opensecret 0.0.913 → 0.0.941

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 26149681c5b0cbb089a8c9d82953c4e8981147c1
-  data.tar.gz: 3a2cac8d536acc786fbd1343a694f14ff2b0d73e
+  metadata.gz: 435d9f265cc382a9089c052a748983ee1218c0af
+  data.tar.gz: 6f7015d873d0b4856c587b8edfcfe25688522106
 SHA512:
-  metadata.gz: 79409037388746addf1d6574813a84ab3dedb19761009c56f447b24cfc0ad36262859cf7832f3ff3366847abb912fb81e412893466c9f2489f13e837e6058ea9
-  data.tar.gz: 79eb02b2befae0c6c0432ed1d065be7b7ea960dc43c64767062ab68419ee49036414376acba0e40047b2d1731422bbd9f9179fc7c6a04a4d8ff92177babdbf9c
+  metadata.gz: 3218882929dfda77e99a9fcf164141cfaa1f6b114fe810100db352d4b16f5e02dd4c9d3dea9112742094c02cab8bc6aed2e322c931611e7bad2ffc2ca398898a
+  data.tar.gz: ce95ccdee60463940cd67a99faa028afc64d4cdddd1c9b9663d4dab01510670330ea3cc222d1501be275c820098f44acf5fee9daccc88a58b940d17dd37d5586

data/.yardopts

@@ -0,0 +1,3 @@
+--title "opensecret credentials manager"
+lib/**/*.rb -
+lib/**/*.ini

data/README.md

@@ -1,7 +1,7 @@
 opensecret [![Build Status](https://secure.travis-ci.org/TwP/inifile.png)](http://travis-ci.org/TwP/inifile)
 ==========
 
-Description
+opensecret | Install and Configure
 -----------
 
 opensecret stashes uncrackable secrets into your Git, S3, DropBox, Google Drive and filesystems backends. You interface with its intuitive Linux, Windows, iOS front ends and it offers SDKs and plugins for Ruby, Python, Go, Java, Jenkins, CodeShip, Ansible, Terraform, Puppet and Chef. Soon, support will be added for database and keystore backends such as MySQL, MongoDB, PostgreSQL, Redis, Memcached and etcd.
@@ -13,21 +13,14 @@ opensecret stashes uncrackable secrets into your Git, S3, DropBox, Google Drive
 
     $ gem install opensecret
 
-
 ### opensecret | Configure It
 
-    $ opensecret keydir /path/to/usb/key/dir
-    $ opensecret name   joe
-    $ opensecret email  joebloggs@harvard.edu
-    $ opensecret domain lecturers@harvard
-    $ opensecret store  https://www.eco-platform.co.uk/crypt/lecturers.git
-
+    $ opensecret safe  /path/to/usb/key/safe
+    $ opensecret email joebloggs@harvard.edu
+    $ opensecret store https://www.eco-platform.co.uk/crypt/lecturers.git
     $ opensecret init
 
-
-### opensecret | All Done!
-
-You are done setting up opensecret with just 5 commands. *Simple* means less mistakes, less confusion and therefore more secure. Let's recap on the 5 configurations
+These directives tell opensecret **where**, **who** and **which** - the order doesn't matter.
 
 - <tt>**keydir**</tt> &raquo; best practise is a usb key drive with your **actual keys**
 - <tt>**name**</tt> &raquo; single word lowercase and short - how your peers call you
@@ -35,15 +28,52 @@ You are done setting up opensecret with just 5 commands. *Simple* means less mis
 - <tt>**domain**</tt> &raquo; **joe@home** if single or a team like it-dept@ibm.com
 - <tt>**store**</tt> &raquo; a Git project URL to hold your encrypted secret material
 
-The opensecret init command
+### opensecret | Create Keys
+
+Init(ialize) creates an uncrackable **8192 bit private/public key pair**, locked down with an amalgamated (human and machine generated) password.
+
+    $ opensecret init
+
+Or you can enter the password on the command line.
 
-- creates a 8192 bit uncrackable private key
-- collects a human password and creates a machine password
-- locks the private key with a minimum 64 character amalgamated password
-- locks the public key's fingerprint making it tamper proof
-- creates a base directory on your backend store
+    $ opensecret init --password="seeKr33t-p4ssw0RD@x"
+
+
+### opensecret | All Done!
+
+**opensecret is configured!** Before locking and unlocking sensitive data let's ask ***"How can Susan <tt>steal</tt> Joe's secrets?*** Well, she would need to
+
+- **acquire** his USB drive key
+- *requisition* his laptop, crack the disk encryption and assail the login password
+- convince Joe that **revealing his password is the painless route, then
+- break into the backend store (AWS S3, GitHub, Google Drive, SSH)
+
+It's simple for Joe but nigh impossible for Susan. That's why you need a USB key drive, an offsite storage solution and an encrypted drive.
+
+Your ability to access your own secrets (even after disaster scenarios) is as important as preventing the secrets being accessed. This is why opensecret piggy backs off your (already configured) redundancy and backup solutions.
+
+
+opensecret | Lock and Unlock
+-----------
+
+Joe wants to lock away his wifi password.
+
+    $ opensecret init
+
+
+
+opensecret | moving to anoter computer
+-----------
+
+On computer where it is all working you do
+
+    $ opensecret copy config
+
+Then you take out the USB key and (many hours or even days later)
+you put it back into another computer you do
+
+    $ opensecret paste config
 
-Now you are ready to begin locking and unlocking and soon, you'll be able to request a secret (like a WiFi or NetFlix password) from others in your group. You too can either acquiesce (or reject) requests from your colleagues, friends and family.
 
 
 One Lock | Two Keys
@@ -59,6 +89,78 @@ For scripts that cannot stop and wait for user input - keys can optionally be cr
 
     $ opensecret init --password="p455w0rd.!0NDUN"
 
+The Encryption Strategy
+-----------------------
+
+opensecret uses a symmetric key to perform the initial encryption of the data, followed by an asymmetric public key that encrypts the result.
+
+The encryption key itself is then locked down by the public key which is then thrown away. The file on the backend store is the doubly encrypted secret.
+
+A corresponding file appears on the front end (usb drive) store afer encryption by the master public key. This bundle (decryptable by the master private key) is an amalgamation of the
+
+- private key (to unlock the first layer of 1 secret and its encryption key)
+- the encrypted encryption key (unlockable by the aforementioned private key)
+- technical specification of the encryption algorithm plus settings
+
+The benefits of this strategy can now be assessed. First off, is the 3 isolated stores that are created.
+
+
+### The 3 Isolated (Worthless) Stores
+
+There is a grand design behind this mesh of keys, cipher text and symmetricity. The theoretical underpinning
+of opensecret is predicated on a tri-store security solution.
+
+**What is tri-store?** Use opensecret and you get 3 isolated (and individually worthless) information stores.
+
+- a backend store of doubly encrypted secrets
+- a middle store of doubly encrypted keys
+- a front end of encrypted master key (on USB), human password (in brain) and encrypted machine password (in machine)
+
+You can think of opensecret as a reference open source implementation of the tri-store concept.
+
+#### Sending a Wifi Password
+
+With the **one password culture**, just one password gives you access to everything. I can't send a Wifi password (which is gold dust to hackers) securely. I have to login (potentially exposing every secret) - copy and paste the Wifi password and then email it - even if I encrypt it I am still sending the ciphertext and then they key.
+
+
+#### benefits of a tri-store solution
+
+Think of your doubly encrypted ciphertext as the backend, the doubly encrypted keys as the middle and then the logical group of the master key (on USB), human password (in brain) and encrypted machine password (on machine).
+
+- you can transport and/or share secrets by sending the keys (not the backend material)
+- you can rotate your master key and passwords (again - no touching or accessing the backend)
+- you can (and should) assign separate (off-machine) stores for the middle and backend
+- you can select different local or cloud based storage locations for middle and backend stores
+- you can safely backup stores - and with Git you get this (and rollbacks) for no extra effort
+- you can invalidate, expire and revoke secrets by interacting with just the middle tier
+- when a secret is read - it is locked up again with new keys giving you a read audit trail
+
+#### the no-go no-clouds mantra
+
+opensecret is designed to operate in highly secure locked down environments in which external access is not just constrained - it is non-existent.
+
+opensecret does not contact nor talk to anything external. It never asks (nor needs to know) the credentials for accessing your stores - this means it compliments your storage security be it S3, Google Drive, databases, VPN, Git and even email/pop3 solutions.
+
+#### the encrypted at rest mantra
+
+The ability to read data from drives (after the fact and) after deletion means **nothing unencrypted** should be put on any drive (including usb keys).
+
+
+#### easy adoption of new algorithms
+
+You can configure the algorithm (or algorithms) and implementation used and this information is encrypted within the middle tier store.
+
+Attacks usually target particular algorithms so putting this information away (or even randomly selecting from a pool of algorithms) - all adds to the worthlessness of the backend cipher text store.
+
+Algorithms can also be selected based on encryption targets like
+
+- binary files
+- large text files or
+- small 4 digit keys (like pin numbers)
+
+Not only do no two pieces of encrypted material share encryption keys, they also need not share encryption algorithms (and remember - they are doubly encrypted).
+
+
 
 opensecret configuration
 ------------------------
@@ -114,11 +216,19 @@ It is much more secure to beg for a secret than just have someone reveal it. Whe
 Any hijacker will need access to a great many things and be very precise with their timing in order to serrupticiously subvert the system.
 
 
+Git | S3 or ... | Which Backend Storage?
+----------------------------------------
+
+If you have a choice and would like to know the pros and cons of one of the many backend storage options then visit the opensecret.io website.
+
+
 
 ### opensecret | Summary
 
 You can use opensecret alone or you can use it to share secrets with colleagues, friends and family, even machines.
 
+opensecret is simple and holistically secure. *Simple* means less mistakes, less confusion and more peer reviews from internet security experts.
+
 Every domain is tied to backend storage which is accessible by you and others in your domain. You can use Git, S3, a networked filesystem or shared drive, a SSH accessible filesystem and soon, free storage from <tt>opensecret.io</tt>
 
 

data/Rakefile

@@ -14,12 +14,3 @@ end
 
 task :default => :test
 
-# -
-# - This configuration allows us to run "rake yard"
-# - to build documentation.
-# -
-# ---> require 'yard'
-# ---> YARD::Rake::YardocTask.new do |t|
-# --->  t.files   = ['lib/**/*.rb']
-# --->  t.stats_options = ['--list-undoc']
-# ---> end

data/bin/opensecret

@@ -3,4 +3,4 @@
 # --> require 'opensecret/safe'
 require 'opensecret'
  
-CommandProcessor.start(ARGV)
+CliInterpreter.start(ARGV)

data/lib/{opensecret/plugins.io/cipher/crypto.rb → crypto/amalgam.rb}

@@ -2,15 +2,13 @@
 
 module OpenSecret
 
+  # This class will be refactored into an interface implemented by a set
+  # of plugins that will capture sensitive information from users from an
+  # Ubuntu, Windows, RHEL, CoreOS, iOS or CentOS command line interface.
   #
-  # Create dynamic secrets of various flavours including 
-  #
-  # - ssh public/private key secrets
-  # - secret keys for internal database services
-  # - hashed SHA256 keys for Jenkins user auth
-  #
-  class Crypto
-
+  # An equivalent REST API will also be available for bringing in sensitive
+  # information in the most secure (but simple) manner.
+  class Collect
 
     # Register two fundamental opensecret crypt pointers 
     #

data/lib/crypto/collect.rb

@@ -0,0 +1,139 @@
+#!/usr/bin/ruby
+
+module OpenSecret
+
+
+  # This class will be refactored into an interface implemented by a set
+  # of plugins that will capture sensitive information from users from an
+  # Ubuntu, Windows, RHEL, CoreOS, iOS or CentOS command line interface.
+  #
+  # An equivalent REST API will also be available for bringing in sensitive
+  # information in the most secure (but simple) manner.
+  class Collect
+
+
+    # <tt>Collect something sensitive from the command line</tt> with a
+    # minimum length specified in the first parameter. This method can't
+    # know whether the information is a password, a pin number or whatever
+    # so it takes the integer minimum size at its word.
+    #
+    # @param min_size [Integer] the minimum size of the collected secret
+    #    whereby one (1) is the least we can expect. The maximum bound is
+    #    not constrained here so will fall under what is allowed by the
+    #    interface, be it a CLI, Rest API, Web UI or Mobile App.
+    #
+    # @param prompt_twice [Boolean] indicate whether the user should be
+    #    prompted twice. If true the prompt_2 text must be provided and
+    #    converse is also true. A true value asserts that both times the
+    #    user enters the same (case sensitive) string.
+    #
+    # @param prompt_1 [String] the text (aide memoire) used to prompt the user
+    #
+    # @param prompt_2 [String] if the prompt twice boolean is TRUE, this
+    #    second prompt (aide memoire) must be provided.
+    #
+    # @return [String] the collected string text ( watch out for non-ascii chars)
+    # @raise [ArgumentError] if the minimum size is less than one
+    def self.secret_text min_size, prompt_twice, prompt_1, prompt_2=nil
+
+# put this into caller class if reading from facts.
+# put this into caller class if reading from facts.
+# put this into caller class if reading from facts.
+#      min_msg = "The minimum size #{min_size.to_s} must be an integer."
+#      raise ArgumentError, min_msg unless min_size.instance_of? Integer
+
+      assert_min_size min_size
+
+      sleep(1)
+      puts "\n#{prompt_1} : "
+      first_secret = STDIN.noecho(&:gets).chomp
+
+      assert_input_text_size first_secret.length, min_size
+      return first_secret unless prompt_twice
+
+      sleep(1)
+      puts "\n#{prompt_2} : "
+      check_secret = STDIN.noecho(&:gets).chomp
+
+      assert_same_size_text first_secret, check_secret
+      
+      return first_secret
+
+    end
+
+
+    # --
+    # -- Raise an exception if asked to collect text that is less
+    # -- than 3 characters in length.
+    # --
+    def self.assert_min_size min_size
+
+      min_length_msg = "\n\nCrypts with 2 (or less) characters open up exploitable holes.\n\n"
+      raise ArgumentError.new min_length_msg if min_size < 3
+
+    end
+
+
+    # --
+    # -- Output an error message and then exit if the entered input
+    # -- text size does not meet the minimum requirements.
+    # --
+    def self.assert_input_text_size input_size, min_size
+
+      if( input_size < min_size  )
+
+        puts
+        puts "Input is too short. Please enter at least #{min_size} characters."
+        puts
+
+        exit
+
+      end
+
+    end
+
+
+    # --
+    # -- Assert that the text entered the second time is exactly (case sensitive)
+    # -- the same as the text entered the first time.
+    # --
+    def self.assert_same_size_text first_text, second_text
+      
+      unless( first_text.eql? second_text )
+
+        puts
+        puts "Those two bits of text are not the same (in my book)!"
+        puts
+
+        exit
+
+      end
+
+    end
+
+
+    # --
+    # -- Print out the machine password that is to be kept as an environment variable
+    # -- on any workstation used for material decryption.
+    # --
+    # -- Remember that neither the human nor machine passwords are required for the
+    # -- encryption phase. That is the beauty of assymetric cryptography - you don't
+    # -- need a private key to encrypt - just the end user's public key.
+    # --
+    def self.print_secret_env_var env_var_name, env_var_value
+
+      machine_to_env_txt = "sudo echo \"#{env_var_name}=#{env_var_value}\" >> /etc/environment"
+
+      puts
+      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+      puts "@@@ Add as environment variable @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+      puts machine_to_env_txt
+      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+      puts
+
+    end
+
+  end
+
+end

data/lib/crypto/engineer.rb

@@ -0,0 +1,201 @@
+#!/usr/bin/ruby
+
+module OpenSecret
+
+  # This class will be refactored into an interface implemented by a set
+  # of plugins that will capture sensitive information from users from an
+  # Ubuntu, Windows, RHEL, CoreOS, iOS or CentOS command line interface.
+  #
+  # An equivalent REST API will also be available for bringing in sensitive
+  # information in the most secure (but simple) manner.
+  class Collect
+
+    # Register two fundamental opensecret crypt pointers 
+    #
+    # - an opensecret domain like » **lecturers@harvard**
+    # - the url to a backend store like Git, S3 or an SSH accessible drive.
+    #
+    # The domain will be extended to cover verified internet domains.
+    # They will also latch onto LDAP domains so when admins add, revoke
+    # or remove users, their opensecret access is adjusted accordingly.
+    #
+    # @param domain [String] the DOMAIN eg lecturers@harvard for your family or work group.
+    # @param store_url [String] the STORE_URL for connecting to the backend storage service
+    #
+    def self.register_domain domain, store_url
+
+      # -> read config file map
+      # -> create new domain in map
+      # -> add type and store url to map
+      # -> backup configuration
+      # -> overwrite the ini config file
+      puts "hello i am registering this super domain #{domain} at #{store_url}"
+
+    end
+
+
+    # --
+    # -- Get a viable machine password taking into account the human
+    # -- password length and the specified mix_ratio.
+    # --
+    # -- machine password length = human password length * mix_ratio - 1
+    # --
+    def self.get_amalgam_password human_password, machine_password, mix_ratio
+
+      size_error_msg = "Human pass length times mix_ratio must equal machine pass length."
+      lengths_are_perfect = human_password.length * mix_ratio == machine_password.length
+      raise ArgumentError.new size_error_msg unless lengths_are_perfect
+
+      machine_passwd_chunk = 0
+      amalgam_passwd_index = 0
+      amalgamated_password = ""
+
+      human_password.each_char do |passwd_char|
+
+        amalgamated_password[amalgam_passwd_index] = passwd_char
+        amalgam_passwd_index += 1
+
+        for i in 0..(mix_ratio-1) do
+          machine_pass_index = machine_passwd_chunk * mix_ratio + i
+          amalgamated_password[amalgam_passwd_index] = machine_password[machine_pass_index]
+          amalgam_passwd_index += 1
+        end
+
+        machine_passwd_chunk += 1
+
+      end
+
+      return amalgamated_password
+
+    end
+
+
+    # --
+    # -- Get a viable machine password taking into account the human
+    # -- password length and the specified mix_ratio.
+    # --
+    # -- machine password length = human password length * mix_ratio - 1
+    # --
+    def self.get_machine_password human_password_length, mix_ratio
+
+      machine_raw_secret = engineer_password( human_password_length * ( mix_ratio + 1) )
+      return machine_raw_secret[ 0..( human_password_length * mix_ratio - 1 ) ]
+
+    end
+
+
+    # --
+    # -- Collect a password from the user with a minimum length
+    # -- specified in the parameter.
+    # --
+    # -- An exception is raised if the minimum length is not at
+    # -- least 8 characters.
+    # --
+    def self.collect_secret minimum_size, prompt_1, prompt_2
+
+      assert_min_size minimum_size
+
+      sleep(1)
+      puts "\n#{prompt_1} : "
+      first_secret = STDIN.noecho(&:gets).chomp
+
+      assert_input_text_size first_secret.length, minimum_size
+
+      sleep(1)
+      puts "\n#{prompt_2} : "
+      check_secret = STDIN.noecho(&:gets).chomp
+
+      assert_same_size_text first_secret, check_secret
+      
+      return first_secret
+
+    end
+
+
+    # --
+    # -- Engineer a raw password that is similar (approximate) in
+    # -- length to the integer parameter.
+    # --
+    def self.engineer_password approx_length
+
+      non_alphanum = SecureRandom.urlsafe_base64(approx_length);
+      return non_alphanum.delete("-_")
+
+    end
+
+
+    # --
+    # -- Raise an exception if asked to collect text that is less
+    # -- than 3 characters in length.
+    # --
+    def self.assert_min_size minimum_size
+
+      min_length_msg = "\n\nCrypts with 2 (or less) characters open up exploitable holes.\n\n"
+      raise ArgumentError.new min_length_msg if minimum_size < 3
+
+    end
+
+
+    # --
+    # -- Output an error message and then exit if the entered input
+    # -- text size does not meet the minimum requirements.
+    # --
+    def self.assert_input_text_size input_size, minimum_size
+
+      if( input_size < minimum_size  )
+
+        puts
+        puts "Input is too short. Please enter at least #{minimum_size} characters."
+        puts
+
+        exit
+
+      end
+
+    end
+
+
+    # --
+    # -- Assert that the text entered the second time is exactly (case sensitive)
+    # -- the same as the text entered the first time.
+    # --
+    def self.assert_same_size_text first_text, second_text
+      
+      unless( first_text.eql? second_text )
+
+        puts
+        puts "Those two bits of text are not the same (in my book)!"
+        puts
+
+        exit
+
+      end
+
+    end
+
+
+    # --
+    # -- Print out the machine password that is to be kept as an environment variable
+    # -- on any workstation used for material decryption.
+    # --
+    # -- Remember that neither the human nor machine passwords are required for the
+    # -- encryption phase. That is the beauty of assymetric cryptography - you don't
+    # -- need a private key to encrypt - just the end user's public key.
+    # --
+    def self.print_secret_env_var env_var_name, env_var_value
+
+      machine_to_env_txt = "sudo echo \"#{env_var_name}=#{env_var_value}\" >> /etc/environment"
+
+      puts
+      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+      puts "@@@ Add as environment variable @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+      puts machine_to_env_txt
+      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+      puts
+
+    end
+
+  end
+
+end