ncypher 0.6.1 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +5 -5
  2. data/.travis.yml +5 -3
  3. data/README.md +33 -7
  4. data/exe/ncypher +24 -15
  5. data/lib/ncypher.rb +33 -14
  6. data/lib/ncypher/version.rb +1 -1
  7. data/ncypher.gemspec +3 -4
  8. metadata +9 -24
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: b65ff999987a0b7d414107d2910d0e00d5f206fd
4
- data.tar.gz: c82bced9cc0630a9700162fda252abe17922fee3
2
+ SHA256:
3
+ metadata.gz: 868bcb19ae0d6aea28005adc399f21ca2dd461663ff9cbaf8e7a3a767734052b
4
+ data.tar.gz: 830d632e5fc2f119e6768ae7e115c2cfccdac0fa017379241ef6397c418923d1
5
5
  SHA512:
6
- metadata.gz: 48e16e07449f59be41db2260df232003fd7d527dba43fca21972d8ed6716e4b7810813eb66a47c64b195820b90822f59351a304e90a3594510d2fec05fbf0b39
7
- data.tar.gz: 7bf1a6aa712ab2c6425d5b240dc9ac344f071ad3b86dd79c1be9de083a7dd3eae0e0c00eddb6b85fb911244181a46b884e23ab6a12ab893fc6618379946ff27c
6
+ metadata.gz: f8525b09eebde943e697c665c813ab6814eb867fddef0bd7f0e864c3aa0d293a7c55da4ba2557793246f23a70642fc7229a949be3b2514530670789358a0be11
7
+ data.tar.gz: ddff860755ae08603db392033d72583766e34efaa758f0044be4e0e0deab29afea9f669833dd2cc73f96c01029de8854aead7b576147a98cd1280cc2e0e70517
data/.travis.yml CHANGED
@@ -2,9 +2,11 @@ sudo: false
2
2
  cache:
3
3
  bundler: true
4
4
  language: ruby
5
- rvm:
6
- - 2.2.1
7
- before_install: gem install bundler -v 1.12.5
5
+ dist: bionic
6
+ before_install:
7
+ - gem install bundler -v 2.0
8
+ - sudo apt-get update -y
9
+ - sudo apt-get install -y libsodium23
8
10
  script: bundle exec rake
9
11
  deploy:
10
12
  provider: rubygems
data/README.md CHANGED
@@ -3,7 +3,15 @@
3
3
 
4
4
  # Ncypher
5
5
 
6
- Ncypher is a gem to help you to encrypt your credentials in your ruby apps in a safe manner.
6
+ Ncypher is a gem to help you to encrypt your credentials in your projects in a safe manner.
7
+
8
+ ## Upgrade from versions before 1.0
9
+ Versions before 1.0 were using rbnacl-libsodium gem which is now deprecated.
10
+ The big difference is that now you need to have libsodium installed on your host system.
11
+ That also means faster gem installation. =)
12
+ Check https://github.com/RubyCrypto/rbnacl/wiki/Installing-libsodium for more info.
13
+ Note: You need Argon2 support. So libsodium >= v1.0.15
14
+
7
15
 
8
16
  ## Installation
9
17
 
@@ -32,8 +40,8 @@ You can also set the env variable `NCYPHER_KEY` to that generated key (i.e `expo
32
40
 
33
41
  To encrypt a new password (or anything else), ncypher supports stdin. So you can do:
34
42
  ```
35
- $> cat secret_file | ncypher encrypt > secret_file.encrypted
36
- $> cat secret_file.encrypted | ncypher decrypt > secret_file
43
+ $> ncypher encrypt < secret_file > secret_file.encrypted
44
+ $> ncypher decrypt < secret_file.encrypted > secret_file
37
45
  $> ncypher encrypt
38
46
  mypassword
39
47
  <CTRL+D>
@@ -61,21 +69,39 @@ p4$$w0rd
61
69
 
62
70
  :)
63
71
 
64
- And Ncypher::Ncypher.decrypt will magically use your key in `.ncypher_key` to decrypt that password at runtime.
72
+ And if you are using ruby, Ncypher::Ncypher.decrypt will magically use your key in `.ncypher_key` to decrypt that password at runtime.
65
73
  Now you can directy put in your .yaml files:
66
74
  ```
67
75
  defaults: &defaults
68
76
  my_password: <%= Ncypher::Ncypher.decrypt('lXEwfKv4dEjmK0kojEAnikNsLCsVCtSMiR2aSfM6uUXYn2DzCZ3O7SA9HaGnMp/kEEsI') %>
69
77
  ```
70
78
 
79
+ ## Password derived secret key
80
+
81
+ In some cases you may want to derive a key from a particular password you have memorized. You can simply do:
82
+
83
+ ```
84
+ $> ncypher derive_key p4$$w0rd
85
+ R9RgHcFnuHr+86/7v3MdDyu3V63jh69VCPMXknA2v6E=
86
+ SALT: 4+d4JTGTxRbtXs1vYScBYg==
87
+ ```
71
88
 
89
+ You can see that the salt is randomly generated for security reasons. You should put that salt in a `.ncypher_salt` file in the current directory (this file can be pushed to your repository). So that the next time you do `ncypher derive_key p4$$w0rd` you get the exact same ncyper\_key generated.
90
+ Note that the salt is written on STDERR so you can directly do:
72
91
 
92
+ ```
93
+ $> ncypher derive_key p4$$w0rd > .ncypher_key
94
+ SALT: WKCAkJcS65nx3lA/w1BmBw==
95
+ ```
73
96
 
74
- ## Development
97
+ Then you have the ncypher\_key in .ncypher\_key. Be sure to save the salt if you want to be able to derive back the exact same key in the future.
98
+ The derive_key command also listen to stdin so for safety you can instead do:
75
99
 
76
- After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
100
+ ```
101
+ $> ncypher derive_key > .ncypher_key
102
+ ```
77
103
 
78
- To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
104
+ And enter your password then CTRL+D.
79
105
 
80
106
  ## Contributing
81
107
 
data/exe/ncypher CHANGED
@@ -1,17 +1,16 @@
1
1
  #!/usr/bin/env ruby
2
- require 'ncypher'
2
+ require "ncypher"
3
3
 
4
4
  begin
5
- Object.const_get('Ncypher')
5
+ Object.const_get("Ncypher")
6
6
  rescue NameError
7
- require 'bundler/setup'
7
+ require "bundler/setup"
8
8
  end
9
9
 
10
- SUB_COMMANDS = %w(generate_key encrypt decrypt)
11
-
12
10
  if ARGV.empty?
13
11
  STDERR.puts "Ncypher a credential encryption tool"
14
12
  STDERR.puts "usage: ncypher generate_key"
13
+ STDERR.puts "usage: ncypher derive_key <password> [salt]"
15
14
  STDERR.puts "usage: ncypher key"
16
15
  STDERR.puts "usage: ncypher encrypt <text>"
17
16
  STDERR.puts "usage: ncypher decrypt <text>"
@@ -20,14 +19,24 @@ end
20
19
 
21
20
  cmd = ARGV.shift
22
21
  case cmd
23
- when "generate_key"
24
- puts Ncypher::Ncypher.new.generate_key
25
- when "key"
26
- puts Ncypher::Ncypher.new.key_b64
27
- when "encrypt"
28
- text = (ARGV.shift || STDIN.read)
29
- puts Ncypher::Ncypher.new.encrypt(text.strip)
30
- when "decrypt"
31
- text = (ARGV.shift || STDIN.read)
32
- puts Ncypher::Ncypher.new.decrypt(text.strip)
22
+ when "generate_key"
23
+ puts Ncypher::Ncypher.new.generate_key
24
+ when "derive_key"
25
+ password = (ARGV.shift || STDIN.read)
26
+ unless password
27
+ abort "ncypher derive_key <password> [salt]"
28
+ end
29
+ salt = File.exists?(".ncypher_salt") ? File.read(".ncypher_salt")&.strip : ARGV.shift
30
+ key, used_salt = Ncypher::Ncypher.new.derive_key(password.strip, salt)
31
+ STDOUT.puts key
32
+ STDERR.puts "SALT: #{used_salt}" # Put salt on stderr so we can do ncypher deriver_key password > .ncypher_key
33
+ # and keep salt out of .ncypher_key
34
+ when "key"
35
+ puts Ncypher::Ncypher.new.key_b64
36
+ when "encrypt"
37
+ text = (ARGV.shift || STDIN.read)
38
+ puts Ncypher::Ncypher.new.encrypt(text.strip)
39
+ when "decrypt"
40
+ text = (ARGV.shift || STDIN.read)
41
+ puts Ncypher::Ncypher.new.decrypt(text.strip)
33
42
  end
data/lib/ncypher.rb CHANGED
@@ -1,14 +1,13 @@
1
1
  require "ncypher/version"
2
2
 
3
- require 'base64'
4
- require 'rbnacl/libsodium'
5
- require 'rbnacl'
3
+ require "base64"
6
4
 
7
- module Ncypher
5
+ require "rbnacl"
8
6
 
7
+ module Ncypher
9
8
  class Ncypher
10
-
11
- def initialize(key_filename: '.ncypher_key')
9
+ def initialize(key_filename: ".ncypher_key", key: nil)
10
+ @key = key ? Base64.strict_decode64(key.strip) : nil
12
11
  @key_filename = key_filename
13
12
  end
14
13
 
@@ -21,14 +20,31 @@ module Ncypher
21
20
  end
22
21
 
23
22
  def generate_key
24
- generated_key = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
23
+ digest_size = 32 # RbNaCl::SecretBox.key_bytes
24
+ generated_key = RbNaCl::Random.random_bytes(digest_size)
25
25
  Base64.strict_encode64(generated_key)
26
26
  end
27
27
 
28
+ def derive_key(password, encoded_salt = nil)
29
+ salt_size = 16 # RbNaCl::PasswordHash::Argon2::SALTBYTES
30
+ salt ||= encoded_salt ?
31
+ Base64.strict_decode64(encoded_salt) :
32
+ RbNaCl::Random.random_bytes(salt_size)
33
+
34
+ opslimit = 5
35
+ memlimit = 7_256_678
36
+ digest_size = 32 # RbNaCl::SecretBox.key_bytes
37
+ generated_key = RbNaCl::PasswordHash::Argon2.new(opslimit, memlimit, digest_size)
38
+ .digest(password, salt, :argon2i)
39
+ [Base64.strict_encode64(generated_key), Base64.strict_encode64(salt)]
40
+ end
41
+
28
42
  def key
29
- saved_key = ENV['NCYPHER_KEY'] || find_keyfile
30
- abort "Can't find .ncypher_key file or NCYPHER_KEY env variable" if saved_key.nil?
31
- Base64.strict_decode64(saved_key.strip)
43
+ @key ||= begin
44
+ saved_key = ENV["NCYPHER_KEY"] || find_keyfile
45
+ abort "Can't find .ncypher_key file or NCYPHER_KEY env variable" if saved_key.nil?
46
+ Base64.strict_decode64(saved_key.strip)
47
+ end
32
48
  end
33
49
 
34
50
  def key_b64
@@ -47,6 +63,10 @@ module Ncypher
47
63
  Ncypher.new.generate_key
48
64
  end
49
65
 
66
+ def self.derive_key(password, salt = nil)
67
+ Ncypher.new.derive_key(password, salt)
68
+ end
69
+
50
70
  def self.key
51
71
  Ncypher.new.key
52
72
  end
@@ -56,18 +76,17 @@ module Ncypher
56
76
  end
57
77
 
58
78
  private
79
+
59
80
  def box
60
81
  RbNaCl::SimpleBox.from_secret_key(key)
61
82
  end
62
83
 
63
- def find_keyfile(folder: '.')
84
+ def find_keyfile(folder: ".")
64
85
  path = "#{folder}/#{@key_filename}"
65
86
  return File.read(path) if File.exist?(path)
66
- return nil if folder == '/'
87
+ return nil if folder == "/"
67
88
  folder = File.expand_path("#{folder}/../")
68
89
  find_keyfile(folder: folder)
69
90
  end
70
-
71
91
  end
72
-
73
92
  end
data/lib/ncypher/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Ncypher
2
- VERSION = "0.6.1"
2
+ VERSION = "1.2.0"
3
3
  end
data/ncypher.gemspec CHANGED
@@ -19,10 +19,9 @@ Gem::Specification.new do |spec|
19
19
  spec.require_paths = ["lib"]
20
20
  spec.license = 'WTFPL'
21
21
 
22
- spec.add_development_dependency "bundler", "~> 1.12"
23
- spec.add_development_dependency "rake", "~> 10.0"
22
+ spec.add_development_dependency "bundler", "~> 2.0"
23
+ spec.add_development_dependency "rake", "~> 12.3.3"
24
24
  spec.add_development_dependency "minitest", "~> 5.0"
25
25
 
26
- spec.add_dependency 'rbnacl-libsodium', '~> 1.0'
27
- spec.add_dependency 'rbnacl', '~> 3.0'
26
+ spec.add_dependency 'rbnacl', '~> 7.0'
28
27
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ncypher
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Hagege
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-03-24 00:00:00.000000000 Z
11
+ date: 2021-01-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.12'
19
+ version: '2.0'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.12'
26
+ version: '2.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '10.0'
33
+ version: 12.3.3
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '10.0'
40
+ version: 12.3.3
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: minitest
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -52,34 +52,20 @@ dependencies:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: '5.0'
55
- - !ruby/object:Gem::Dependency
56
- name: rbnacl-libsodium
57
- requirement: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - "~>"
60
- - !ruby/object:Gem::Version
61
- version: '1.0'
62
- type: :runtime
63
- prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - "~>"
67
- - !ruby/object:Gem::Version
68
- version: '1.0'
69
55
  - !ruby/object:Gem::Dependency
70
56
  name: rbnacl
71
57
  requirement: !ruby/object:Gem::Requirement
72
58
  requirements:
73
59
  - - "~>"
74
60
  - !ruby/object:Gem::Version
75
- version: '3.0'
61
+ version: '7.0'
76
62
  type: :runtime
77
63
  prerelease: false
78
64
  version_requirements: !ruby/object:Gem::Requirement
79
65
  requirements:
80
66
  - - "~>"
81
67
  - !ruby/object:Gem::Version
82
- version: '3.0'
68
+ version: '7.0'
83
69
  description: ''
84
70
  email:
85
71
  - david.hagege@gmail.com
@@ -120,8 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
120
106
  - !ruby/object:Gem::Version
121
107
  version: '0'
122
108
  requirements: []
123
- rubyforge_project:
124
- rubygems_version: 2.4.6
109
+ rubygems_version: 3.0.6
125
110
  signing_key:
126
111
  specification_version: 4
127
112
  summary: Ncypher lets you encrypt/decrypt credentials in a safe and transparent way