opensecret 0.0.941 → 0.0.946

data/lib/crypto/open.bcrypt.rb

@@ -0,0 +1,170 @@
+#!/usr/bin/ruby
+# coding: utf-8
+
+
+=begin
+
+Using BCrypt for password hashing has several advantages over the builtin Digest classes. First of all it has a decent interface:
+
+gem "bcrypt-ruby"
+require "bcrypt"
+hashed_password = BCrypt::Password.create "my password"
+hashed_password is now an instance of BCrypt::Password. You can check the password now with ==:
+
+hashed_password == "my password" # => true
+The second nice point is the built-in security. Passwords are automatically salted. Furthermore, BCrypt has a parameter cost which exponentially scales the computation time.
+
+hashed_password1 = BCrypt::Password.create( "my password", cost: 1 )
+hashed_password10 = BCrypt::Password.create( "my password", cost: 10 )
+Computing hashedpassword10 is 2^9 times as expessive as computing hashedpassword1. This way you can adjust the hashing algorithm to your available resources and always use the most-expensive-to-crack hashing you can afford.
+
+Last but definitly not least storing and restoring BCrypt::Passwords is simple as hell:
+
+storable_string = hashed_password.to_s
+restored_hash = BCrypt::Password.new storable_string
+NICE!
+
+
+
+
+
+
+
+bcrypt-ruby
+An easy way to keep your users' passwords secure.
+
+http://github.com/codahale/bcrypt-ruby/tree/master
+Build Status
+
+Why you should use bcrypt()
+If you store user passwords in the clear, then an attacker who steals a copy of your database has a giant list of emails and passwords. Some of your users will only have one password -- for their email account, for their banking account, for your application. A simple hack could escalate into massive identity theft.
+
+It's your responsibility as a web developer to make your web application secure -- blaming your users for not being security experts is not a professional response to risk.
+
+bcrypt() allows you to easily harden your application against these kinds of attacks.
+
+Note: JRuby versions of the bcrypt gem <= 2.1.3 had a security vulnerability that was fixed in >= 2.1.4. If you used a vulnerable version to hash passwords with international characters in them, you will need to re-hash those passwords. This vulnerability only affected the JRuby gem.
+
+How to install bcrypt
+gem install bcrypt
+The bcrypt gem is available on the following ruby platforms:
+
+JRuby
+RubyInstaller 1.8, 1.9, 2.0, 2.1, and 2.2 builds on win32
+Any 1.8, 1.9, 2.0, 2.1, 2.2, or 2.3 Ruby on a BSD/OS X/Linux system with a compiler
+How to use bcrypt() in your Rails application
+Note: Rails versions >= 3 ship with ActiveModel::SecurePassword which uses bcrypt-ruby. has_secure_password docs implements a similar authentication strategy to the code below.
+
+The User model
+require 'bcrypt'
+
+class User < ActiveRecord::Base
+  # users.password_hash in the database is a :string
+  include BCrypt
+
+  def password
+    @password ||= Password.new(password_hash)
+  end
+
+  def password=(new_password)
+    @password = Password.create(new_password)
+    self.password_hash = @password
+  end
+end
+Creating an account
+def create
+  @user = User.new(params[:user])
+  @user.password = params[:password]
+  @user.save!
+end
+Authenticating a user
+def login
+  @user = User.find_by_email(params[:email])
+  if @user.password == params[:password]
+    give_token
+  else
+    redirect_to home_url
+  end
+end
+How to use bcrypt-ruby in general
+require 'bcrypt'
+
+my_password = BCrypt::Password.create("my password")
+#=> "$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa"
+
+my_password.version              #=> "2a"
+my_password.cost                 #=> 10
+my_password == "my password"     #=> true
+my_password == "not my password" #=> false
+
+my_password = BCrypt::Password.new("$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa")
+my_password == "my password"     #=> true
+my_password == "not my password" #=> false
+Check the rdocs for more details -- BCrypt, BCrypt::Password.
+
+How bcrypt() works
+bcrypt() is a hashing algorithm designed by Niels Provos and David Mazières of the OpenBSD Project.
+
+Background
+Hash algorithms take a chunk of data (e.g., your user's password) and create a "digital fingerprint," or hash, of it. Because this process is not reversible, there's no way to go from the hash back to the password.
+
+In other words:
+
+hash(p) #=> <unique gibberish>
+You can store the hash and check it against a hash made of a potentially valid password:
+
+<unique gibberish> =? hash(just_entered_password)
+Rainbow Tables
+But even this has weaknesses -- attackers can just run lists of possible passwords through the same algorithm, store the results in a big database, and then look up the passwords by their hash:
+
+PrecomputedPassword.find_by_hash(<unique gibberish>).password #=> "secret1"
+Salts
+The solution to this is to add a small chunk of random data -- called a salt -- to the password before it's hashed:
+
+hash(salt + p) #=> <really unique gibberish>
+The salt is then stored along with the hash in the database, and used to check potentially valid passwords:
+
+<really unique gibberish> =? hash(salt + just_entered_password)
+bcrypt-ruby automatically handles the storage and generation of these salts for you.
+
+Adding a salt means that an attacker has to have a gigantic database for each unique salt -- for a salt made of 4 letters, that's 456,976 different databases. Pretty much no one has that much storage space, so attackers try a different, slower method -- throw a list of potential passwords at each individual password:
+
+hash(salt + "aadvark") =? <really unique gibberish>
+hash(salt + "abacus")  =? <really unique gibberish>
+etc.
+This is much slower than the big database approach, but most hash algorithms are pretty quick -- and therein lies the problem. Hash algorithms aren't usually designed to be slow, they're designed to turn gigabytes of data into secure fingerprints as quickly as possible. bcrypt(), though, is designed to be computationally expensive:
+
+Ten thousand iterations:
+             user     system      total        real
+md5      0.070000   0.000000   0.070000 (  0.070415)
+bcrypt  22.230000   0.080000  22.310000 ( 22.493822)
+If an attacker was using Ruby to check each password, they could check ~140,000 passwords a second with MD5 but only ~450 passwords a second with bcrypt().
+
+Cost Factors
+In addition, bcrypt() allows you to increase the amount of work required to hash a password as computers get faster. Old passwords will still work fine, but new passwords can keep up with the times.
+
+The default cost factor used by bcrypt-ruby is 10, which is fine for session-based authentication. If you are using a stateless authentication architecture (e.g., HTTP Basic Auth), you will want to lower the cost factor to reduce your server load and keep your request times down. This will lower the security provided you, but there are few alternatives.
+
+To change the default cost factor used by bcrypt-ruby, use BCrypt::Engine.cost = new_value:
+
+BCrypt::Password.create('secret').cost
+  #=> 10, the default provided by bcrypt-ruby
+
+# set a new default cost
+BCrypt::Engine.cost = 8
+BCrypt::Password.create('secret').cost
+  #=> 8
+The default cost can be overridden as needed by passing an options hash with a different cost:
+
+BCrypt::Password.create('secret', :cost => 6).cost  #=> 6
+More Information
+bcrypt() is currently used as the default password storage hash in OpenBSD, widely regarded as the most secure operating system available.
+
+For a more technical explanation of the algorithm and its design criteria, please read Niels Provos and David Mazières' Usenix99 paper: http://www.usenix.org/events/usenix99/provos.html
+
+If you'd like more down-to-earth advice regarding cryptography, I suggest reading Practical Cryptography by Niels Ferguson and Bruce Schneier: http://www.schneier.com/book-practical.html
+
+Etc
+
+=end
+

data/lib/crypto/verify.rb

@@ -18,7 +18,7 @@ module OpenSecret
     # @param domain [String] the DOMAIN eg lecturers@harvard for your family or work group.
     # @param store_url [String] the STORE_URL for connecting to the backend storage service
     #
-    def self.vreify_domain domain, store_url
+    def self.verify_domain domain, store_url
 
       # -> read config file map
       # -> create new domain in map

data/lib/{session/exceptions.rb → exception/cli.error.rb}

@@ -1,6 +1,6 @@
 #!/usr/bin/ruby
 	
-module OpenSession
+module OpenError
 
   # This class is the parent to all opensession errors
   # that originate from the command line.
@@ -10,7 +10,7 @@ module OpenSession
   # - a problem with the input or
   # - a problem with the current state or
   # - a predictable future problem
-  class OpenSessionError < StandardError
+  class CliError < StandardError
 
 
     # Initialize the error and provide a culprit

data/lib/exception/errors/cli.errors.rb

@@ -0,0 +1,31 @@
+#!/usr/bin/ruby
+
+# XXXXXXXXXXXXXXXXXXXX is this printed by yard	
+# XXXXXXXXXXXXXXXXXXXX is this printed by yard	
+# XXXXXXXXXXXXXXXXXXXX is this printed by yard	
+# XXXXXXXXXXXXXXXXXXXX is this printed by yard	
+# @note are modules documented by yard
+#    or are they simply ignored.
+module OpenError
+
+=begin
+  # Throw this error if the configured safe directory points to a file.
+  class SafeDirectoryIsFile < OpenError::CliError; end;
+
+  # Throw this error if safe directory path is either nil or empty.
+  class SafeDirNotConfigured < OpenError::CliError; end;
+
+  # Throw this error if the email address is nil, empty or less than 5 characters.
+  class EmailAddrNotConfigured < OpenError::CliError; end;
+
+  # Throw this error if the store url is either nil or empty.
+  class StoreUrlNotConfigured < OpenError::CliError; end;
+
+  # Throw if "prime folder" name occurs 2 or more times in the path.
+  class SafePrimeNameRepeated < OpenError::CliError; end;
+
+  # Throw if "prime folder" name occurs 2 or more times in the path.
+  class SafePrimeNameNotAtEnd < OpenError::CliError; end;
+=end
+
+end

data/lib/factbase/facts.opensecret.io.ini

@@ -1,7 +1,7 @@
 
 [global]
 
-min.passwd.len  =  rb>> 16
+min.passwd.len  =  rb>> 6
 nickname        =  godzilla
 root.domain     =  devopswiki.co.uk
 env.var.name    =  SECRET_MATERIAL

data/lib/notepad/blow.rb

@@ -0,0 +1,14 @@
+#!/usr/bin/ruby
+# coding: utf-8
+
+
+## ########################### ##
+## Trial and Error Scratch-Pad ##
+## ########################### ##
+
+x = "messagess"
+
+x += "x" until x.bytesize % 8 == 0
+
+puts "Now x string is [#{x}]."
+puts "x is now [#{x.length}] characters long."

data/lib/opensecret.rb

@@ -1,18 +1,26 @@
 require "thor"
 require "fileutils"
+
 require "session/time.stamp"
 require "session/attributes"
 require "logging/gem.logging"
+require "session/require.gem"
 
-require "usecase/usecases/safe"
-require "usecase/usecases/init"
-
+# Include the logger mixins so that every class can enjoy "import free"
+# logging through pointers to the (extended) log behaviour.
 include OpenLogger
 
 # This standard out sync command flushes text destined for STDOUT immediately,
 # without waiting either for a full cache or script completion.
 $stdout.sync = true
 
+# Recursively require all gems that are either in or under the directory
+# that this code is executing from. Only use this tool if your library is
+# relatively small but highly interconnected. In these instances it raises
+# productivity and reduces harassing "not found" exceptions.
+OpenSession::RecursivelyRequire.now( __FILE__ )
+
+
 # This command line processor extends the Thor gem CLI tools in order to
 #
 # - read the posted commands, options and switches

data/lib/opensecret/commons/eco.system.rb

@@ -17,7 +17,7 @@
 # ---         and Inherits from => ProvisionEcoService                            --- #
 # ---             Found in File => provision.services/provision.eco.service.rb    --- #
 # --- --------------------------------------------------------------------------- --- #
-class EcoSystem < EcoFaculty
+class EcoSystem
 
   # -- -------------------------------------------------------------- -- #
   # -- eco-system [provisioning] begins in earnest here. By making    -- #

data/lib/opensecret/executors/crypt.keys/crypt.keys.rb

@@ -16,7 +16,7 @@
 # --   [3] - an open [public key] to be placed on web accessible destination
 # --   [4] - a message detailing that a new keypair is now created/installed
 # --
-class CryptKeys < EcoSystem
+class CryptKeys
 
 
   def core_provisioning

data/lib/opensecret/executors/decrypt/decrypt.rb

@@ -16,7 +16,7 @@
 # --  [7] - unlock the private key with the amalgamated password
 # --  [8] - decrypt the text into the pre-configured destination
 # --
-class Decrypt < EcoSystem
+class Decrypt
 
 
   def core_provisioning

data/lib/opensecret/executors/encrypt/encrypt.rb

@@ -42,7 +42,7 @@
 # -- Example 7 is the best for when exclamation marks and soft quotes exist.
 # -- Decrypted string is => no!and(oh)my
 # --
-class Encrypt < EcoSystem
+class Encrypt
 
   def core_provisioning
 

data/lib/plugins/cipher.rb

@@ -0,0 +1,179 @@
+#!/usr/bin/ruby
+# coding: utf-8
+
+module OpenSecret
+
+  require "base64"
+
+
+  # An {OpenSecret::Cipher} is a base class that enables cipher varieties
+  # to be plugged and played with minimal effort. This Cipher implements much
+  # of the use case functionality - all extension classes need to do, is
+  # to subclass and implement only the core behaviour that define its identity.
+  #
+  # == Double Encryption | Cipher Parent vs Cipher Child
+  #
+  # Double encryption first with a symmetric and then an asymmetric one fulfills
+  # the +opensecret+ promise of making the stored ciphertext utterly worthless.
+  #
+  # The child ciphers implement the inner symmetric encyption whilst the parent
+  # implements the outer asymmetric encryption algorithm.
+  #
+  # The process is done twice resulting in two stores that are mirrored in structure.
+  # The front end store holds doubly encrypted keys whist the backend store holds
+  # the doubly encrypted secrets.
+  #
+  # Attackers wouldn't be able to distinguish one from the other. Even if they
+  # theoretically cracked the asymmetric encryption - they would then be faced
+  # with a powerful symmetric encryption algorithm which could be any one of the
+  # leading ciphers such as TwoFish or the Advanced Encryption Standard (AES).
+  #
+  # == How to Implement a Cipher
+  #
+  # Extend this base class to inherit lots of +unexciting+ functionality
+  # that essentially
+  #
+  # - manages the main encryption and decryption use case flow
+  # - +concatenates+ the symmetric encryption meta data with ciphertext +after encryption+
+  # - _splits_ and objectifies the key/value metadata plus ciphertext +before decryption+
+  # - +handles file read/writes+ in conjunction with the store plugins
+  # - handles +exceptions+ and +malicious input detection+ and incubation
+  # - +_performs the asymmetric encryption_+ of the cipher's symmetrically encrypted output
+  #
+  # -------------------------------------
+  # What Behaviour Must Ciphers Implement
+  # -------------------------------------
+  #
+  # Ciphers bring the cryptographic mathematics and implementation algorithms
+  # to the table. So when at home they must implement
+  #
+  # - <tt>do_symmetric_encryption(plain_text)</tt> - resulting in ciphertext
+  # - <tt>do_symmetric_decryption(ciphertext, encryption_dictionary)</tt> &raquo; plaintext
+  #
+  # and also set the <tt>@encryption_dictionary</tt> hash (map) of pertinent
+  # key/value pairs including the encryption algorithm, the encryption key and
+  # the ciphertext signature to thwart any at-rest tampering.
+  #
+  # That's It. Cipher children can rely on the {OpenSecret::Cipher} parent to
+  # do the nitty gritty of file-handling plus managing stores and paths.
+  class Cipher
+
+    # Many ciphers (like Blowfish) constrains plain text lengths to multiples
+    # of 8 (or 16) and a common +right pad with spaces+ strategy is employed
+    # as a workaround. opensecret does it diferently.
+    #
+    # == No Space Padding? | Why Not?
+    #
+    # If opensecret padded plaintext (ending in one or more spaces) with
+    # spaces, the decrypt phase (after right stripping spaces) would return
+    # plain text string +shorter than the original+.
+    #
+    # == So How is Padding Done?
+    #
+    # Instead of single space padding - opensecret uses an unlikely 7 character
+    # padder which is repeated until the multiple is reached.
+    #
+    # <tt><-|@|-></tt>
+    #
+    # == So How is Padding Done?
+    #
+    # The +padder length must be a prime number+ or infinite loops could occur.
+    #
+    #    If the padder string is likely to occur in the plain text, another
+    #    padder (or strategy) should and could be employed.
+    #
+    TEXT_PADDER = "<-|@|->"
+
+    @@symmetric_cipher_keyname = "symmetric.cipher"
+    @@encryption_key_keyname = "encryption.key"
+    @@cipher_signature_keyname = "cipher.signature"
+
+    # Ciphers use +symmetric algorithms+ to encrypt the given text, which
+    # is then wrapped up along with the encryption key and other +metadata+
+    # pertinent to the algorithm, they then encrypt this bundle with the
+    # +public key+ provided and return the text that can safely be stored in
+    # a text file.
+    #
+    # Ciphers should never interact with the filesystem which makes them
+    # reusable in API and remote store scenarios.
+    #
+    # Binary files should be converted into the base64 format before being
+    # presented to ciphers.
+    #
+    # Every component in the pipeline bears the responsibility for nullifying
+    # and rejecting malicious content.
+    #
+    # @param public_key [String] used for encrypting the key/metadata bundle
+    # @param plain_text [String] the plain (or base64 encoded) text to encrypt
+    #
+    # @return [String] doubly (symmetric and asymmetric) encrypted cipher text
+    def encrypt_it public_key, plain_text
+
+      symmetric_ciphertext = do_symmetric_encryption plain_text
+      plain_paraphernalia = glue @encryption_dictionary, symmetric_ciphertext
+      return do_asymmetric_encryption public_key, plain_paraphernalia
+
+    end
+
+
+    # The decrypted cipher-text is actually a two part bundle consisting of
+    # a dictionary and then more cipher-text which is then decrypted using
+    # the symmetric key held within the dictionary.
+    #
+    # The private key revealed a dictionary holding the symmetric encryption
+    # key and other details pertinent to the cipher's encrypt/decrypt process.
+    # This data is used to work on the cipher text, eventually revealing the
+    # original plain text (which half the time is actually a private key).
+    #
+    # Ciphers should never interact with the filesystem which makes them
+    # reusable in API and remote store scenarios.
+    #
+    # @param private_key [String] reveals the dictionary and more ciphertext
+    # @param cipher_text [String] the crypted (base64 encoded) text bundle
+    #
+    # @return [String] the plain or encoded text first pushed into the cipher
+    def decrypt_it private_key, cipher_text
+
+      paraphernalia = do_asymmetric_decryption private_key, cipher_text
+      return do_symmetric_decryption get_dictionary(paraphernalia), get_crypt(paraphernalia)
+
+    end
+
+
+
+    def encrypt_usecase public_key, secret_path, stores, plain_text
+
+      key_pair = KeyPair.new
+
+      secret_bundle_crypt = encrypt_it key_pair.public_key, plain_text
+      stores[1].write_path( secret_path, secret_bundle_crypt )
+
+      secret_key_crypt = encrypt_it public_key, key_pair.private_key
+      stores[0].write_path( secret_path, secret_key_crypt )
+
+    end
+
+
+
+    def decrypt_usecase private_key, public_key, secret_path, stores
+
+      inner_private_key = decrypt_it( private_key, stores[0].read_path(secret_path) )
+      secret_text = decrypt_it( inner_private_key, stores[1].read_path(secret_path) )
+
+      encrypt_usecase public_key, secret_path, stores, secret_text
+      return secret_text
+
+    end
+
+
+
+    def rekey_usecase old_private_key, new_public_key, secret_path, store
+
+
+    end
+
+
+  end
+
+
+end