RubyGems - keepasshttp - Versions diffs - 0.1.1 → 0.2.0 - Mend

keepasshttp 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/.rubocop.yml +7 -1
data/Gemfile +3 -0
data/Gemfile.lock +3 -1
data/README.md +23 -5
data/exe/keepasshttp +30 -1
data/lib/keepasshttp.rb +29 -5
data/lib/keepasshttp/key_store.rb +107 -0
metadata +3 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8babaeef8f439832b4219ddf366386242ede64d42fd74b204e658dcd7c61d983
-  data.tar.gz: 4e9f8f1badad0824bb1ed6c67be75b03b31f0b3524be2287d89f7c794e572e93
+  metadata.gz: 2f07357cd21290bc9cdc42bbf6b12060a890d499e33a27dbf7e9278391862c6d
+  data.tar.gz: 3f4659d7322951be51501b5c95880a734b75152f4a9780847572e707d3d69609
 SHA512:
-  metadata.gz: 339f9ac3d4e43896db11340e56aa021d4ce47044abcb8f573bb7028dfab6801a6f78a4c39ad4daed26c2c0863e6db394bed1f6471494371babfed9c7b1eca82a
-  data.tar.gz: cc40c75b8f751b11026cd1420c4486e5b56c8e294dbb41971cf18e470f3eea9022e0899f15e452b1606f84405eafab6ddad5613e815e48f8d7cc2d229342c0d2
+  metadata.gz: c96c8c638dcab3ba57830b466f3c3dbab439100f4d54399f3497fe98538def7e35e5ecca2d8c44b8da7f3e6020f59ee565be482ce1968102b3f89039fe8df410
+  data.tar.gz: bcc493cf7281c03d75cf168466b009edb07338d63186ca4f3a6c467ca33f76f96930e08411176cd11b4f992ee1a810556a910f90015a6a977602d2cb89eedf50

data/.rubocop.yml CHANGED

@@ -2,4 +2,10 @@ AllCops:
   TargetRubyVersion: 2.5
 Naming/UncommunicativeMethodParamName:
-  AllowedNames: [ iv ]
+  AllowedNames:
+    - iv
+    - id
+Metrics/BlockLength:
+  Exclude:
+    - spec/*_spec.rb

data/Gemfile CHANGED

@@ -4,5 +4,8 @@ source 'https://rubygems.org'
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+# Optional depdendency
+gem 'net-ssh'
 # Specify your gem's dependencies in keepasshttp.gemspec
 gemspec

data/Gemfile.lock CHANGED

@@ -1,12 +1,13 @@
 PATH
   remote: .
   specs:
-    keepasshttp (0.1.1)
+    keepasshttp (0.2.0)
 GEM
   remote: https://rubygems.org/
   specs:
     diff-lcs (1.3)
+    net-ssh (5.0.2)
     rake (10.5.0)
     rspec (3.8.0)
       rspec-core (~> 3.8.0)
@@ -28,6 +29,7 @@ PLATFORMS
 DEPENDENCIES
   bundler (~> 1.16)
   keepasshttp!
+  net-ssh
   rake (~> 10.0)
   rspec (~> 3.0)

data/README.md CHANGED

@@ -20,14 +20,32 @@ Or install it yourself as:
 ## Usage
-```
-require 'keepass'
+```ruby
+require 'keepasshttp'
-keep = Keepass.connect
+keep = Keepasshttp.connect
-keep.password_for('http://example.com')
+keep.credentials_for('http://example.com')
 ```
+### KeyStores
+With the above code you'll be prompted by your Keepass to enter a label for the new key (because the tool generates a new key every time)
+which is shorter that typing your password but still annoying. So I added a (session) key_store. At the moment you can choose between:
+  * :Plain - save your key in plaintext - maximum convienience, minimal security
+    ```ruby
+      Keepasshttp.connect(key_store: :Plain)
+    ```
+  * :SshAgent - (re)use your running ssh-agent session to encrypt your session key (and then save it to a file)
+    ```ruby
+      Keepasshttp.connect(key_store: :SshAgent)
+    ```
+  * { key:, id: } - Do the keymanagement yourself and just input the necessary keys as Hash.
+    ```ruby
+      Keepasshttp.connect(key_store: { key: 'SECRET', id: 'Foo' })
+    ```
 ## Development
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
@@ -37,7 +55,7 @@ To install this gem onto your local machine, run `bundle exec rake install`.
 To see if it works run
 ```bash
-$ keepasshttp URL_THAT_IS_IN_YOUR_KEEPASSDB
+$ keepasshttp URL_THAT_IS_IN_YOUR_KEEPASSDB [OPTS]
 ```
 If it works Keypass will prompt you for a label (which name you pick is irrelevant) and it should print you an json to the shell containing your data.

data/exe/keepasshttp CHANGED

@@ -4,5 +4,34 @@
 require 'bundler/setup'
 require 'keepasshttp'
 require 'json'
+require 'optparse'
-puts Keepasshttp.connect.password_for(ARGV[0]).to_json
+params = {}
+ARGV.options do |opts|
+  opts.on('-p INTEGER', '--port', 'Use Keystore::Plain') do |val|
+    params[:port] = val.to_i
+  end
+  opts.on('--plain', 'Use Keystore::Plain') do
+    params[:key_store] = :Plain
+  end
+  opts.on('--ssh-agent', 'Use Keystore::SshAgent') do
+    params[:key_store] = :SshAgent
+  end
+  opts.on('--key STRING', 'Input your key directly') do |val|
+    params[:key_store] ||= {}
+    params[:key_store][:key] = val
+  end
+  opts.on('--id STRING', 'Input your id directly') do |val|
+    params[:key_store] ||= {}
+    params[:key_store][:id] = val
+  end
+  opts.parse!
+end
+puts Keepasshttp.connect(params).credentials_for(ARGV[0]).to_json

data/lib/keepasshttp.rb CHANGED

@@ -17,23 +17,34 @@ class Keepasshttp
   end
   using Base64Helper
-  VERSION = '0.1.1'
+  VERSION = '0.2.0'
-  def self.connect(port: 19_455)
-    kee = new(port: port)
+  def self.connect(**params)
+    kee = new(**params)
     kee.login
     kee
   end
   attr_accessor :port
   attr_reader :session
+  attr_reader :id
+  autoload :KeyStore, 'keepasshttp/key_store'
-  def initialize(port: 19_455)
+  def initialize(port: 19_455, key_store: false)
     @port = port
     @session = false
+    init_keystore(key_store) if key_store
   end
-  def password_for(url)
+  def init_keystore(key_store)
+    @key_store = if key_store.is_a?(Hash)
+                   KeyStore::External.new(key_store)
+                 else
+                   KeyStore.const_get(key_store)
+                 end
+  end
+  def credentials_for(url)
     ping
     enc_url = encrypt(url, iv: new_iv)
@@ -51,6 +62,9 @@ class Keepasshttp
     @session = OpenSSL::Cipher.new('AES-256-CBC')
     session.encrypt
+    return cached_login if @key_store&.available?
     @key = session.random_key
     new_iv
@@ -58,6 +72,16 @@ class Keepasshttp
     return false unless json
     @id = json['Id']
+    @key_store&.save(id: @id, key: @key)
+  end
+  def cached_login
+    cache = @key_store.load
+    @key = cache[:key]
+    @id = cache[:id]
+    new_iv
+    ping
   end
   def ping

data/lib/keepasshttp/key_store.rb ADDED

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+require 'yaml'
+class Keepasshttp
+  module KeyStore
+    # Input the key and the id directly into the client so you can take care
+    # of the storage yourself.
+    class External
+      def initialize(key:, id:)
+        @params = { key: key, id: id }
+      end
+      def save(*_args)
+        false
+      end
+      def load
+        @params
+      end
+      def available?
+        true
+      end
+    end
+    # The most simple but unsecure way wo store your session key (so you don't
+    # have to reenter the label over and over again). Use this only for testing!
+    class Plain
+      # TODO, make the PATH adjustable
+      PATH = File.join(Dir.home, '.keepasshttp-ruby')
+      def self.save(params = {})
+        File.write(PATH, params.to_yaml)
+      end
+      def self.load
+        YAML.load_file(PATH)
+      end
+      def self.available?
+        File.exist?(PATH) && File.size(PATH).positive?
+      end
+    end
+    # Use your running ssh-agent session to encrypt your session key
+    class SshAgent < Plain
+      class << self
+        def available?
+          require 'net/ssh'
+          super
+        rescue LoadError
+          raise LoadError, 'To use key_store: :SshAgent you have to install ' \
+                           "the 'net-ssh' gem"
+        end
+        def save(params = {})
+          enc, iv = encrypt(params.delete(:key))
+          params[:key] = enc
+          params[:iv] = iv
+          super(params)
+        end
+        def load
+          params = super
+          params[:key] = decrypt(params[:key], iv: params.delete(:iv))
+          params
+        end
+        private
+        def encrypt(string)
+          agent = Net::SSH::Authentication::Agent.connect
+          cip = OpenSSL::Cipher.new('AES-256-CBC')
+          cip.encrypt
+          iv = cip.random_iv
+          cip.key = agent.sign(identity(agent), iv)[-32..-1]
+          [cip.update(string) + cip.final, iv]
+        end
+        def decrypt(string, iv:)
+          agent = Net::SSH::Authentication::Agent.connect
+          cip = OpenSSL::Cipher.new('AES-256-CBC')
+          cip.decrypt
+          cip.iv = iv
+          cip.key = agent.sign(identity(agent), iv)[-32..-1]
+          cip.update(string) + cip.final
+        end
+        # TODO, make the key selectable
+        def identity(agent)
+          if agent.identities.empty?
+            raise 'No identity available. Run `ssh-add` and try again'
+          end
+          agent.identities.first
+        end
+      end
+    end
+  end
+end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keepasshttp
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Holger Arndt
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-09-25 00:00:00.000000000 Z
+date: 2018-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -74,6 +74,7 @@ files:
 - exe/keepasshttp
 - keepasshttp.gemspec
 - lib/keepasshttp.rb
+- lib/keepasshttp/key_store.rb
 homepage: https://github.com/Kjarrigan/keepasshttp-ruby
 licenses:
 - MIT