opensecret 0.0.960 → 0.0.962

data/lib/plugins/ciphers/blowfish.rb

@@ -61,7 +61,7 @@ module OpenSecret
       log.info(x) { "os blowfish request to encrypt plain text with provided key." }
 
       block_txt = plain_text
-      block_txt += OpenSecret::Cipher::TEXT_PADDER until block_txt.bytesize % OpenSecret::Blowfish::BLOWFISH_BLOCK_LEN == 0
+      block_txt += CryptIO::TEXT_PADDER until block_txt.bytesize % OpenSecret::Blowfish::BLOWFISH_BLOCK_LEN == 0
       raw_stretched_key = Digest::SHA256.digest(encryption_key)
 
       blowfish_encryptor = OpenSSL::Cipher.new(OpenSecret::Blowfish::BLOWFISH_CIPHER_ID).encrypt
@@ -113,7 +113,7 @@ module OpenSecret
       decrypt_tool.key = digested_key
 
       padded_plaintxt = decrypt_tool.update(cipher_text) << decrypt_tool.final
-      pad_begin_index = padded_plaintxt.index OpenSecret::Cipher::TEXT_PADDER
+      pad_begin_index = padded_plaintxt.index CryptIO::TEXT_PADDER
       return padded_plaintxt if pad_begin_index.nil?
       return padded_plaintxt[ 0 .. (pad_begin_index-1) ]
 

data/lib/plugins/coldstore.rb

@@ -82,11 +82,47 @@ module OpenSecret
     #
     #    nil is reurned if no file can be found in the local mirror
     #    at the configured path
+    #
+    # @raise [RuntimeError]
+    #    unless the path exists in this coldstore and that path is
+    #    a directory (as opposed to a file).
+    #
+    # @raise [ArgumentError]
+    #    if more than one file match is made at the path specified.
     def read from_path
 
       frozen_filepath = File.join @store_path, from_path
-      return nil unless File.exists? frozen_filepath
-      return File.read frozen_filepath
+      frozen_dir_path = File.dirname(frozen_filepath)
+
+      log.info(x) { "Coldstore will search in folder [#{frozen_dir_path.hr_path}]" }
+
+      exists_msg = "Directory #{frozen_dir_path} does not exist in store."
+      is_dir_msg = "Path #{frozen_dir_path} should be a directory (not a file)."
+      raise RuntimeError, exists_msg unless File.exists? frozen_dir_path
+      raise RuntimeError, is_dir_msg unless File.directory? frozen_dir_path
+
+      full_filepath = ""
+      file_matched = false
+
+      Dir.glob("#{frozen_dir_path}/**/*.os.txt").each do |matched_path|
+
+        log.info(x) { "Coldstore search with [#{from_path}] has matched [#{matched_path.hr_path}]" }
+        log.info(x) { "Ignore directory at [#{matched_path.hr_path}]." } if File.directory? matched_path
+        next if File.directory? matched_path
+
+        two_match_msg = "More than one file matched. The second is #{matched_path}."
+        raise ArgumentError, two_match_msg if file_matched
+        file_matched = true
+
+        full_filepath = matched_path
+
+      end
+
+      no_file_msg = "Coldstore could not find path [#{from_path}] from [#{@store_path}]."
+      raise RuntimeError, no_file_msg unless file_matched
+
+      log.info(x) { "Coldstore matched exactly one envelope at [#{full_filepath.hr_path}]." }
+      return File.read full_filepath
 
     end
 

data/lib/plugins/crypt.io.rb

@@ -0,0 +1,220 @@
+#!/usr/bin/ruby
+# coding: utf-8
+
+module OpenSecret
+
+  # CryptIO concentrates on injecting and ingesting crypt properties into and
+  # out of a key/value dictionary as well as injecting and ingesting cryptographic
+  # materials into and out of text files.
+  #
+  # == Cryptographic Properties
+  #
+  # A crypt properties dictionary acts as <b>output from every encryption event</b>
+  # and <b>input to every decryption event</b>. The most common properties include
+  #
+  # - the symmetric key used for the encryption and decryption
+  # - the iv (initialization vector) that adds another dimension of strength
+  # - authorization data that thwarts switch attacks by tying context to content
+  # - the cipher algorithm, its implementation and its encryption strength
+  # - the various glue strings that allow related ciphertext to occupy a file
+  #
+  # == Why Pad?
+  #
+  # Many ciphers (like Blowfish) constrains plain text lengths to multiples
+  # of 8 (or 16) and a common <b>right pad with spaces</b> strategy is employed
+  # as a workaround. opensecret does it diferently.
+  #
+  # == Why isn't Space Padding Used?
+  #
+  # If opensecret padded plaintext (ending in one or more spaces) with
+  # spaces, the decrypt phase (after right stripping spaces) would return
+  # plain text string <b>shorter than the original</b>.
+  #
+  # == Why Unusual Padding and Separators
+  #
+  # Why does opensecret employ unusual strings for padding and separation.
+  #
+  # The separator string must be unusual to make it unlikely for it to occur in any
+  # of the map's key value pairs nor indeed the chunk of text being glued. Were
+  # this to happen, the separate and reconstitute phase may not accurately return
+  # the same two entities we are employed to unite.
+  #
+  # == So How is Padding Done?
+  #
+  # Instead of single space padding - opensecret uses an unlikely 7 character
+  # padder which is repeated until the multiple is reached.
+  #
+  # <tt><-|@|-></tt>
+  #
+  # == So How is Padding Done?
+  #
+  # The <b>padder length must be a prime number</b> or infinite loops could occur.
+  #
+  #    If the padder string is likely to occur in the plain text, another
+  #    padder (or strategy) should and could be employed.
+  #
+  class CryptIO
+
+
+    # The opensecret text padder. See the class description for an analysis
+    # of the use of this type of padder.
+    TEXT_PADDER = "<-|@|->"
+
+    # An unusual string that glues together an encryption dictionary and
+    # a chunk of base64 encoded and encrypted ciphertext.
+    # The string must be unusual enough to ensure it does not occur within
+    # the dictionary metadata keys or values.
+    INNER_GLUE_STRING = "\n<-|@| <  || opensecret inner crypt material axis ||  > |@|->\n\n"
+
+    # An unusual string that glues together the asymmetrically encrypted outer
+    # encryption key  with the outer crypted text.
+    OUTER_GLUE_STRING = "\n<-|@| <  || opensecret outer crypt material axis ||  > |@|->\n\n"
+
+    # Text header for key-value pairs hash map that will be serialized.
+    DICT_HEADER_NAME = "crypt.properties"
+
+    # Name for the class of cipher employed.
+    DICT_CIPHER_NAME = "cipher.class"
+
+    # Name for the {Base64} encoded symmetric (lock/unlock) crypt key.
+    DICT_CRYPT_KEY = "encryption.key"
+
+    # Dictionary name for the encryption iv (initialization vector)
+    DICT_CRYPT_IV = "encryption.iv"
+
+    # Dictionary name for the Base64 (urlsafe) encoded plaintext digest.
+    DICT_TEXT_DIGEST = "plaintext.digest"
+
+
+    # Serialize and then unify a hash map and a textual chunk using
+    # a known but unusual separator string in a manner that protects
+    # content integrity during the serialize / deserialize process.
+    #
+    # This crypt serialization uses a specific "inner glue" as the
+    # string that separates the serialized key/value dictionary and
+    # the encoded textual block.
+    #
+    # @param hash_map [String]
+    #    this hash (dictionary) will be serialized into INI formatted text
+    #    using behaviour from {Hash} and {IniFile}.
+    #
+    # @param text_chunk [String]
+    #    the usually Base64 encrypted textual block to be glued at the
+    #    bottom of the returned block.
+    #
+    # @return [String] serialized and glued together result of map plus text
+    #
+    # @raise [ArgumentError]
+    #    if the dictionary hash_map is either nil or empty.
+    def self.inner_crypt_serialize hash_map, text_chunk
+
+      nil_or_empty_hash = hash_map.nil? || hash_map.empty?
+      raise ArgumentError, "Cannot serialize nil or empty properties." if nil_or_empty_hash
+      ini_map = IniFile.new
+      ini_map[ DICT_HEADER_NAME ] = hash_map
+      return ini_map.to_s + INNER_GLUE_STRING + text_chunk
+
+    end
+
+
+    # Deserialize an opensecret formatted text which contains an
+    # encryption properties dictionary (serialized in INI format)
+    # and a Base64 encoded crypt block which is the subject of the
+    # encryption dictionary.
+    #
+    # The crypt serialization used a specific "inner glue" as the
+    # string that separates the serialized key/value dictionary and
+    # the encoded textual block. We now employ this glue to split
+    # the serialized dictionary from the textual block.
+    #
+    # @param hash_map [String]
+    #    send an instantiated hash (dictionary) which will be populated
+    #    by this deserialize operation. The dictionary propeties can
+    #    then be used to decrypt the returned ciphertext.
+    #
+    # @param text_block [String]
+    #    the first of a two-part amalgamation is a hash (dictionary) in
+    #    INI serialized form and the second part is a Base64 encrypted
+    #    textual block.
+    #
+    #    The deserialized key/value pairs will be stuffed into the
+    #    non nil (usually empty) hash map in the first parameter and
+    #    the block (in the 2nd part) will be Base64 decoded and
+    #    returned by this method.
+    #
+    # @return [String]
+    #    The encoded block in the 2nd part of the 2nd parameter will be
+    #    Base64 decoded and returned.
+    #
+    # @raise [ArgumentError]
+    #    if the dictionary hash_map is either nil or empty. Also if
+    #    the inner glue tying the two parts together is missing an
+    #    {ArgumentError} will be thrown.
+    def self.inner_crypt_deserialize hash_map, text_block
+
+      raise ArgumentError, "Cannot populate a nil hash map." if hash_map.nil?
+      assert_contains_glue text_block, INNER_GLUE_STRING
+
+      serialized_map = text_block.split(INNER_GLUE_STRING).first.strip
+      encoded64_text = text_block.split(INNER_GLUE_STRING).last.strip
+      ini_props_hash = IniFile.new( :content => serialized_map )
+      encrypt_values = ini_props_hash[DICT_HEADER_NAME]
+
+      hash_map.merge!( encrypt_values )
+      return Base64.decode64( encoded64_text )
+
+    end
+
+
+    # Using an outer divider (glue) - attach the asymmetrically encrypted outer
+    # encryption key  with the outer encrypted text.
+    #
+    # @param crypt_material_x [String] asymmetrically encrypted (encoded) outer encryption key
+    # @param crypt_material_y [String] symmetrically encrypted inner metadata and payload crypt
+    #
+    # @return [String] concatenated result of the two crypt materials and divider string
+    def self.outer_crypt_serialize crypt_material_x, crypt_material_y
+      return crypt_material_x + OUTER_GLUE_STRING + crypt_material_y
+    end
+
+
+    # Given two blocks of text that were bounded together by the
+    # {self.outer_crypt_serialize} method we must return either the
+    # first block (true) or the second (false).
+    #
+    # @param crypt_material [String]
+    #    large block of text in two parts that is divided by the
+    #    outer glue string.
+    #
+    # @param top_block [Boolean]
+    #    if true the top (of the two) blocks will be returned
+    #    otherwise the bottom block is returned.
+    #
+    # @return [String] either the first or second block of text
+    #
+    # @raise [ArgumentError]
+    #    If the outer glue string tying the two parts together is
+    #    missing an {ArgumentError} will be thrown.
+    def self.outer_crypt_deserialize os_material, top_block
+
+      assert_contains_glue os_material, OUTER_GLUE_STRING
+      return os_material.split(OUTER_GLUE_STRING).first.strip if top_block
+      return os_material.split(OUTER_GLUE_STRING).last.strip
+
+    end
+
+
+    private
+
+    def self.assert_contains_glue os_crypted_block, glue_string
+
+      no_glue_msg = "\nGlue string not in opensecret cipher block.\n#{glue_string}\n"
+      raise ArgumentError, no_glue_msg unless os_crypted_block.include? glue_string
+
+    end
+
+
+  end
+
+
+end

data/lib/plugins/secrets.uc.rb

@@ -44,6 +44,50 @@ module OpenSecret
     end
 
 
+    # Unlock the {OpenSSL::PKey::RSA} private key and return the cipher object
+    # usable for asymmetric encryption, decryption, signing and signature
+    # verification use cases.
+    #
+    # The returned private key can be used to generate its twin public key
+    # and should be used to verify the same public key as (if) and when the
+    # need arises.
+    #
+    # @param locked_private_key [String]
+    #    the locked up private key ciphertext
+    #
+    # @param unlock_key [String]
+    #    the symmetric encryption key that can be used to unlock the private
+    #    key ciphertext in the first parameter.
+    #
+    # @return [OpenSSL::PKey::RSA]
+    #    return the {OpenSSL::PKey::RSA} private key that will be
+    #    usable for asymmetric encryption, decryption, signing and signature
+    #    verification.
+    def unlock_private_key locked_private_key, unlock_key
+      return OpenSSL::PKey::RSA.new locked_private_key, unlock_key
+    end
+
+
+    # Return the {OpenSSL::PKey::RSA} private key which is a cipher object
+    # usable for asymmetric encryption, decryption, signing and signature
+    # verification use cases.
+    #
+    # The returned private key can be used to generate its twin public key
+    # and should be used to verify the same public key as (if) and when the
+    # need arises.
+    #
+    # @param private_key_text [String]
+    #    the private key plain text
+    #
+    # @return [OpenSSL::PKey::RSA]
+    #    return the {OpenSSL::PKey::RSA} private key that will be
+    #    usable for asymmetric encryption, decryption, signing and signature
+    #    verification.
+    def to_private_key private_key_text
+      return OpenSSL::PKey::RSA.new private_key_text
+    end
+
+
   end
 
 

data/lib/plugins/usecases/init.rb

@@ -88,12 +88,20 @@ module OpenSecret
       machine_key_x = Base64.urlsafe_encode64(
         Blowfish.new.encryptor(machine_key, machine_key_crypt_key)
       )
-      public_key_64 = Base64.urlsafe_encode64 asymmetric_keys.public_key.to_pem
 
       OpenSession::Attributes.stash @c[:global][:name], @c[:global][:name], @c[:global][:machine_key_x], machine_key_x
       OpenSession::Attributes.stash @c[:global][:name], @c[:global][:name], @c[:global][:stamp_key], @c[:global][:stamp_23]
+
+
+      ## Change and write the public key to own file (see paper notes for naming direction)
+      ## Change and write the public key to own file (see paper notes for naming direction)
+      ## Change and write the public key to own file (see paper notes for naming direction)
+      public_key_64 = Base64.urlsafe_encode64 asymmetric_keys.public_key.to_pem
       OpenSession::Attributes.stash @c[:global][:name], @c[:global][:name], @c[:global][:publickey_id], public_key_64
 
+      ## not needed - produce public key from private key then validate with key in configuration.
+      ## not needed - produce public key from private key then validate with key in configuration.
+      ## not needed - produce public key from private key then validate with key in configuration.
       to_sign_segments = [ secured_keytext, public_key_64, @email_addr, @c[:global][:stamp_23] ]
       to_sign_packet = to_sign_segments.alphanumeric_union.concat_length
       signature_string = Base64.urlsafe_encode64( asymmetric_keys.sign( OpenSSL::Digest::SHA256.new, to_sign_packet ) )

data/lib/plugins/usecases/lock.rb

@@ -68,15 +68,15 @@ module OpenSecret
     def execute
 
       rel_filepath = OpenSession::Attributes.instance.get_value @@context_name, @c[:open][:open_name], @c[:open][:open_pathname]
-      master_public_key = Base64.urlsafe_decode64( OpenSession::Attributes.instance.get_value @c[:global][:name], @c[:global][:name], "public.key" )
+      master_public_key = OpenSSL::PKey::RSA.new ( Base64.urlsafe_decode64( OpenSession::Attributes.instance.get_value @c[:global][:name], @c[:global][:name], "public.key" ) )
 
       main_store = ColdStore.new @c[:global][:store_mainpath]
       keys_store = ColdStore.new @c[:global][:store_keyspath]
 
       envelope = get_envelope
       asym_key = OpenSSL::PKey::RSA.new @c[:global][:bit_key_size]
-      lockdown = Aes256.new.encrypt_it( asym_key.public_key.to_pem, envelope.to_json )
-      lockedup = Aes256.new.encrypt_it( master_public_key, asym_key.export )
+      lockdown = Cipher.encrypt_it( asym_key.public_key, envelope.to_json )
+      lockedup = Cipher.encrypt_it( master_public_key, asym_key.export )
 
       ##### ###################################### #####
       ##### ###################################### #####

data/lib/plugins/usecases/open.rb

@@ -27,7 +27,7 @@ module OpenSecret
   #
   class Open < SecretsUseCase
 
-    attr_writer :context_path
+    attr_writer :outer_path
     @@context_name = "opensecret"
 
     # Execute the <tt>open use case</tt> activities which precedes the ability to
@@ -69,9 +69,9 @@ module OpenSecret
     #
     def execute
 
-      last_fwdslash_index = @context_path.rindex "/"
-      folder_path = @context_path[0 .. last_fwdslash_index]
-      file_word = @context_path[last_fwdslash_index .. -1]
+      last_fwdslash_index = @outer_path.rindex "/"
+      folder_path = @outer_path[0 .. last_fwdslash_index]
+      file_word = @outer_path[last_fwdslash_index .. -1]
 
       session_folder_path = File.join @p[:open_dirpath], folder_path
 

data/lib/plugins/usecases/put.rb

@@ -77,7 +77,7 @@ module OpenSecret
     @@context_name = "opensecret"
 
     # The <b>put use case</b> follows <b>open</b> and it adds secrets into an
-    # <em>(encrypted at rest)</em> opened file. Put can be called many times to
+    # <em>(encrypted at rest)</em> envelope. Put can be called many times to
     # add secrets. Finally the <b>lock use case</b> commits all opened secrets
     # into the configured storage engines.
     #

data/lib/plugins/usecases/unlock.rb

@@ -0,0 +1,208 @@
+#!/usr/bin/ruby
+	
+module OpenSecret
+
+  require 'openssl'
+
+  # The <tt>unlock use case</tt> moves doubly encrypted material <b>from the frozen</b>
+  # (key and crypt) stores, <b>into an (encrypted) session envelope</b>.
+  #
+  # Material within the auspices of the session envelope can be manipulated by commands
+  # like {OpenSecret::Put} and remove and also read by commands like peep, look and update.
+  #
+  # <b>Unlock | Pre-Conditions</b>
+  #
+  # To deliver on its core promise of moving the encrypted (key and crypt) stores
+  # to an encrypted session envelope, <b>unlock</b> expects
+  #
+  # - the local key and crypt stores to be pulled (refreshed) from remote
+  # - the destination session path to either be empty (or)
+  # - a populated session path containing equivalent data (ie cannot be overwritten)
+  # - both the human (agent) password and workstation key to be correct
+  #
+  # <b>Unlock | Alternate Flows</b>
+  #
+  # This use case requires the human (agent) password unless the <tt>--no-human-password</tt>
+  # flag was posted along with the <tt>init</tt> command. In this instance an agent password
+  # will have been generated and encrypted with the user's home tree.
+  #
+  # <b>Unlock | Observable Value</b>
+  #
+  # The observable value proffered by unlock is
+  #
+  # - validating the existence of the requested secret path
+  # - validation of the human password and workstation key
+  # - the keys and crypt at the paths are decrypted
+  # - the session envelope is stuffed with the crypted material
+  # - an encrypted session envelope (post-stuffing)
+  #
+  # @example
+  #
+  #     These use case steps are implemented and ready to go.
+  #
+  #     $ opensecret open geo/countries
+  #     $ opensecret put uganda/capital kampala
+  #     $ opensecret put kenya/capital nairobi
+  #     $ opensecret put france/capital paris
+  #     $ opensecret put france/population 23000000
+  #     $ opensecret lock
+  #     $ opensecret unlock geo/countries --with=asdfasdf
+  #
+  #     Below are future examples with use cases like list and print
+  #     which curently have not been implemented.
+  #
+  #     $ opensecret init bobby@example.com --with="hUM4n-0pen$3cr3t"
+  #
+  #     $ opensecret open my/gadgets
+  #
+  #     $ opensecret put laptop/login/username bob
+  #     $ opensecret put laptop/login/password bob$_p455w0rd
+  #     $ opensecret put iphone/pin 8529
+  #
+  #     $ opensecret lock
+  #     $ opensecret list
+  #
+  #     $ opensecret unlock my/gadgets --with="hUM4n-0pen$3cr3t"
+  #     $ opensecret print
+  #
+  #     $ opensecret put wifi/ssid Virgin-HGPAS
+  #     $ opensecret put wifi/password SDBLJHGPASDFA1234ZNF
+  #
+  #     $ opensecret print
+  #     $ opensecret lock
+  #
+  class Unlock < SecretsUseCase
+
+    attr_writer :outer_path, :master_p4ss
+    @@context_name = "opensecret"
+
+
+    # The <tt>lock use case</tt> is called after {OpenSecret::Open} and {OpenSecret::Put}
+    # and its effect is to dispatch the doubly encrypted materrial to the configured storage
+    # platform, be it Git, S3, SSH or just an accessible file-system.
+    #
+    # <b>Main Flow of Events</b>
+    #
+    # To seal the envelope built up by put, file and add amongst others requires
+    # that we
+    #
+    # - get the encrypted envelope
+    # - create a strong asymmetric key
+    # - lock the envelope using opensecret's double encrypt modus operandi
+    # - place the doubly encrypted result into the crypt store
+    # - lock the asymmetric key again with opensecret's double encrypt modus operandi
+    # - place the doubly encrypted result into the key store
+    #
+    # The second double lock of the crypted envelope is done with the public key
+    # aspect of an asymmetric key created here.
+    #
+    # The second double lock of the crypted private key (created here) is done with
+    # the master public key created in the {Init.execute} use case main flow.
+    #
+    # <b>Lock | Observable Value</b>
+    #
+    # The observable value after the lock use case has completed entails
+    #
+    # - a doubly encrypted data envelope placed in the backend store
+    # - a doubly encrypted private key placed in the frontend store
+    # - both stores sync'd with off-machine Git (S3, ...) mirrors
+    # - deletion of the (encrypted) envelope {Open}ed and stuffed with {Put}
+    # - deletion of {Open}ed session data to locate and decrypt envelope
+    def execute
+
+      main_store = ColdStore.new @c[:global][:store_mainpath]
+      keys_store = ColdStore.new @c[:global][:store_keyspath]
+
+      keys_crypt = keys_store.read @outer_path
+      main_crypt = main_store.read @outer_path
+
+      unless @master_p4ss
+        @master_p4ss = Collect.secret_text(
+          @c[:global][:min_passwd_len],
+          false,
+          "Enter Master Password "
+        )
+      end
+
+      workstation_rawkey = OpenSession::Attributes.instance.get_value @c[:global][:name], @c[:global][:name], @c[:global][:machine_key_x]
+      original_timestamp = OpenSession::Attributes.instance.get_value @c[:global][:name], @c[:global][:name], @c[:global][:stamp_key]
+      workstation_cipher = Base64.urlsafe_decode64( workstation_rawkey )
+      crypt_key_segments = [ @master_p4ss, @c[:global][:separator_a], @email_addr, @c[:global][:separator_a], original_timestamp ]
+      workstation_lock_x = crypt_key_segments.alphanumeric_union.concat_length
+
+      workstation_string = Blowfish.new.decryptor workstation_cipher, workstation_lock_x
+      private_key_lock_x = Amalgam.passwords @master_p4ss, workstation_string, @c[:global][:ratio]
+      private_key_cipher = File.read @c[:global][:master_prv_key]
+      private_key_object = unlock_private_key( private_key_cipher, private_key_lock_x )
+
+      string_private_key = Cipher.decrypt_it( private_key_object, keys_crypt )
+      plain_message_text = Cipher.decrypt_it( to_private_key(string_private_key), main_crypt )
+
+      puts ""
+      puts "==== ======================================= ===="
+      puts "==== The Exported Plain Text Structured Data ===="
+      puts "==== ======================================= ===="
+      puts ""
+      puts plain_message_text
+      puts ""
+      puts ""
+      puts JSON.pretty_generate( JSON.parse( plain_message_text ) )
+      puts ""
+
+      exit
+
+#############################################################################################
+#############################################################################################
+
+      rel_filepath = OpenSession::Attributes.instance.get_value @@context_name, @c[:open][:open_name], @c[:open][:open_pathname]
+      master_public_key = Base64.urlsafe_decode64( OpenSession::Attributes.instance.get_value @c[:global][:name], @c[:global][:name], "public.key" )
+
+
+#############################################################################################
+#############################################################################################
+
+=begin
+      Crypto.print_secret_env_var @p[:env_var_name], machine_key
+      GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
+      FileUtils.mkdir_p @p[:public_keydir]
+      File.write @p[:public_keypath], public_key_text
+      GitFlow.push @p[:local_gitrepo], @p[:public_keyname], @c[:time][:stamp]
+=end
+
+
+# key4_pem = File.read 'private.secure.pem'
+# pass_phrase = 'superduperpasswordistoBeENTEREDRIGHT1234HereandRightNOW'
+# key4 = OpenSSL::PKey::RSA.new key4_pem, pass_phrase
+# decrypted_text = key4.private_decrypt(Base64.urlsafe_decode64(encrypted_string))
+
+# print "\nHey we have done the decryption.\n", "\n"
+# print decrypted_text, "\n"
+
+#############################################################################################
+#############################################################################################
+
+    end
+
+
+    # Perform pre-conditional validations in preparation to executing the main flow
+    # of events for this use case. This method may throw the below exceptions.
+    #
+    # @raise [SafeDirNotConfigured] if the safe's url has not been configured
+    # @raise [EmailAddrNotConfigured] if the email address has not been configured
+    # @raise [StoreUrlNotConfigured] if the crypt store url is not configured
+    def pre_validation
+
+      @email_addr = OpenSession::Attributes.instance.get_value @@context_name, @@context_name, "email"
+      email_configured = !@email_addr.nil? && !@email_addr.empty? && @email_addr.length > 4
+      @err_msg = "viable [email address] not configured. Try =>] opensecret email joe@example.com"
+      raise EmailAddrNotConfigured.new @err_msg, @email_addr unless email_configured
+
+    end
+
+
+  end
+
+
+end
+
+