enmail 0.1.0

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.4.1
+before_install: gem install bundler -v 1.14.6

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at ronald.tse@ribose.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in enmail.gemspec
+gemspec

data/README.md

@@ -0,0 +1,115 @@
+# EnMail
+
+[![Build
+Status](https://travis-ci.org/riboseinc/enmail.svg?branch=master)](https://travis-ci.org/riboseinc/enmail)
+
+EnMail (Encrypted mail) helps the Ruby mail gem send secure encrypted messages.
+
+The two ways for secure mail are:
+* OpenPGP
+* S/MIME
+
+This gem allows you to select different OpenPGP implementations
+including NetPGP and GnuPG as different OpenPGP adapters, and also
+S/MIME.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem "enmail"
+```
+
+And then execute:
+
+```sh
+bundle install
+```
+
+Or install it yourself as:
+
+```sh
+gem install enmail
+```
+
+## Configure
+
+The `EnMail` gem provides a very easier interface to set custom configurations
+or configure the underlying dependencies, we can configure it by adding an
+initializer with the following code
+
+```ruby
+EnMail.configure do |config|
+  config.sign_message = true
+  config.smime_adapter = :openssl
+  config.secret_key = "Secret Key String"
+
+  config.certificates_path = "CERTIFICATES_ROOT_PAH"
+end
+```
+
+Or
+
+```ruby
+EnMail.configuration.certificates_path = "CERTIFICATES_ROOT_PAH"
+```
+
+## Usage
+
+```sh
+bin/console
+```
+
+## Development
+
+We are following Sandi Metz's Rules for this gem, you can read the
+[description of the rules here][sandimetz]. All new code should follow these
+rules. If you make changes in a pre-existing file that violates these rules you
+should fix the violations as part of your contribution.
+
+### Setup
+
+Clone the repository.
+
+```sh
+git clone https://github.com/riboseinc/enmail
+```
+
+Setup your environment.
+
+```sh
+bin/setup
+```
+
+Run the test suite
+
+```sh
+bin/rspec
+```
+
+## Contributing
+
+First, thank you for contributing! We love pull requests from everyone. By
+participating in this project, you hereby grant [Ribose Inc.][ribose] the
+right to grant or transfer an unlimited number of non exclusive licenses or
+sub-licenses to third parties, under the copyright covering the contribution
+to use the contribution by all means.
+
+Here are a few technical guidelines to follow:
+
+1. Open an [issue][issues] to discuss a new feature.
+1. Write tests to support your new feature.
+1. Make sure the entire test suite passes locally and on CI.
+1. Open a Pull Request.
+1. [Squash your commits][squash] after receiving feedback.
+1. Party!
+
+## Credits
+
+This gem is developed, maintained and funded by [Ribose Inc.][ribose]
+
+[ribose]: https://www.ribose.com
+[issues]: https://github.com/abunashir/enmail/issues
+[squash]: https://github.com/thoughtbot/guides/tree/master/protocol/git#write-a-feature
+[sandimetz]: http://robots.thoughtbot.com/post/50655960596/sandi-metz-rules-for-developers

data/REQUIREMENTS.md

@@ -0,0 +1,214 @@
+# Ruby mail extension for sending/receiving secure mail
+
+[//]: # (TODO: JL add interceptor)
+
+OpenPGP [RFC 4880] and S/MIME [RFC 5751] are two methods for secure mail
+delivery today.
+
+Currently there is no existing mail gem extension (Ruby Gem) that allows
+switching between the methods and are usually not well structured.
+
+This work is to complete implementation of the mail-secure gem by
+leveraging existing OpenPGP and S/MIME mail extension code to allow
+secure email sending via either standard (or a combination of both).
+
+The mail-secure gem uses the concept of "adapters" to support different
+underlying libraries.
+
+* For OpenPGP, there are two existing implementations: GnuPG and NetPGP.
+* For S/MIME, the default Ruby OpenSSL implementation should be used.
+
+
+## Implementations to support:
+
+* OpenPGP
+  * NetPGP
+  * GnuPG
+* S/MIME
+  * OpenSSL
+
+This gem allows you to select different OpenPGP implementations
+including NetPGP and GnuPG as different OpenPGP adapters, and also
+S/MIME.
+
+## References and notes
+
+* <https://github.com/jkraemer/mail-gpg>
+* <https://github.com/bluerail/mr_smime>
+
+The `mail-gpg` gem hacks the default `mail` gem Deliverer to ensure the
+OpenPGP encryption/signing step is done at the last. This is extremely
+dirty and fragile.
+
+The `mr_smime` gem uses an interceptor hook (supplied by the `mail` gem)
+to encrypt/sign the email. The catch is the `mail` gem supports
+multiple interceptors (like Rack middlewares) so there is no guarantee
+that it is the last interceptor.
+
+A better approach is to use the interceptor pattern, and hack the
+interceptor methods in `mail` to force a particular interceptor (the one
+to implement) to be at the very end.
+
+Technically, this resulting implementation could allow usage of OpenPGP
+to sign/encrypt a message, then use S/MIME to sign (and/or encrypt) the
+OpenPGP-encoded message at the same time.
+
+
+## OpenPGP Example code
+
+```ruby
+message = Mail.new
+message.decrypt
+
+signed_mail    = message.sign(key)
+encrypted_mail = message.encrypt(identity)
+
+signed_email.signature_valid? # => true, false
+signed_email.secure?          # => true, false
+signed_email.pgp              # => :inline, :mime, nil
+signed_email.pgp?             # => true, false
+signed_email.pgp_inline?      # => true, false
+signed_email.pgp_mime?        # => true, false
+encrypted_email.secure        # => "OpenPGP RFC 4880", nil
+encrypted_email.secure?       # => true, false
+signed_email.smime?           # => true, false
+
+Mail::Secure::OpenPGP.signature_valid?(signed_email) # => true, false
+```
+
+## OpenPGP Configuration
+
+```ruby
+Mail::Secure.configuration = {
+  method:         :openpgp,
+  implementation: :netpgp, # :gpgme
+
+  # Specify PGP key in 3 ways.
+  # Only providing the key:
+  key:     "ASCII-ARMORED-PGP-KEY",
+  key:     "non-armored-raw-bytes-pgp-key",
+  # or:
+  key_id:  "key-id",
+  keyring: "/Users/whoami/keyring-location",
+  # or infer "keyring" from GNUPGHOME:
+  key_id:  "key-id",
+}
+
+```
+
+### Sample mail object
+
+```ruby
+Mail.new do
+  to       'jane@doe.net'
+  from     'john@doe.net'
+  subject  'gpg test'
+  body     "encrypt me!"
+  add_file "some_attachment.zip"
+
+  # Using default :method configuration:
+  secure encrypt: true, encrypt_for: Key.find("mike@kite.com")
+
+  # #secure's first argument is optional: :openpgp | :smime
+  # If missing, then use the default configuration.
+  secure :openpgp, encrypt: true, encrypt_for: Key.find("mike@kite.com")
+  secure :smime,   encrypt: true, encrypt_for: Key.find("mike@kite.com")
+
+  # #secure as a long-hand:
+  secure :openpgp, sign: true
+  secure :openpgp, encrypt: true, encrypt_for: PrivateKey.find("myself")
+  secure :openpgp, sign: true, sign_as: PrivateKey.find("myself")
+  secure :openpgp, encrypt: true
+  secure :openpgp, encrypt: true, passphrase: "secret"
+  secure :openpgp, encrypt: true, passphrase_callback: ->(...) {}
+
+  # #openpgp or #smime as short-hand:
+  smime sign: true
+  smime encrypt: true, encrypt_for: PrivateKey.find("myself")
+  smime sign: true, sign_as: PrivateKey.find("myself")
+  openpgp encrypt: true
+  openpgp encrypt: true, passphrase: "secret"
+  openpgp encrypt: true, passphrase_callback: ->(...) {}
+
+  # encrypt and sign message with sender's private key, using the given
+  # passphrase to decrypt the key
+  openpgp encrypt: true, sign: true, password: 'secret'
+
+  # encrypt and sign message using a different key
+  openpgp encrypt: true, sign_as: 'joe@otherdomain.com', password: 'secret'
+
+
+  # encrypt and sign message and use a callback function to provide the
+  # passphrase.
+  openpgp encrypt: true, sign_as: 'joe@otherdomain.com',
+    passphrase_callback: ->(obj, uid_hint, passphrase_info, prev_was_bad, fd) {
+      puts "Enter passphrase for #{passphrase_info}: "
+      (IO.for_fd(fd, 'w') << readline.chomp).flush
+    }
+end.deliver
+
+```
+
+#### Encrypt mail using OpenPGP public key directly
+
+```ruby
+johns_key = <<-END
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG vX.X.XX (GNU/Linux)
+
+mQGiBEk39msRBADw1ExmrLD1OUMdfvA7cnVVYTC7CyqfNvHUVuuBDhV7azs
+....
+END
+
+Mail.new do
+  to 'john@foo.bar'
+  gpg encrypt: true, keys: { 'john@foo.bar' => johns_key }
+end
+
+```
+
+### Decrypting mail using passphrase
+
+```ruby
+
+mail = Mail.first
+mail.subject # subject is never encrypted
+if mail.encrypted?
+  # decrypt using your private key, protected by the given passphrase
+  plaintext_mail = mail.decrypt(password: 'abc')
+  # the plaintext_mail, is a full Mail::Message object, just decrypted
+end
+
+```
+
+### Signing mail (simplest case)
+
+```ruby
+
+
+Mail.new do
+  to 'jane@doe.net'
+  gpg sign: true
+end.deliver
+
+```
+
+### Verifying signature
+
+```ruby
+
+mail = Mail.first
+if !mail.encrypted? && mail.signed?
+  verified = mail.verify
+  puts "signature(s) valid: #{verified.signature_valid?}"
+  puts "message signed by: #{verified.signatures.map{|sig|sig.from}.join("\n")}"
+end
+
+
+if mail.encrypted?
+  decrypted = mail.decrypt(verify: true, password: 's3cr3t')
+  puts "signature(s) valid: #{decrypted.signature_valid?}"
+  puts "message signed by: #{decrypted.signatures.map{|sig|sig.from}.join("\n")}"
+end
+
+```

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "enmail"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+require "pry"
+Pry.start

data/bin/rspec

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+#
+# This file was generated by Bundler.
+#
+# The application 'rspec' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||=
+  File.expand_path("../../Gemfile", Pathname.new(__FILE__).realpath)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rspec-core", "rspec")