imp 0.2.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ca718bcafa6983935ec3f5cebab249382b78e08d
+  data.tar.gz: da7918ac1a7f95ce76da11cf7cbf100c6ac399d3
+SHA512:
+  metadata.gz: 468ba338782bf8215381da5d0a9fdc15fb8f95f489613367dbc208753f33de81ddb4440203a509249af390533f8956af810b306a1bb9a43ff7a30e76951f0859
+  data.tar.gz: fce1f953626dae4b430864589a80c1c2c6633e0e43859d3f92adf2ab0bc090caa7fe193da64f2955e28735bc64fc78343517aff5ee778f2e8cdc275ff5a0784f

data/LICENSE

@@ -0,0 +1,202 @@
+Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+

data/README.md

@@ -0,0 +1,12 @@
+IMP (IMP Manager for Passwords)
+===============================
+
+A small and simple console based password manager.
+
+Uses 256-bit AES encryption to encrypt a tree struction of saved passwords
+with a master password. Provides a basic interactive environment to print
+and copy these passwords.
+
+Allows working with encrypted passwords without them ever appearing on-screen
+(due to the copy functionality) as they would if using a simple encrypted
+password file, but without the bloat of larger password managers.

data/bin/imp

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require 'imp'
+
+Imp.main

data/imp.gemspec

@@ -0,0 +1,26 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'imp'
+
+Gem::Specification.new do |spec|
+  spec.name = 'imp'
+  spec.summary = 'A lightweight console based password mangement system.'
+  spec.description = "
+IMP is a simple console password manager. Passwords are stored in an AES
+encrypted filesystem-like tree. The main functionality includes printing,
+setting and copying files, allowing the handling of passwords without them
+being shown on screen."
+  spec.description
+  spec.version = Imp::VERSION
+  spec.date = Time.now.strftime('%Y-%m-%d')
+  spec.author = 'Thomas Kerber'
+  spec.email = 't.kerber@online.de'
+  spec.homepage = 'https://github.com/tkerber/imp'
+  spec.files = Dir.glob("{docs,bin,lib}/**/*") + ['LICENSE', 'README.md',
+    __FILE__]
+  spec.executables = ['imp']
+  spec.license = "Apache-2.0"
+  
+  spec.add_runtime_dependency 'highline'
+  spec.add_runtime_dependency 'clipboard'
+end

data/lib/imp.rb

@@ -0,0 +1,13 @@
+require_relative 'imp/ui'
+
+module Imp
+  
+  # The current version number.
+  VERSION = "0.2.1"
+  
+  # Run the program.
+  def self.main
+    UI.main
+  end
+  
+end

data/lib/imp/commands.rb

@@ -0,0 +1,262 @@
+require 'clipboard'
+require 'highline/import'
+
+require_relative 'ui'
+
+module Imp
+  
+  # Contains the methods for all commands issued by the user.
+  # All commands are executed with Commands#send
+  module Commands
+    
+    # The signals which should be sent to this module.
+    METHODS = [
+      "help",
+      "set",
+      "change_passwd",
+      "paste",
+      "print",
+      "copy",
+      "copy_raw",
+      "copyc",
+      "del",
+      "exit"]
+    
+    # Deletes a key. If the key has no children, it is removed from the tree.
+    # If it has children, it is removed from the tree if and only if it's
+    # value was previously nil. Otherwise it's value is set to nil.
+    # 
+    # @param key [String] The key to delete.
+    # @param force [Boolean] Doesn't require confirmation from the user if
+    #   it is true.
+    def self.del(key, force = false)
+      unless force ||
+          agree("Are you sure you want to delete the key '#{key}'? ")
+        return
+      end
+      node = $tree.cont.descendant(key)
+      fail "Key does not exist." if node == nil
+      
+      if node.val == nil
+        $tree.delete key
+      else
+        node.val = nil
+      end
+      # Remove any nil-leaves. (This may remove key IF it is a leaf)
+      $tree.prune
+      # Write out the tree.
+      $tree.flush
+    end
+    
+    # Prints help text.
+    # 
+    # @param args [Array] Ignored.
+    def self.help(*args)
+      puts ("
+help          - Prints this help text
+set KEY       - Sets the value of the key to a value entered by the user.
+change_passwd - Changes the password of the current file.
+paste KEY     - Sets the value of the key from the system clipboard.
+print         - Prints a representation of the tree, without values.
+print KEY     - Prints the value of the key.
+copy KEY      - Copies the value of the key, auto clears clipboard afterward.
+copy_raw      - Clears the clipboard.
+copy_raw KEY  - Copies the value of a key, without clearing the clipboard.
+                Useful for moving values around between keys.
+copyc INT KEY - Copies the (1-indexed) character from the value of the key.
+del KEY       - Deletes the key from the tree. If it has subtrees, the
+                subtrees get deleted if and only if the key had no value.
+exit          - Exit.
+
+Keys are sorted in forward-slash seperated tree structure (slightly
+remenicient of urls).")
+    end
+    
+    # Prints either the tree if no argument is provided, or prints the value
+    # of a certain key.
+    # 
+    # @param key [String, nil] The key if provided, or nil to print the tree.
+    def self.print(key = nil)
+      if key
+        print_val(key)
+      else
+        print_tree
+      end
+    end
+    
+    # Changes the encryption password.
+    # 
+    # @param args [Array] Ignored.
+    def self.change_passwd(*args)
+      pass = read_passwd
+      return unless pass
+      $tree.password = pass
+      $tree.flush
+    end
+    
+    # Set a value. Require entering the value to set it to twice until they
+    # match. An empty value will cancel setting.
+    # 
+    # @param key [String] The key to set the value for.
+    def self.set(key)
+      fail "Key must be supplied." unless key
+      pass = read_passwd
+      return unless pass
+      $tree[key] = pass
+      # We save the tree whenever it is modified.
+      $tree.flush
+    end
+    
+    # Sets a value from the system clipboard.
+    # Fails if the clipboard is empty.
+    # 
+    # @param key [String] The key to set.
+    def self.paste(key)
+      fail "Key must be supplied." unless key
+      pass = Clipboard.paste
+      fail "Clipboard empty, could not paste." if pass == ''
+      $tree[key] = pass
+      $tree.flush
+    end
+    
+    # Copys the value of a key onto the system clipboard.
+    # 
+    # @param key [String, nil] The key of the value to copy. If nil, clears
+    #   the clipboard instead.
+    def self.copy_raw(key = nil)
+      begin
+        if key
+          Clipboard.copy($tree[key])
+        else
+          Clipboard.clear
+        end
+      # No method error arises from trying to work on a nil tree (or trying to
+      # decrypt a nil value).
+      rescue NoMethodError
+        fail "No value entered for key '#{key}'."
+      end
+    end
+    
+    # Copys the value of a key onto the system clipboard. And auto-clears it
+    # afterwards.
+    # 
+    # @param key [String] The key of the value to copy.
+    def self.copy(key)
+      fail "Key must be supplied." unless key
+      begin
+        UI.timeout do
+          copy_raw key
+          $stdout.print "Value copied. Press enter to wipe..."
+          gets
+        end
+      ensure
+        Clipboard.clear
+      end
+    end
+    
+    # Copies the value of a single 1-indexed character of the value of a key
+    # to the system clipboard.
+    # 
+    # @param argstr [String] The index to copy followed by the key, seperated
+    #   by whitespace.
+    def self.copyc(argstr)
+      pos, key = argstr.split(2)
+      pos = pos.to_i
+      copyc_expanded(char, key)
+    end
+    
+    # Quits.
+    # 
+    # @param args [Array] Ignored.
+    def self.quit(*args)
+      exit
+    end
+    
+    # This private is purely symbolic as classmethods have to be explicitly
+    # defined as private.
+    private
+    
+    # Reads a password from the user.
+    # 
+    # @return [String, nil] The password enetered, or nil if aborted.
+    def self.read_passwd
+      first_pass = true
+      pass1 = pass2 = nil
+      until pass1 == pass2 && !first_pass
+        unless first_pass
+          puts "The pass did not match. Please try again."
+        end
+        pass1 = ask "Please enter the pass (leave blank to cancel): " do |q|
+          q.echo = false
+        end
+        return if pass1 == ''
+        pass2 = ask "Re-enter the pass to confirm: " do |q|
+          q.echo = false
+        end
+        first_pass = false
+      end
+      return pass1
+    end
+    private_class_method :read_passwd
+    
+    # Copies the value of a single 1-indexed character of the value of a key
+    # to the system clipboard.
+    # 
+    # @param pos [Int] The index to copy. IMPORTANT: The string starts at
+    #   index 1!
+    # @param key [String] The key of the value to copy.
+    def self.copyc_expanded(pos, key)
+      begin
+        UI.timeout do
+          Clipboard.copy($tree[key][pos - 1])
+        end
+      # No method error arises from trying to work on a nil tree (or trying to
+      # decrypt a nil value).
+      rescue NoMethodError
+        fail "No value entered for key '#{key}'."
+      ensure
+        Clipboard.clear
+      end
+    end
+    private_class_method :copyc_expanded
+    
+    # Prints strings, waits for enter then replaces them. Also adds color
+    # for fancyness.
+    def self.tmp_print(str)
+      HighLine::SystemExtensions.raw_no_echo_mode
+      $stdout.print HighLine.color(str, :bold, :green)
+      begin
+        UI.timeout do
+          HighLine::SystemExtensions.get_character
+        end
+      ensure
+        HighLine::SystemExtensions.restore_mode
+        hidden_text = "\r<hidden>" << ' ' * [str.length - 8, 0].max
+        puts HighLine.color(hidden_text, :bold, :green)
+      end
+    end
+    private_class_method :tmp_print
+    
+    # Prints a value
+    # 
+    # @param key [String] The key for which to retrieve a value.
+    def self.print_val(key)
+      begin
+        tmp_print $tree[key]
+      # No method error arises from trying to work on a nil tree (or trying to
+      # decrypt a nil value).
+      rescue NoMethodError
+        fail "No value entered for key '#{key}'."
+      end
+    end
+    private_class_method :print_val
+    
+    # Prints the currently loaded tree (without values).
+    def self.print_tree
+      puts $tree
+    end
+    private_class_method :print_tree
+    
+  end
+  
+end

data/lib/imp/crypto.rb

@@ -0,0 +1,71 @@
+require 'openssl'
+
+module Imp
+  
+  # Contains methods for easily interfacing with ruby's encryption algorithms.
+  # Uses 256 bit AES in CBC mode with keys generated by PBKDF2 using SHA1
+  # and 10 000 iterations.
+  module Crypto
+    
+    # The length of the key to use.
+    # This module used AES-256, which has a key length of 32 bytes.
+    KEYLEN = 32
+    # The block size of the cipher.
+    # As this module uses AES, this is 16 bytes.
+    BLOCK_SIZE = 16
+    # The length of the salts to generate. The length is used as that of the
+    # key.
+    SALTLEN = KEYLEN
+    # The iteration of the PBKDF2 algorim to go through.
+    ITER = 10_000
+    # The mode of AES to use.
+    MODE = :CBC
+    
+    # Delegates key generation to PBKDF2
+    # 
+    # @param passwd [String] The password.
+    # @param salt [String] The salt.
+    # @return [String] The key.
+    def self.get_key(passwd, salt)
+      OpenSSL::PKCS5.pbkdf2_hmac_sha1(passwd, salt, ITER, KEYLEN)
+    end
+    
+    # Gets a random salt.
+    # 
+    # @return [String] A salt.
+    def self.rand_salt
+      OpenSSL::Random.random_bytes SALTLEN
+    end
+    
+    # Encrypts a string. The result is the IV, followed by the actual
+    # encrypted string.
+    # 
+    # @param key [String] The key.
+    # @param data [String] The unencrypted data.
+    # @return [String] The encrypted data.
+    def self.encrypt(key, data)
+      cipher = OpenSSL::Cipher::AES.new(KEYLEN * 8, MODE)
+      cipher.encrypt
+      iv = cipher.random_iv
+      cipher.key = key
+      
+      iv + cipher.update(data) + cipher.final
+    end
+    
+    # Decrypts a string encrypted by ::encrypt
+    # 
+    # @param key [String] The key.
+    # @param data [String] The encrypted data.
+    # @return [String] The unencrypted data.
+    def self.decrypt(key, data)
+      cipher = OpenSSL::Cipher::AES.new(KEYLEN * 8, MODE)
+      cipher.decrypt
+      cipher.iv = data.byteslice 0...BLOCK_SIZE
+      cipher.key = key
+      
+      cipher.update(data.byteslice BLOCK_SIZE..-1) + cipher.final
+    end
+    
+  end
+  
+end

data/lib/imp/encrypted_file.rb

@@ -0,0 +1,90 @@
+require_relative 'crypto'
+require_relative 'util'
+
+module Imp
+  
+  # A rudimentary wrapper to interface with encrypted files.
+  # 
+  # Files are saved as a concatination of the password's salt and a string
+  # encrypted with Crypto#encrypt. The string may be marshalled content, or
+  # it may be the content itself.
+  # 
+  # @note This is NOT a file object. The file's content is loaded entirely
+  #   into memory.
+  class EncryptedFile
+    
+    # The plaintext content of the encrypted file.
+    attr_accessor :cont
+    
+    # If the file exists, load the content from it. Otherwise load the
+    # content as nil, generate a salt and key to prepare for writing.
+    # 
+    # @param passwd [String] The password.
+    # @param file [String] The location of the file.
+    # @param marshal [Boolean] Whether or not the content is marshalled.
+    def initialize(passwd, file, marshal = true)
+      @file = File.expand_path(file)
+      @marshal = marshal
+      if File.exists? @file
+        init_with_file(passwd)
+      else
+        first_time_init(passwd)
+      end
+    end
+    
+    # Writes the content to the file.
+    def flush
+      f = File.new(@file, "w")
+      f << @salt
+      if @marshal
+        cont = Marshal.dump @cont
+      else
+        cont = @cont
+      end
+      f << Crypto.encrypt(@key, cont)
+      f.flush
+      # Encrypted files should only be readable by their owner. Doesn't really
+      # add much security but hey.
+      f.chmod(0600)
+      f.close
+    end
+    
+    # Nulls the key. (It may still be in memory!)
+    def close
+      @cont = nil
+      @key  = nil
+    end
+    
+    private
+    
+    def password=(passwd)
+      @salt = Crypto.rand_salt
+      @key = Crypto.get_key(passwd, @salt)
+    end
+    
+    # Loads the content from the file.
+    # 
+    # @param passwd [String] The password.
+    def init_with_file(passwd)
+      f = File.new(@file)
+      @cont = f.read
+      f.close
+      @salt = @cont.byteslice 0...Crypto::SALTLEN
+      @cont = @cont.byteslice Crypto::SALTLEN..-1
+      @key = Crypto.get_key(passwd, @salt)
+      @cont = Crypto.decrypt(@key, @cont)
+      @cont = Marshal.load(@cont) if @marshal
+    end
+    
+    # Initializes the encrypted file.
+    # 
+    # @param passwd [String] The password.
+    def first_time_init(passwd)
+      Util.mkdirs(File.dirname(@file))
+      self.password = passwd
+      @cont = nil
+    end
+    
+  end
+  
+end

data/lib/imp/encrypted_tree.rb

@@ -0,0 +1,133 @@
+require_relative 'tree'
+require_relative 'encrypted_file'
+require_relative 'crypto'
+
+
+module Imp
+  
+  # A tree loaded from an encrypted file.
+  # 
+  # All values are themselves encrypted with the key again. This doesn't
+  # add additional security, but prevents them from appearing in memory in
+  # plaintext if avoidable. Note that any program designed specifically
+  # to tap into this programs memory will have no problem with this.
+  class EncryptedTree < EncryptedFile
+    
+    include Enumerable
+    
+    
+    # Creates a new tree / load an existing one from a file.
+    # 
+    # @param passwd [String] The password to decrypt the file. Discarded
+    #   after this call (although the key is kept in memory)
+    # @param file [String] The location of the file to decrypt. If this does
+    #   not exist, a new tree is made.
+    def initialize(passwd, file)
+      super(passwd, file)
+      if @cont == nil
+        @cont = Tree.new
+      end
+    end
+    
+    # Retrieves a node label following a forward-slash seperated list of
+    # edge labels.
+    # 
+    # @param key [String] The forward-slash seperated list of edge labels.
+    # @return [String] The decrypted value of the corresponding node label.
+    def [](key)
+      Crypto.decrypt(@key, @cont.descendant(key).val)
+    end
+    
+    # Sets a node label corresponding to a forward-slash seperated list of
+    # edge labels.
+    # 
+    # @param key [String] The list of edge labels.
+    # @param val [String] The value to set the node label to. This will be
+    #   encrypted.
+    def []=(key, val)
+      @cont.descendant(key, true).val = Crypto.encrypt(@key, val)
+    end
+    
+    # Iterates over key/value pairs.
+    # 
+    # @param keys [Array<String>] A list of the keys followed to reach the
+    #   current subtree.
+    # @param subtree [Tree] The tree currently iterating over.
+    # @yield [String, String] Key, value pairs where the key is a forward
+    #   slash seperated string of edge labels. Values are not decrypted or
+    #   processed.
+    def each(keys = [], subtree = @cont, &block)
+      # Yield the subtree's value unless it is the root.
+      yield [keys.join('/'), subtree.val] unless keys == []
+      subtree.each do |key, tree|
+        each(keys + [key], tree, &block)
+      end
+    end
+    
+    # Checks whether a tree contains a key.
+    # 
+    # @param item [String] The forward slash seperated string of edge labels.
+    def include?(item)
+      @cont.descendant(key) != nil
+    end
+    
+    # Deletes a node corresponding to a forward-slash seperated list of edge
+    # labels.
+    # 
+    # @param key [String] The list of edge labels. Must be a valid key.
+    def delete(key)
+      # We seperate the last key from the first keys.
+      key = key.split('/')
+      finalkey = key[-1]
+      key = key[0...-1]
+      
+      # Instead of using descendant we reduce over the root. This also handels
+      # the root being the parent node well.
+      node = key.reduce(@cont, :[])
+      node.delete finalkey
+    end
+    
+    # Iteratively removes any leaves with a nil value.
+    # Not terribly efficient but there is no need to be.
+    def prune
+      pruned = true
+      while pruned
+        pruned = false
+        self.each do |key, value|
+          if value == nil && @cont.descendant(key).leaf?
+            delete(key)
+            pruned = true
+          end
+        end
+      end
+    end
+    
+    # Sets a new password for the file.
+    # 
+    # @param [String] The new password to generate a key from.
+    def password=(passwd)
+      key = @key
+      # Super call.
+      EncryptedFile.instance_method(:password=).bind(self).call(passwd)
+      # If the file is still being initialized, @cont may be nil. In this case
+      # return.
+      return unless @cont
+      each do |k, v|
+        # Don't change nil values.
+        next unless v
+        # Otherwise decrypt with the old key and encrypt with the new.
+        # (Encryption is done automatically by #[]=)
+        self[k] = Crypto.decrypt(key, v)
+      end
+    end
+    
+    # Delegates to the tree for string representation.
+    # 
+    # @return [String] The string representation of the tree.
+    def to_s
+      @cont.to_s
+    end
+    
+  end
+  
+end

data/lib/imp/tree.rb

@@ -0,0 +1,105 @@
+
+module Imp
+  
+  # A directory-esque tree with labeled nodes and edges.
+  class Tree
+    
+    include Enumerable
+    
+    
+    # The value of the current node in the tree.
+    attr_accessor :val
+    
+    # Creates a new Tree.
+    # 
+    # @param val [Object] The node label of the tree.
+    def initialize(val = nil)
+      @val = val
+      @succ = {}
+    end
+    
+    # Gets a subtree by the label of the edge leading to it.
+    # 
+    # @param key [String] The edge label.
+    # @param create [Boolean] Whether or not the create a new Node if there
+    #   is no edge with the label given.
+    # @return [Tree, nil] The tree at the edge, or nil if it didn't exist
+    #   annd create was false.
+    def [](key, create = false)
+      if create and not @succ.include? key
+        @succ[key] = Tree.new
+      else
+        @succ[key]
+      end
+    end
+    
+    # Removes a subtree by the label of the edge leading to it.
+    # 
+    # @param key [String] The edge label.s
+    def delete(key)
+      @succ.delete key
+    end
+    
+    # Checks if this is a leaf node.
+    # 
+    # @return [Boolean] Wheter or not the node is a leaf.
+    def leaf?
+      @succ.length == 0
+    end
+    
+    # Iterates over (edge, node) pairs.
+    # 
+    # @yield [String, Tree] Edge, node pairs of connected nodes.
+    def each(&block)
+      @succ.each(&block)
+    end
+    
+    # Checks if an edge is included.
+    # 
+    # @param item [String] The string to check.
+    # @return [Boolean] Whether or not the string is an edge label going out
+    #   from this node.
+    def include? item
+      @succ.include? item
+    end
+    
+    # Gets a (more distant descendant of the current node.
+    # 
+    # @param key [String] A forward-slash seperated list of the edge labels to
+    #   follow.
+    # @param create [Boolean] Whether or not to create nodes if the edge
+    #   labels aren't used yet.
+    # @return [Tree, nil] The node connected through the edge labels, or nil
+    #   if there is no such node and create was false.
+    def descendant(key, create = false)
+      if key.include? '/'
+        key, keys = key.split('/', 2)
+        child = self[key, create]
+        if child
+          child.descendant(keys, create)
+        end
+      else
+        self[key, create]
+      end
+    end
+    
+    # Prints the skeleton of the tree. Node labels are NOT printed.
+    # 
+    # @param indent [Int] By how many stages to indent the tree.
+    # @return [String] The skeleton of the tree.
+    def to_s(indent = 0)
+      s = ""
+      each do |k, v|
+        s += '  ' * indent
+        s += k
+        s += '/' unless v.leaf?
+        s += '*' if v.val
+        s += "\n"
+        s += v.to_s(indent + 1)
+      end
+      return s
+    end
+    
+  end
+  
+end

data/lib/imp/ui.rb

@@ -0,0 +1,191 @@
+require 'highline/import'
+require 'readline'
+require 'timeout'
+require 'optparse'
+
+require_relative 'encrypted_tree'
+require_relative 'util'
+require_relative 'commands'
+require_relative '../imp'
+
+# A small and simple password manager.
+module Imp
+  
+  # Module handling user I/O.
+  module UI
+    
+    # The default file to save encrypted passwords in.
+    DEFAULT_FILE = '~/.imp/default.enc'
+    # The file of the history of the prompt.
+    HISTFILE = '~/.imp/hist'
+    # The string precending user input in the prompt.
+    PROMPT = 'imp> '
+    # The time in seconds, after which the program exits if it recieves no
+    # input from the user.
+    TIMEOUT = 300
+    
+    # Loads and decrypts a file. The password is asked for interactively.
+    def self.load_file
+      until $tree
+        begin
+          passwd = ask("Password for file #{$file} (leave blank to cancel): ")\
+              do |q|
+            q.echo = false
+          end
+          if passwd == ''
+            break
+          end
+          $tree = EncryptedTree.new(passwd, $file)
+        rescue OpenSSL::Cipher::CipherError
+          $stderr.puts "Decryption failed. Corrupt file or wrong password."
+        end
+      end
+    end
+    
+    # Closes the tree. This generally only happens right before ruby is about
+    # to exit so it isn't that important but hey.
+    def self.close_file
+      $tree.close
+      $tree = nil
+    end
+    
+    # Runs the program.
+    def self.main
+      load_options
+      if $opts[:file]
+        $file = $opts[:file]
+      else
+        $file = DEFAULT_FILE
+      end
+      load_file
+      # If no password was entered, quit.
+      exit unless $tree
+      welcome
+      init_readline
+      begin
+        prompt
+      ensure
+        close_file
+      end
+    end
+    
+    # Times out execution of a block and exits printing an appropriate message
+    # if the block doesn't time out in time.
+    # 
+    # The name is due to a conflict with Timeout's own.
+    def self.timeout(&block)
+      begin
+        Timeout::timeout(TIMEOUT, &block)
+      rescue Timeout::Error
+        $stderr.puts "\nUser input timeout. Closing..."
+        exit
+      end
+    end
+    
+    
+    private
+    
+    
+    # Load program options.
+    def self.load_options
+      $opts = {}
+      OptionParser.new do |opts|
+        opts.banner = "Usage: imp [options]"
+        opts.on('-v', '--[no-]verbose', 'Print exception stacks.') do |v|
+          $opts[:verbose] = v
+        end
+        opts.on('-f', '--file [FILE]', 'Load from the given file') do |f|
+          $opts[:file] = f
+        end
+      end.parse!
+    end
+    private_class_method :load_options
+    
+    # Displays welcome text.
+    def self.welcome
+      puts "imp version #{VERSION}"
+      puts "Using password file #{$file}."
+      puts "Welcome to imp! Type 'help' for a list of commands."
+    end
+    private_class_method :welcome
+    
+    # Runs a single command by the user. Also catches most errors and prints
+    # them.
+    def self.run(command)
+      # Ctrl-D will return nil; this should be a quit signal.
+      exit unless command
+      # Ignore empty commands
+      return if command == ''
+      command, args = command.strip.split(nil, 2)
+      command.downcase!
+      if Commands::METHODS.include? command
+        begin
+          Commands.send(command.to_sym, args)
+        rescue
+          $stderr.puts $!
+          if $opts[:verbose]
+            $!.backtrace.each do |t|
+              puts "\tfrom #{t}"
+            end
+          end
+        end
+      else
+        $stderr.puts "Command '#{command}' undefined. Type 'help' for a list "\
+          "of commands."
+      end
+    end
+    private_class_method :run
+    
+    # Runs a basic prompt for the user to interface with the program.
+    def self.prompt
+      load_prompt_hist
+      quit = false
+      begin
+        until quit
+          timeout do
+            input = Readline.readline(PROMPT, true)
+            quit = run(input) == :quit
+          end
+        end
+      ensure
+        save_prompt_hist
+      end
+    end
+    private_class_method :prompt
+    
+    # Loads the prompt history.
+    def self.load_prompt_hist
+      f = File.expand_path(HISTFILE)
+      return unless File.exists? f
+      f = File.new f
+      cont = f.read
+      f.close
+      Marshal.load(cont).each do |h|
+        Readline::HISTORY << h
+      end
+    end
+    private_class_method :load_prompt_hist
+    
+    # Saves the prompt history.
+    def self.save_prompt_hist
+      f = File.expand_path(HISTFILE)
+      Util.mkdirs(File.dirname(f))
+      f = File.new(f, "w")
+      f.write(Marshal.dump(Readline::HISTORY.to_a))
+      f.close
+    end
+    private_class_method :save_prompt_hist
+    
+    # Initializes autocompletion for readline.
+    def self.init_readline
+      Readline.completion_proc = proc do |s|
+        reg = /^#{Regexp.escape s}/
+        ret = Commands::METHODS.grep reg
+        ret + $tree.find_all{ |k, v|  k =~ reg && v }.map{ |k, _|  k }
+      end
+    end
+    private_class_method :init_readline
+    
+  end
+  
+end

data/lib/imp/util.rb

@@ -0,0 +1,19 @@
+
+module Imp
+  
+  # Contains misc. utility methods.
+  module Util
+    
+    # Creates as many directories as needed.
+    # 
+    # @param dir [String] The directory to create.
+    def self.mkdirs(dir)
+      return if Dir.exists? dir
+      parent = File.dirname(dir)
+      mkdirs(parent)
+      Dir.mkdir(dir)
+    end
+    
+  end
+  
+end

metadata

@@ -0,0 +1,90 @@
+--- !ruby/object:Gem::Specification
+name: imp
+version: !ruby/object:Gem::Version
+  version: 0.2.1
+platform: ruby
+authors:
+- Thomas Kerber
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-11-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: clipboard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |2-
+
+  IMP is a simple console password manager. Passwords are stored in an AES
+  encrypted filesystem-like tree. The main functionality includes printing,
+  setting and copying files, allowing the handling of passwords without them
+  being shown on screen.
+email: t.kerber@online.de
+executables:
+- imp
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/imp
+- lib/imp/commands.rb
+- lib/imp/crypto.rb
+- lib/imp/encrypted_tree.rb
+- lib/imp/tree.rb
+- lib/imp/util.rb
+- lib/imp/ui.rb
+- lib/imp/encrypted_file.rb
+- lib/imp.rb
+- LICENSE
+- README.md
+- imp.gemspec
+homepage: https://github.com/tkerber/imp
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: A lightweight console based password mangement system.
+test_files: []
+has_rdoc: