RubyGems - opensecret - Versions diffs - 0.0.941 → 0.0.946 - Mend

opensecret 0.0.941 → 0.0.946

Files changed (28) hide show

checksums.yaml +4 -4
data/lib/crypto/amalgam.rb +22 -159
data/lib/crypto/blowfish.rb +85 -0
data/lib/crypto/collect.rb +1 -0
data/lib/crypto/engineer.rb +27 -147
data/lib/crypto/open.bcrypt.rb +170 -0
data/lib/crypto/verify.rb +1 -1
data/lib/{session/exceptions.rb → exception/cli.error.rb} +2 -2
data/lib/exception/errors/cli.errors.rb +31 -0
data/lib/factbase/facts.opensecret.io.ini +1 -1
data/lib/notepad/blow.rb +14 -0
data/lib/opensecret.rb +11 -3
data/lib/opensecret/commons/eco.system.rb +1 -1
data/lib/opensecret/executors/crypt.keys/crypt.keys.rb +1 -1
data/lib/opensecret/executors/decrypt/decrypt.rb +1 -1
data/lib/opensecret/executors/encrypt/encrypt.rb +1 -1
data/lib/plugins/cipher.rb +179 -0
data/lib/plugins/ciphers/aes-256.rb +162 -0
data/lib/plugins/ciphers/blowfish.rb +223 -0
data/lib/plugins/stores/store.rb +4 -0
data/lib/{usecase → plugins}/usecase.rb +3 -12
data/lib/{usecase → plugins}/usecases/init.rb +29 -41
data/lib/{usecase → plugins}/usecases/on.rb +0 -0
data/lib/{usecase → plugins}/usecases/safe.rb +2 -4
data/lib/session/require.gem.rb +107 -0
data/lib/version.rb +1 -1
metadata +16 -8
data/lib/config.opensecret.ini +0 -14

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 435d9f265cc382a9089c052a748983ee1218c0af
-  data.tar.gz: 6f7015d873d0b4856c587b8edfcfe25688522106
+  metadata.gz: f03e1b5d062560593f42736baf5a2af7794a4c0b
+  data.tar.gz: ed65d8e10bd446f1413d9e0473b7291ec01f34a6
 SHA512:
-  metadata.gz: 3218882929dfda77e99a9fcf164141cfaa1f6b114fe810100db352d4b16f5e02dd4c9d3dea9112742094c02cab8bc6aed2e322c931611e7bad2ffc2ca398898a
-  data.tar.gz: ce95ccdee60463940cd67a99faa028afc64d4cdddd1c9b9663d4dab01510670330ea3cc222d1501be275c820098f44acf5fee9daccc88a58b940d17dd37d5586
+  metadata.gz: 57989150d89ee5cc20d5950bd008b5bc97f4b23455dc690b66f791d1b3d1330a7550ce888715c73abf4bf43dd4ce80e409202c5393a7b32cc1bc41d75d97e047
+  data.tar.gz: 842b02b7f3a2fbf99fdd3c9d4acbeeabcf16bed137894cf8d2ad1cc4aed54f6d39975c2d16714e3d8e16eb62bc9271d2a2a60bee2d6bd12c954bfeef0b71cb3b

data/lib/crypto/amalgam.rb CHANGED

@@ -2,45 +2,33 @@
 module OpenSecret
-  # This class will be refactored into an interface implemented by a set
-  # of plugins that will capture sensitive information from users from an
-  # Ubuntu, Windows, RHEL, CoreOS, iOS or CentOS command line interface.
+  # This class knows how to amalgamate passwords, keys and string data in
+  # a manner that is the cryptographical equivalent of synergy.
   #
-  # An equivalent REST API will also be available for bringing in sensitive
-  # information in the most secure (but simple) manner.
-  class Collect
+  # The amalgamated keys are synergially (cryptographically) greater than
+  # the sum of their parts.
+  class Amalgam
-    # Register two fundamental opensecret crypt pointers
+    # Amalgamate the two parameter passwords in a manner that is the
+    # cryptographical equivalent of synergy. The amalgamated keys are
+    # synergially greater than the sum of their parts.
     #
-    # - an opensecret domain like &raquo; **lecturers@harvard**
-    # - the url to a backend store like Git, S3 or an SSH accessible drive.
+    # -- Get a viable machine password taking into account the human
+    # -- password length and the specified mix_ratio.
     #
-    # The domain will be extended to cover verified internet domains.
-    # They will also latch onto LDAP domains so when admins add, revoke
-    # or remove users, their opensecret access is adjusted accordingly.
     #
-    # @param domain [String] the DOMAIN eg lecturers@harvard for your family or work group.
-    # @param store_url [String] the STORE_URL for connecting to the backend storage service
+    # @param human_password [String] the password originating from a human
+    # @param machine_key [String] a machine engineered ascii password (key)
+    # @mixparam machine_key [String] a machine engineered ascii password (key)
     #
-    def self.register_domain domain, store_url
-      # -> read config file map
-      # -> create new domain in map
-      # -> add type and store url to map
-      # -> backup configuration
-      # -> overwrite the ini config file
-      puts "hello i am registering this super domain #{domain} at #{store_url}"
-    end
-    # --
-    # -- Get a viable machine password taking into account the human
-    # -- password length and the specified mix_ratio.
-    # --
-    # -- machine password length = human password length * mix_ratio - 1
-    # --
-    def self.get_amalgam_password human_password, machine_password, mix_ratio
+    # @return [String] the union of the two parameter passwords
+    #
+    # @raise [ArgumentError] when the size of the two passwords and the
+    #     mix ratio do not conform to the constraint imposed by the below
+    #     equation which must hold true.
+    #     <tt>machine password length = human password length * mix_ratio - 1</tt>
+    #
+    def self.passwords human_password, machine_password, mix_ratio
       size_error_msg = "Human pass length times mix_ratio must equal machine pass length."
       lengths_are_perfect = human_password.length * mix_ratio == machine_password.length
@@ -70,132 +58,7 @@ module OpenSecret
     end
-    # --
-    # -- Get a viable machine password taking into account the human
-    # -- password length and the specified mix_ratio.
-    # --
-    # -- machine password length = human password length * mix_ratio - 1
-    # --
-    def self.get_machine_password human_password_length, mix_ratio
-      machine_raw_secret = engineer_password( human_password_length * ( mix_ratio + 1) )
-      return machine_raw_secret[ 0..( human_password_length * mix_ratio - 1 ) ]
-    end
-    # --
-    # -- Collect a password from the user with a minimum length
-    # -- specified in the parameter.
-    # --
-    # -- An exception is raised if the minimum length is not at
-    # -- least 8 characters.
-    # --
-    def self.collect_secret minimum_size, prompt_1, prompt_2
-      assert_min_size minimum_size
-      sleep(1)
-      puts "\n#{prompt_1} : "
-      first_secret = STDIN.noecho(&:gets).chomp
-      assert_input_text_size first_secret.length, minimum_size
-      sleep(1)
-      puts "\n#{prompt_2} : "
-      check_secret = STDIN.noecho(&:gets).chomp
-      assert_same_size_text first_secret, check_secret
-      return first_secret
-    end
-    # --
-    # -- Engineer a raw password that is similar (approximate) in
-    # -- length to the integer parameter.
-    # --
-    def self.engineer_password approx_length
-      non_alphanum = SecureRandom.urlsafe_base64(approx_length);
-      return non_alphanum.delete("-_")
-    end
-    # --
-    # -- Raise an exception if asked to collect text that is less
-    # -- than 3 characters in length.
-    # --
-    def self.assert_min_size minimum_size
-      min_length_msg = "\n\nCrypts with 2 (or less) characters open up exploitable holes.\n\n"
-      raise ArgumentError.new min_length_msg if minimum_size < 3
-    end
-    # --
-    # -- Output an error message and then exit if the entered input
-    # -- text size does not meet the minimum requirements.
-    # --
-    def self.assert_input_text_size input_size, minimum_size
-      if( input_size < minimum_size  )
-        puts
-        puts "Input is too short. Please enter at least #{minimum_size} characters."
-        puts
-        exit
-      end
-    end
-    # --
-    # -- Assert that the text entered the second time is exactly (case sensitive)
-    # -- the same as the text entered the first time.
-    # --
-    def self.assert_same_size_text first_text, second_text
-      unless( first_text.eql? second_text )
-        puts
-        puts "Those two bits of text are not the same (in my book)!"
-        puts
-        exit
-      end
-    end
-    # --
-    # -- Print out the machine password that is to be kept as an environment variable
-    # -- on any workstation used for material decryption.
-    # --
-    # -- Remember that neither the human nor machine passwords are required for the
-    # -- encryption phase. That is the beauty of assymetric cryptography - you don't
-    # -- need a private key to encrypt - just the end user's public key.
-    # --
-    def self.print_secret_env_var env_var_name, env_var_value
-      machine_to_env_txt = "sudo echo \"#{env_var_name}=#{env_var_value}\" >> /etc/environment"
-      puts
-      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-      puts "@@@ Add as environment variable @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-      puts machine_to_env_txt
-      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-      puts
-    end
   end
 end

data/lib/crypto/blowfish.rb ADDED

@@ -0,0 +1,85 @@
+class BF < Struct.new(:key, :pad_with_spaces)
+  def encrypt(str)
+    cipher = OpenSSL::Cipher.new('bf-ecb').encrypt
+    if pad_with_spaces
+      str += " " until str.bytesize % 8 == 0
+      cipher.padding = 0
+    end
+    cipher.key = key
+    binary_data = cipher.update(str) << cipher.final
+    hex_encoded = binary_data.unpack('H*').first
+  end
+  def decrypt(hex_encoded)
+    cipher = OpenSSL::Cipher.new('bf-ecb').decrypt
+    cipher.padding = 0 if pad_with_spaces
+    cipher.key = key
+    binary_data = [hex_encoded].pack('H*')
+    str = cipher.update(binary_data) << cipher.final
+    str.force_encoding(Encoding::UTF_8)
+    str
+  end
+end
+=begin
+# Choose the encryption key. Its length must be a multiple of  8 and no longer than 56
+bf = BF.new("x"*56, true)
+sentence = ARGV[0] || "foo bar foo bar foo bar foo bar foo bar foo bar baz"
+encrypted = bf.encrypt(sentence)
+puts encrypted.length
+puts sentence.inspect
+puts "Encrypt: #{encrypted}"
+puts "Decoded: #{bf.decrypt encrypted}"
+=end
+=begin
+require 'openssl'
+module Blowfish
+   def self.cipher(mode, key, data)
+     cipher = OpenSSL::Cipher::Cipher.new('bf-cbc').send(mode)
+     cipher.key = Digest::SHA256.digest(key)
+     cipher.update(data) << cipher.final
+   end
+   def self.encrypt(key, data)
+     cipher(:encrypt, key, data)
+   end
+   def self.decrypt(key, text)
+     cipher(:decrypt, key, text)
+   end
+ end
+ if $0 == __FILE__
+   p "text" == Blowfish.decrypt("key", Blowfish.encrypt("key", "text"))
+ end
+=end
+=begin
+module Blowfish
+  def self.cipher(mode, key, data)
+    cipher = OpenSSL::Cipher::Cipher.new('bf-cbc').send(mode)
+    cipher.key = Digest::SHA256.digest(key)
+    cipher.update(data) << cipher.final
+  end
+  def self.encrypt(key, data)
+    cipher(:encrypt, key, data)
+  end
+  def self.decrypt(key, text)
+    cipher(:decrypt, key, text)
+  end
+end
+if $0 == __FILE__
+  p "text" == Blowfish.decrypt("key", Blowfish.encrypt("key", "text"))
+end
+=end

data/lib/crypto/collect.rb CHANGED

@@ -2,6 +2,7 @@
 module OpenSecret
+  require 'io/console'
   # This class will be refactored into an interface implemented by a set
   # of plugins that will capture sensitive information from users from an

data/lib/crypto/engineer.rb CHANGED

@@ -2,73 +2,15 @@
 module OpenSecret
+  require 'securerandom'
   # This class will be refactored into an interface implemented by a set
   # of plugins that will capture sensitive information from users from an
   # Ubuntu, Windows, RHEL, CoreOS, iOS or CentOS command line interface.
   #
   # An equivalent REST API will also be available for bringing in sensitive
   # information in the most secure (but simple) manner.
-  class Collect
-    # Register two fundamental opensecret crypt pointers
-    #
-    # - an opensecret domain like &raquo; **lecturers@harvard**
-    # - the url to a backend store like Git, S3 or an SSH accessible drive.
-    #
-    # The domain will be extended to cover verified internet domains.
-    # They will also latch onto LDAP domains so when admins add, revoke
-    # or remove users, their opensecret access is adjusted accordingly.
-    #
-    # @param domain [String] the DOMAIN eg lecturers@harvard for your family or work group.
-    # @param store_url [String] the STORE_URL for connecting to the backend storage service
-    #
-    def self.register_domain domain, store_url
-      # -> read config file map
-      # -> create new domain in map
-      # -> add type and store url to map
-      # -> backup configuration
-      # -> overwrite the ini config file
-      puts "hello i am registering this super domain #{domain} at #{store_url}"
-    end
-    # --
-    # -- Get a viable machine password taking into account the human
-    # -- password length and the specified mix_ratio.
-    # --
-    # -- machine password length = human password length * mix_ratio - 1
-    # --
-    def self.get_amalgam_password human_password, machine_password, mix_ratio
-      size_error_msg = "Human pass length times mix_ratio must equal machine pass length."
-      lengths_are_perfect = human_password.length * mix_ratio == machine_password.length
-      raise ArgumentError.new size_error_msg unless lengths_are_perfect
-      machine_passwd_chunk = 0
-      amalgam_passwd_index = 0
-      amalgamated_password = ""
-      human_password.each_char do |passwd_char|
-        amalgamated_password[amalgam_passwd_index] = passwd_char
-        amalgam_passwd_index += 1
-        for i in 0..(mix_ratio-1) do
-          machine_pass_index = machine_passwd_chunk * mix_ratio + i
-          amalgamated_password[amalgam_passwd_index] = machine_password[machine_pass_index]
-          amalgam_passwd_index += 1
-        end
-        machine_passwd_chunk += 1
-      end
-      return amalgamated_password
-    end
+  class Engineer
     # --
     # -- Get a viable machine password taking into account the human
@@ -76,7 +18,7 @@ module OpenSecret
     # --
     # -- machine password length = human password length * mix_ratio - 1
     # --
-    def self.get_machine_password human_password_length, mix_ratio
+    def self.machine_key human_password_length, mix_ratio
       machine_raw_secret = engineer_password( human_password_length * ( mix_ratio + 1) )
       return machine_raw_secret[ 0..( human_password_length * mix_ratio - 1 ) ]
@@ -84,34 +26,6 @@ module OpenSecret
     end
-    # --
-    # -- Collect a password from the user with a minimum length
-    # -- specified in the parameter.
-    # --
-    # -- An exception is raised if the minimum length is not at
-    # -- least 8 characters.
-    # --
-    def self.collect_secret minimum_size, prompt_1, prompt_2
-      assert_min_size minimum_size
-      sleep(1)
-      puts "\n#{prompt_1} : "
-      first_secret = STDIN.noecho(&:gets).chomp
-      assert_input_text_size first_secret.length, minimum_size
-      sleep(1)
-      puts "\n#{prompt_2} : "
-      check_secret = STDIN.noecho(&:gets).chomp
-      assert_same_size_text first_secret, check_secret
-      return first_secret
-    end
     # --
     # -- Engineer a raw password that is similar (approximate) in
     # -- length to the integer parameter.
@@ -124,78 +38,44 @@ module OpenSecret
     end
-    # --
-    # -- Raise an exception if asked to collect text that is less
-    # -- than 3 characters in length.
-    # --
-    def self.assert_min_size minimum_size
-      min_length_msg = "\n\nCrypts with 2 (or less) characters open up exploitable holes.\n\n"
-      raise ArgumentError.new min_length_msg if minimum_size < 3
-    end
     # --
-    # -- Output an error message and then exit if the entered input
-    # -- text size does not meet the minimum requirements.
-    # --
-    def self.assert_input_text_size input_size, minimum_size
-      if( input_size < minimum_size  )
-        puts
-        puts "Input is too short. Please enter at least #{minimum_size} characters."
-        puts
-        exit
-      end
-    end
+    # -- Get a viable machine password taking into account the human
+    # -- password length and the specified mix_ratio.
     # --
-    # -- Assert that the text entered the second time is exactly (case sensitive)
-    # -- the same as the text entered the first time.
+    # -- machine password length = human password length * mix_ratio - 1
     # --
-    def self.assert_same_size_text first_text, second_text
-      unless( first_text.eql? second_text )
+    def self.get_amalgam_password human_password, machine_password, mix_ratio
-        puts
-        puts "Those two bits of text are not the same (in my book)!"
-        puts
+      size_error_msg = "Human pass length times mix_ratio must equal machine pass length."
+      lengths_are_perfect = human_password.length * mix_ratio == machine_password.length
+      raise ArgumentError.new size_error_msg unless lengths_are_perfect
-        exit
+      machine_passwd_chunk = 0
+      amalgam_passwd_index = 0
+      amalgamated_password = ""
-      end
+      human_password.each_char do |passwd_char|
-    end
+        amalgamated_password[amalgam_passwd_index] = passwd_char
+        amalgam_passwd_index += 1
+        for i in 0..(mix_ratio-1) do
+          machine_pass_index = machine_passwd_chunk * mix_ratio + i
+          amalgamated_password[amalgam_passwd_index] = machine_password[machine_pass_index]
+          amalgam_passwd_index += 1
+        end
-    # --
-    # -- Print out the machine password that is to be kept as an environment variable
-    # -- on any workstation used for material decryption.
-    # --
-    # -- Remember that neither the human nor machine passwords are required for the
-    # -- encryption phase. That is the beauty of assymetric cryptography - you don't
-    # -- need a private key to encrypt - just the end user's public key.
-    # --
-    def self.print_secret_env_var env_var_name, env_var_value
+        machine_passwd_chunk += 1
-      machine_to_env_txt = "sudo echo \"#{env_var_name}=#{env_var_value}\" >> /etc/environment"
+      end
-      puts
-      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-      puts "@@@ Add as environment variable @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-      puts machine_to_env_txt
-      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-      puts
+      return amalgamated_password
     end
   end
 end