def ask(prompt = "Password: ")
+        print prompt
+        answer = STDIN.noecho(&:gets).chomp
+        raise Interrupt if answer.length < 1
+        puts
+        answer
+    end
+
+    def debug(message)
+      show = options[:verbose] || ENV.fetch("CAN_DEBUG", "0") == "1"
+      return if not show
+      STDERR.puts "\033[38;5;240m#{message}\033[0m"
+    end
+
+    def copy(value)
+      IO.popen("pbcopy", "w") { |cc| cc.write(value) }
+      value
+    end
+
+  end
+end
+
+begin
+  Can::Cli.start ARGV
+rescue Interrupt
+  puts
+  exit 2
+rescue Exception => e
+  puts "Error: #{e}"
+  exit 1
+end

data/can.gemspec

@@ -0,0 +1,27 @@
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+require "can"
+
+Gem::Specification.new do |spec|
+  spec.name          = "can"
+  spec.version       = Can::VERSION
+  spec.summary       = "Can stores encrypted goods using symmetric cryptography."
+  # spec.description   = File.read("readme.md")
+  spec.description   = "Can stores encrypted goods using symmetric cryptography (AES-256-CBC)"
+  spec.homepage      = "https://github.com/ptdorf/can"
+  spec.authors       = ["ptdorf"]
+  spec.email         = ["ptdorf@gmail.com"]
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split $/
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename f }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "thor"
+  spec.add_dependency "tablelize"
+  spec.add_dependency "base62-rb"
+  spec.add_development_dependency "rake"
+
+  # spec.required_ruby_version = "~> 2.4"
+end

data/lib/can.rb

@@ -0,0 +1,9 @@
+# $LOAD_PATH.unshift File.expand_path(File.dirname(__FILE__)) + "/../lib"
+
+require "can/store"
+require "can/crypto"
+require "can/util"
+
+module Can
+  VERSION = "0.10.13"
+end

data/lib/can/crypto.rb

@@ -0,0 +1,41 @@
+require "openssl"
+require "digest/sha1"
+require "base64"
+
+module Can
+  class Crypto
+
+    CIPHER = "AES-256-CBC"
+
+   def self.encrypt(content, password)
+      digest = Digest::SHA1.hexdigest(password)
+      cipher = OpenSSL::Cipher.new(CIPHER)
+      cipher.encrypt
+      cipher.key = digest[0..31]
+      cipher.iv  = iv = cipher.random_iv
+      encrypted  = cipher.update(content) + cipher.final
+
+      binit = Base64.strict_encode64(iv)
+      ilen  = binit.length.to_s
+      blen  = Base64.strict_encode64(ilen)
+      bdata = Base64.strict_encode64(encrypted)
+      # blen + "--" + binit + "--" + bdata
+      binit + "--" + bdata
+    end
+
+    def self.decrypt(content, password)
+      digest = Digest::SHA1.hexdigest(password)
+      init, encrypted = content.split("--").map do |v|
+        Base64.strict_decode64(v)
+      end
+
+      cipher = OpenSSL::Cipher.new(CIPHER)
+      cipher.decrypt
+      cipher.key = digest[0..31]
+      cipher.iv = init
+
+      cipher.update(encrypted) + cipher.final
+    end
+
+  end
+end

data/lib/can/store.rb

@@ -0,0 +1,174 @@
+require "json"
+require "time"
+# require "zlib"
+
+module Can
+  class Store
+
+    HEADER    = "Can"
+    SEPARATOR = "\n\n"
+
+    def initialize(file, password)
+      @password = password
+      @file     = file
+      @format   = "1"
+    end
+
+    def all()
+      read()
+    end
+
+    def format()
+      @format
+    end
+
+    def exists(key)
+      data = read()
+      data[key] ? true : false
+    end
+
+    def get(key)
+      data = read()
+      data[key] || nil
+    end
+
+    def set(key, value)
+      data = read()
+      data[key] ||= {}
+      data[key]["value"] = value
+      data[key]["created"] = Time.new
+      data[key]["tags"] ||= []
+      write(data)
+    end
+
+    def rename(key, new_key)
+      data = read()
+      data[new_key] = data[key]
+      data.delete(key)
+      write(data)
+    end
+
+    def tag(key, tag)
+      data = read()
+      data[key]["tags"] = data[key]["tags"] || []
+      if not data[key]["tags"].include?(tag)
+        data[key]["tags"] << tag
+        return write(data)
+      end
+      false
+    end
+
+    def untag(key, tag)
+      data = read()
+      if data[key]["tags"] and data[key]["tags"].include?(tag)
+        data[key]["tags"].delete(tag)
+        return write(data)
+      end
+      false
+    end
+
+    def remove(key)
+      data = read()
+      data.delete(key)
+      write(data)
+    end
+
+    def encrypt(payload)
+      encrypted = Crypto.encrypt(payload, @password)
+      encode(encrypted)
+    end
+
+    def decrypt(payload)
+      decoded = decode(payload)
+      Crypto.decrypt(decoded, @password)
+    end
+
+    def password(new_password)
+      data = read()
+      @password = new_password
+      write(data)
+    end
+
+    def migrate()
+      count = 0
+      data = read()
+      data.each do |key, value|
+        # puts "Checking key #{key}..."
+        if value.class != Hash
+          data[key] = {}
+          data[key]["value"] = value
+          data[key]["created"] = Time.new
+          data[key]["tags"] = []
+          count += 1
+          puts "Key #{key} migrated to new format"
+        else
+          puts "Key #{key} already exists in new format"
+        end
+      end
+
+      write(data)
+      count
+    end
+
+    private
+    def read()
+      return {} unless File.exist?(@file)
+
+      content   = File.read(@file)
+      headless  = rm_header(content)
+      cleaned   = clean(headless)
+      decoded   = decode(cleaned)
+      decrypted = Crypto.decrypt(decoded, @password)
+
+      JSON.parse(decrypted)
+    end
+
+    def write(data)
+      payload   = JSON.dump(data)
+      encrypted = Crypto.encrypt(payload, @password)
+      encoded   = encode(encrypted)
+      aligned   = align(encoded)
+      content   = add_header(aligned)
+
+      File.write(@file, content)
+    end
+
+    def encode(data)
+      data.unpack("H*").first
+    end
+
+    def decode(data)
+      data.scan(/../).map { |x| x.hex }.pack("c*")
+    end
+
+    # def compress(data)
+    #   Zlib::Deflate.deflate(data)
+    # end
+
+    # def uncompress(data)
+    #   Zlib::Inflate.inflate(data)
+    # end
+
+    def align(data)
+      data.scan(/.{1,64}/).join("\n")
+    end
+
+    def clean(data)
+      data.split("\n").join("")
+    end
+
+    def add_header(payload)
+      "#{HEADER}:v#{@format}#{SEPARATOR}#{payload}"
+    end
+
+    def rm_header(payload)
+      parts  = payload.split(SEPARATOR)
+      header = parts[0]
+      body   = parts[1]
+      m = header.match(/Can\:v(\d+)/)
+      @format = m[1]
+      body
+    end
+
+  end
+end

data/lib/can/util.rb

@@ -0,0 +1,15 @@
+require "net/http"
+
+module Can
+
+  module Util
+
+    def self.latest()
+      uri = URI("https://rubygems.org/api/v1/gems/can.json")
+      res = Net::HTTP.get(uri)
+      data = JSON.load(res)
+      return data["version"]
+    end
+
+  end
+end

metadata

@@ -0,0 +1,110 @@
+--- !ruby/object:Gem::Specification
+name: can
+version: !ruby/object:Gem::Version
+  version: 0.10.13
+platform: ruby
+authors:
+- ptdorf
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-09-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: tablelize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: base62-rb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Can stores encrypted goods using symmetric cryptography (AES-256-CBC)
+email:
+- ptdorf@gmail.com
+executables:
+- can
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- README.md
+- Rakefile
+- bin/can
+- can.gemspec
+- lib/can.rb
+- lib/can/crypto.rb
+- lib/can/store.rb
+- lib/can/util.rb
+homepage: https://github.com/ptdorf/can
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Can stores encrypted goods using symmetric cryptography.
+test_files: []