confidential_info_manager 0.2.2 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.travis.yml +1 -0
- data/README.md +39 -5
- data/lib/confidential_info_manager/core.rb +31 -54
- data/lib/confidential_info_manager/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 45098a1e2e4c56a238b3c8549d5633f99e8c4616
|
4
|
+
data.tar.gz: 44c7ab59827e209b310231995307809fd6a2d92a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 11bf9f133739d075bff0b7935a963edea1b363d8bbae135b8ac0f7188e539da79cd18e8b303bafc4a4580b9f3535565b0c3e4b0be9f3fc79a7a834e167f3deee
|
7
|
+
data.tar.gz: 1f3bd02e9721e4b3f5e3e8d59464b107b7721559bfddcd035cbfa6656134da2c95fcafcd6535079ef301c665eda671bc18c518d83d0b3461fbe6be80961b0940
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
data/README.md
CHANGED
@@ -30,10 +30,8 @@ Please the password and the salt used in the encrypter and decrypter passing the
|
|
30
30
|
require "confidential_info_manager"
|
31
31
|
|
32
32
|
raw_data = "string"
|
33
|
-
# salt is no problem even if arbitrarily created
|
34
|
-
salt = ConfidentialInfoManager::Core.generate_salt
|
35
33
|
|
36
|
-
manager = ConfidentialInfoManager::Core.new("password"
|
34
|
+
manager = ConfidentialInfoManager::Core.new("password")
|
37
35
|
# encrypt
|
38
36
|
encrypt_data = manager.encrypt(raw_data)
|
39
37
|
# decrypt
|
@@ -46,16 +44,52 @@ decrypt_data = manager.decrypt(encrypt_data, String)
|
|
46
44
|
require "confidential_info_manager"
|
47
45
|
|
48
46
|
password = "password"
|
49
|
-
salt = ConfidentialInfoManager::Core.generate_salt
|
50
47
|
file_path = "/tmp"
|
51
48
|
secret_data = { API_KEY: "abcedefg", API_SECRET_KEY: "abcedfg" }
|
52
49
|
|
53
|
-
confidential_info_manager = ConfidentialInfoManager::YAML.new(pass
|
50
|
+
confidential_info_manager = ConfidentialInfoManager::YAML.new(pass)
|
54
51
|
confidential_info_manager.save(secret_data, file_path)
|
55
52
|
yaml_data = confidential_info_manager.load(file_path)
|
56
53
|
|
57
54
|
```
|
58
55
|
|
56
|
+
## Command line exchange
|
57
|
+
|
58
|
+
### Command encrypt
|
59
|
+
|
60
|
+
```console
|
61
|
+
$ echo <raw_data> | openssl enc -e -aes-256-cbc -base64 -pass pass:<password>
|
62
|
+
```
|
63
|
+
|
64
|
+
### Use library for decrypt
|
65
|
+
|
66
|
+
```ruby
|
67
|
+
require "confidential_info_manager"
|
68
|
+
|
69
|
+
# Specify the algorithm used. Iterator is 1 fixed
|
70
|
+
manager = ConfidentialInfoManager::Core.new("password", "AES-256-CBC", 1)
|
71
|
+
manager.decrypt(cli_encrypt_str)
|
72
|
+
```
|
73
|
+
|
74
|
+
### Use library for encrypt
|
75
|
+
|
76
|
+
```ruby
|
77
|
+
require "confidential_info_manager"
|
78
|
+
|
79
|
+
raw_data = "Hello, World"
|
80
|
+
|
81
|
+
# Iterator is 1 fixed
|
82
|
+
manager = ConfidentialInfoManager::Core.new("password", "AES-256-CBC", 1)
|
83
|
+
manager.encrypt(raw_data)
|
84
|
+
```
|
85
|
+
|
86
|
+
### Command decrypt
|
87
|
+
|
88
|
+
```console
|
89
|
+
# Specify the algorithm used.
|
90
|
+
$ echo <encrypted_data> | openssl enc -d -aes-256-cbc -base64 -pass pass:<password>
|
91
|
+
```
|
92
|
+
|
59
93
|
## Development
|
60
94
|
|
61
95
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake rspec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
@@ -9,6 +9,7 @@ module ConfidentialInfoManager
|
|
9
9
|
|
10
10
|
RANDOM_BYTES = 8.freeze
|
11
11
|
ITERATOR_COUNT = 2000.freeze
|
12
|
+
DEFAULT_ALGORITHM = "AES-256-CBC".freeze
|
12
13
|
|
13
14
|
##
|
14
15
|
# constructor
|
@@ -16,18 +17,14 @@ module ConfidentialInfoManager
|
|
16
17
|
# @param [String] salt
|
17
18
|
# @param [String] mode
|
18
19
|
# @see http://docs.ruby-lang.org/en/2.2.0/OpenSSL/Cipher.html
|
19
|
-
def initialize(password,
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
# @param [Integer] length
|
28
|
-
# @return [String] salt
|
29
|
-
def self.generate_salt(length = RANDOM_BYTES)
|
30
|
-
OpenSSL::Random.random_bytes(length)
|
20
|
+
def initialize(password, mode = DEFAULT_ALGORITHM, iterator_cnt = ITERATOR_COUNT)
|
21
|
+
raise ArgmentError.new("Password is empty") if password.empty?
|
22
|
+
raise ArgmentError.new("Mode is empty") if mode.empty?
|
23
|
+
raise ArgmentError.new("You must specify an integer of 1 or more") if iterator_cnt <= 0
|
24
|
+
|
25
|
+
@iterator_cnt = iterator_cnt
|
26
|
+
@password = password
|
27
|
+
@mode = mode
|
31
28
|
end
|
32
29
|
|
33
30
|
##
|
@@ -43,12 +40,14 @@ module ConfidentialInfoManager
|
|
43
40
|
secret_data = Marshal.dump(secret_data)
|
44
41
|
end
|
45
42
|
|
46
|
-
|
47
|
-
|
43
|
+
salt = OpenSSL::Random.random_bytes(RANDOM_BYTES)
|
44
|
+
encrypter = generate_cipher
|
45
|
+
encrypter.encrypt
|
46
|
+
encrypter.pkcs5_keyivgen(@password, salt, @iterator_cnt)
|
48
47
|
encrypted_data = ""
|
49
|
-
encrypted_data <<
|
50
|
-
encrypted_data <<
|
51
|
-
Base64.strict_encode64(encrypted_data)
|
48
|
+
encrypted_data << encrypter.update(secret_data)
|
49
|
+
encrypted_data << encrypter.final
|
50
|
+
Base64.strict_encode64("Salted__#{salt}#{encrypted_data}")
|
52
51
|
end
|
53
52
|
|
54
53
|
##
|
@@ -57,13 +56,18 @@ module ConfidentialInfoManager
|
|
57
56
|
# @param [Class] type
|
58
57
|
# @note String/Fixnum/Bignum/Float/Array/Hash
|
59
58
|
# @return [Object] decrypted data
|
60
|
-
def decrypt(encrypted_data, type=String)
|
61
|
-
@@decrypter.reset
|
62
|
-
|
59
|
+
def decrypt(encrypted_data, type = String)
|
63
60
|
encrypted_data = Base64.strict_decode64(encrypted_data)
|
61
|
+
salt = encrypted_data[8, RANDOM_BYTES]
|
62
|
+
|
63
|
+
encrypted_data = encrypted_data[8 + RANDOM_BYTES, encrypted_data.size]
|
64
|
+
|
65
|
+
decrypter = generate_cipher
|
66
|
+
decrypter.decrypt
|
67
|
+
decrypter.pkcs5_keyivgen(@password, salt, @iterator_cnt)
|
64
68
|
decrypted_data = ""
|
65
|
-
decrypted_data <<
|
66
|
-
decrypted_data <<
|
69
|
+
decrypted_data << decrypter.update(encrypted_data)
|
70
|
+
decrypted_data << decrypter.final
|
67
71
|
|
68
72
|
if type == Fixnum || type == Bignum
|
69
73
|
decrypted_data = decrypted_data.to_i
|
@@ -112,38 +116,11 @@ module ConfidentialInfoManager
|
|
112
116
|
private
|
113
117
|
|
114
118
|
##
|
115
|
-
#
|
116
|
-
# @
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
key_iv = OpenSSL::PKCS5.pbkdf2_hmac_sha1(
|
121
|
-
password, salt, ITERATOR_COUNT,
|
122
|
-
@@encrypter.key_len + @@encrypter.iv_len
|
123
|
-
)
|
124
|
-
key = key_iv[0, @@encrypter.key_len]
|
125
|
-
iv = key_iv[@@encrypter.key_len, @@encrypter.iv_len]
|
126
|
-
# Set the key and IV
|
127
|
-
@@encrypter.key = key
|
128
|
-
@@encrypter.iv = iv
|
129
|
-
@@decrypter.key = key
|
130
|
-
@@decrypter.iv = iv
|
131
|
-
end
|
132
|
-
|
133
|
-
##
|
134
|
-
# generate encrypter
|
135
|
-
# @param [String] mode
|
136
|
-
def generate_encrypter(mode)
|
137
|
-
@@encrypter = OpenSSL::Cipher.new(mode)
|
138
|
-
@@encrypter.encrypt
|
139
|
-
end
|
140
|
-
|
141
|
-
##
|
142
|
-
# generate decrypter
|
143
|
-
# @param [String] mode
|
144
|
-
def generate_decrypter(mode)
|
145
|
-
@@decrypter = OpenSSL::Cipher.new(mode)
|
146
|
-
@@decrypter.decrypt
|
119
|
+
# generate cipher instance
|
120
|
+
# @return [OpenSSL::Cipher] cipher
|
121
|
+
def generate_cipher
|
122
|
+
cipher = OpenSSL::Cipher.new(@mode)
|
123
|
+
cipher.reset
|
147
124
|
end
|
148
125
|
|
149
126
|
end
|