ohlol-nachos 0.2

data/LICENSE

@@ -0,0 +1,25 @@
+Copyright (c) 2009, Scott Smith <scott@ohlol.net>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+* Neither the name of the Author (Scott Smith) nor the names of contributors
+  to this software may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.markdown

@@ -0,0 +1,26 @@
+NACHOS
+------
+
+Nachos keeps people from taking your stuff. It's mine, nachos!
+
+You need to generate a public and private key to bootstrap it.
+
+EXAMPLE USAGE
+-------------
+
+...to store:
+
+    require 'ohlol-nachos'
+    
+    e = Nachos::Encryptor('password')
+    e.clear_data = 'foo bar baz'
+    e.secret_data = e.encrypt(e.clear_data)
+    e.save_data
+
+...to load:
+
+    require 'ohlol-nachos'
+    
+    e = Nachos::Encryptor('password)'
+    e.load_data
+    puts e.clear_data

data/lib/nachos.rb

@@ -0,0 +1,194 @@
+module Nachos
+  require 'openssl'
+  require 'yaml'
+  require 'base64'
+
+  def config
+    @@config
+  end
+
+  def config=(config = {})
+    if config.empty?
+      config_dir = File.join(File.dirname(__FILE__), '../conf')
+
+      @@config = {
+        :public_key => config_dir + '/public.pem',
+        :private_key => config_dir + '/private.pem',
+        :secret_key => config_dir + '/secret-key.yml',
+        :data_store => config_dir + '/secret-data.enc'
+      }
+    else
+      @@config = {
+        :public_key => config[:public_key],
+        :private_key => config[:private_key],
+        :secret_key => config[:secret_key],
+        :data_store => config[:data_store]
+      }
+    end
+  end
+
+  class EncryptorException < IOError; end
+  class KeyStoreException < IOError; end
+end
+
+class Nachos::Encryptor
+  include Nachos
+
+  # secret_key, secret_iv, data are encrypted and readable by the caller
+  # clear_data is writeable/readable by the caller
+  attr_reader :secret_key, :secret_iv
+  attr_accessor :clear_data, :encrypted_data
+  attr_reader :keystore
+
+  # pass an optional encrypted secret key & iv
+  # we'll decrypt it and store it for private use
+  def initialize(password, config = {})
+    self.config = config
+    @secret_key = @secret_iv = @clear_data = @encrypted_data = ''
+
+    begin
+      @public_key = OpenSSL::PKey::RSA.new(File.open(self.config[:public_key]))
+      @private_key =
+        OpenSSL::PKey::RSA.new(File.open(self.config[:private_key]), password)
+      @cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+
+      @keystore = Nachos::KeyStore.new
+
+      keypair
+    rescue Errno::ENOENT
+      raise Nachos::EncryptorException, "Public or private key missing! " +
+        "(maybe both!)"
+    rescue Nachos::KeyStoreException => e
+      raise
+    rescue => e
+      raise Nachos::EncryptorException, "There was a problem loading or " +
+        "decrypting the keypair and/or keystore! (#{e})" 
+    end
+  end
+
+  def keypair
+    if @keystore.secret_key.empty? || @keystore.secret_iv.empty?
+      begin
+        @clear_secret_key = @cipher.random_key
+        @clear_secret_iv = @cipher.random_iv
+
+        @secret_key = @keystore.secret_key encrypt(@clear_secret_key)
+        @secret_iv = @keystore.secret_iv = encrypt(@clear_secret_iv)
+        @keystore.save_secrets
+      rescue => e
+        raise Nachos::EncryptorException, "There was a problem generating" +
+          "random secret key and/or IV!"
+      end
+    else
+      p "foo"
+      @secret_key = @keystore.secret_key
+      @secret_iv = @keystore.secret_iv
+    end
+
+    @clear_secret_key = decrypt(@secret_key)
+    @clear_secret_iv = decrypt(@secret_iv)
+  end
+
+  def encrypt(str)
+    if str.empty?
+      raise Nachos::EncryptorException, "What do you want to encrypt?"
+    else
+      begin
+      @cipher.encrypt
+      str = @public_key.public_encrypt(str)
+      rescue => e
+        raise Nachos::EncryptorException, "Couldn't encrypt the data! (#{e})"
+      end
+    end
+  end
+
+  def decrypt(str)
+    if str.empty?
+      raise Nachos::EncryptorException, "What do you want to decrypt?"
+    else
+      begin
+        @cipher.decrypt
+         str = @private_key.private_decrypt(str)
+      rescue => e
+        raise Nachos::decryptorException, "Couldn't decrypt the data! (#{e})"
+      end
+    end
+  end
+
+  def load_data
+    begin
+      @encrypted_data = ''
+
+      File.open(self.config[:data_store], 'r') do |f|
+        @encrypted_data = @encrypted_data + f.gets
+      end
+
+      @encrypted_data.chomp!
+      @clear_data = decrypt(@encrypted_data)
+    rescue Errno::ENOENT
+    rescue => e
+      raise Nachos::EncryptorException, "There was a problem reading the " +
+        "data store! (#{e})"
+    end
+  end
+
+  def save_data
+    if @encrypted_data.empty?
+      encrypt
+    end
+
+    begin
+      File.open(self.config[:data_store], 'w') do |f|
+        f.puts @encrypted_data
+      end
+    rescue
+      raise Nachos::EncryptorException, "There was a problem saving the data " +
+        "store!"
+    end
+  end
+end
+
+class Nachos::KeyStore
+  include Nachos
+
+  attr_accessor :secret_key, :secret_iv
+
+  def initialize
+    @secret_key = @secret_iv = ''
+    get_secrets
+  end
+
+  def get_secrets
+    begin
+      y_data = YAML::load(File.open(self.config[:secret_key]))
+
+      if y_data
+        @secret_key = Base64.decode64(y_data[:key])
+        @secret_iv = Base64.decode64(y_data[:iv])
+      end
+      # file was empty for some reason, we'll have to generate a new set.
+      # hope we didn't need to decrypt anything!
+    rescue Errno::ENOENT
+      # fail silently; we'll just generate a new set
+    rescue => e
+      raise Nachos::KeyStoreException, "There was a problem loading the " +
+        "keystore! (#{e})"
+    end
+  end
+
+  def save_secrets
+    stuff = {
+      :key => Base64.encode64(@secret_key),
+      :iv => Base64.encode64(@secret_iv)
+    }
+
+    begin
+      File.open(self.config[:secret_key], 'w') do |f|
+        f.puts stuff.to_yaml
+      end
+    rescue => e
+      raise Nachos::KeyStoreException, "There was a problem saving the " +
+        "keystore! (#{e})"
+    end
+  end
+end

metadata

@@ -0,0 +1,57 @@
+--- !ruby/object:Gem::Specification 
+name: ohlol-nachos
+version: !ruby/object:Gem::Version 
+  version: "0.2"
+platform: ruby
+authors: 
+- Scott Smith
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-07-13 00:00:00 -07:00
+default_executable: 
+dependencies: []
+
+description: Nachos is a Ruby library for managing an encrypted data store.
+email: scott@ohlol.net
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- LICENSE
+- README.markdown
+- lib
+- lib/nachos.rb
+has_rdoc: false
+homepage: http://github.com/ohlol/nachos"
+post_install_message: 
+rdoc_options: 
+- --inline-source
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: nachos
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: Nachos is a Ruby library for managing an encrypted data store.
+test_files: []
+