encruby 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +13 -0
- data/.rspec +3 -0
- data/.simplecov +4 -0
- data/.travis.yml +15 -0
- data/CODE_OF_CONDUCT.md +74 -0
- data/Gemfile +8 -0
- data/Gemfile.lock +82 -0
- data/LICENSE.txt +21 -0
- data/README.md +49 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/encruby.gemspec +28 -0
- data/exe/encruby +15 -0
- data/lib/encruby.rb +28 -0
- data/lib/encruby/cli.rb +58 -0
- data/lib/encruby/file.rb +72 -0
- data/lib/encruby/message.rb +98 -0
- data/lib/encruby/version.rb +3 -0
- metadata +120 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 5ae0f35dcb179b790f8295f2215afec3e088f9c1
|
4
|
+
data.tar.gz: a289fbc0369eb11dfea0f9d37cbf9e72b9fbb234
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 233d3e2b9199ebeae31d8f437560b00397551989d43db28c2a140f221a5dea52164f4e6af1aac16d8e70941936d77cd9bf8f48602d3c0c4e0e3e71b0363ddf04
|
7
|
+
data.tar.gz: eac4586bdba01e21ae70cb41b73b104d73629b8b737f42a6e72acfa050e4ba302dc6d6046aa2ee057db2fc8e2e73c4767dbd040e6550a898bfbeb69ce5dddfad
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.simplecov
ADDED
data/.travis.yml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
sudo: false
|
2
|
+
language: ruby
|
3
|
+
rvm:
|
4
|
+
- 2.4.0
|
5
|
+
|
6
|
+
before_install: gem install bundler -v 1.15.4
|
7
|
+
|
8
|
+
deploy:
|
9
|
+
provider: rubygems
|
10
|
+
api_key:
|
11
|
+
secure: KTUGDjcaqzvT8MV3T2TVMekZTI7jm0dRW3RCgDyFJ3kgO9MBiceBbbCInc+RXJKeQHvnrnCnTZ0iEEB/+8lOhM47d3CEqTeOPq+OfL2mXQ5GsLFO8udxG353b4HonqicLhf94i//8Q9EzFniGWBGWr2qQcZUrcRPvQ5MgH25UtwAtdqXpjF/l/rtEoNt8f5YMagzUlQOs9419Zl/u+H29ghNLyIpGdvMqe7k177wlHRAKzGZ1qzL1FR2KTAg7kFDwQSUK8Gt5fYJheyaA/I13dgMpkJUCbaOm7WKvTTLtwKXBIL6aS3P8HHXo5zpVn+Sma5UAcQ7wfw5Z9C+Nqg9sAJUZ77yHKZAYkMcvaJRAhdGEDZ5Q8Y0ZFcvd3UmEu/17WQPy+w4BVqLmvWKlV9j4yCZnRJdlMol5wPsOGcJTgd0aI1dhJMbo4rN0jberg4FV8WKImSphxJ54sTyQkGbr7q+7eigebS+PEm+fBCS4MiTeDrA0gLgvsRGso447R3RlpBCnEdJAXyRL1ij6Gwfra1uhdlIgO4zJNjcofCg3/QQpazfUGrO6XjUYahHE/y7bCY84+1T6DX8oqNWvDJgYVlwBfTNO2E0GVD7EDrGHlM4At4H5Drxs+7mjvompWHYtJKCMBXZWAODySguW9rI1C+bsc+vnmloacF6cPegbdI=
|
12
|
+
gem: encruby
|
13
|
+
on:
|
14
|
+
tags: true
|
15
|
+
repo: nikhgupta/encruby
|
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
# Contributor Covenant Code of Conduct
|
2
|
+
|
3
|
+
## Our Pledge
|
4
|
+
|
5
|
+
In the interest of fostering an open and welcoming environment, we as
|
6
|
+
contributors and maintainers pledge to making participation in our project and
|
7
|
+
our community a harassment-free experience for everyone, regardless of age, body
|
8
|
+
size, disability, ethnicity, gender identity and expression, level of experience,
|
9
|
+
nationality, personal appearance, race, religion, or sexual identity and
|
10
|
+
orientation.
|
11
|
+
|
12
|
+
## Our Standards
|
13
|
+
|
14
|
+
Examples of behavior that contributes to creating a positive environment
|
15
|
+
include:
|
16
|
+
|
17
|
+
* Using welcoming and inclusive language
|
18
|
+
* Being respectful of differing viewpoints and experiences
|
19
|
+
* Gracefully accepting constructive criticism
|
20
|
+
* Focusing on what is best for the community
|
21
|
+
* Showing empathy towards other community members
|
22
|
+
|
23
|
+
Examples of unacceptable behavior by participants include:
|
24
|
+
|
25
|
+
* The use of sexualized language or imagery and unwelcome sexual attention or
|
26
|
+
advances
|
27
|
+
* Trolling, insulting/derogatory comments, and personal or political attacks
|
28
|
+
* Public or private harassment
|
29
|
+
* Publishing others' private information, such as a physical or electronic
|
30
|
+
address, without explicit permission
|
31
|
+
* Other conduct which could reasonably be considered inappropriate in a
|
32
|
+
professional setting
|
33
|
+
|
34
|
+
## Our Responsibilities
|
35
|
+
|
36
|
+
Project maintainers are responsible for clarifying the standards of acceptable
|
37
|
+
behavior and are expected to take appropriate and fair corrective action in
|
38
|
+
response to any instances of unacceptable behavior.
|
39
|
+
|
40
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
41
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
42
|
+
that are not aligned to this Code of Conduct, or to ban temporarily or
|
43
|
+
permanently any contributor for other behaviors that they deem inappropriate,
|
44
|
+
threatening, offensive, or harmful.
|
45
|
+
|
46
|
+
## Scope
|
47
|
+
|
48
|
+
This Code of Conduct applies both within project spaces and in public spaces
|
49
|
+
when an individual is representing the project or its community. Examples of
|
50
|
+
representing a project or community include using an official project e-mail
|
51
|
+
address, posting via an official social media account, or acting as an appointed
|
52
|
+
representative at an online or offline event. Representation of a project may be
|
53
|
+
further defined and clarified by project maintainers.
|
54
|
+
|
55
|
+
## Enforcement
|
56
|
+
|
57
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
58
|
+
reported by contacting the project team at me@nikhgupta.com. All
|
59
|
+
complaints will be reviewed and investigated and will result in a response that
|
60
|
+
is deemed necessary and appropriate to the circumstances. The project team is
|
61
|
+
obligated to maintain confidentiality with regard to the reporter of an incident.
|
62
|
+
Further details of specific enforcement policies may be posted separately.
|
63
|
+
|
64
|
+
Project maintainers who do not follow or enforce the Code of Conduct in good
|
65
|
+
faith may face temporary or permanent repercussions as determined by other
|
66
|
+
members of the project's leadership.
|
67
|
+
|
68
|
+
## Attribution
|
69
|
+
|
70
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
|
71
|
+
available at [http://contributor-covenant.org/version/1/4][version]
|
72
|
+
|
73
|
+
[homepage]: http://contributor-covenant.org
|
74
|
+
[version]: http://contributor-covenant.org/version/1/4/
|
data/Gemfile
ADDED
@@ -0,0 +1,8 @@
|
|
1
|
+
source "https://rubygems.org"
|
2
|
+
|
3
|
+
git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
|
4
|
+
|
5
|
+
# Specify your gem's dependencies in encruby.gemspec
|
6
|
+
gemspec
|
7
|
+
gem 'simplecov', :require => false, :group => :test
|
8
|
+
gem "aruba", github: "cucumber/aruba", :group => [:test, :development]
|
data/Gemfile.lock
ADDED
@@ -0,0 +1,82 @@
|
|
1
|
+
GIT
|
2
|
+
remote: https://github.com/cucumber/aruba
|
3
|
+
revision: 7aa51fc5167b171cd8fd6b41b3f07c68c9682d66
|
4
|
+
specs:
|
5
|
+
aruba (1.0.0.pre.alpha.2)
|
6
|
+
childprocess (~> 0.7.1)
|
7
|
+
contracts (~> 0.14)
|
8
|
+
cucumber (~> 2.4, >= 2.4.0)
|
9
|
+
ffi (~> 1.9, >= 1.9.10)
|
10
|
+
rspec-expectations (~> 3.4, >= 3.4.0)
|
11
|
+
thor (~> 0.19)
|
12
|
+
|
13
|
+
PATH
|
14
|
+
remote: .
|
15
|
+
specs:
|
16
|
+
encruby (0.1.0)
|
17
|
+
|
18
|
+
GEM
|
19
|
+
remote: https://rubygems.org/
|
20
|
+
specs:
|
21
|
+
builder (3.2.3)
|
22
|
+
childprocess (0.7.1)
|
23
|
+
ffi (~> 1.0, >= 1.0.11)
|
24
|
+
coderay (1.1.2)
|
25
|
+
contracts (0.16.0)
|
26
|
+
cucumber (2.4.0)
|
27
|
+
builder (>= 2.1.2)
|
28
|
+
cucumber-core (~> 1.5.0)
|
29
|
+
cucumber-wire (~> 0.0.1)
|
30
|
+
diff-lcs (>= 1.1.3)
|
31
|
+
gherkin (~> 4.0)
|
32
|
+
multi_json (>= 1.7.5, < 2.0)
|
33
|
+
multi_test (>= 0.1.2)
|
34
|
+
cucumber-core (1.5.0)
|
35
|
+
gherkin (~> 4.0)
|
36
|
+
cucumber-wire (0.0.1)
|
37
|
+
diff-lcs (1.3)
|
38
|
+
docile (1.1.5)
|
39
|
+
ffi (1.9.18)
|
40
|
+
gherkin (4.1.3)
|
41
|
+
json (2.0.3)
|
42
|
+
method_source (0.8.2)
|
43
|
+
multi_json (1.12.2)
|
44
|
+
multi_test (0.1.2)
|
45
|
+
pry (0.11.0)
|
46
|
+
coderay (~> 1.1.0)
|
47
|
+
method_source (~> 0.8.1)
|
48
|
+
rake (10.5.0)
|
49
|
+
rspec (3.6.0)
|
50
|
+
rspec-core (~> 3.6.0)
|
51
|
+
rspec-expectations (~> 3.6.0)
|
52
|
+
rspec-mocks (~> 3.6.0)
|
53
|
+
rspec-core (3.6.0)
|
54
|
+
rspec-support (~> 3.6.0)
|
55
|
+
rspec-expectations (3.6.0)
|
56
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
57
|
+
rspec-support (~> 3.6.0)
|
58
|
+
rspec-mocks (3.6.0)
|
59
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
60
|
+
rspec-support (~> 3.6.0)
|
61
|
+
rspec-support (3.6.0)
|
62
|
+
simplecov (0.14.1)
|
63
|
+
docile (~> 1.1.0)
|
64
|
+
json (>= 1.8, < 3)
|
65
|
+
simplecov-html (~> 0.10.0)
|
66
|
+
simplecov-html (0.10.1)
|
67
|
+
thor (0.20.0)
|
68
|
+
|
69
|
+
PLATFORMS
|
70
|
+
ruby
|
71
|
+
|
72
|
+
DEPENDENCIES
|
73
|
+
aruba!
|
74
|
+
bundler (~> 1.15.4)
|
75
|
+
encruby!
|
76
|
+
pry (~> 0)
|
77
|
+
rake (~> 10.0)
|
78
|
+
rspec (~> 3.0)
|
79
|
+
simplecov
|
80
|
+
|
81
|
+
BUNDLED WITH
|
82
|
+
1.15.4
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2017 Nikhil Gupta
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
# Encruby
|
2
|
+
|
3
|
+
## TODO:
|
4
|
+
|
5
|
+
- [x] Run tests on Travis
|
6
|
+
- [ ] Update README
|
7
|
+
- [ ] Push to Rubygems
|
8
|
+
|
9
|
+
Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/encruby`. To experiment with that code, run `bin/console` for an interactive prompt.
|
10
|
+
|
11
|
+
TODO: Delete this and the text above, and describe your gem
|
12
|
+
|
13
|
+
## Installation
|
14
|
+
|
15
|
+
Add this line to your application's Gemfile:
|
16
|
+
|
17
|
+
```ruby
|
18
|
+
gem 'encruby'
|
19
|
+
```
|
20
|
+
|
21
|
+
And then execute:
|
22
|
+
|
23
|
+
$ bundle
|
24
|
+
|
25
|
+
Or install it yourself as:
|
26
|
+
|
27
|
+
$ gem install encruby
|
28
|
+
|
29
|
+
## Usage
|
30
|
+
|
31
|
+
TODO: Write usage instructions here
|
32
|
+
|
33
|
+
## Development
|
34
|
+
|
35
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
36
|
+
|
37
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
38
|
+
|
39
|
+
## Contributing
|
40
|
+
|
41
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/nikhgupta/encruby. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
42
|
+
|
43
|
+
## License
|
44
|
+
|
45
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
46
|
+
|
47
|
+
## Code of Conduct
|
48
|
+
|
49
|
+
Everyone interacting in the Encruby project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/nikhgupta/encruby/blob/master/CODE_OF_CONDUCT.md).
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "encruby"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start(__FILE__)
|
data/bin/setup
ADDED
data/encruby.gemspec
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
|
2
|
+
lib = File.expand_path("../lib", __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require "encruby/version"
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "encruby"
|
8
|
+
spec.version = Encruby::VERSION
|
9
|
+
spec.authors = ["Nikhil Gupta"]
|
10
|
+
spec.email = ["me@nikhgupta.com"]
|
11
|
+
|
12
|
+
spec.summary = %q{Encrypt/decrypt ruby source code files}
|
13
|
+
spec.description = %q{Encrypt ruby source code files and still be able to run them.}
|
14
|
+
spec.homepage = "https://github.com/nikhgupta/encruby"
|
15
|
+
spec.license = "MIT"
|
16
|
+
|
17
|
+
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
18
|
+
f.match(%r{^(test|spec|features)/})
|
19
|
+
end
|
20
|
+
spec.bindir = "exe"
|
21
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
22
|
+
spec.require_paths = ["lib"]
|
23
|
+
|
24
|
+
spec.add_development_dependency "pry", "~> 0"
|
25
|
+
spec.add_development_dependency "bundler", "~> 1.15"
|
26
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
27
|
+
spec.add_development_dependency "rspec", "~> 3.0"
|
28
|
+
end
|
data/exe/encruby
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "thor"
|
4
|
+
require "encruby"
|
5
|
+
require "encruby/cli"
|
6
|
+
|
7
|
+
begin
|
8
|
+
Encruby::CLI.start ARGV
|
9
|
+
rescue Encruby::Error => e
|
10
|
+
STDERR.puts "\x1b[31m[ERROR]: #{e.message}\x1b[0m"
|
11
|
+
exit 1
|
12
|
+
# rescue StandardError => e
|
13
|
+
# STDERR.puts "\x1b[31m[FATAL]: #{e.message}\x1b[0m"
|
14
|
+
# exit 2
|
15
|
+
end
|
data/lib/encruby.rb
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
require "base64"
|
2
|
+
require "open3"
|
3
|
+
require "openssl"
|
4
|
+
require "pathname"
|
5
|
+
|
6
|
+
require "encruby/version"
|
7
|
+
require "encruby/message"
|
8
|
+
require "encruby/file"
|
9
|
+
|
10
|
+
module Encruby
|
11
|
+
class Error < StandardError; end
|
12
|
+
|
13
|
+
def self.root
|
14
|
+
Pathname.new(__FILE__).dirname.dirname
|
15
|
+
end
|
16
|
+
|
17
|
+
def self.bin_path
|
18
|
+
exes = ENV['PATH'].split(":").map do |p|
|
19
|
+
path = Pathname.new(p).join(self.class.name.downcase)
|
20
|
+
path if path.executable?
|
21
|
+
end.compact
|
22
|
+
exes.any? ? exes.min : Encruby.root.join("exe", "encruby")
|
23
|
+
end
|
24
|
+
|
25
|
+
def self.shebang
|
26
|
+
"#!#{bin_path} exec --verify"
|
27
|
+
end
|
28
|
+
end
|
data/lib/encruby/cli.rb
ADDED
@@ -0,0 +1,58 @@
|
|
1
|
+
module Encruby
|
2
|
+
class CLI < Thor
|
3
|
+
|
4
|
+
desc "encrypt FILE", "Encrypt a ruby source code."
|
5
|
+
method_option :identity_file, aliases: "-i", type: :string, required: true
|
6
|
+
method_option :replace, aliases: "-r", type: :boolean, default: false
|
7
|
+
def encrypt(path)
|
8
|
+
opts = options.dup.merge(save: true)
|
9
|
+
key = opts.delete(:identity_file)
|
10
|
+
response = Encruby::File.new(path, key, opts).encrypt
|
11
|
+
say_status "Success", "Done!", :green
|
12
|
+
say_status "Digest", response[:signature], :cyan
|
13
|
+
end
|
14
|
+
|
15
|
+
desc "decrypt FILE", "Decrypt a ruby source code."
|
16
|
+
method_option :identity_file, aliases: "-i", type: :string, required: true
|
17
|
+
method_option :verify, type: :boolean, default: true
|
18
|
+
method_option :signature, aliases: "-s", type: :string, default: nil
|
19
|
+
method_option :replace, aliases: "-r", type: :boolean, default: false
|
20
|
+
def decrypt(path)
|
21
|
+
hash = options[:signaturee]
|
22
|
+
if !hash && options[:verify]
|
23
|
+
hash = "Please, provide signature for this file! [Enter to skip verification]:"
|
24
|
+
hash = ask(hash).strip
|
25
|
+
hash = nil if hash.empty?
|
26
|
+
end
|
27
|
+
|
28
|
+
opts = options.dup.merge(signature: hash, save: true)
|
29
|
+
key = opts.delete(:identity_file)
|
30
|
+
response = Encruby::File.new(path, key, opts).decrypt
|
31
|
+
say_status "Success", "Done!", :green
|
32
|
+
say_status "Digest", response[:signature], :cyan
|
33
|
+
end
|
34
|
+
|
35
|
+
desc "exec FILE", "Run an decrypted ruby source code."
|
36
|
+
method_option :verify, type: :boolean, default: true
|
37
|
+
method_option :signature, aliases: "-s", type: :string, default: nil
|
38
|
+
method_option :identity_file, aliases: "-i", type: :string, required: true
|
39
|
+
def exec(path)
|
40
|
+
hash = options[:signature]
|
41
|
+
if !hash && options[:verify]
|
42
|
+
hash = "Please, provide signature for this file! [Enter to skip verification]:"
|
43
|
+
hash = ask(hash).strip
|
44
|
+
hash = nil if hash.empty?
|
45
|
+
end
|
46
|
+
|
47
|
+
opts = options.dup.merge(signature: hash, save: true)
|
48
|
+
key = opts.delete(:identity_file)
|
49
|
+
response = Encruby::File.new(path, key, opts).decrypt
|
50
|
+
path = response[:path]
|
51
|
+
|
52
|
+
command = response[:path]
|
53
|
+
command = "ruby #{command}" unless response[:path].readlines[0] =~ /^#\!/
|
54
|
+
command = "#{command}; rm -f #{response[:path]}"
|
55
|
+
Kernel.exec(command.to_s)
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
data/lib/encruby/file.rb
ADDED
@@ -0,0 +1,72 @@
|
|
1
|
+
module Encruby
|
2
|
+
class File
|
3
|
+
attr_accessor :path
|
4
|
+
|
5
|
+
def initialize(path, key, options = {})
|
6
|
+
@options, @path = options, Pathname.new(path.to_s)
|
7
|
+
@options[:save] ||= @options[:replace]
|
8
|
+
|
9
|
+
case
|
10
|
+
when !@path.readable?
|
11
|
+
raise Encruby::Error, "Unable to read file: #{path}"
|
12
|
+
when !@path.file?
|
13
|
+
raise Encruby::Error, "Must be a file: #{path}"
|
14
|
+
end
|
15
|
+
|
16
|
+
@crypto = Encruby::Message.new(key)
|
17
|
+
end
|
18
|
+
|
19
|
+
def save_converted(type: :encrypt, content: nil)
|
20
|
+
if @options[:replace]
|
21
|
+
path = @path
|
22
|
+
else
|
23
|
+
extension = type == :encrypt ? ".enc" : ".dec"
|
24
|
+
path = @path.basename('.*').to_s + extension + @path.extname.to_s
|
25
|
+
path = @path.dirname.join(path)
|
26
|
+
end
|
27
|
+
path.open("w"){|f| f.puts content}
|
28
|
+
path.chmod(@path.stat.mode)
|
29
|
+
path.chown(@path.stat.uid, @path.stat.gid)
|
30
|
+
path
|
31
|
+
end
|
32
|
+
|
33
|
+
def encrypt
|
34
|
+
content = extract_meta(@path.read)
|
35
|
+
data = content[:shebang].to_s + content[:code]
|
36
|
+
response = @crypto.encrypt(data)
|
37
|
+
encrypted, hmac = response[:content], response[:signature]
|
38
|
+
shebang = "#{Encruby.shebang}\n" if content[:shebang]
|
39
|
+
|
40
|
+
content = "#{shebang}#{content[:comments]}\n__END__\n#{encrypted}"
|
41
|
+
path = save_converted(type: :encrypt, content: content) if @options[:save]
|
42
|
+
{ signature: hmac, content: content, path: path }
|
43
|
+
end
|
44
|
+
|
45
|
+
def decrypt
|
46
|
+
content = extract_meta(@path.read)
|
47
|
+
unless content[:code] && data = content[:code].split(/^__END__\s*\n/)[1]
|
48
|
+
raise Error, "No encrypted content found. You sure this file has been encrypted?"
|
49
|
+
end
|
50
|
+
|
51
|
+
hash = @options[:signature] if @options[:verify]
|
52
|
+
response = @crypto.decrypt(data, hash: hash)
|
53
|
+
decrypted, hmac = response[:content], response[:signature]
|
54
|
+
shebang = decrypted.lines[0] if decrypted.lines[0] =~ /^#\!/
|
55
|
+
decrypted = decrypted.lines[1..-1].join if shebang
|
56
|
+
|
57
|
+
content = "#{shebang}#{content[:comments]}#{decrypted}"
|
58
|
+
path = save_converted(type: :decrypt, content: content) if @options[:save]
|
59
|
+
{ signature: hmac, content: content, path: path }
|
60
|
+
end
|
61
|
+
|
62
|
+
private
|
63
|
+
|
64
|
+
def extract_meta(content)
|
65
|
+
shebang = content.lines[0] if content =~ /^#\!/
|
66
|
+
code = content.scan(/^\s+[^\s|#].*/m)[0]
|
67
|
+
comments = content.gsub(/^\s+[^\s|#].*/m, '')
|
68
|
+
comments = comments.gsub(shebang, '') if shebang
|
69
|
+
{ shebang: shebang, comments: comments, code: code }
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
@@ -0,0 +1,98 @@
|
|
1
|
+
module Encruby
|
2
|
+
class Message
|
3
|
+
AES_MODE = :CBC
|
4
|
+
|
5
|
+
attr_accessor :key
|
6
|
+
|
7
|
+
def initialize(key)
|
8
|
+
self.key = key
|
9
|
+
@cipher = OpenSSL::Cipher::AES256.new(AES_MODE)
|
10
|
+
end
|
11
|
+
|
12
|
+
def key=(key)
|
13
|
+
key = Pathname.new(key.to_s)
|
14
|
+
if !key.readable? || key.read.strip.empty?
|
15
|
+
raise Error, "Unreadable RSA public/private key!"
|
16
|
+
end
|
17
|
+
@rsa = OpenSSL::PKey::RSA.new(key.read)
|
18
|
+
end
|
19
|
+
|
20
|
+
def with_key(key)
|
21
|
+
self.key = key
|
22
|
+
self
|
23
|
+
end
|
24
|
+
|
25
|
+
def hmac_signature(content)
|
26
|
+
OpenSSL::HMAC.hexdigest('sha256', @rsa.public_key.to_s, content)
|
27
|
+
end
|
28
|
+
|
29
|
+
# 1. Generate random AES key to encrypt message
|
30
|
+
# 2. Use Public Key from the Private key to encrypt AES Key
|
31
|
+
# 3. Prepend encrypted AES key to the encrypted message
|
32
|
+
#
|
33
|
+
# Output message format will look like the following:
|
34
|
+
#
|
35
|
+
# {RSA Encrypted AES Key}{RSA Encrypted IV}{AES Encrypted Message}
|
36
|
+
def encrypt(message)
|
37
|
+
raise Error, "data must not be empty" if message.to_s.strip.empty?
|
38
|
+
# 1
|
39
|
+
@cipher.reset
|
40
|
+
@cipher.encrypt
|
41
|
+
aes_key = @cipher.random_key
|
42
|
+
aes_iv = @cipher.random_iv
|
43
|
+
encrypted = @cipher.update(message) + @cipher.final
|
44
|
+
|
45
|
+
# 2
|
46
|
+
rsa_encrypted_aes_key = @rsa.public_encrypt(aes_key)
|
47
|
+
rsa_encrypted_aes_iv = @rsa.public_encrypt(aes_iv)
|
48
|
+
|
49
|
+
# 3
|
50
|
+
content = rsa_encrypted_aes_key + rsa_encrypted_aes_iv + encrypted
|
51
|
+
|
52
|
+
# 4
|
53
|
+
hmac = hmac_signature(content)
|
54
|
+
content = Base64.encode64(hmac + content)
|
55
|
+
|
56
|
+
{ signature: hmac, content: content }
|
57
|
+
rescue OpenSSL::OpenSSLError => e
|
58
|
+
raise Error.new(e.message)
|
59
|
+
end
|
60
|
+
|
61
|
+
# 0. Base64 decode the encrypted message
|
62
|
+
# 1. Split the string in to the AES key and the encrypted message
|
63
|
+
# 2. Decrypt the AES key using the private key
|
64
|
+
# 3. Decrypt the message using the AES key
|
65
|
+
def decrypt(message, hash: nil)
|
66
|
+
# 0
|
67
|
+
message = Base64.decode64(message)
|
68
|
+
hmac = message[0..63] # 64 bits of hmac signature
|
69
|
+
|
70
|
+
case
|
71
|
+
when hash && hmac != hash
|
72
|
+
raise Error, "Provided hash mismatch for encrypted file!"
|
73
|
+
when hmac != hmac_signature(message[64..-1])
|
74
|
+
raise Error, "HMAC signature mismatch for encrypted file!"
|
75
|
+
end
|
76
|
+
|
77
|
+
# 1
|
78
|
+
rsa_encrypted_aes_key = message[64..319] # next 256 bits
|
79
|
+
rsa_encrypted_aes_iv = message[320..575] # next 256 bits
|
80
|
+
aes_encrypted_message = message[576..-1]
|
81
|
+
|
82
|
+
# 2
|
83
|
+
aes_key = @rsa.private_decrypt rsa_encrypted_aes_key
|
84
|
+
aes_iv = @rsa.private_decrypt rsa_encrypted_aes_iv
|
85
|
+
|
86
|
+
# 3
|
87
|
+
@cipher.reset
|
88
|
+
@cipher.decrypt
|
89
|
+
@cipher.key = aes_key
|
90
|
+
@cipher.iv = aes_iv
|
91
|
+
content = @cipher.update(aes_encrypted_message) + @cipher.final
|
92
|
+
|
93
|
+
{ signature: hmac, content: content }
|
94
|
+
rescue OpenSSL::OpenSSLError => e
|
95
|
+
raise Error.new(e.message)
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
metadata
ADDED
@@ -0,0 +1,120 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: encruby
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Nikhil Gupta
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-09-26 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: pry
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bundler
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.15'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.15'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '10.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '10.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rspec
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '3.0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '3.0'
|
69
|
+
description: Encrypt ruby source code files and still be able to run them.
|
70
|
+
email:
|
71
|
+
- me@nikhgupta.com
|
72
|
+
executables:
|
73
|
+
- encruby
|
74
|
+
extensions: []
|
75
|
+
extra_rdoc_files: []
|
76
|
+
files:
|
77
|
+
- ".gitignore"
|
78
|
+
- ".rspec"
|
79
|
+
- ".simplecov"
|
80
|
+
- ".travis.yml"
|
81
|
+
- CODE_OF_CONDUCT.md
|
82
|
+
- Gemfile
|
83
|
+
- Gemfile.lock
|
84
|
+
- LICENSE.txt
|
85
|
+
- README.md
|
86
|
+
- Rakefile
|
87
|
+
- bin/console
|
88
|
+
- bin/setup
|
89
|
+
- encruby.gemspec
|
90
|
+
- exe/encruby
|
91
|
+
- lib/encruby.rb
|
92
|
+
- lib/encruby/cli.rb
|
93
|
+
- lib/encruby/file.rb
|
94
|
+
- lib/encruby/message.rb
|
95
|
+
- lib/encruby/version.rb
|
96
|
+
homepage: https://github.com/nikhgupta/encruby
|
97
|
+
licenses:
|
98
|
+
- MIT
|
99
|
+
metadata: {}
|
100
|
+
post_install_message:
|
101
|
+
rdoc_options: []
|
102
|
+
require_paths:
|
103
|
+
- lib
|
104
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
105
|
+
requirements:
|
106
|
+
- - ">="
|
107
|
+
- !ruby/object:Gem::Version
|
108
|
+
version: '0'
|
109
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
110
|
+
requirements:
|
111
|
+
- - ">="
|
112
|
+
- !ruby/object:Gem::Version
|
113
|
+
version: '0'
|
114
|
+
requirements: []
|
115
|
+
rubyforge_project:
|
116
|
+
rubygems_version: 2.6.10
|
117
|
+
signing_key:
|
118
|
+
specification_version: 4
|
119
|
+
summary: Encrypt/decrypt ruby source code files
|
120
|
+
test_files: []
|