cloudcrypt 0.0.1 → 0.0.2

data/.gitignore

@@ -0,0 +1,3 @@
+pkg/*
+*.gem
+.bundle

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in cloudcrypt.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,14 @@
+PATH
+  remote: .
+  specs:
+    cloudcrypt (0.0.1)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  cloudcrypt!

data/Rakefile

@@ -0,0 +1,51 @@
+require 'bundler'
+require 'date'
+
+Bundler::GemHelper.install_tasks
+
+
+#############################################################################
+#
+# Helper functions
+#
+#############################################################################
+
+def name
+  @name ||= Dir['*.gemspec'].first.split('.').first
+end
+
+def version
+  line = File.read("lib/#{name}/version.rb")[/^\s*VERSION\s*=\s*.*/]
+  line.match(/.*VERSION\s*=\s*['"](.*)['"]/)[1]
+end
+
+def date
+  Date.today.to_s
+end
+
+def gemspec_file
+  "#{name}.gemspec"
+end
+
+def gem_file
+  "#{name}-#{version}.gem"
+end
+
+def replace_header(head, header_name)
+  head.sub!(/(\.#{header_name}\s*= ').*'/) { "#{$1}#{send(header_name)}'"}
+end
+
+
+#############################################################################
+#
+# Standard tasks
+#
+#############################################################################
+
+
+desc "Open an irb session preloaded with this library"
+task :console do
+  sh "irb -rubygems -r ./lib/#{name}.rb"
+end
+
+

data/bin/cloudcrypt.rb

@@ -0,0 +1,74 @@
+#!/usr/bin/env ruby
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+require 'cloudcrypt'
+
+
+RAVE_BUCKET='ec2admin-software-installation-rave-5.6.3'
+def is_mac?
+  # universal-darwin9.0 shows up for RUBY_PLATFORM on os X leopard with the bundled ruby. 
+  # Installing ruby in different manners may give a different result, so beware.
+  # Examine the ruby platform yourself. If you see other values please comment
+  # in the snippet on dzone and I will add them.
+    RUBY_PLATFORM.downcase.include?("darwin")
+end
+
+def is_windows?
+    RUBY_PLATFORM.downcase.include?("mingw32")
+end
+
+if is_mac?
+    # MAC
+    PUBLIC_KEY='/Users/restebanez/id_nodemanager.pub'
+    PRIVATE_KEY='/Users/restebanez/id_nodemanager'
+    TMP='/tmp'
+elsif is_windows?
+
+    # Windows
+    PUBLIC_KEY='C:\Users\Administrator\.chef\id_nodemanager'
+    PRIVATE_KEY='C:\Users\Administrator\.chef\id_nodemanager'
+    TMP=ENV['TMP']
+    require 'win32/registry.rb'
+    require 'Win32API'  
+    if ENV['RAVE_RW_AWS_ACCESS_KEY_ID'].nil? || ENV['RAVE_RW_AWS_SECRET_ACCESS_KEY'].nil?
+        puts "Let's set up some envioroment variables"
+        puts "RAVE_RW_AWS_ACCESS_KEY_ID: "
+        Win32::Registry::HKEY_CURRENT_USER.open('Environment', Win32::Registry::KEY_WRITE) do |reg|
+          reg['RAVE_RW_AWS_ACCESS_KEY_ID'] = gets
+        end
+        puts "RAVE_RW_AWS_SECRET_ACCESS_KEY: "
+        Win32::Registry::HKEY_CURRENT_USER.open('Environment', Win32::Registry::KEY_WRITE) do |reg|
+          reg['RAVE_RW_AWS_SECRET_ACCESS_KEY'] = gets
+        end
+        # make environmental variables available immediately
+        # http://stackoverflow.com/questions/190168/persisting-an-environment-variable-through-ruby
+        SendMessageTimeout = Win32API.new('user32', 'SendMessageTimeout', 'LLLPLLP', 'L') 
+        HWND_BROADCAST = 0xffff
+        WM_SETTINGCHANGE = 0x001A
+        SMTO_ABORTIFHUNG = 2
+        result = 0
+        SendMessageTimeout.call(HWND_BROADCAST, WM_SETTINGCHANGE, 0, 'Environment', SMTO_ABORTIFHUNG, 5000, result)
+        abort('Open a new powershell session and run it again')
+    end   
+else
+    abort('OS not detectect!')
+end
+
+abort('Please set the variable RAVE_RW_AWS_ACCESS_KEY_ID and RAVE_RW_AWS_SECRET_ACCESS_KEY') if ENV['RAVE_RW_AWS_ACCESS_KEY_ID'].nil? || ENV['RAVE_RW_AWS_SECRET_ACCESS_KEY'].nil?
+
+AWS_ACCESS_KEY_ID=ENV['RAVE_RW_AWS_ACCESS_KEY_ID'].gsub(/\r?\n?/, "")
+AWS_SECRET_ACCESS_KEY=ENV['RAVE_RW_AWS_SECRET_ACCESS_KEY'].gsub(/\r?\n?/, "")
+
+ENCRYPTED_FILE_EXTENSION='.encrypted'
+ENCRYPTED_VI_EXTENSION='.vi'
+ENCRYPTED_KEY_EXTENSION='.key'
+
+
+
+params=ARGV
+cloudcrypt = Cloudcrypt::Parser.new
+
+if cloudcrypt.parse#(params)
+    exit 0
+else
+    exit 1
+end

data/cloudcrypt.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "cloudcrypt/version"
+
+Gem::Specification.new do |s|
+  s.name        = "cloudcrypt"
+  s.version     = Cloudcrypt::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Rodrigo Estebanez"]
+  s.email       = ["restebanez@mdsol.com"]
+  s.homepage    = ""
+  s.summary     = %q{encrypt and decrypt files using public and private encryption}
+  s.description = %q{You can't encrypt a file bigger than the private key. You first have to generate a random key and a random vector initialization to encrypt the file using a symmetrical algorithom. Later you use the private key to encrypt the random key and the random vector}
+
+  s.rubyforge_project = "cloudcrypt"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+  s.add_dependency('fog')
+  s.add_dependency('rubyzip')
+  s.add_dependency('trollop')  
+end

data/lib/cloudcrypt/asymmetrical_crypt.rb

@@ -0,0 +1,17 @@
+module Cloudcrypt
+
+    class AsymmetricalCrypt
+        def self.encrypt(public_key,data_to_encrypt)
+            raise if ( public_key.empty? || data_to_encrypt.empty? )      
+            public_key_rsa = OpenSSL::PKey::RSA.new(public_key)
+            encrypted_data = public_key_rsa.public_encrypt(data_to_encrypt)
+        end
+        
+        def self.decrypt(private_key,data_to_dencrypt)
+            raise if ( private_key.empty? || data_to_dencrypt.empty?)
+            private_key_rsa = OpenSSL::PKey::RSA.new(private_key)
+            decrypted_data = private_key_rsa.private_decrypt(data_to_dencrypt)
+        end
+    end
+
+end

data/lib/cloudcrypt/main.rb

@@ -0,0 +1,118 @@
+module Cloudcrypt
+
+    class Main
+    
+        
+        ENCRYPTED_FILE_EXTENSION='.encrypted'
+        ENCRYPTED_VI_EXTENSION='.vi'
+        ENCRYPTED_KEY_EXTENSION='.key'
+             
+        if RUBY_PLATFORM.downcase.include?("mingw32") 
+            TMP=ENV['TMP']
+            FILE_SEPARATOR="\\" 
+        else
+            TMP='/tmp'
+            FILE_SEPARATOR='/'
+        end    
+        attr_reader :dst_encrypted_file, :dst_encrypted_key_file, :dst_encrypted_iv_file, :dst_unencrypted_file, :dst_zip_file
+        
+        def initialize(public_key_file,private_key_file=nil)
+            @public_key_file = public_key_file
+            @private_key_file = private_key_file
+        end
+        
+        def encrypt(file_path,dst=TMP)
+            raise_unless_exists(@public_key_file)
+            public_key = File.read(@public_key_file)
+            
+            file_basename=File.basename(file_path) #gets the filename without the extension
+            file_uri = dst + FILE_SEPARATOR + file_basename
+            @dst_encrypted_file = file_uri + ENCRYPTED_FILE_EXTENSION       
+            @dst_encrypted_key_file = raise_if_exists(file_uri + ENCRYPTED_KEY_EXTENSION)
+            @dst_encrypted_iv_file = raise_if_exists(file_uri + ENCRYPTED_VI_EXTENSION)
+            
+            s=SymmetricalCrypt.new(file_path,@dst_encrypted_file)
+            s.encrypt
+            
+            File.open(@dst_encrypted_key_file,'wb') {|f|
+                   f << AsymmetricalCrypt.encrypt(public_key,s.random_key)
+             }
+    
+            File.open(@dst_encrypted_iv_file,'wb') {|f|
+                   f << AsymmetricalCrypt.encrypt(public_key,s.random_iv)
+             }
+             @dst_zip_file = file_path + '.zip'
+             zip(@dst_zip_file, [@dst_encrypted_file,@dst_encrypted_key_file,@dst_encrypted_iv_file])
+             File.delete(@dst_encrypted_file,@dst_encrypted_key_file,@dst_encrypted_iv_file)
+             
+        end
+        
+        def decrypt(file_path_zip,dst=TMP)
+            unzip(file_path_zip,dst)
+            
+            raise_unless_exists(@private_key_file)
+            private_key = File.read(@private_key_file)
+            
+            # where files where extracted from the zip file
+            dir_basename = dst
+            # gets the filename without the extension .zip
+            file_basename = File.basename(file_path_zip,'.zip') 
+            
+            
+            # Where to look for key and iv files
+            file_uri = dir_basename + FILE_SEPARATOR + file_basename
+            source_encrypted_file = raise_unless_exists(file_uri + ENCRYPTED_FILE_EXTENSION)
+            source_encrypted_key_file = raise_unless_exists(file_uri + ENCRYPTED_KEY_EXTENSION)
+            source_encrypted_iv_file = raise_unless_exists(file_uri + ENCRYPTED_VI_EXTENSION)
+            @dst_unencrypted_file = dst + '/' + file_basename
+            
+            iv = AsymmetricalCrypt.decrypt(File.read(@private_key_file),File.open(source_encrypted_iv_file,'rb').read)
+            key = AsymmetricalCrypt.decrypt(File.read(@private_key_file),File.open(source_encrypted_key_file,'rb').read)
+            
+            s = SymmetricalCrypt.new(source_encrypted_file,@dst_unencrypted_file)
+            s.decrypt(key,iv)
+            #windows thinks it's opened
+            #File.delete(source_encrypted_file,source_encrypted_key_file,source_encrypted_iv_file)
+        end
+        
+    
+        
+        def zip(new_zip_file,files=[])
+            Zip::ZipFile.open(new_zip_file,Zip::ZipFile::CREATE) do |zip|
+                files.each do |file|
+                    file_basename = File.basename(file)
+                    zip.file.open(file_basename,'wb') {|f|f << File.open(file,'rb').read }
+                end
+            end
+        end
+        
+        def unzip(file_zip,dst=TMP)
+            Zip::ZipFile.open(file_zip) do |zip|
+                zip.each do |f|
+                    f_path=File.join(dst, f.name)
+                    #Chef::Log.info(f_path)
+                    FileUtils.mkdir_p(File.dirname(f_path)) unless File.directory?(f_path)
+                    zip.extract(f, f_path) unless File.exist?(f_path)
+                end
+            end     
+        end
+        
+        def md5(file)
+            return false unless File.exists?(file)
+            return Digest::MD5.hexdigest(File.read(file))
+        end
+        
+    private
+    
+        
+        def raise_if_exists(file)
+            raise "#{file} doesn't exist" if File.exists?(file) 
+            file        
+        end
+        
+        def raise_unless_exists(file)
+            raise "#{file} doesn't exist" unless File.exists?(file)
+            file
+        end
+    end
+end

data/lib/cloudcrypt/parser.rb

@@ -0,0 +1,57 @@
+module Cloudcrypt
+    require 'trollop'
+
+    class Parser
+
+    def initialize
+        abort('use --help') if ARGV.empty?
+         
+         @opts = Trollop::options do
+             
+             version "1.0 Rodrigo Estebanez"
+             banner <<-EOS
+         This script administrates the files of a private S3 Bucket. You can upload,download and delete files. Files will be encrypted using a public key before uploading them, it will be decrypted them after downloading them. 
+         
+         Options:
+         EOS
+         
+             opt :upload, "upload a file to S3 in an encrypted fashion", :type => String
+             opt :download, "download a S3 file and decrypt it", :type => String
+             opt :erase, "delete a S3 file", :type => String
+             opt :list, "list files of the rave bucket"
+         #   opt :destination, "where to write the file", :type => String
+             opt :public_key, "public key location for encryption", :type => String, :default => PUBLIC_KEY 
+             opt :private_key, "private key location for decryption", :type => String, :default => PRIVATE_KEY
+             
+         end
+    end
+        
+    
+    def parse
+     
+         Trollop::die :upload, "must exist" unless File.exists?(@opts[:upload]) if @opts[:upload]
+         
+         
+         m=Cloudcrypt::Main.new(@opts[:public_key],@opts[:private_key])
+         s3=Cloudcrypt::S3Transfer.new(AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY)
+         
+         
+         if @opts[:list]
+             s3.list.collect {|file| printf("%s\t%iB\t%s\n", file.key,file.content_length,file.etag) }
+         elsif @opts[:erase]
+             s3.delete(@opts[:erase])
+         elsif @opts[:upload]
+             m.encrypt(@opts[:upload])
+             s3.upload(m.dst_zip_file)
+         else
+             pwd = Dir.pwd
+             dst = File.join(pwd,@opts[:download])
+             abort("it already exists") if File.exists?(dst)
+             s3.download(@opts[:download],dst)
+             m.decrypt(dst,pwd)
+             puts m.dst_unencrypted_file
+         end
+    end
+
+    end
+end

data/lib/cloudcrypt/s3_transfer.rb

@@ -0,0 +1,56 @@
+module Cloudcrypt
+
+    class S3Transfer
+        def initialize(aws_access_key_id,aws_secret_access_key)
+            begin 
+              #Gem.clear_paths
+              require 'fog'
+            rescue LoadError
+              #Chef::Log.warn("Missing gem 'fog'")
+            end
+            @s3=Fog::AWS::Storage.new(
+            	:aws_access_key_id=> aws_access_key_id,
+            	:aws_secret_access_key => aws_secret_access_key
+            )
+            
+        end
+        
+        def upload(file_uri,bucket=RAVE_BUCKET)
+            file_basename = File.basename(file_uri)
+            abort("S3://#{bucket}/#{file_basename} already exist") if file_exists?(file_basename,bucket)
+            f=@s3.directories.get(bucket).files.new(:key => file_basename, :body=>File.open(file_uri,'rb').read)
+            f.save
+            f.etag
+            File.delete(file_uri)
+        end
+        
+        def md5(file_basename,bucket=RAVE_BUCKET)
+            return false unless file_exists?(file_basename,bucket)
+            return @s3.directories.get(bucket).files.get(file_basename).etag
+        end
+        
+        def download(file_basename,destination,bucket=RAVE_BUCKET)
+            abort("S3://#{bucket}/#{file_basename} doesn't exist") unless file_exists?(file_basename,bucket)
+            File.open(destination,'wb') { |f| f << @s3.directories.get(bucket).files.get(file_basename).body }
+        end
+        
+        def list(bucket=RAVE_BUCKET)
+            @s3.directories.get(bucket).files
+        end
+        
+        def delete(file_basename,bucket=RAVE_BUCKET)
+            abort("S3://#{bucket}/#{file_basename} doesn't exist") unless file_exists?(file_basename,bucket)
+            @s3.directories.get(bucket).files.get(file_basename).destroy
+        end
+        
+     private
+     
+       def file_exists?(file_name,bucket=RAVE_BUCKET)
+           @s3.directories.get(bucket).files.each do |f|
+               return true if file_name == f.key
+           end
+           return false       
+       end       
+    end
+    
+end

data/lib/cloudcrypt/symmetrical_crypt.rb

@@ -0,0 +1,42 @@
+module Cloudcrypt
+    class SymmetricalCrypt
+    SYMMETRICAL_ALGORITHM='aes-256-cbc'
+    
+    attr_reader :random_key, :random_iv
+     def initialize(source_file,destination_file)
+         @source_file = source_file
+         @destination_file = destination_file
+         raise "#{@source_file} file doesn't exist" unless File.exists?(@source_file)
+         raise "#{@destination_file} Already Exists" if File.exists?(@destination_file)
+         
+         @cipher = OpenSSL::Cipher::Cipher.new(SYMMETRICAL_ALGORITHM)
+     end
+         
+     def encrypt
+         @cipher.encrypt # We are encypting
+         # The OpenSSL library will generate random keys and IVs
+         @random_key = @cipher.random_key
+         @random_iv = @cipher.random_iv
+         @cipher.key = @random_key
+         @cipher.iv = @random_iv
+         write_to_disk
+     end
+     
+     def decrypt(key,iv)
+         raise if ( key.empty? || iv.empty?)
+         @cipher.decrypt # We are encypting
+         @cipher.key = key
+         @cipher.iv = iv
+         write_to_disk
+     end
+ 
+    private   
+     def write_to_disk
+         # To improve performance the file is not store into memory        
+         File.open(@destination_file,'wb') { |f|
+             f << @cipher.update(File.open(@source_file,'rb').read)
+             f << @cipher.final
+         }
+     end
+    end
+end

data/lib/cloudcrypt/version.rb

@@ -0,0 +1,3 @@
+module Cloudcrypt
+  VERSION = "0.0.2"
+end

data/lib/cloudcrypt.rb

@@ -0,0 +1,18 @@
+require 'rubygems'
+require 'openssl'
+require 'fog'
+require 'zip/zipfilesystem'
+
+__DIR__ = File.dirname(__FILE__)
+
+$LOAD_PATH.unshift __DIR__ unless
+  $LOAD_PATH.include?(__DIR__) ||
+  $LOAD_PATH.include?(File.expand_path(__DIR__))
+
+
+require 'cloudcrypt/parser'
+require 'cloudcrypt/main'
+require 'cloudcrypt/asymmetrical_crypt'
+require 'cloudcrypt/symmetrical_crypt'
+require 'cloudcrypt/s3_transfer'
+

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: cloudcrypt
 version: !ruby/object:Gem::Version 
-  hash: 29
+  hash: 27
   prerelease: false
   segments: 
   - 0
   - 0
-  - 1
-  version: 0.0.1
+  - 2
+  version: 0.0.2
 platform: ruby
 authors: 
 - Rodrigo Estebanez
@@ -17,19 +17,72 @@ cert_chain: []
 
 date: 2010-12-29 00:00:00 -05:00
 default_executable: 
-dependencies: []
-
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: fog
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rubyzip
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: trollop
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id003
 description: You can't encrypt a file bigger than the private key. You first have to generate a random key and a random vector initialization to encrypt the file using a symmetrical algorithom. Later you use the private key to encrypt the random key and the random vector
 email: 
 - restebanez@mdsol.com
-executables: []
-
+executables: 
+- cloudcrypt.rb
 extensions: []
 
 extra_rdoc_files: []
 
-files: []
-
+files: 
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- Rakefile
+- bin/cloudcrypt.rb
+- cloudcrypt.gemspec
+- lib/cloudcrypt.rb
+- lib/cloudcrypt/asymmetrical_crypt.rb
+- lib/cloudcrypt/main.rb
+- lib/cloudcrypt/parser.rb
+- lib/cloudcrypt/s3_transfer.rb
+- lib/cloudcrypt/symmetrical_crypt.rb
+- lib/cloudcrypt/version.rb
 has_rdoc: true
 homepage: ""
 licenses: []