gtk2passwordapp 2.4.0 → 2.5.0

data/README.txt

@@ -5,17 +5,32 @@ Uses crypt-tea's Tiny Encryption Algorithm to encrypt the datafile.
 Features random password generator and clipboard use.
 
 
-To add an account, enter the new account name in the "Account:" entry/combo box.  For the account, write the associated url, a note about the account, and the username in the appropriate entry boxes.
-
-To set a new password, either enter the password in the "Password:" entry box, or generate it by pressing "Random", "Alpha-Numeric", "Numeric", "Letters", or "All-Caps".  One can set the password length generated with the spin-box.  To make the password generated visible, un-check the check button.
-
-Once one has edited the account, clicking the "Update Account" button finalizes the record.  Note, however, that the change is not yet permanent and saved on disk.  To delete an account, select the account in the entry/combo box, and the press the "Delete Account" button.  Once one is done with all updates, one then needs to press "Save To Disk".  Clicking the "Close" button or closing the window without "Save To Disk" will ignore all of the sessions updates.
-
-The "Clip Current Password" button copies the current password to the primary clipboard.  The "Clip Previous Password" button copies the previous (old) password to the primary clipboard.  The "Change Data File Password" button will allow one the change the master password.  Do not forget the master password!
-
-Right click most anywhere on the app's window for the main menu.  "Close" will dock the application and has the same effect as the "Close" button.
-
-Left click on the docked icon to bring back the editor window.  Right click on the docked icon to select one of the accounts to load the password and username to the clipboard.  The password is copied to the primary clipboard and will paste on middle mouse button click.  Right click on an entry box to paste the username (via the clipboard's menu).
+To add an account, enter the new account name in the "Account:" entry/combo box.
+For the account, write the associated url, a note about the account, and the username in the appropriate entry boxes.
+
+To set a new password, either enter the password in the "Password:" entry box,
+or generate it by pressing "Random", "Alpha-Numeric", "Numeric", "Letters", or "All-Caps".
+One can set the password length generated with the spin-box.
+To make the password generated visible, un-check the check button.
+
+Once one has edited the account, clicking the "Update Account" button finalizes the record.
+Note, however, that the change is not yet permanent and saved on disk.
+To delete an account, select the account in the entry/combo box, and the press the "Delete Account" button.
+Once one is done with all updates, one then needs to press "Save To Disk".
+Clicking the "Close" button or closing the window without "Save To Disk" will ignore all of the sessions updates.
+
+The "Clip Current Password" button copies the current password to the primary clipboard.
+The "Clip Previous Password" button copies the previous (old) password to the primary clipboard.
+The "Change Data File Password" button will allow one the change the master password.
+Do not forget the master password!
+
+Right click most anywhere on the app's window for the main menu.
+"Close" will dock the application and has the same effect as the "Close" button.
+
+Left click on the docked icon to bring back the editor window.
+Right click on the docked icon to select one of the accounts to load the password and username to the clipboard.
+The password is copied to the primary clipboard and will paste on middle mouse button click.
+Right click on an entry box to paste the username (via the clipboard's menu).
 
 For full documentation and comments, see
 https://sites.google.com/site/gtk2applib/home/gtk2applib-applications/gtk2passwordapp

data/bin/gtk2passwordapp2

@@ -7,10 +7,42 @@ if (nogui = ARGV.include?('--no-gui')) || (ARGV.include?('--dump')) then
   # Have to assume things...
   pwfile = File.expand_path('~/.gtk2passwordapp-2/passwords.dat')
   raise "Need #{pwfile}" unless File.exist?(pwfile)
-  $stderr.print  "Warning: password will be shown.\nPassword:"
+  # Note: user may want to send stdout to a file,
+  # so commicating with user via stderr.
+  $stderr.print  "Warning: password will be shown.\nPassword: "
   pwd = $stdin.gets.strip
+  if pwd.length == 3 then
+    begin
+      otpr = `which otpr`
+      if otpr.length > 0 then
+        bucket = ''
+        while bucket == '' do
+          $stderr.print "Bucket: "
+          bucket = $stdin.gets.strip
+          $stderr.puts "Need Google Cloud Storage's bucket name. (Ctrl-C to break)" if bucket.length == 0
+        end
+        $stderr.print "Pad Name('gtk2passwordapp'): "
+        padname = $stdin.gets.strip
+        padname = 'gtk2passwordapp' if padname.length == 0
+        $stderr.puts "otpr #{bucket} #{padname} /media/NotAvailable/tmp.pad"
+        IO.popen( "otpr #{bucket} #{padname} /media/NotAvailable/tmp.pad", 'w+' ) do |pipe|
+          if pipe.gets then		# asks for pin
+            pipe.puts pwd		# give pin
+            pwd = pipe.gets.strip	# get password
+          end
+        end
+      end
+    rescue Exception
+      # user probably wanted out of the loop
+      $stderr.puts
+    end
+    # Sending master password to standard out.
+    # The assumption here is that the user is doing a recovery...
+    # Why else would the user be using this --no-gui?
+    $stdout.puts pwd
+  end
   if nogui then
-    $stderr.print "Warning: selected passwords will be shown.\nEnter Account pattern:"
+    $stderr.print "Warning: selected passwords will be shown.\nEnter Account pattern: "
     pattern = Regexp.new( $stdin.gets.strip, Regexp::IGNORECASE )
   end
   begin
@@ -18,18 +50,20 @@ if (nogui = ARGV.include?('--no-gui')) || (ARGV.include?('--dump')) then
     passwords.load
     if $options=~/-dump/ then
       require 'pp'
+      # puts to stdout
       pp passwords
     else
       passwords.accounts.each do |account|
         if account =~ pattern then
           password = passwords.password_of(account)
           username = passwords.username_of(account)
-          puts [account,username,password].join("\n\t")
+          # puts to stdout
+          $stdout.puts [account,username,password].join("\n\t")
         end
       end
     end
   rescue Exception
-    puts $!
+    $stderr.puts $!
   end
   exit
 end

data/lib/gtk2passwordapp/appconfig.rb

@@ -118,71 +118,79 @@ module Configuration
   AGAIN = 'Again' # for when verifying new passwords.
   RETRY = 'Retry' # for when you got your password wrong.
 
+  # These are the --no-gui dialogs...
+  COMMAND_LINE_MSG1 = "Warning: password will be shown.\nPassword:"
+  COMMAND_LINE_MSG2 = "Warning: selected passwords will be shown.\nEnter Account pattern:"
 end
 
-  # Set OTP to true if you're going to use a one time pad
+  # Set OTP to true if you're going to use otpr (search for it in rubygems.org)
   OTP = false
 
-  # Here you can modify how you store your passphrase for your passwords.
-  # It's now set up as a one time pad.
-  # Modify CYPHER to your remove-able media
-  # You'll need to create the directory in the media... make it rwx'able only by the user if possible.
-  CYPHER = '/media/3263-6638/.gtk2passwordapp-2/cypher.pad' # remove-able media
-  KEY = "#{Gtk2AppLib::USERDIR}/key.pad"
+  # arguments for otpr
+  BUCKET	= 'YourBucket' # <== put the name of your google cloud storage bucket here.
+  PADNAME	= 'gtk2passwordapp' # <== suggested pad name, you can change it.
+  OTPBACKUP	= '/media/1234-5678/.gtk2passwordapp-2/cipher.pad' # <== edit to your backup file on removable media.
 
-  # Where do you want to backup your password files?
-  # This assumes you have a DropBox directory set up
-  BACKUP = File.expand_path('~/Dropbox/Backups/passwords.dat')
+  # Do yoy have a custom backup script to run?
+  BACKUPSCRIPT	= nil # File.expand_path('~/bin/backup') 
 
-  # Here you can set up your backup.
-  # The commented out section is set up to use DropBox
+  # Here you can edit in your own backups.
   def self.passwords_updated(password=nil)
-    # Update your pad...
-    Gtk2Password.set_password_to_pad(password) if password && OTP
     begin
-      if File.exist?(File.dirname(BACKUP)) then
-        FileUtils.cp Configuration::PASSWORDS_FILE, BACKUP
-      end
+      # you might want to backup your passwords file here
+      # here, backup is a custom script to backup passwords.dat
+      system("#{BACKUPSCRIPT} passwords &")	if BACKUPSCRIPT
+      Gtk2Password.set_password_to_pad(password) if password && OTP
+      # you might want to backup your otp here
+      # here, backup is a custom script to backup the .otpr directory
+      system("#{BACKUPSCRIPT} otpr &")		if BACKUPSCRIPT
       Gtk2AppLib::DIALOGS.quick_message("Passwords Data Saved.",{:TITLE => 'Saved',:SCROLLED_WINDOW => false})
     rescue Exception
-      Gtk2AppLib::DIALOGS.quick_message("Warning: Could not create backup.",{:TITLE => 'Warning',:SCROLLED_WINDOW => false})
+      Gtk2AppLib::DIALOGS.quick_message("Warning: #{$!}",{:TITLE => 'Warning',:SCROLLED_WINDOW => false})
     end
   end
 
-  def self.xor_cypher(key,cypher)
-    password = ''
-    cypher = cypher.bytes.inject([],:push)
-    key = key.bytes.inject([],:push)
-    ksize = key.length
-    cypher.length.times {|n| password += (cypher[n] ^ key[n.modulo ksize]).chr }
-    return password 
-  end
-
-  def self.get_password_from_pad
-    password = ''
-    if File.exist?(KEY) && File.exist?(CYPHER) then
-      key = File.read(KEY)
-      cypher = File.read(CYPHER)
-      password = Gtk2Password.xor_cypher(key,cypher)
+  def self.set_password_to_pad(password)
+    begin
+      IO.popen("otpr --new #{BUCKET} #{PADNAME} #{OTPBACKUP}",'w+') do |pipe|
+        raise "WUT?" unless pipe.gets.strip == 'Password:'
+        pipe.puts password
+        return pipe.gets.strip
+      end
+    rescue Exception
+      return ''
     end
-    return password
   end
 
-  def self.set_password_to_pad(password)
-    if File.exist?(File.dirname(CYPHER)) then
-      key = 0.upto(password.length).inject(''){|k,c| k+(rand(256)).chr }
-      # Note that the media may ignore 0600
-      File.open(CYPHER,'w',0600){|fh| fh.print Gtk2Password.xor_cypher(key,password) }
-      File.open(KEY,'w',0600){|fh| fh.print key }
+  def self.get_password_from_pad(pin)
+    begin
+      IO.popen("otpr #{BUCKET} #{PADNAME} #{OTPBACKUP}",'w+') do |pipe|
+        raise "WUT?" unless pipe.gets.strip == 'Pin:'
+        pipe.puts pin
+        return pipe.gets.strip
+      end
+    rescue Exception
+      return ''
     end
   end
 
   def self.get_password(prompt,title=prompt,otp=false)
     if password = Gtk2AppLib::DIALOGS.entry( prompt, {:TITLE=>title, :Entry => [{:visibility= => false},'activate']} ) then
+      password.strip!
       if OTP then
-        # to use the pad, the user just presses OK to pass an empty string.
-        password = Gtk2Password.get_password_from_pad unless password.length > 0
-        Gtk2Password.set_password_to_pad(password) if otp && password.length > 0
+        if password.length == 3 then
+          # the user sent the pin
+          password = Gtk2Password.get_password_from_pad(password)
+          # You might want to back up your otp here
+          # here, backup is a custom written script to backup the .otpr directory
+          system("#{BACKUPSCRIPT} otpr &")	if BACKUPSCRIPT
+        elsif otp && password.length > 6 then
+          # the user wants to set a new password
+          Gtk2Password.set_password_to_pad(password)
+          # You might want to backup your otp here
+          # here, backup is a custom written script to backup the .otpr directory
+          system("#{BACKUPSCRIPT} otpr &")	if BACKUPSCRIPT
+        end
       end
     end
     return password

data/lib/gtk2passwordapp/rnd.rb

@@ -46,8 +46,20 @@ module Gtk2Password
       end
     end
 
+    begin
+      require 'securerandom'
+      def self.random_number(number)
+        SecureRandom.random_number(number)
+      end
+    rescue Exception
+      $stderr.puts $! unless $quiet
+      def self.random_number(number)
+        rand(number)
+      end
+    end
+
     def self.randomize(rnd,number)
-      ((rnd + rand(number)) % number)
+      ((rnd + Rnd.random_number(number)) % number)
     end
 
     def real_random(number)
@@ -55,7 +67,7 @@ module Gtk2Password
       if rnd = @bucket.shift then
         return Rnd.randomize(rnd,number)
       else
-        return rand(number)
+        return Rnd.random_number(number)
       end
     end
 
@@ -68,7 +80,7 @@ module Gtk2Password
 
     def random(number)
       validate(number)
-      (@bucket)? real_random(number) : rand(number)
+      (@bucket)? real_random(number) : Rnd.random_number(number)
     end
 
     RND = Rnd.new

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gtk2passwordapp
 version: !ruby/object:Gem::Version
-  version: 2.4.0
+  version: 2.5.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-06-23 00:00:00.000000000 Z
+date: 2012-07-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: crypt-tea
-  requirement: &13416060 !ruby/object:Gem::Requirement
+  requirement: &4052880 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - =
@@ -21,10 +21,10 @@ dependencies:
         version: 1.3.0
   type: :runtime
   prerelease: false
-  version_requirements: *13416060
+  version_requirements: *4052880
 - !ruby/object:Gem::Dependency
   name: gtk2applib
-  requirement: &13415500 !ruby/object:Gem::Requirement
+  requirement: &4052040 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -32,7 +32,7 @@ dependencies:
         version: '15.3'
   type: :runtime
   prerelease: false
-  version_requirements: *13415500
+  version_requirements: *4052040
 description: ! 'A Ruby-Gnome password manager.
 
   Uses crypt-tea''s Tiny Encryption Algorithm to encrypt the datafile.