confidential_info_manager 0.2.2 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 761b5723d7a922ebab89253972793269f10f71e8
-  data.tar.gz: 599e7447cc1b360e89d175eecf46094d08c97033
+  metadata.gz: 45098a1e2e4c56a238b3c8549d5633f99e8c4616
+  data.tar.gz: 44c7ab59827e209b310231995307809fd6a2d92a
 SHA512:
-  metadata.gz: 14eec241dfb3b457940851d7b7c0708b7adec285429195c57d26e89dac8e089f0d456c0b4f0ae2278032acdcb7fb1dda4bdef74e5272f2b4ef70caff276c805e
-  data.tar.gz: 6e2216fc017c66654fe23ccbbaf73bc5869beaa398d2b10ba89b91a4cf11fd3f86c28597e3dd52ac9a01f5a4f2bec2c84e56a3ea2e6cc7269da89ff0fa0e9b10
+  metadata.gz: 11bf9f133739d075bff0b7935a963edea1b363d8bbae135b8ac0f7188e539da79cd18e8b303bafc4a4580b9f3535565b0c3e4b0be9f3fc79a7a834e167f3deee
+  data.tar.gz: 1f3bd02e9721e4b3f5e3e8d59464b107b7721559bfddcd035cbfa6656134da2c95fcafcd6535079ef301c665eda671bc18c518d83d0b3461fbe6be80961b0940

data/.gitignore

@@ -10,3 +10,4 @@
 .ruby-version
 .rbenv-gemsets
 *.swp
+.DS_Store

data/.travis.yml

@@ -13,3 +13,4 @@ script: bundle exec rspec
 branches:
   only:
   - master
+  - develop

data/README.md

@@ -30,10 +30,8 @@ Please the password and the salt used in the encrypter and decrypter passing the
 require "confidential_info_manager"
 
 raw_data = "string"
-# salt is no problem even if arbitrarily created
-salt = ConfidentialInfoManager::Core.generate_salt
 
-manager = ConfidentialInfoManager::Core.new("password", salt)
+manager = ConfidentialInfoManager::Core.new("password")
 # encrypt
 encrypt_data = manager.encrypt(raw_data)
 # decrypt
@@ -46,16 +44,52 @@ decrypt_data = manager.decrypt(encrypt_data, String)
 require "confidential_info_manager"
 
 password = "password"
-salt = ConfidentialInfoManager::Core.generate_salt
 file_path = "/tmp"
 secret_data = { API_KEY: "abcedefg", API_SECRET_KEY: "abcedfg" }
 
-confidential_info_manager = ConfidentialInfoManager::YAML.new(pass, salt)
+confidential_info_manager = ConfidentialInfoManager::YAML.new(pass)
 confidential_info_manager.save(secret_data, file_path)
 yaml_data = confidential_info_manager.load(file_path)
 
 ```
 
+## Command line exchange
+
+### Command encrypt
+
+```console
+$ echo <raw_data> | openssl enc -e -aes-256-cbc -base64 -pass pass:<password>
+```
+
+### Use library for decrypt
+
+```ruby
+require "confidential_info_manager"
+
+# Specify the algorithm used. Iterator is 1 fixed
+manager = ConfidentialInfoManager::Core.new("password", "AES-256-CBC", 1)
+manager.decrypt(cli_encrypt_str)
+```
+
+### Use library for encrypt
+
+```ruby
+require "confidential_info_manager"
+
+raw_data = "Hello, World"
+
+# Iterator is 1 fixed
+manager = ConfidentialInfoManager::Core.new("password", "AES-256-CBC", 1)
+manager.encrypt(raw_data)
+```
+
+### Command decrypt
+
+```console
+# Specify the algorithm used.
+$ echo <encrypted_data> | openssl enc -d -aes-256-cbc -base64 -pass pass:<password>
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake rspec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/lib/confidential_info_manager/core.rb

@@ -9,6 +9,7 @@ module ConfidentialInfoManager
 
     RANDOM_BYTES = 8.freeze
     ITERATOR_COUNT = 2000.freeze
+    DEFAULT_ALGORITHM = "AES-256-CBC".freeze
 
     ##
     # constructor
@@ -16,18 +17,14 @@ module ConfidentialInfoManager
     # @param [String] salt
     # @param [String] mode
     # @see http://docs.ruby-lang.org/en/2.2.0/OpenSSL/Cipher.html
-    def initialize(password, salt, mode="AES-256-CBC")
-      generate_encrypter(mode)
-      generate_decrypter(mode)
-      set_key_and_iv(password, salt)
-    end
-
-    ##
-    # generate salt
-    # @param [Integer] length
-    # @return [String] salt
-    def self.generate_salt(length = RANDOM_BYTES)
-      OpenSSL::Random.random_bytes(length)
+    def initialize(password, mode = DEFAULT_ALGORITHM, iterator_cnt = ITERATOR_COUNT)
+      raise ArgmentError.new("Password is empty") if password.empty?
+      raise ArgmentError.new("Mode is empty") if mode.empty?
+      raise ArgmentError.new("You must specify an integer of 1 or more") if iterator_cnt <= 0
+
+      @iterator_cnt = iterator_cnt
+      @password = password
+      @mode = mode
     end
 
     ##
@@ -43,12 +40,14 @@ module ConfidentialInfoManager
           secret_data = Marshal.dump(secret_data)
       end
 
-      @@encrypter.reset
-
+      salt = OpenSSL::Random.random_bytes(RANDOM_BYTES)
+      encrypter = generate_cipher
+      encrypter.encrypt
+      encrypter.pkcs5_keyivgen(@password, salt, @iterator_cnt)
       encrypted_data = ""
-      encrypted_data << @@encrypter.update(secret_data)
-      encrypted_data << @@encrypter.final
-      Base64.strict_encode64(encrypted_data)
+      encrypted_data << encrypter.update(secret_data)
+      encrypted_data << encrypter.final
+      Base64.strict_encode64("Salted__#{salt}#{encrypted_data}")
     end
 
     ##
@@ -57,13 +56,18 @@ module ConfidentialInfoManager
     # @param [Class] type
     #   @note String/Fixnum/Bignum/Float/Array/Hash
     # @return [Object] decrypted data
-    def decrypt(encrypted_data, type=String)
-      @@decrypter.reset
-
+    def decrypt(encrypted_data, type = String)
       encrypted_data = Base64.strict_decode64(encrypted_data)
+      salt = encrypted_data[8, RANDOM_BYTES]
+
+      encrypted_data = encrypted_data[8 + RANDOM_BYTES, encrypted_data.size]
+
+      decrypter = generate_cipher
+      decrypter.decrypt
+      decrypter.pkcs5_keyivgen(@password, salt, @iterator_cnt)
       decrypted_data = ""
-      decrypted_data << @@decrypter.update(encrypted_data)
-      decrypted_data << @@decrypter.final
+      decrypted_data << decrypter.update(encrypted_data)
+      decrypted_data << decrypter.final
 
       if type == Fixnum || type == Bignum
         decrypted_data = decrypted_data.to_i
@@ -112,38 +116,11 @@ module ConfidentialInfoManager
 private
 
     ##
-    # setting key and iv
-    # @param [String] password
-    # @param [String] salt
-    def set_key_and_iv(password, salt)
-      # Generated from the password and salt the key and IV in accordance with PKCS#5
-      key_iv = OpenSSL::PKCS5.pbkdf2_hmac_sha1(
-        password, salt, ITERATOR_COUNT,
-        @@encrypter.key_len + @@encrypter.iv_len
-      )
-      key = key_iv[0, @@encrypter.key_len]
-      iv = key_iv[@@encrypter.key_len, @@encrypter.iv_len]
-      # Set the key and IV
-      @@encrypter.key = key
-      @@encrypter.iv = iv
-      @@decrypter.key = key
-      @@decrypter.iv = iv
-    end
-
-    ##
-    # generate encrypter
-    # @param [String] mode
-    def generate_encrypter(mode)
-      @@encrypter = OpenSSL::Cipher.new(mode)
-      @@encrypter.encrypt
-    end
-
-    ##
-    # generate decrypter
-    # @param [String] mode
-    def generate_decrypter(mode)
-      @@decrypter = OpenSSL::Cipher.new(mode)
-      @@decrypter.decrypt
+    # generate cipher instance
+    # @return [OpenSSL::Cipher] cipher
+    def generate_cipher
+      cipher = OpenSSL::Cipher.new(@mode)
+      cipher.reset
     end
 
   end

data/lib/confidential_info_manager/version.rb

@@ -1,3 +1,3 @@
 module ConfidentialInfoManager
-  VERSION = "0.2.2"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: confidential_info_manager
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.3.0
 platform: ruby
 authors:
 - tatsu07