lenc 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a71c838f760ff31a7d853f32b8f9fdcc04621b56
-  data.tar.gz: e4ee1f83e5fd2b158ec5397703f02402f1b1a182
+  metadata.gz: fbdf59fe864cde5c6b5d6ab0029ed7b3086b6abb
+  data.tar.gz: 935307daa431368ca0f0d86a8b9eca068d1d1b58
 SHA512:
-  metadata.gz: 1bc44af9c93ec3992406479f342e56146d8607f4f564ec594bdb67f23aa1f5e2b5afd31f0c2e32f76951d6e48ec615a0c24d86cadd50b703d98c2099c88a7da4
-  data.tar.gz: adf0c0379be49bbdb19ace972fa517f56bdf643ef19c51b5deb32376631dc19e098c0b6d301f1d62b5dc054078855efa69ebd8376f9ea806d94beefd2b5abb73
+  metadata.gz: 1377690289e75b202bf0a6ee0cffc28c469688ccde9a8dcba36051eed8433b2f32010f5db40b6d648a4d214e0a74ead2c2f4555c2caef5aa5875d21fd17cb90e
+  data.tar.gz: 46b0cc17fc7254f5a87abe27099d0f3ee21e92fc133bd87de2e20c1df052bc385def1bcda8a1e64f7fd280656a8e46c6664143c1020a91bfc989fb694cbc71a0

data/CHANGELOG.txt

@@ -1,2 +1,7 @@
-2013-03-21 Jeff Sember jpsember@gmail.com
+2013-03-21 
   * Version 1.0.0 released
+
+2013-03-22 
+  * For added safety, unless the --storekey option is given when the repository is
+    initialized, the key is no longer stored in repository configuration file, and
+    the user is prompted at every update to enter the password.

data/README.txt

@@ -1,29 +1,35 @@
-lenc : Maintains encrypted repositories of files, enabling secure, encrypted
+# @markup markdown
+
+Lenc
+===========
+
+A Ruby Gem that maintains encrypted repositories of files, enabling secure, encrypted
 backups to free cloud services such as Dropbox, Google Drive, and Microsoft SkyDrive.
 
 Written and (c) by Jeff Sember, March 2013.
-================================================================================
-
 
+Directory structure
+--------
 The program manipulates three distinct directories:
 
-1) A <source> directory, which holds all the
+* A \<source\> directory, which holds all the
 files to be encrypted.  The only file that the program modifies within this
 directory tree is a hidden configuration file ".lenc" (on Windows, this file
 is named "__lenc_repo__.txt").
 
-2) An <encrypted> directory, where the program stores the encrypted
+* An \<encrypted\> directory, where the program stores the encrypted
 versions of all the files found in the <source> directory.  This directory
 is usually mapped to a cloud service (e.g., Dropbox), or perhaps to a thumb drive.
-NOTE:  THE <encrypted> DIRECTORY IS MANAGED BY THE PROGRAM!  
-ANY FILES WRITTEN TO THIS DIRECTORY BY THE USER MAY BE DELETED.
+		
+		NOTE:  THE <encrypted> DIRECTORY IS MANAGED BY THE PROGRAM!  
+		ANY FILES WRITTEN TO THIS DIRECTORY BY THE USER MAY BE DELETED.
 
-3) A <recover> directory.  The program can recover a set of encrypted files here.
+* A \<recover\> directory.  The program can recover a set of encrypted files here.
 For safety, the this directory must not lie within an existing repository.
 
 
 Running the program
-================================================================================
+----
 
 The program can be asked to perform one of the following tasks:
 
@@ -33,17 +39,17 @@ directory, and make it the current directory.  Type:
     lencrypt -i KEY ENCDIR
     
 with KEY a set of characters (8 to 56 letters) to be used as the encryption key,
-and ENCDIR the name of the <encrypted> directory (it must not already exist, and
+and ENCDIR the name of the \<encrypted\> directory (it must not already exist, and
 it cannot lie within the current directory's tree).
  
 
-2) Updating a repository. From within a <source> directory tree, type:
+2) Updating a repository. From within a \<source\> directory tree, type:
 
     lencrypt
     
-The program will examine which files within the <source> directory have been
-changed (since the repository was created or last updated), and re-encrypt these
-into the <encrypted> directory.
+You will be prompted for the encryption key, and then the program will examine 
+which files within the \<source\> directory have been changed (since the repository 
+was created or last updated), and re-encrypt these into the \<encrypted\> directory.
     
 3) Recovering encrypted files.  Type:
 
@@ -52,12 +58,16 @@ into the <encrypted> directory.
 with KEY the key associated with a repository whose encrypted files are stored in ENCDIR.
 The recovered files will be stored in RECDIR.
 
+
+Additional options can be found by typing:
+
+		lencrypt -h
     
     
 Ignore files
-================================================================================
+----------------
 If desired, you can avoid storing selected files in the encryption repository.  
-Within the <source> directory (or any of its subdirectories), place a text 
+Within the \<source\> directory (or any of its subdirectories), place a text 
 file '.lencignore' with a list of file or directory names (or patterns) to be 
 ignored.  Example:
 
@@ -74,17 +84,17 @@ Some files are automatically ignored, e.g. ".DS_Store".
 
 The format of ignore files is similar to that of .gitignore files.  Details:
  
-	[] Each line should contain a single pattern representing files or directories to be ignored.
-	[] A line will be ignored (treated as a comment) if it is blank, or if it starts with '#'.
-	[] The path separator should be '/' (Mac, Unix) or '\' (Windows).
-	[] If a pattern starts with '#', you can precede it with '\' to avoid it being ignored.
-	[] Precede a pattern with '!' to specifically include files/directories, overriding any previous
-   		matching pattern in a parent directory.
-	[] If a pattern ends with the path separator, it will be removed, and the pattern will
-   		match only directories, not files.
-	[] The wildcard '*' matches for any sequence of zero or more characters.
-	[] The wildcard '?' matches any single character.
-	[] If the pattern contains any path separators, then the wildcards '*', '?' will not
-   		match the path separator.
+* Each line should contain a single pattern representing files or directories to be ignored.
+* A line will be ignored (treated as a comment) if it is blank, or if it starts with '#'.
+* The path separator should be '/' (Mac, Unix) or '\' (Windows).
+* If a pattern starts with '#', you can precede it with '\' to avoid it being ignored.
+* Precede a pattern with '!' to specifically include files/directories, overriding any previous
+ 		matching pattern in a parent directory.
+* If a pattern ends with the path separator, it will be removed, and the pattern will
+ 		match only directories, not files.
+* The wildcard '*' matches for any sequence of zero or more characters.
+* The wildcard '?' matches any single character.
+* If the pattern contains any path separators, then the wildcards '*', '?' will not
+ 		match the path separator.
  
  

data/lib/lenc/aes.rb

@@ -430,10 +430,10 @@ module RepoInternal
     #  
     # Returns true iff the start of the string seems to decrypt correctly
     # for the given password
-    def is_string_encrypted(key, test_str) 
-      db = false
+    def self.is_string_encrypted(key, test_str) 
+      db = warndb 0
       
-      !db || hexDump(test_str, "areBytesEncrypted?")
+      !db || hex_dump(test_str, "areBytesEncrypted?")
       
       simple_str(test_str)
       
@@ -445,10 +445,10 @@ module RepoInternal
       end
       
       begin
-          de = MyAES(False, key)    
-          de.finish(test_str[:_AES_BLOCK_SIZE + NONCE_SIZE_SMALL])
+          de = MyAES.new(false, key)    
+          de.finish(test_str[0...AES_BLOCK_SIZE + NONCE_SIZE_SMALL])
           decr = de.flush()
-          !db || hexDump(decr,"decrypted successfully")
+          !db || hex_dump(decr,"decrypted successfully")
       rescue LEnc::DecryptionError
         !db || pr(" (caught DecryptionError)\n")
         return false
@@ -460,9 +460,9 @@ module RepoInternal
     # Determines if a file is an encrypted file
     # @param key    password to use (string, or array of bytes) 
     # @param path    path to file
-    # Returns true iff the start of the file seems to decrypt correctly
+    # @return true iff the start of the file seems to decrypt correctly
     # for the given password, and the file is of the expected length.
-    def is_file_encrypted(key, path) 
+    def self.is_file_encrypted(key, path) 
       
     #    key = str_to_bytes(key)
       

data/lib/lenc/lencrypt.rb

@@ -10,7 +10,9 @@ class LEncApp
     req 'trollop'
     p = Trollop::Parser.new do
         opt :init, "create new encryption repository: KEY ENCDIR ", :type => :strings
-        opt :orignames, "leave filenames unencrypted"
+        opt :orignames, "(with --init) leave filenames unencrypted"
+        opt :storekey, "(with --init) store the key within the repository configuration file so it" \
+              " need not be entered with every update"
         opt :update, "update encrypted repository (default operation)"
         opt :recover, "recover files from an encrypted repository: KEY ENCDIR RECDIR", :type => :strings
         opt :where, "specify source directory (default = current directory)", :type => :string
@@ -42,7 +44,7 @@ class LEncApp
       if (a = options[:init])
         Trollop::die("Expecting: KEY ENCDIR") if a.size != 2
         pwd,encDir = a
-        r.create(options[:where], pwd, encDir, options[:orignames])
+        r.create(options[:where], pwd, encDir, options[:orignames], options[:storekey])
       elsif (a = options[:recover])
         Trollop::die("Expecting: KEY ENCDIR RECDIR") if a.size != 3
         r.perform_recovery(a[0],a[1],a[2])
@@ -62,9 +64,20 @@ end
 if __FILE__ == $0
   args = ARGV
   
-#  warn("trying special")
-#  args = "-w /Users/jeff/Desktop/_testdirs_ -r feefiefoefumaldkjsdaflkj /Users/jeff/Desktop/_testdirs_/encr /Users/jeff/Desktop/_testdirs_/resc2".split
-#  args = "-h".split
+#  if true && Dir.home.end_with?("/jeff")  
+#    warn("trying special")
+#    bs = File.join(Dir.home,"Desktop/_testdirs_")
+#    
+#    if !File.file? "#{bs}/src/.lenc"
+#      s = "-w #{bs}/src -i onefishtwofishredfishbluefish #{bs}/encr"
+#    else
+#      s = "-w #{bs}/src"
+#    end
+##    s = "-h"
+#    args = s.split
+#    #  args = "-h".split
+#  end
+  
   LEncApp.new().run(args)
 end
   

data/lib/lenc/repo.rb

@@ -104,7 +104,7 @@ module LEnc
       
       # During recovery, we will use the first file we encounter to 
       # verify if the supplied password is correct, and abort if not.
-      @password_verified = false
+      @recovery_pwd_verified = false
       
       if options.size > 0
         raise ArgumentError, "Unrecognized options: " + d2(options)
@@ -119,10 +119,11 @@ module LEnc
     # @param enc_dir   directory to store encrypted files; must not yet exist, and must
     #                 not represent a directory lying within the repo_dir tree
     # @param original_names   if true, the filenames are not encrypted, only the file contents
-    #           
+    # @param store_key  if true, the key is written to the repository configuration file; otherwise,
+    #                   user must supply the key every time the repository is updated
     # @raise ArgumentError if appropriate
     #
-    def create(repo_dir, key, enc_dir, original_names=false) 
+    def create(repo_dir, key, enc_dir, original_names=false, store_key=true) 
       raise IllegalStateException if @state != STATE_CLOSED 
       
       db = warndb 0
@@ -165,7 +166,19 @@ module LEnc
           + " is illegal" 
       end
         
-      @confFile.set('key', key) 
+      if store_key
+        @confFile.set('key', key)
+      end
+      
+      # Construct a string that verifies the password is correct
+      en = MyAES.new(true, key  )
+      en.finish("!!!")            
+      verifier_string = en.flush
+
+      # Store key verifier as an array of bytes, to avoid nonprintable problems
+      vs2 = Base64.urlsafe_encode64(verifier_string)
+      @confFile.set('key_verifier', vs2)
+      
       
       # Create encryption directory
       if File.exists?(edir)
@@ -173,12 +186,13 @@ module LEnc
         "Encryption directory or file already exists: '#{edir}'"
       end
       
-      @confFile.set('encDir', edir)
+      @confFile.set('enc_dir', edir)
       
       if not @dryrun 
         Dir.mkdir(edir)
         @confFile.write()
       end
+      
     end
   
       
@@ -186,11 +200,13 @@ module LEnc
     # 
     # @param startDirectory  directory lying within repository tree; if nil, uses
     #       current directory
-    #   
+    # @param password repository password; if a password was stored with the repository
+    #       when it was created, this parameter is ignored; if this parameter is null, and
+    #       no password was stored with the repository, the user will be prompted for one
     # @raise  IllegalStateException if repository is already open 
     # @raise  ArgumentError if directory doesn't exist, or does not lie in a repository 
     #
-    def open(startDirectory=nil) 
+    def open(startDirectory=nil, password = nil) 
       db = warndb 0
       !db || pr("Repo.open startDir=%s\n",d(startDirectory))
         
@@ -223,12 +239,30 @@ module LEnc
       end
       
       # Read values from configuration to instance vars
-      @encrDir = @confFile.val('encDir')
-      @encrKey = @confFile.val('key') 
+      @encrDir = @confFile.val('enc_dir')
+      pwd = @confFile.val('key') || password
+      if !pwd
+        printf("Password: ")
+        pwd = gets
+        if pwd
+          pwd.strip!
+          pwd = nil if pwd.size == 0
+        end
+        if !pwd
+          raise DecryptionError, "No password given"
+        end
+      end
+      
       @orignames = @confFile.val('orignames')
+      @encrKey = pwd
       
       prepareKeys()
-  
+      
+      key_verifier = @confFile.val('key_verifier')
+      key_verifier = Base64.urlsafe_decode64(key_verifier)
+            
+      verify_encrypt_pwd(pwd, key_verifier)
+      
       @state = STATE_OPEN
     end
   
@@ -494,7 +528,7 @@ module LEnc
       @confFile = nil
       @repoBaseDir = nil
       @encrDir = nil
-      @version = 1.0
+      @version = 2.0
       @orignames = false
       initIgnoreList()
     end
@@ -612,14 +646,26 @@ module LEnc
         raise DecryptionError(e) 
       end
       
-      set_password_verified()
+      set_recovery_pwd_verified()
       
       return s
     end
   
-    def set_password_verified
-      if !@password_verified
-        @password_verified = true
+    # Verify that a key is the correct password for this repository.
+    # @param key key to verify
+    # @param key_verifier an encrypted string that will decrypt correctly if the key is correct
+    def verify_encrypt_pwd(key, key_verifier)
+      db = warndb 0
+      !db || pr("verify_encrypt_pwd key %s, verifier %s\n",d(key),hex_dump_to_string(key_verifier))
+
+      if !MyAES.is_string_encrypted(key, key_verifier)
+        raise(DecryptionError, "#{key} is not the correct password for this repository")
+      end
+    end
+    
+    def set_recovery_pwd_verified
+      if !@recovery_pwd_verified
+        @recovery_pwd_verified = true
       end
     end
     
@@ -881,7 +927,7 @@ module LEnc
           rescue DecryptionError
             encPath = File.absolute_path(File.join(encryptDir,f))
             pth = rel_path(encPath, @inputDir)
-            if !@password_verified
+            if !@recovery_pwd_verified
               raise(DecryptionError,"Wrong password (cannot decrypt filename #{pth})")
             end
                           
@@ -917,7 +963,7 @@ module LEnc
           end
           begin
             convertFile(encrFullPath, TEMPFILENAME, false, showProgress)
-            set_password_verified()
+            set_recovery_pwd_verified()
             if not @dryrun
               if File.file?(origPath) 
                   remove_file_or_dir(origPath)
@@ -926,7 +972,7 @@ module LEnc
             end
           rescue DecryptionError => e
                         
-            if !@password_verified
+            if !@recovery_pwd_verified
               raise(DecryptionError,"Wrong password (cannot decrypt file #{pth})")
             end
             

data/lib/lenc/tools.rb

@@ -530,7 +530,8 @@ end
 
 if defined? Test::Unit
   
-  # Framework for suite testing
+  # A simple extension to Ruby's Test::Unit class that provides
+  # suite-level setup/teardown methods.
   # 
   # If test suite functionality is desired within a script,
   # then require 'test/unit' before requiring 'tools.rb'.
@@ -568,8 +569,8 @@ if defined? Test::Unit
   # 2) The base class implementations of method_/suite_xxx do nothing.
   # 
   # 3) The number of test cases reported may be higher than you expect, since
-  # there are test methods defined by the TestSuite class to acheive this
-  # functionality.
+  # there are additional test methods defined by the TestSuite class to
+  # implement the suite setup / teardown functionality.
   #
   # 4) Avoid naming test methods that fall outside of test_01 ... test_zz.
   #

data/test/test.rb

@@ -227,7 +227,7 @@ end
   def create_repo
     clean
     rp = build_repo_obj
-    rp.create(@@sourceDir,@@key,@@encryptDir)
+    rp.create(@@sourceDir,@@key,@@encryptDir, true)
     rp.close  
     rp
   end
@@ -306,13 +306,13 @@ end
   # Create repo using lencrypt program
   def test_101_create_repo
     clean
-    a = "-i #{@@key} #{@@encryptDir}"
+    a = "-i #{@@key} #{@@encryptDir} --storekey"
     ex(a)
   end
 
   def test_101_update_repo_with_verify
     clean
-    ex("-i #{@@key} #{@@encryptDir}")
+    ex("-i #{@@key} #{@@encryptDir} --storekey")
     rp = build_repo_obj
     rp.open(@@sourceDir)
     rp.perform_update(true)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lenc
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Jeff Sember