hiera-crypt 0.2.1 → 0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/bin/hiera-crypt +2 -2
- data/hiera-crypt.gemspec +2 -2
- data/lib/hiera/backend/crypt_backend.rb +1 -1
- data/lib/passwordbox.rb +9 -10
- metadata +5 -4
data/bin/hiera-crypt
CHANGED
|
@@ -44,9 +44,9 @@ crypto = PasswordBox.new(password)
|
|
|
44
44
|
in_file = input == '-' ? STDIN : File.open(input, 'r')
|
|
45
45
|
|
|
46
46
|
if mode == :encrypt
|
|
47
|
-
out = crypto.box(in_file.read
|
|
47
|
+
out = crypto.box(in_file.read)
|
|
48
48
|
elsif mode == :decrypt
|
|
49
|
-
out = crypto.open(in_file.read
|
|
49
|
+
out = crypto.open(in_file.read)
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
out_file = output == '-' ? STDOUT : File.open(output, 'w')
|
data/hiera-crypt.gemspec
CHANGED
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = "hiera-crypt"
|
|
7
|
-
spec.version = "0.
|
|
7
|
+
spec.version = "0.3"
|
|
8
8
|
spec.authors = ["Carl Jackson"]
|
|
9
9
|
spec.email = ["carl@avtok.com"]
|
|
10
10
|
spec.description = "Encrypted file backend for Hiera"
|
|
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
|
|
21
21
|
spec.add_dependency "hiera", "~> 1.2.1"
|
|
22
22
|
spec.add_dependency "pbkdf2", "~> 0.1.0"
|
|
23
|
-
spec.add_dependency "rbnacl", "~>
|
|
23
|
+
spec.add_dependency "rbnacl", "~> 2.0"
|
|
24
24
|
|
|
25
25
|
spec.add_development_dependency "bundler", "~> 1.3"
|
|
26
26
|
spec.add_development_dependency "rake"
|
data/lib/passwordbox.rb
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
require '
|
|
1
|
+
require 'base64'
|
|
2
2
|
require 'pbkdf2'
|
|
3
|
-
require '
|
|
3
|
+
require 'rbnacl'
|
|
4
4
|
|
|
5
5
|
# A SecretBox that (like RandomNonceBox) automatically generates a suitable
|
|
6
6
|
# nonce, but also which uses PBKDF2 to derive a password of the right length.
|
|
7
|
-
class PasswordBox <
|
|
7
|
+
class PasswordBox < RbNaCl::SecretBox
|
|
8
8
|
DEFAULT_PBKDF2_ITERS = 5000
|
|
9
9
|
|
|
10
10
|
# Create a new PasswordBox
|
|
@@ -18,14 +18,14 @@ class PasswordBox < Crypto::SecretBox
|
|
|
18
18
|
# a random nonce.
|
|
19
19
|
#
|
|
20
20
|
# @param message [String] The message to encrypt
|
|
21
|
-
# @param encoding [Symbol] Encoding for the returned ciphertext
|
|
22
21
|
#
|
|
23
22
|
# @return [String] The encrypted message
|
|
24
|
-
def box(message
|
|
23
|
+
def box(message)
|
|
25
24
|
nonce = generate_nonce
|
|
26
25
|
salt, iters, @key = generate_key
|
|
27
26
|
ciphertext = super(nonce, message)
|
|
28
|
-
|
|
27
|
+
|
|
28
|
+
Base64.encode64(nonce + salt + iters + ciphertext)
|
|
29
29
|
end
|
|
30
30
|
alias encrypt box
|
|
31
31
|
|
|
@@ -33,13 +33,12 @@ class PasswordBox < Crypto::SecretBox
|
|
|
33
33
|
# the message.
|
|
34
34
|
#
|
|
35
35
|
# @param enciphered_message [String] The message to decrypt
|
|
36
|
-
# @param encoding [Symbol] Encoding for the given ciphertext
|
|
37
36
|
#
|
|
38
37
|
# @raise [CryptoError] If the message has been tampered with.
|
|
39
38
|
#
|
|
40
39
|
# @return [String] The plaintext of the message
|
|
41
|
-
def open(enciphered_message
|
|
42
|
-
decoded =
|
|
40
|
+
def open(enciphered_message)
|
|
41
|
+
decoded = Base64.decode64(enciphered_message)
|
|
43
42
|
nonce, salt, iters, ciphertext = extract(decoded)
|
|
44
43
|
@key = generate_key(salt, iters).last
|
|
45
44
|
super(nonce, ciphertext)
|
|
@@ -48,7 +47,7 @@ class PasswordBox < Crypto::SecretBox
|
|
|
48
47
|
|
|
49
48
|
private
|
|
50
49
|
def generate_nonce
|
|
51
|
-
|
|
50
|
+
RbNaCl::Random.random_bytes(nonce_bytes)
|
|
52
51
|
end
|
|
53
52
|
def generate_key(salt=nil, iters=DEFAULT_PBKDF2_ITERS)
|
|
54
53
|
salt ||= generate_nonce
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hiera-crypt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: '0.3'
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2014-03-31 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: hiera
|
|
@@ -50,7 +50,7 @@ dependencies:
|
|
|
50
50
|
requirements:
|
|
51
51
|
- - ~>
|
|
52
52
|
- !ruby/object:Gem::Version
|
|
53
|
-
version:
|
|
53
|
+
version: '2.0'
|
|
54
54
|
type: :runtime
|
|
55
55
|
prerelease: false
|
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -58,7 +58,7 @@ dependencies:
|
|
|
58
58
|
requirements:
|
|
59
59
|
- - ~>
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version:
|
|
61
|
+
version: '2.0'
|
|
62
62
|
- !ruby/object:Gem::Dependency
|
|
63
63
|
name: bundler
|
|
64
64
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -153,3 +153,4 @@ test_files:
|
|
|
153
153
|
- test/hiera-file.yaml
|
|
154
154
|
- test/hiera-inline.yaml
|
|
155
155
|
- test/password
|
|
156
|
+
has_rdoc:
|