filesafe 2.0.1 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.txt +0 -8
- data/VERSION.txt +1 -1
- data/bin/filesafe +1 -0
- data/lib/filesafe.rb +6 -3
- data/test/test_cli.rb +1 -0
- data/test/test_decrypt.rb +1 -0
- data/test/test_module.rb +9 -4
- metadata +41 -63
- data/test/bar +0 -1
data/README.txt
CHANGED
|
@@ -132,11 +132,3 @@ Please report bugs by going to the author's web site and clicking on the
|
|
|
132
132
|
|
|
133
133
|
* http://www.aarongifford.com/leaveanote.html
|
|
134
134
|
|
|
135
|
-
I am debating as to whether I should replace the HMAC in the file header
|
|
136
|
-
with a PBKDF2 function, perhaps PBKDF2(passphrase, iterations, HMAC)
|
|
137
|
-
so as to make dictionary attacks against passwords much more difficult.
|
|
138
|
-
It would result in a slight file format change, so I'd have to bump up
|
|
139
|
-
the version, and perhaps provide a fallback to the old method if a
|
|
140
|
-
passphrase doesn't seem to match a ciphertext file's stored PBKDF2
|
|
141
|
-
result.
|
|
142
|
-
|
data/VERSION.txt
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
3.0.0
|
data/bin/filesafe
CHANGED
data/lib/filesafe.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
|
+
# encoding: ASCII-8BIT
|
|
2
3
|
#
|
|
3
4
|
# FileSafe - http://www.aarongifford.com/computers/filesafe/
|
|
4
5
|
#
|
|
@@ -66,8 +67,8 @@ module FileSafe
|
|
|
66
67
|
# Default ciphertext file header size (key + IV + salt + HMAC = 1280 bits/160 bytes by default)
|
|
67
68
|
HEADER_LEN = KEY_LEN + IV_LEN + SALT_LEN + HMAC_LEN
|
|
68
69
|
|
|
69
|
-
# Number of iterations to use in PBKDF2 (
|
|
70
|
-
ITERATIONS =
|
|
70
|
+
# Number of iterations to use in PBKDF2 (16384 by default):
|
|
71
|
+
ITERATIONS = 16384
|
|
71
72
|
|
|
72
73
|
# Number of bytes to read from plaintext/ciphertext files at a time (64KB by default):
|
|
73
74
|
FILE_CHUNK_LEN = 65536
|
|
@@ -230,6 +231,7 @@ module FileSafe
|
|
|
230
231
|
fsize = File.size(file)
|
|
231
232
|
raise "File is not in valid encrypted format: #{file.inspect}" unless fsize > HEADER_LEN && (fsize - HEADER_LEN) % BLOCK_LEN == 0
|
|
232
233
|
salt = encrypted_file_key = encrypted_file_iv = nil
|
|
234
|
+
interactive = passphrase.nil?
|
|
233
235
|
loop do
|
|
234
236
|
passphrase = getphrase if passphrase.nil?
|
|
235
237
|
fp = File.open(file, File::RDONLY)
|
|
@@ -247,6 +249,7 @@ module FileSafe
|
|
|
247
249
|
end
|
|
248
250
|
fp.close
|
|
249
251
|
break if pbkdf2(passphrase + test_hmac.digest, salt, HMAC_LEN) == file_check
|
|
252
|
+
raise "Incorrect passphrase, or file is not encrypted." unless interactive
|
|
250
253
|
puts "*** ERROR: Incorrect passphrase, or file is not encrypted. Try again or abort."
|
|
251
254
|
passphrase = nil
|
|
252
255
|
end
|
|
@@ -328,7 +331,7 @@ module FileSafe
|
|
|
328
331
|
p.salt = salt
|
|
329
332
|
p.iterations = ITERATIONS
|
|
330
333
|
p.key_length = len
|
|
331
|
-
end.bin_string
|
|
334
|
+
end.bin_string.force_encoding(Encoding::BINARY)
|
|
332
335
|
end
|
|
333
336
|
|
|
334
337
|
end
|
data/test/test_cli.rb
CHANGED
data/test/test_decrypt.rb
CHANGED
data/test/test_module.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env ruby
|
|
2
|
+
# encoding: ASCII-8BIT
|
|
2
3
|
|
|
3
4
|
require 'test/unit'
|
|
4
5
|
require 'digest/sha2'
|
|
@@ -43,13 +44,17 @@ class FileSafeModuleTest < Test::Unit::TestCase
|
|
|
43
44
|
pass = "When in the course of human events..."
|
|
44
45
|
salt = "01caf8e2e844a37810280f231f3059aca54e631528c1c57eb643df2c" +
|
|
45
46
|
"8c6c74bc4a6136784ecff873dcd09a80059f6e80"
|
|
46
|
-
goal = "
|
|
47
|
-
"
|
|
48
|
-
"
|
|
47
|
+
goal = "74a1aa134ea370cbff2776f9271e500e7774a567c47c565cf4c489f1" +
|
|
48
|
+
"c029d0fb406d195f7678001d454ef803e6b55394fd52257261a5bb81" +
|
|
49
|
+
"413db6b65af819a5"
|
|
50
|
+
|
|
49
51
|
salt = [salt].pack('H*')
|
|
50
52
|
goal = [goal].pack('H*')
|
|
53
|
+
assert(FileSafe::HMAC_LEN == goal.bytesize, "Module HMAC length has changed since test was created. (Expected #{goal.bytesize} bytes, length is now #{FileSafe::HMAC_LEN} bytes.)")
|
|
54
|
+
assert(FileSafe::ITERATIONS == 16384, "Module ITERATIONS has changed. (Expected 16384 iterations, currently set to #{FileSafe::ITERATIONS} iterations.)")
|
|
55
|
+
assert(FileSafe::HMAC_FUNC == 'sha512', "Module HMAC_FUNC has changed. (Expected 'sha512' hash function for HMAC, instead of '#{FileSafe::HMAC_FUNC}' instead.)")
|
|
51
56
|
hash = FileSafe.pbkdf2(pass, salt, FileSafe::HMAC_LEN)
|
|
52
|
-
assert(hash == goal)
|
|
57
|
+
assert(hash == goal, "PBKDF2 output does NOT match expected value.")
|
|
53
58
|
end
|
|
54
59
|
end
|
|
55
60
|
|
metadata
CHANGED
|
@@ -1,101 +1,79 @@
|
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: filesafe
|
|
3
|
-
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
- 2
|
|
7
|
-
- 0
|
|
8
|
-
- 1
|
|
9
|
-
version: 2.0.1
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 3.0.0
|
|
5
|
+
prerelease:
|
|
10
6
|
platform: ruby
|
|
11
|
-
authors:
|
|
7
|
+
authors:
|
|
12
8
|
- Aaron D. Gifford
|
|
13
9
|
autorequire:
|
|
14
10
|
bindir: bin
|
|
15
11
|
cert_chain: []
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
dependencies:
|
|
20
|
-
- !ruby/object:Gem::Dependency
|
|
12
|
+
date: 2011-10-29 00:00:00.000000000Z
|
|
13
|
+
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
21
15
|
name: pbkdf2
|
|
22
|
-
|
|
23
|
-
requirement: &id001 !ruby/object:Gem::Requirement
|
|
16
|
+
requirement: &17188861760 !ruby/object:Gem::Requirement
|
|
24
17
|
none: false
|
|
25
|
-
requirements:
|
|
26
|
-
- -
|
|
27
|
-
- !ruby/object:Gem::Version
|
|
28
|
-
segments:
|
|
29
|
-
- 0
|
|
30
|
-
- 1
|
|
31
|
-
- 0
|
|
18
|
+
requirements:
|
|
19
|
+
- - ! '>='
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
32
21
|
version: 0.1.0
|
|
33
22
|
type: :runtime
|
|
34
|
-
version_requirements: *id001
|
|
35
|
-
- !ruby/object:Gem::Dependency
|
|
36
|
-
name: highline
|
|
37
23
|
prerelease: false
|
|
38
|
-
|
|
24
|
+
version_requirements: *17188861760
|
|
25
|
+
- !ruby/object:Gem::Dependency
|
|
26
|
+
name: highline
|
|
27
|
+
requirement: &17188861060 !ruby/object:Gem::Requirement
|
|
39
28
|
none: false
|
|
40
|
-
requirements:
|
|
41
|
-
- -
|
|
42
|
-
- !ruby/object:Gem::Version
|
|
43
|
-
segments:
|
|
44
|
-
- 1
|
|
45
|
-
- 6
|
|
46
|
-
- 1
|
|
29
|
+
requirements:
|
|
30
|
+
- - ! '>='
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
47
32
|
version: 1.6.1
|
|
48
33
|
type: :runtime
|
|
49
|
-
|
|
50
|
-
|
|
34
|
+
prerelease: false
|
|
35
|
+
version_requirements: *17188861060
|
|
36
|
+
description: A utility script for encrypting and decrypting files using a randomly
|
|
37
|
+
generated 256-bit AES key and initialization vector secured using the PBKDF2 password/passphrase
|
|
38
|
+
key derivation algorithm to secure the file key and IV.
|
|
51
39
|
email:
|
|
52
|
-
executables:
|
|
40
|
+
executables:
|
|
53
41
|
- filesafe
|
|
54
42
|
extensions: []
|
|
55
|
-
|
|
56
|
-
extra_rdoc_files:
|
|
43
|
+
extra_rdoc_files:
|
|
57
44
|
- README.txt
|
|
58
|
-
files:
|
|
45
|
+
files:
|
|
59
46
|
- README.txt
|
|
60
47
|
- VERSION.txt
|
|
61
48
|
- Rakefile
|
|
62
49
|
- bin/filesafe
|
|
63
50
|
- lib/filesafe.rb
|
|
64
|
-
- test/bar
|
|
65
51
|
- test/test_module.rb
|
|
66
52
|
- test/test_decrypt.rb
|
|
67
53
|
- test/test_cli.rb
|
|
68
|
-
has_rdoc: true
|
|
69
54
|
homepage: http://www.aarongifford.com/computers/filesafe/
|
|
70
55
|
licenses: []
|
|
71
|
-
|
|
72
56
|
post_install_message:
|
|
73
57
|
rdoc_options: []
|
|
74
|
-
|
|
75
|
-
require_paths:
|
|
58
|
+
require_paths:
|
|
76
59
|
- lib
|
|
77
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
|
60
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
78
61
|
none: false
|
|
79
|
-
requirements:
|
|
80
|
-
- -
|
|
81
|
-
- !ruby/object:Gem::Version
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
version: "0"
|
|
85
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
62
|
+
requirements:
|
|
63
|
+
- - ! '>='
|
|
64
|
+
- !ruby/object:Gem::Version
|
|
65
|
+
version: '0'
|
|
66
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
86
67
|
none: false
|
|
87
|
-
requirements:
|
|
88
|
-
- -
|
|
89
|
-
- !ruby/object:Gem::Version
|
|
90
|
-
|
|
91
|
-
- 0
|
|
92
|
-
version: "0"
|
|
68
|
+
requirements:
|
|
69
|
+
- - ! '>='
|
|
70
|
+
- !ruby/object:Gem::Version
|
|
71
|
+
version: '0'
|
|
93
72
|
requirements: []
|
|
94
|
-
|
|
95
73
|
rubyforge_project:
|
|
96
|
-
rubygems_version: 1.
|
|
74
|
+
rubygems_version: 1.8.2
|
|
97
75
|
signing_key:
|
|
98
76
|
specification_version: 3
|
|
99
|
-
summary: Encrypt/decrypt files with a random 256-bit AES key secured by a passphrase
|
|
77
|
+
summary: Encrypt/decrypt files with a random 256-bit AES key secured by a passphrase
|
|
78
|
+
derived master key using PBKDF2
|
|
100
79
|
test_files: []
|
|
101
|
-
|
data/test/bar
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
foo
|