opensecret 0.0.941 → 0.0.946

data/lib/plugins/ciphers/aes-256.rb

@@ -0,0 +1,162 @@
+#!/usr/bin/ruby
+# coding: utf-8
+
+module OpenSecret
+
+  # Aes256 is a symmetric encryption cipher which inherits extends the
+  # {OpenSecret::Cipher} base class in order to implement plug and play
+  # symmetric encryption.
+  #
+  # == Aes256 Symmetric Encrypt/Decrypt Dictionary
+  #
+  # To facilitate decryption - this cipher produces a key/value pair
+  # dictionary which will be stored along with the ciphertext itself.
+  # The dictionary includes
+  #
+  # - <tt>symmetric.cipher</tt> - the algorithm used to encrypt and decrypt
+  # - <tt>encryption.key</tt> - hex encoded key for encrypting and decrypting
+  # - <tt>initialize.vector</tt> - the initialization vector known as a IV (four)
+  #
+  # == Aes256 Implemented Methods
+  #
+  # This cipher brings the cryptographic mathematics and implementation algorithms
+  # for the 256Bit Advanced Encryption Standard. No serious practical (nor theoretical)
+  # challenge has ever been mounted against this algorithm (or this implementation).
+  #
+  # This class implements the below methods
+  #
+  # - <tt>do_symmetric_encryption(plain_text)</tt> - resulting in ciphertext
+  # - <tt>do_symmetric_decryption(ciphertext, encryption_dictionary)</tt> &raquo; plaintext
+  #
+  # and it also sets the <tt>@encryption_dictionary</tt> hash (map) of pertinent
+  # key/value pairs including the +encryption algorithm+ and +encryption key+.
+  #
+  # That's It. Cipher children can rely on the {OpenSecret::Cipher} parent to
+  # do the nitty gritty of file-handling plus managing stores and paths.
+
+  class Aes256 < OpenSecret::Cipher
+
+    @@initialize_vector_keyname = "initialize.vector"
+
+    # Use the AES 256 bit block cipher and a robust strong random key plus
+    # initialization vector (IV) to symmetrically encrypt the plain text.
+    #
+    # Add these key/value pairs to @encryption_dictionary instance map.
+    #
+    # - <tt>symmetric.cipher</tt> - the algorithm used to encrypt and decrypt
+    # - <tt>encryption.key</tt> - hex encoded key for encrypting and decrypting
+    # - <tt>initialize.vector</tt> - the initialization vector known as a IV (four)
+    #
+    # @param plain_text [String] the plain (or base64 encoded) text to encrypt
+    # @return [String] the symmetrically encrypted cipher text
+    def do_symmetric_encryption plain_text
+
+      @cipher_name = "aes-256-cbc"
+
+      crypt_cipher = OpenSSL::Cipher.new @cipher_name
+      crypt_cipher.encrypt( plain_text )
+
+      @encryption_dictionary = {
+        @@symmetric_cipher_keyname => @cipher_name,
+        @@encryption_key_keyname => crypt_cipher.random_key.unpack("H*").first,
+        @@initialize_vector_keyname => crypt_cipher.random_iv.unpack("H*").first
+      }
+
+      Base64.encode64( crypt_cipher.update + crypt_cipher.final )
+
+    end
+
+
+    # Use the AES 256 bit block cipher together with the encryption key
+    # and initialization vector (iv) sitting in the encryption_dictionary,
+    # to symmetrically decrypt the parameter cipher text.
+    #
+    # == Pre-Condition | Encryption Dictionary
+    #
+    # This method requires the <tt>@encryption_dictionary</tt> instance
+    # variable to have been set and to contain (amongst others)
+    #
+    # - the <tt>encryption.key</tt> - hex encoded key for encrypting and decrypting
+    # - and <tt>initialize.vector</tt> - the initialization vector known as a IV (four)
+    #
+    # @param cipher_text [String] the base64 encoded cipher text to decrypt
+    # @return [String] decrypted plain text from symmetric key and cipher text
+    def do_symmetric_decryption cipher_text
+
+      abort "Implement AES 256 decryption in aes-256"
+
+    end
+
+
+
+=begin
+encode_cipher = OpenSSL::Cipher.new('aes-256-cbc')
+encode_cipher.encrypt # We are encrypting
+key = encode_cipher.random_key
+iv = encode_cipher.random_iv
+hex_key = key.unpack("H*").first
+hex_iv = iv.unpack("H*").first
+
+line1 = "1>> This is secret number one over here with at @ and squiggle~ and round brakets().\n"
+line2 = "2>> secret number two with colon and semi :; angular <> qmarks ??.\n"
+line3 = "3>> secret number 3 fwd slash / and backslash twice \\ and pipe || and excla !!\n"
+line4 = "4>> secret 4 with pound ££ dollar $$ percent %% hat ^^ ampr && stars **\n"
+line5 = "5>> secret 5 with hyphens - and underscore __ and plus ++ and equal == and sqBs [[]].\n"
+line6 = "6>> secret 6 with double quote \"from here to here\" and \' single quotes\'.\n"
+line7 = "7>> secret 7 with periods .... and hashes #####\n"
+
+crypt_text = ""
+crypt_text += encode_cipher.update line1
+crypt_text += encode_cipher.update line2
+crypt_text += encode_cipher.update line3
+crypt_text += encode_cipher.update line4
+crypt_text += encode_cipher.update line5
+crypt_text += encode_cipher.update line6
+crypt_text += encode_cipher.update line7
+crypt_text += encode_cipher.final
+coded_crypt_text = Base64.encode64(crypt_text)
+
+puts ""
+puts "The key is #{hex_key}"
+puts "The IV is #{hex_iv}"
+puts "========================"
+puts "The Cipher Text is Below"
+puts "========================"
+puts coded_crypt_text
+puts "========================"
+puts crypt_text
+puts "========================"
+puts "========================"
+puts "========================"
+puts line1 + line2 + line3 + line4 + line5 + line6 + line7
+puts "========================"
+puts "========================"
+puts "========================"
+puts ""
+puts ""
+
+unencoded_crypt_text = Base64.decode64(coded_crypt_text)
+decode_cipher = OpenSSL::Cipher.new('aes-256-cbc')
+
+decode_cipher.decrypt
+decode_cipher.key = [hex_key].pack("H*")
+decode_cipher.iv = [hex_iv].pack("H*")
+first_part = decode_cipher.update( Base64.decode64(coded_crypt_text) )
+second_part = ""
+second_part << decode_cipher.final
+
+puts "========================"
+puts "Decrypted Text is Below"
+puts "========================"
+puts first_part
+puts "========================"
+puts second_part
+puts "========================"
+puts ""
+=end
+
+
+  end
+
+
+end

data/lib/plugins/ciphers/blowfish.rb

@@ -0,0 +1,223 @@
+#!/usr/bin/ruby
+# coding: utf-8
+
+module OpenSecret
+
+  # Blowfish is a symmetric encryption cipher which inherits extends the
+  # {OpenSecret::Cipher} base class in order to implement plug and play
+  # symmetric encryption.
+  #
+  # Blowfish is still uncrackable - however its successor (TwoFish) has
+  # been reinforced to counter the growth of super-computer brute force
+  # resources.
+  class Blowfish < OpenSecret::Cipher
+
+
+    # The blowfish cipher id constant is used to +initialize+
+    # an {OpenSSL::Cipher} class instance.
+    BLOWFISH_CIPHER_ID = "BF-ECB"
+
+
+    # Blowfish constrains the length of +incoming plain text+ forcing it
+    # to be a multiple of eight (8).
+    BLOWFISH_BLOCK_LEN = 8
+
+
+    # This method provides the Blowfish algorithm but we reserve the
+    # right to enforce upon it - an encryption key of our choosing.
+    #
+    # The key length need not be a multiple of 8 - however it is advisable
+    # to use {Digest::SHA256.digest} to produce a strong 32 character key.
+    #
+    # == Multiples of 8 | Plain Text Length
+    #
+    # Blowfish constrains plain text lengths to multiples of 8 but we
+    # do NOT walk the common +space padding+ road.
+    #
+    # == No Space Padding? | Why Not?
+    #
+    # Many ciphers (like Blowfish) constrains plain text lengths to multiples
+    # of 8 (or 16) and a common +right pad with spaces+ strategy is employed
+    # as a workaround.
+    #
+    # If opensecret padded plaintext (ending in one or more spaces) with
+    # spaces, the decrypt phase (after right stripping spaces) would return
+    # plain text string +shorter than the original+.
+    #
+    # == So How is Padding Done?
+    #
+    # Instead of single space padding - opensecret uses an unlikely 7 character
+    # delimiter which is repeated until the multiple is reached.
+    #
+    # Please see {OpenSecret::Cipher::PLAIN_TEXT_DELIMITER} for the definition
+    # of the constant delimiter.
+    #
+    # == Key Length Error
+    #
+    # Short keys receive a <tt>key length too short</tt> error from the
+    # {OpenSSL::Cipher} class namely {OpenSSL::Cipher::CipherError}.
+    #
+    # @param plain_text [String] the text to encrypt using Blowfish
+    # @param encryption_key [String] strong unencoded (32 character key)
+    #
+    # @return [String] base64 representation of blowfish crypted ciphertext
+    def do_encrypt_with_key plain_text, encryption_key
+
+      shortkey_msg = "The #{encryption_key.length} character encryption key is too short."
+      raise ArgumentError, shortkey_msg unless encryption_key.length > 8
+      log.info(x) { "os blowfish request to encrypt plain text with provided key." }
+
+      block_txt = plain_text
+      block_txt += ::Cipher::TEXT_PADDER until block_txt.bytesize % OpenSecret::Blowfish::BLOWFISH_BLOCK_LEN == 0
+      raw_stretched_key = Digest::SHA256.digest(encryption_key)
+
+      blowfish_encryptor = OpenSSL::Cipher.new(OpenSecret::Blowfish::BLOWFISH_CIPHER_ID).encrypt
+      blowfish_encryptor.key = raw_stretched_key
+
+      Base64.encode64( blowfish_encryptor.update(block_txt) << blowfish_encryptor.final )
+
+    end
+
+
+=begin
+puts "Plain Text            => #{sentence}"
+puts "Plain Text Length     => #{sentence.length}"
+puts "Multiple 8 Text       => [#{multiple8}]"
+puts "Multiple 8 Length     => [#{multiple8.length}]"
+puts "Encrypted Text Length => #{encrypted_text.length}"
+######### puts "Encrypted Text        => #{encrypted_text}"
+puts "Base64 Encrypted Text => #{base64_encrypted_text}"
+
+dbf = OpenSSL::Cipher.new("BF-ECB").decrypt
+dbf.key = the_key
+debase64_text = Base64.decode64( base64_encrypted_text )
+decrypted_text = dbf.update(debase64_text) << dbf.final
+
+puts "Decrypted Text        => #{decrypted_text}"
+=end
+
+
+
+
+    # Use the AES 256 bit block cipher and a robust strong random key plus
+    # initialization vector (IV) to symmetrically encrypt the plain text.
+    #
+    # Add these key/value pairs to @encryption_dictionary instance map.
+    #
+    # - <tt>symmetric.cipher</tt> - the algorithm used to encrypt and decrypt
+    # - <tt>encryption.key</tt> - hex encoded key for encrypting and decrypting
+    # - <tt>initialize.vector</tt> - the initialization vector known as a IV (four)
+    #
+    # @param plain_text [String] the plain (or base64 encoded) text to encrypt
+    # @return [String] the symmetrically encrypted cipher text
+    def do_symmetric_encryption plain_text
+
+      @cipher_name = "aes-256-cbc"
+
+      crypt_cipher = OpenSSL::Cipher.new @cipher_name
+      crypt_cipher.encrypt( plain_text )
+
+      @encryption_dictionary = {
+        @@symmetric_cipher_keyname => @cipher_name,
+        @@encryption_key_keyname => crypt_cipher.random_key.unpack("H*").first,
+        @@initialize_vector_keyname => crypt_cipher.random_iv.unpack("H*").first
+      }
+
+      Base64.encode64( crypt_cipher.update + crypt_cipher.final )
+
+    end
+
+
+    # Use the AES 256 bit block cipher together with the encryption key
+    # and initialization vector (iv) sitting in the encryption_dictionary,
+    # to symmetrically decrypt the parameter cipher text.
+    #
+    # == Pre-Condition | Encryption Dictionary
+    #
+    # This method requires the <tt>@encryption_dictionary</tt> instance
+    # variable to have been set and to contain (amongst others)
+    #
+    # - the <tt>encryption.key</tt> - hex encoded key for encrypting and decrypting
+    # - and <tt>initialize.vector</tt> - the initialization vector known as a IV (four)
+    #
+    # @param cipher_text [String] the base64 encoded cipher text to decrypt
+    # @return [String] decrypted plain text from symmetric key and cipher text
+    def do_symmetric_decryption cipher_text
+
+      abort "Implement AES 256 decryption in aes-256"
+
+    end
+
+
+
+=begin
+encode_cipher = OpenSSL::Cipher.new('aes-256-cbc')
+encode_cipher.encrypt # We are encrypting
+key = encode_cipher.random_key
+iv = encode_cipher.random_iv
+hex_key = key.unpack("H*").first
+hex_iv = iv.unpack("H*").first
+
+line1 = "1>> This is secret number one over here with at @ and squiggle~ and round brakets().\n"
+line2 = "2>> secret number two with colon and semi :; angular <> qmarks ??.\n"
+line3 = "3>> secret number 3 fwd slash / and backslash twice \\ and pipe || and excla !!\n"
+line4 = "4>> secret 4 with pound ££ dollar $$ percent %% hat ^^ ampr && stars **\n"
+line5 = "5>> secret 5 with hyphens - and underscore __ and plus ++ and equal == and sqBs [[]].\n"
+line6 = "6>> secret 6 with double quote \"from here to here\" and \' single quotes\'.\n"
+line7 = "7>> secret 7 with periods .... and hashes #####\n"
+
+crypt_text = ""
+crypt_text += encode_cipher.update line1
+crypt_text += encode_cipher.update line2
+crypt_text += encode_cipher.update line3
+crypt_text += encode_cipher.update line4
+crypt_text += encode_cipher.update line5
+crypt_text += encode_cipher.update line6
+crypt_text += encode_cipher.update line7
+crypt_text += encode_cipher.final
+coded_crypt_text = Base64.encode64(crypt_text)
+
+puts ""
+puts "The key is #{hex_key}"
+puts "The IV is #{hex_iv}"
+puts "========================"
+puts "The Cipher Text is Below"
+puts "========================"
+puts coded_crypt_text
+puts "========================"
+puts crypt_text
+puts "========================"
+puts "========================"
+puts "========================"
+puts line1 + line2 + line3 + line4 + line5 + line6 + line7
+puts "========================"
+puts "========================"
+puts "========================"
+puts ""
+puts ""
+
+unencoded_crypt_text = Base64.decode64(coded_crypt_text)
+decode_cipher = OpenSSL::Cipher.new('aes-256-cbc')
+
+decode_cipher.decrypt
+decode_cipher.key = [hex_key].pack("H*")
+decode_cipher.iv = [hex_iv].pack("H*")
+first_part = decode_cipher.update( Base64.decode64(coded_crypt_text) )
+second_part = ""
+second_part << decode_cipher.final
+
+puts "========================"
+puts "Decrypted Text is Below"
+puts "========================"
+puts first_part
+puts "========================"
+puts second_part
+puts "========================"
+puts ""
+=end
+
+
+  end
+
+
+end

data/lib/plugins/stores/store.rb

@@ -0,0 +1,4 @@
+#!/usr/bin/ruby
+# coding: utf-8
+
+## Nothing here yet.

data/lib/{usecase → plugins}/usecase.rb

@@ -17,14 +17,6 @@
 module OpenSession
 
 
-  require "session/exceptions"
-  require "session/fact.finder"
-
-  require "extension/array"
-  require "extension/dir"
-  require "extension/string"
-
-
   # An opensession use case is designed to be extended and does preparatory
   # work to create favourable and useful conditions to make use cases readable,
   # less repetitive, simpler and concise.
@@ -59,7 +51,7 @@ module OpenSession
 
         pre_validation
 
-      rescue OpenSessionError => e
+      rescue OpenError::Error => e
 
         puts ""
         puts "Your command did not complete successfully."
@@ -83,11 +75,12 @@ module OpenSession
     # post execution (post condition) checks in it and then
     # make a call to this method through the "super" keyword.
     def check_post_conditions
+
       begin
 
         post_validation
 
-      rescue OpenSessionError => e
+      rescue OpenError::Error => e
 
         puts ""
         puts "Your command did not complete successfully."
@@ -99,8 +92,6 @@ module OpenSession
         abort e.message
       end
 
-
-
     end
 
 

data/lib/{usecase → plugins}/usecases/init.rb

@@ -18,23 +18,6 @@ module OpenSecret
 # -->  require 'nokogiri'
 # -->  require 'io/console'
 
-  require "session/exceptions"
-  require "crypto/collect"
-
-  # Throw this error if the configured safe directory points to a file.
-  class SafeDirectoryIsFile < OpenSession::OpenSessionError; end;
-  # Throw this error if safe directory path is either nil or empty.
-  class SafeDirNotConfigured < OpenSession::OpenSessionError; end;
-  # Throw this error if the email address is nil, empty or less than 5 characters.
-  class EmailAddrNotConfigured < OpenSession::OpenSessionError; end;
-  # Throw this error if the store url is either nil or empty.
-  class StoreUrlNotConfigured < OpenSession::OpenSessionError; end;
-  # Throw if "prime folder" name occurs 2 or more times in the path.
-  class SafePrimeNameRepeated < OpenSession::OpenSessionError; end;
-  # Throw if "prime folder" name occurs 2 or more times in the path.
-  class SafePrimeNameNotAtEnd < OpenSession::OpenSessionError; end;
-
-
   # The <tt>init use case</tt> initializes +opensecret+ thus preparing it
   # for the ability to lock secrets, unlock them, transport their keys and
   # much more.
@@ -54,7 +37,6 @@ module OpenSecret
   # +No cloud or other external access+ occurs as per the opensecret policy.
   class Init < OpenSession::UseCase
 
-
     attr_writer :safe_path, :email_addr, :store_url
     @@context_name = "opensecret"
 
@@ -70,7 +52,8 @@ module OpenSecret
     # - +manufacture workstation key+ that will be encrypted b4 it rests on machine
     # - +create amalgamated human/workstation password+ for locking the private key
     # - +create a long cryptographically strong symmetric encryption key+
-    # - +encrypt workstation key+ into <tt>.opensecret/<email>/machine.password.cipher.txt</tt>
+    # - +encrypt workstation key+ into <tt>.opensecret/<email>/workstation.key.osx.txt</tt>
+
     # - +encrypt workstation encryption key+ with human password and email address
     # - then write into <tt>safe</tt> under <tt>machine.password.key.cipher.txt</tt>
     # - +create a super 8,192 bit private/public key pair+
@@ -109,35 +92,40 @@ module OpenSecret
     #
     # This action thwarts (usb key) switch attacks where the attacker knows the human
     # password and has access to the USB key for a time.
-    #
     def execute
 
-      natural_password = Collect.secret_text @c[:global][:min_passwd_len], @c[:global][:prompt_1], @c[:global][:prompt_2]
-
-##########------------> START FROM HERE (aside from prompt bug (check facts) all good.
-##########------------> START FROM HERE (aside from prompt bug (check facts) all good.
-##########------------> START FROM HERE (aside from prompt bug (check facts) all good.
-##########------------> START FROM HERE (aside from prompt bug (check facts) all good.
-##########------------> START FROM HERE (aside from prompt bug (check facts) all good.
-##########------------> START FROM HERE (aside from prompt bug (check facts) all good.
-##########------------> START FROM HERE (aside from prompt bug (check facts) all good.
-##########------------> START FROM HERE (aside from prompt bug (check facts) all good.
-##########------------> START FROM HERE (aside from prompt bug (check facts) all good.
-##########------------> START FROM HERE (aside from prompt bug (check facts) all good.
-##########------------> START FROM HERE (aside from prompt bug (check facts) all good.
-##########------------> START FROM HERE (aside from prompt bug (check facts) all good.
-##########------------> START FROM HERE (aside from prompt bug (check facts) all good.
-      machine_password = Crypto.get_machine_password natural_password.length, @p[:ratio]
-      amalgam_password = Crypto.get_amalgam_password natural_password, machine_password, @p[:ratio]
-
-      asymmetric_keys = OpenSSL::PKey::RSA.new @p[:bit_key_size]
-      secured_keytext = asymmetric_keys.export @p[:key_cipher], amalgam_password
+      human_password = Collect.secret_text(
+        @c[:global][:min_passwd_len],
+        true,
+        @c[:global][:prompt_1],
+        @c[:global][:prompt_2]
+      )
+
+      machine_key = Engineer.machine_key human_password.length, @c[:global][:ratio]
+      amalgam_key = Amalgam.passwords human_password, machine_key, @c[:global][:ratio]
+      asymmetric_keys = OpenSSL::PKey::RSA.new @c[:global][:bit_key_size]
+      secured_keytext = asymmetric_keys.export @c[:global][:key_cipher], amalgam_key
       public_key_text = asymmetric_keys.public_key.to_pem
 
+      machine_key_crypt_key = human_password + "%$os$%" + @email_addr
+      blowfish_cipher = OpenSecret::Blowfish.new()
+      machine_key_crypted = blowfish_cipher.do_encrypt_with_key machine_key, machine_key_crypt_key
+
+      puts ""
+      puts "public key => #{public_key_text}"
+      puts "Carry on development in init.rb"
+      puts ""
+      puts "Machine Key Plain Text  => #{machine_key}"
+      puts "Machine Key Crypt Key   => #{machine_key_crypt_key}"
+      puts "Machine Key Cipher Text => #{machine_key_crypted}"
+      puts ""
+      exit
+
+
       Dir.mkdir @p[:secret_keydir] unless File.exists? @p[:secret_keydir]
       File.write @p[:secret_keypath], secured_keytext
 
-      Crypto.print_secret_env_var @p[:env_var_name], machine_password
+      Crypto.print_secret_env_var @p[:env_var_name], machine_key
 
       GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
       FileUtils.mkdir_p @p[:public_keydir]