filesafe 3.1.1 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.txt +5 -4
- data/Rakefile +0 -1
- data/VERSION.txt +1 -1
- data/lib/filesafe.rb +11 -18
- data/test/test_module.rb +2 -2
- metadata +3 -23
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fbd8143f1cce52446d419c1377bdebd9f16b2aa2
|
|
4
|
+
data.tar.gz: 9b2468eeb47038e33f79d94b0fbf5f32574ff4d6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 14e7e4b61e5edd986e5ebf293391509a5606738ab49e413e0aee5c1d95b2ccbf4f0b857386f77aeb3032f387b6a0810bf7d50460309bf2aee2bf6060be0ea1f2
|
|
7
|
+
data.tar.gz: 1d7d1bc7fe399d51b7c341db64c664ad3945c273aae9c5e7ffa9fb4beb6d2f2e3016d34a11d1a7ff7a898f57cbdf315e65ea2994d9d3ff10648edb8ed9767a8c
|
data/README.txt
CHANGED
|
@@ -15,8 +15,10 @@ passphrase. The method used should be reasonably secure for the uses I
|
|
|
15
15
|
required. I have NOT adapted the script (yet) for non-POSIX
|
|
16
16
|
environments (Windows) however.
|
|
17
17
|
|
|
18
|
-
This script was written and tested using Ruby 1.9.x.
|
|
19
|
-
|
|
18
|
+
This script was originally written and tested using Ruby 1.9.x. HOWEVER
|
|
19
|
+
it may no longer be compatible with older versions. The author uses it
|
|
20
|
+
with Ruby version 2.4.3 on a FreeBSD 11.1 system. No attempts to
|
|
21
|
+
adapt or test it on any other Ruby versions have been made.
|
|
20
22
|
|
|
21
23
|
ENCRYPTED FILE FORMAT
|
|
22
24
|
|
|
@@ -109,12 +111,11 @@ This script is licensed under an MIT-style license. See the LICENSE.txt file.
|
|
|
109
111
|
REQUIREMENTS
|
|
110
112
|
|
|
111
113
|
This script requires or relies on:
|
|
112
|
-
openssl -- encryption/HMAC/hash algorithms
|
|
114
|
+
openssl -- encryption/HMAC/hash/PBKDF2 algorithms
|
|
113
115
|
securerandom -- cryptographically secure random data
|
|
114
116
|
tempfile -- for temporary file creation
|
|
115
117
|
|
|
116
118
|
It uses the following gems:
|
|
117
|
-
pbkdf2-ruby -- for the password-based key derivitive function PBKDF2
|
|
118
119
|
highline -- for reading a password/passphrase from a terminal
|
|
119
120
|
|
|
120
121
|
|
data/Rakefile
CHANGED
data/VERSION.txt
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
4.0.0
|
data/lib/filesafe.rb
CHANGED
|
@@ -32,9 +32,8 @@
|
|
|
32
32
|
# FileSafe module has four module methods, two for file encryption/decryption,
|
|
33
33
|
# one for passphrase hashing, and one for reading a passphrase from a terminal.
|
|
34
34
|
module FileSafe
|
|
35
|
-
require 'openssl' ## Encryption/HMAC/Hash algorithms
|
|
35
|
+
require 'openssl' ## Encryption/HMAC/Hash/PBKDF2 algorithms
|
|
36
36
|
require 'securerandom' ## Cryptographically secure source of random data
|
|
37
|
-
require 'pbkdf2' ## PBKDF2 algorithm for key material generation
|
|
38
37
|
require 'highline' ## For reading a passphrase from a terminal
|
|
39
38
|
require 'tempfile' ## Temporary file creation
|
|
40
39
|
|
|
@@ -59,10 +58,10 @@ module FileSafe
|
|
|
59
58
|
SALT_LEN = KEY_LEN + IV_LEN
|
|
60
59
|
|
|
61
60
|
# Default hash function to use for HMAC (SHA-512 by default):
|
|
62
|
-
HMAC_FUNC = 'sha512'
|
|
61
|
+
HMAC_FUNC = OpenSSL::Digest.new('sha512')
|
|
63
62
|
|
|
64
63
|
# Default HMAC size/length (512 bits/64 bytes for HMAC-SHA-512):
|
|
65
|
-
HMAC_LEN =
|
|
64
|
+
HMAC_LEN = HMAC_FUNC.digest_length
|
|
66
65
|
|
|
67
66
|
# Default ciphertext file header size (key + IV + salt + HMAC = 1280 bits/160 bytes by default)
|
|
68
67
|
HEADER_LEN = KEY_LEN + IV_LEN + SALT_LEN + HMAC_LEN
|
|
@@ -268,13 +267,7 @@ module FileSafe
|
|
|
268
267
|
## Extract and decrypt the encrypted file key + IV.
|
|
269
268
|
## First, regenerate the password-based key material that encrypts the
|
|
270
269
|
## file key + IV:
|
|
271
|
-
keymaterial =
|
|
272
|
-
p.hash_function = HMAC_FUNC
|
|
273
|
-
p.password = passphrase
|
|
274
|
-
p.salt = salt
|
|
275
|
-
p.iterations = ITERATIONS
|
|
276
|
-
p.key_length = KEY_LEN + IV_LEN
|
|
277
|
-
end.bin_string
|
|
270
|
+
keymaterial = pbkdf2(passphrase, salt, KEY_LEN + IV_LEN)
|
|
278
271
|
cipher = OpenSSL::Cipher.new(CIPHER)
|
|
279
272
|
cipher.decrypt
|
|
280
273
|
cipher.padding = 0 ## No padding is required for this operation
|
|
@@ -336,13 +329,13 @@ module FileSafe
|
|
|
336
329
|
# Execute PBKDF2 to generate the specified number of bytes of
|
|
337
330
|
# pseudo-random key material.
|
|
338
331
|
def self.pbkdf2(passphrase, salt, len)
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
332
|
+
OpenSSL::PKCS5.pbkdf2_hmac(
|
|
333
|
+
passphrase,
|
|
334
|
+
salt,
|
|
335
|
+
ITERATIONS,
|
|
336
|
+
len,
|
|
337
|
+
OpenSSL::Digest.new(HMAC_FUNC)
|
|
338
|
+
)
|
|
346
339
|
end
|
|
347
340
|
|
|
348
341
|
end
|
data/test/test_module.rb
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
# encoding: ASCII-8BIT
|
|
3
3
|
|
|
4
4
|
require 'test/unit'
|
|
5
|
-
require '
|
|
5
|
+
require 'openssl'
|
|
6
6
|
require_relative '../lib/filesafe.rb'
|
|
7
7
|
|
|
8
8
|
class FileSafeModuleTest < Test::Unit::TestCase
|
|
@@ -52,7 +52,7 @@ class FileSafeModuleTest < Test::Unit::TestCase
|
|
|
52
52
|
goal = [goal].pack('H*')
|
|
53
53
|
assert(FileSafe::HMAC_LEN == goal.bytesize, "Module HMAC length has changed since test was created. (Expected #{goal.bytesize} bytes, length is now #{FileSafe::HMAC_LEN} bytes.)")
|
|
54
54
|
assert(FileSafe::ITERATIONS == 16384, "Module ITERATIONS has changed. (Expected 16384 iterations, currently set to #{FileSafe::ITERATIONS} iterations.)")
|
|
55
|
-
assert(FileSafe::HMAC_FUNC == 'sha512', "Module HMAC_FUNC has changed. (Expected 'sha512' hash function for HMAC, instead of '#{FileSafe::HMAC_FUNC}' instead.)")
|
|
55
|
+
assert(FileSafe::HMAC_FUNC == OpenSSL::Digest.new('sha512'), "Module HMAC_FUNC has changed. (Expected 'sha512' hash digest function for HMAC, instead of '#{FileSafe::HMAC_FUNC}' instead.)")
|
|
56
56
|
hash = FileSafe.pbkdf2(pass, salt, FileSafe::HMAC_LEN)
|
|
57
57
|
assert(hash == goal, "PBKDF2 output does NOT match expected value.")
|
|
58
58
|
end
|
metadata
CHANGED
|
@@ -1,35 +1,15 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: filesafe
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 4.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Aaron D. Gifford
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-02-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
|
-
- !ruby/object:Gem::Dependency
|
|
14
|
-
name: pbkdf2-ruby
|
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
|
16
|
-
requirements:
|
|
17
|
-
- - "~>"
|
|
18
|
-
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0.2'
|
|
20
|
-
- - ">="
|
|
21
|
-
- !ruby/object:Gem::Version
|
|
22
|
-
version: 0.2.0
|
|
23
|
-
type: :runtime
|
|
24
|
-
prerelease: false
|
|
25
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
26
|
-
requirements:
|
|
27
|
-
- - "~>"
|
|
28
|
-
- !ruby/object:Gem::Version
|
|
29
|
-
version: '0.2'
|
|
30
|
-
- - ">="
|
|
31
|
-
- !ruby/object:Gem::Version
|
|
32
|
-
version: 0.2.0
|
|
33
13
|
- !ruby/object:Gem::Dependency
|
|
34
14
|
name: highline
|
|
35
15
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -89,7 +69,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
89
69
|
version: '0'
|
|
90
70
|
requirements: []
|
|
91
71
|
rubyforge_project:
|
|
92
|
-
rubygems_version: 2.6.
|
|
72
|
+
rubygems_version: 2.6.14
|
|
93
73
|
signing_key:
|
|
94
74
|
specification_version: 4
|
|
95
75
|
summary: Encrypt/decrypt files with a random 256-bit AES key secured by a passphrase
|