ncypher 0.6.1 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +5 -5
  2. data/.travis.yml +5 -3
  3. data/README.md +33 -7
  4. data/exe/ncypher +24 -15
  5. data/lib/ncypher.rb +33 -14
  6. data/lib/ncypher/version.rb +1 -1
  7. data/ncypher.gemspec +3 -4
  8. metadata +9 -24
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: b65ff999987a0b7d414107d2910d0e00d5f206fd
4
- data.tar.gz: c82bced9cc0630a9700162fda252abe17922fee3
2
+ SHA256:
3
+ metadata.gz: 868bcb19ae0d6aea28005adc399f21ca2dd461663ff9cbaf8e7a3a767734052b
4
+ data.tar.gz: 830d632e5fc2f119e6768ae7e115c2cfccdac0fa017379241ef6397c418923d1
5
5
  SHA512:
6
- metadata.gz: 48e16e07449f59be41db2260df232003fd7d527dba43fca21972d8ed6716e4b7810813eb66a47c64b195820b90822f59351a304e90a3594510d2fec05fbf0b39
7
- data.tar.gz: 7bf1a6aa712ab2c6425d5b240dc9ac344f071ad3b86dd79c1be9de083a7dd3eae0e0c00eddb6b85fb911244181a46b884e23ab6a12ab893fc6618379946ff27c
6
+ metadata.gz: f8525b09eebde943e697c665c813ab6814eb867fddef0bd7f0e864c3aa0d293a7c55da4ba2557793246f23a70642fc7229a949be3b2514530670789358a0be11
7
+ data.tar.gz: ddff860755ae08603db392033d72583766e34efaa758f0044be4e0e0deab29afea9f669833dd2cc73f96c01029de8854aead7b576147a98cd1280cc2e0e70517
data/.travis.yml CHANGED
@@ -2,9 +2,11 @@ sudo: false
2
2
  cache:
3
3
  bundler: true
4
4
  language: ruby
5
- rvm:
6
- - 2.2.1
7
- before_install: gem install bundler -v 1.12.5
5
+ dist: bionic
6
+ before_install:
7
+ - gem install bundler -v 2.0
8
+ - sudo apt-get update -y
9
+ - sudo apt-get install -y libsodium23
8
10
  script: bundle exec rake
9
11
  deploy:
10
12
  provider: rubygems
data/README.md CHANGED
@@ -3,7 +3,15 @@
3
3
 
4
4
  # Ncypher
5
5
 
6
- Ncypher is a gem to help you to encrypt your credentials in your ruby apps in a safe manner.
6
+ Ncypher is a gem to help you to encrypt your credentials in your projects in a safe manner.
7
+
8
+ ## Upgrade from versions before 1.0
9
+ Versions before 1.0 were using rbnacl-libsodium gem which is now deprecated.
10
+ The big difference is that now you need to have libsodium installed on your host system.
11
+ That also means faster gem installation. =)
12
+ Check https://github.com/RubyCrypto/rbnacl/wiki/Installing-libsodium for more info.
13
+ Note: You need Argon2 support. So libsodium >= v1.0.15
14
+
7
15
 
8
16
  ## Installation
9
17
 
@@ -32,8 +40,8 @@ You can also set the env variable `NCYPHER_KEY` to that generated key (i.e `expo
32
40
 
33
41
  To encrypt a new password (or anything else), ncypher supports stdin. So you can do:
34
42
  ```
35
- $> cat secret_file | ncypher encrypt > secret_file.encrypted
36
- $> cat secret_file.encrypted | ncypher decrypt > secret_file
43
+ $> ncypher encrypt < secret_file > secret_file.encrypted
44
+ $> ncypher decrypt < secret_file.encrypted > secret_file
37
45
  $> ncypher encrypt
38
46
  mypassword
39
47
  <CTRL+D>
@@ -61,21 +69,39 @@ p4$$w0rd
61
69
 
62
70
  :)
63
71
 
64
- And Ncypher::Ncypher.decrypt will magically use your key in `.ncypher_key` to decrypt that password at runtime.
72
+ And if you are using ruby, Ncypher::Ncypher.decrypt will magically use your key in `.ncypher_key` to decrypt that password at runtime.
65
73
  Now you can directy put in your .yaml files:
66
74
  ```
67
75
  defaults: &defaults
68
76
  my_password: <%= Ncypher::Ncypher.decrypt('lXEwfKv4dEjmK0kojEAnikNsLCsVCtSMiR2aSfM6uUXYn2DzCZ3O7SA9HaGnMp/kEEsI') %>
69
77
  ```
70
78
 
79
+ ## Password derived secret key
80
+
81
+ In some cases you may want to derive a key from a particular password you have memorized. You can simply do:
82
+
83
+ ```
84
+ $> ncypher derive_key p4$$w0rd
85
+ R9RgHcFnuHr+86/7v3MdDyu3V63jh69VCPMXknA2v6E=
86
+ SALT: 4+d4JTGTxRbtXs1vYScBYg==
87
+ ```
71
88
 
89
+ You can see that the salt is randomly generated for security reasons. You should put that salt in a `.ncypher_salt` file in the current directory (this file can be pushed to your repository). So that the next time you do `ncypher derive_key p4$$w0rd` you get the exact same ncyper\_key generated.
90
+ Note that the salt is written on STDERR so you can directly do:
72
91
 
92
+ ```
93
+ $> ncypher derive_key p4$$w0rd > .ncypher_key
94
+ SALT: WKCAkJcS65nx3lA/w1BmBw==
95
+ ```
73
96
 
74
- ## Development
97
+ Then you have the ncypher\_key in .ncypher\_key. Be sure to save the salt if you want to be able to derive back the exact same key in the future.
98
+ The derive_key command also listen to stdin so for safety you can instead do:
75
99
 
76
- After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
100
+ ```
101
+ $> ncypher derive_key > .ncypher_key
102
+ ```
77
103
 
78
- To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
104
+ And enter your password then CTRL+D.
79
105
 
80
106
  ## Contributing
81
107
 
data/exe/ncypher CHANGED
@@ -1,17 +1,16 @@
1
1
  #!/usr/bin/env ruby
2
- require 'ncypher'
2
+ require "ncypher"
3
3
 
4
4
  begin
5
- Object.const_get('Ncypher')
5
+ Object.const_get("Ncypher")
6
6
  rescue NameError
7
- require 'bundler/setup'
7
+ require "bundler/setup"
8
8
  end
9
9
 
10
- SUB_COMMANDS = %w(generate_key encrypt decrypt)
11
-
12
10
  if ARGV.empty?
13
11
  STDERR.puts "Ncypher a credential encryption tool"
14
12
  STDERR.puts "usage: ncypher generate_key"
13
+ STDERR.puts "usage: ncypher derive_key <password> [salt]"
15
14
  STDERR.puts "usage: ncypher key"
16
15
  STDERR.puts "usage: ncypher encrypt <text>"
17
16
  STDERR.puts "usage: ncypher decrypt <text>"
@@ -20,14 +19,24 @@ end
20
19
 
21
20
  cmd = ARGV.shift
22
21
  case cmd
23
- when "generate_key"
24
- puts Ncypher::Ncypher.new.generate_key
25
- when "key"
26
- puts Ncypher::Ncypher.new.key_b64
27
- when "encrypt"
28
- text = (ARGV.shift || STDIN.read)
29
- puts Ncypher::Ncypher.new.encrypt(text.strip)
30
- when "decrypt"
31
- text = (ARGV.shift || STDIN.read)
32
- puts Ncypher::Ncypher.new.decrypt(text.strip)
22
+ when "generate_key"
23
+ puts Ncypher::Ncypher.new.generate_key
24
+ when "derive_key"
25
+ password = (ARGV.shift || STDIN.read)
26
+ unless password
27
+ abort "ncypher derive_key <password> [salt]"
28
+ end
29
+ salt = File.exists?(".ncypher_salt") ? File.read(".ncypher_salt")&.strip : ARGV.shift
30
+ key, used_salt = Ncypher::Ncypher.new.derive_key(password.strip, salt)
31
+ STDOUT.puts key
32
+ STDERR.puts "SALT: #{used_salt}" # Put salt on stderr so we can do ncypher deriver_key password > .ncypher_key
33
+ # and keep salt out of .ncypher_key
34
+ when "key"
35
+ puts Ncypher::Ncypher.new.key_b64
36
+ when "encrypt"
37
+ text = (ARGV.shift || STDIN.read)
38
+ puts Ncypher::Ncypher.new.encrypt(text.strip)
39
+ when "decrypt"
40
+ text = (ARGV.shift || STDIN.read)
41
+ puts Ncypher::Ncypher.new.decrypt(text.strip)
33
42
  end
data/lib/ncypher.rb CHANGED
@@ -1,14 +1,13 @@
1
1
  require "ncypher/version"
2
2
 
3
- require 'base64'
4
- require 'rbnacl/libsodium'
5
- require 'rbnacl'
3
+ require "base64"
6
4
 
7
- module Ncypher
5
+ require "rbnacl"
8
6
 
7
+ module Ncypher
9
8
  class Ncypher
10
-
11
- def initialize(key_filename: '.ncypher_key')
9
+ def initialize(key_filename: ".ncypher_key", key: nil)
10
+ @key = key ? Base64.strict_decode64(key.strip) : nil
12
11
  @key_filename = key_filename
13
12
  end
14
13
 
@@ -21,14 +20,31 @@ module Ncypher
21
20
  end
22
21
 
23
22
  def generate_key
24
- generated_key = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
23
+ digest_size = 32 # RbNaCl::SecretBox.key_bytes
24
+ generated_key = RbNaCl::Random.random_bytes(digest_size)
25
25
  Base64.strict_encode64(generated_key)
26
26
  end
27
27
 
28
+ def derive_key(password, encoded_salt = nil)
29
+ salt_size = 16 # RbNaCl::PasswordHash::Argon2::SALTBYTES
30
+ salt ||= encoded_salt ?
31
+ Base64.strict_decode64(encoded_salt) :
32
+ RbNaCl::Random.random_bytes(salt_size)
33
+
34
+ opslimit = 5
35
+ memlimit = 7_256_678
36
+ digest_size = 32 # RbNaCl::SecretBox.key_bytes
37
+ generated_key = RbNaCl::PasswordHash::Argon2.new(opslimit, memlimit, digest_size)
38
+ .digest(password, salt, :argon2i)
39
+ [Base64.strict_encode64(generated_key), Base64.strict_encode64(salt)]
40
+ end
41
+
28
42
  def key
29
- saved_key = ENV['NCYPHER_KEY'] || find_keyfile
30
- abort "Can't find .ncypher_key file or NCYPHER_KEY env variable" if saved_key.nil?
31
- Base64.strict_decode64(saved_key.strip)
43
+ @key ||= begin
44
+ saved_key = ENV["NCYPHER_KEY"] || find_keyfile
45
+ abort "Can't find .ncypher_key file or NCYPHER_KEY env variable" if saved_key.nil?
46
+ Base64.strict_decode64(saved_key.strip)
47
+ end
32
48
  end
33
49
 
34
50
  def key_b64
@@ -47,6 +63,10 @@ module Ncypher
47
63
  Ncypher.new.generate_key
48
64
  end
49
65
 
66
+ def self.derive_key(password, salt = nil)
67
+ Ncypher.new.derive_key(password, salt)
68
+ end
69
+
50
70
  def self.key
51
71
  Ncypher.new.key
52
72
  end
@@ -56,18 +76,17 @@ module Ncypher
56
76
  end
57
77
 
58
78
  private
79
+
59
80
  def box
60
81
  RbNaCl::SimpleBox.from_secret_key(key)
61
82
  end
62
83
 
63
- def find_keyfile(folder: '.')
84
+ def find_keyfile(folder: ".")
64
85
  path = "#{folder}/#{@key_filename}"
65
86
  return File.read(path) if File.exist?(path)
66
- return nil if folder == '/'
87
+ return nil if folder == "/"
67
88
  folder = File.expand_path("#{folder}/../")
68
89
  find_keyfile(folder: folder)
69
90
  end
70
-
71
91
  end
72
-
73
92
  end
data/lib/ncypher/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Ncypher
2
- VERSION = "0.6.1"
2
+ VERSION = "1.2.0"
3
3
  end
data/ncypher.gemspec CHANGED
@@ -19,10 +19,9 @@ Gem::Specification.new do |spec|
19
19
  spec.require_paths = ["lib"]
20
20
  spec.license = 'WTFPL'
21
21
 
22
- spec.add_development_dependency "bundler", "~> 1.12"
23
- spec.add_development_dependency "rake", "~> 10.0"
22
+ spec.add_development_dependency "bundler", "~> 2.0"
23
+ spec.add_development_dependency "rake", "~> 12.3.3"
24
24
  spec.add_development_dependency "minitest", "~> 5.0"
25
25
 
26
- spec.add_dependency 'rbnacl-libsodium', '~> 1.0'
27
- spec.add_dependency 'rbnacl', '~> 3.0'
26
+ spec.add_dependency 'rbnacl', '~> 7.0'
28
27
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ncypher
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Hagege
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-03-24 00:00:00.000000000 Z
11
+ date: 2021-01-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.12'
19
+ version: '2.0'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.12'
26
+ version: '2.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '10.0'
33
+ version: 12.3.3
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '10.0'
40
+ version: 12.3.3
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: minitest
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -52,34 +52,20 @@ dependencies:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: '5.0'
55
- - !ruby/object:Gem::Dependency
56
- name: rbnacl-libsodium
57
- requirement: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - "~>"
60
- - !ruby/object:Gem::Version
61
- version: '1.0'
62
- type: :runtime
63
- prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - "~>"
67
- - !ruby/object:Gem::Version
68
- version: '1.0'
69
55
  - !ruby/object:Gem::Dependency
70
56
  name: rbnacl
71
57
  requirement: !ruby/object:Gem::Requirement
72
58
  requirements:
73
59
  - - "~>"
74
60
  - !ruby/object:Gem::Version
75
- version: '3.0'
61
+ version: '7.0'
76
62
  type: :runtime
77
63
  prerelease: false
78
64
  version_requirements: !ruby/object:Gem::Requirement
79
65
  requirements:
80
66
  - - "~>"
81
67
  - !ruby/object:Gem::Version
82
- version: '3.0'
68
+ version: '7.0'
83
69
  description: ''
84
70
  email:
85
71
  - david.hagege@gmail.com
@@ -120,8 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
120
106
  - !ruby/object:Gem::Version
121
107
  version: '0'
122
108
  requirements: []
123
- rubyforge_project:
124
- rubygems_version: 2.4.6
109
+ rubygems_version: 3.0.6
125
110
  signing_key:
126
111
  specification_version: 4
127
112
  summary: Ncypher lets you encrypt/decrypt credentials in a safe and transparent way