opensecret 0.0.960 → 0.0.962
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/notepad/{blow.rb → scratch.pad.rb} +1 -1
- data/lib/opensecret.rb +36 -5
- data/lib/plugins/cipher.rb +100 -201
- data/lib/plugins/ciphers/aes-256.rb +85 -101
- data/lib/plugins/ciphers/blowfish.rb +2 -2
- data/lib/plugins/coldstore.rb +38 -2
- data/lib/plugins/crypt.io.rb +220 -0
- data/lib/plugins/secrets.uc.rb +44 -0
- data/lib/plugins/usecases/init.rb +9 -1
- data/lib/plugins/usecases/lock.rb +3 -3
- data/lib/plugins/usecases/open.rb +4 -4
- data/lib/plugins/usecases/put.rb +1 -1
- data/lib/plugins/usecases/unlock.rb +208 -0
- data/lib/version.rb +1 -1
- metadata +5 -10
- data/lib/opensecret/executors/crypt.keys/crypt.keys.ini +0 -26
- data/lib/opensecret/executors/crypt.keys/crypt.keys.rb +0 -68
- data/lib/opensecret/executors/decrypt/decrypt.ini +0 -64
- data/lib/opensecret/executors/decrypt/decrypt.rb +0 -49
- data/lib/opensecret/executors/encrypt/encrypt.ini +0 -55
- data/lib/opensecret/executors/encrypt/encrypt.rb +0 -82
- data/lib/using.txt +0 -247
data/lib/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: opensecret
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.962
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Apollo Akora
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-03-
|
11
|
+
date: 2018-03-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: inifile
|
@@ -87,19 +87,14 @@ files:
|
|
87
87
|
- lib/extension/string.rb
|
88
88
|
- lib/factbase/facts.opensecret.io.ini
|
89
89
|
- lib/logging/gem.logging.rb
|
90
|
-
- lib/notepad/
|
90
|
+
- lib/notepad/scratch.pad.rb
|
91
91
|
- lib/opensecret.rb
|
92
|
-
- lib/opensecret/executors/crypt.keys/crypt.keys.ini
|
93
|
-
- lib/opensecret/executors/crypt.keys/crypt.keys.rb
|
94
|
-
- lib/opensecret/executors/decrypt/decrypt.ini
|
95
|
-
- lib/opensecret/executors/decrypt/decrypt.rb
|
96
|
-
- lib/opensecret/executors/encrypt/encrypt.ini
|
97
|
-
- lib/opensecret/executors/encrypt/encrypt.rb
|
98
92
|
- lib/opensecret/plugins.io/git/git.flow.rb
|
99
93
|
- lib/plugins/cipher.rb
|
100
94
|
- lib/plugins/ciphers/aes-256.rb
|
101
95
|
- lib/plugins/ciphers/blowfish.rb
|
102
96
|
- lib/plugins/coldstore.rb
|
97
|
+
- lib/plugins/crypt.io.rb
|
103
98
|
- lib/plugins/envelope.rb
|
104
99
|
- lib/plugins/secrets.uc.rb
|
105
100
|
- lib/plugins/usecase.rb
|
@@ -108,6 +103,7 @@ files:
|
|
108
103
|
- lib/plugins/usecases/open.rb
|
109
104
|
- lib/plugins/usecases/put.rb
|
110
105
|
- lib/plugins/usecases/safe.rb
|
106
|
+
- lib/plugins/usecases/unlock.rb
|
111
107
|
- lib/session/attributes.rb
|
112
108
|
- lib/session/dictionary.rb
|
113
109
|
- lib/session/fact.finder.rb
|
@@ -116,7 +112,6 @@ files:
|
|
116
112
|
- lib/session/session.rb
|
117
113
|
- lib/session/time.stamp.rb
|
118
114
|
- lib/session/user.home.rb
|
119
|
-
- lib/using.txt
|
120
115
|
- lib/version.rb
|
121
116
|
- opensecret.gemspec
|
122
117
|
homepage: https://www.eco-platform.co.uk
|
@@ -1,26 +0,0 @@
|
|
1
|
-
[crypt.keys]
|
2
|
-
|
3
|
-
min.passwd.len = e>> 16
|
4
|
-
nickname = godzilla
|
5
|
-
root.domain = devopswiki.co.uk
|
6
|
-
env.var.name = SECRET_MATERIAL
|
7
|
-
ratio = e>> 3
|
8
|
-
bit.key.size = e>> 8192
|
9
|
-
key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
|
10
|
-
secret.keyname = e>> @s[:nickname] + dot + @s[:root_domain] + dot + @f[:time][:stamp] + ".txt"
|
11
|
-
secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
|
12
|
-
secret.keypath = e>> File.join @s[:secret_keydir], @s[:secret_keyname]
|
13
|
-
|
14
|
-
repo.name = material_data
|
15
|
-
local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
|
16
|
-
public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
|
17
|
-
public.dirname = public_keys
|
18
|
-
|
19
|
-
public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
|
20
|
-
public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
|
21
|
-
public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
|
22
|
-
public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
|
23
|
-
|
24
|
-
prompt.1 = Enter a Robust Password
|
25
|
-
prompt.2 = Re-enter that Password
|
26
|
-
|
@@ -1,68 +0,0 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
|
3
|
-
# --
|
4
|
-
# -- This plugin creates cryptographic keys, installs them and then messages
|
5
|
-
# -- and notifies as required.
|
6
|
-
# --
|
7
|
-
# -- Input
|
8
|
-
# --
|
9
|
-
# -- [1] - memorable portion of password
|
10
|
-
# -- [2] - memorable password entered again for validation
|
11
|
-
# --
|
12
|
-
# -- Output
|
13
|
-
# --
|
14
|
-
# -- [1] - machine portion of password to be added as environment variable
|
15
|
-
# -- [2] - secured (password locked) private key to put on removable media
|
16
|
-
# -- [3] - an open [public key] to be placed on web accessible destination
|
17
|
-
# -- [4] - a message detailing that a new keypair is now created/installed
|
18
|
-
# --
|
19
|
-
class CryptKeys
|
20
|
-
|
21
|
-
|
22
|
-
def core_provisioning
|
23
|
-
|
24
|
-
log.info(ere) { "# ## ####### ########################################## ## #" }
|
25
|
-
log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
|
26
|
-
log.info(ere) { "# -- [crypt] This plugin encrypts a file or string. --- -- #" }
|
27
|
-
log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
|
28
|
-
log.info(ere) { "# ## ####### ########################################## ## #" }
|
29
|
-
|
30
|
-
natural_password = Crypto.collect_secret @p[:min_passwd_len], @p[:prompt_1], @p[:prompt_2]
|
31
|
-
machine_password = Crypto.get_machine_password natural_password.length, @p[:ratio]
|
32
|
-
amalgam_password = Crypto.get_amalgam_password natural_password, machine_password, @p[:ratio]
|
33
|
-
|
34
|
-
asymmetric_keys = OpenSSL::PKey::RSA.new @p[:bit_key_size]
|
35
|
-
secured_keytext = asymmetric_keys.export @p[:key_cipher], amalgam_password
|
36
|
-
public_key_text = asymmetric_keys.public_key.to_pem
|
37
|
-
|
38
|
-
Dir.mkdir @p[:secret_keydir] unless File.exists? @p[:secret_keydir]
|
39
|
-
File.write @p[:secret_keypath], secured_keytext
|
40
|
-
|
41
|
-
Crypto.print_secret_env_var @p[:env_var_name], machine_password
|
42
|
-
|
43
|
-
GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
|
44
|
-
FileUtils.mkdir_p @p[:public_keydir]
|
45
|
-
File.write @p[:public_keypath], public_key_text
|
46
|
-
GitFlow.push @p[:local_gitrepo], @p[:public_keyname], @c[:time][:stamp]
|
47
|
-
|
48
|
-
exit
|
49
|
-
|
50
|
-
|
51
|
-
key4_pem = File.read 'private.secure.pem'
|
52
|
-
pass_phrase = 'superduperpasswordistoBeENTEREDRIGHT1234HereandRightNOW'
|
53
|
-
key4 = OpenSSL::PKey::RSA.new key4_pem, pass_phrase
|
54
|
-
decrypted_text = key4.private_decrypt(Base64.decode64(encrypted_string))
|
55
|
-
|
56
|
-
print "\nHey we have done the decryption.\n", "\n"
|
57
|
-
print decrypted_text, "\n"
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
|
63
|
-
log.info(ere) { "# ## ####### ########################################## ## #" }
|
64
|
-
|
65
|
-
end
|
66
|
-
|
67
|
-
|
68
|
-
end
|
@@ -1,64 +0,0 @@
|
|
1
|
-
[decrypt]
|
2
|
-
|
3
|
-
# ---> secret.id = DEVOPS_SECRET_MATERIAL
|
4
|
-
# ---> secret.part = e>> ENV[@s[:secret_id]]
|
5
|
-
# ---> secret.key = e>> @s[:secret_part] + CmdLine.instance.key_values[:key]
|
6
|
-
# ---> secret.dir = e>> @f[@i[:workstation]][:secrets_dir]
|
7
|
-
# ---> secret.file = e>> "DELETE_" + @f[:time][:stamp] + "_" + CmdLine.instance.key_values[:file]
|
8
|
-
# ---> secret.in = e>> File.join @s[:secret_dir], CmdLine.instance.key_values[:file]
|
9
|
-
# ---> secret.out = e>> File.join Dir.tmpdir, @s[:secret_file]
|
10
|
-
# ---> secret.crypt = e>> File.read(@s[:secret_in]).chomp
|
11
|
-
# ---> temporary.dir = e>> Dir.tmpdir
|
12
|
-
|
13
|
-
|
14
|
-
prompt.1 = Enter your Key Password
|
15
|
-
prompt.2 = Re-enter the Key Password
|
16
|
-
|
17
|
-
min.passwd.len = e>> 16
|
18
|
-
nickname = godzilla
|
19
|
-
root.domain = devopswiki.co.uk
|
20
|
-
env.var.name = SECRET_MATERIAL
|
21
|
-
machine.secret = e>> ENV[@s[:env_var_name]]
|
22
|
-
ratio = e>> 3
|
23
|
-
bit.key.size = e>> 8192
|
24
|
-
key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
|
25
|
-
|
26
|
-
secret.leadtxt = e>> @s[:nickname] + dot + @s[:root_domain]
|
27
|
-
secret.keyname = e>> @s[:secret_leadtxt] + dot + @f[:time][:stamp] + ".txt"
|
28
|
-
secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
|
29
|
-
secret.rubydir = e>> Dir.new @s[:secret_keydir]
|
30
|
-
secret.newest = e>> @s[:secret_rubydir].ascii_order_file_starting_with @s[:secret_leadtxt]
|
31
|
-
secret.keytext = e>> File.read @s[:secret_newest]
|
32
|
-
|
33
|
-
repo.name = material_data
|
34
|
-
local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
|
35
|
-
public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
|
36
|
-
public.dirname = public_keys
|
37
|
-
|
38
|
-
public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
|
39
|
-
public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
|
40
|
-
public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
|
41
|
-
public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
|
42
|
-
|
43
|
-
|
44
|
-
# --
|
45
|
-
# -- Note that we can only predict the crypt folder from looking at full path.
|
46
|
-
# -- This is because the user may enter a path string like the below.
|
47
|
-
# --
|
48
|
-
# -- --path=dates/bithdays/wife.birthday
|
49
|
-
# --
|
50
|
-
# -- So we extrapolate the crypt directory from the full file path.
|
51
|
-
# -- We also extrapolate the crypt filename from the final segment.
|
52
|
-
# --
|
53
|
-
crypt.dir.name = crypt_files
|
54
|
-
crypt.rel.base = e>> File.join @s[:root_domain], @s[:crypt_dir_name]
|
55
|
-
crypt.rel.path = e>> File.join @s[:crypt_rel_base], CmdLine.instance.key_values[:name]
|
56
|
-
crypt.sudopath = e>> File.join @s[:local_gitrepo], @s[:crypt_rel_path]
|
57
|
-
crypt.dir.path = e>> File.dirname @s[:crypt_sudopath]
|
58
|
-
crypt.filename = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".crypt.txt"
|
59
|
-
crypt.filepath = e>> File.join @s[:crypt_dir_path], @s[:crypt_filename]
|
60
|
-
|
61
|
-
|
62
|
-
plaintext.name = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".plain.txt"
|
63
|
-
plaintext.file = e>> "DELETE_" + @f[:time][:stamp] + "_" + @s[:plaintext_name]
|
64
|
-
plaintext.path = e>> File.join Dir.tmpdir, @s[:plaintext_file]
|
@@ -1,49 +0,0 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
|
3
|
-
# --
|
4
|
-
# -- This decryption plugin brings together many elements to
|
5
|
-
# -- decrypt text that is a union of the public key and the
|
6
|
-
# -- plaintext material.
|
7
|
-
# --
|
8
|
-
# -- To perform the decryption we
|
9
|
-
# --
|
10
|
-
# -- [1] - read the human entered relative path to the material
|
11
|
-
# -- [2] - request and read the human portion of the password
|
12
|
-
# -- [3] - read the machine password in the environment variable
|
13
|
-
# -- [4] - amalgamate (join) the human and the machine passwords
|
14
|
-
# -- [5] - download the encryptd material from a git repository
|
15
|
-
# -- [6] - access the private key from a [local] removable drive
|
16
|
-
# -- [7] - unlock the private key with the amalgamated password
|
17
|
-
# -- [8] - decrypt the text into the pre-configured destination
|
18
|
-
# --
|
19
|
-
class Decrypt
|
20
|
-
|
21
|
-
|
22
|
-
def core_provisioning
|
23
|
-
|
24
|
-
log.info(ere) { "# ## ######### ######################################## ## #" }
|
25
|
-
log.info(ere) { "# -- [decrypt] ---------------------------------------- -- #" }
|
26
|
-
log.info(ere) { "# -- [decrypt] This plugin decrypts a filed string. --- -- #" }
|
27
|
-
log.info(ere) { "# -- [decrypt] ---------------------------------------- -- #" }
|
28
|
-
log.info(ere) { "# ## ######### ######################################## ## #" }
|
29
|
-
|
30
|
-
|
31
|
-
GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
|
32
|
-
Throw.if_not_exists @p[:crypt_filepath]
|
33
|
-
|
34
|
-
crypted_material = File.read @p[:crypt_filepath]
|
35
|
-
natural_password = Crypto.collect_secret @p[:min_passwd_len], @p[:prompt_1], @p[:prompt_2]
|
36
|
-
amalgam_password = Crypto.get_amalgam_password natural_password, @p[:machine_secret], @p[:ratio]
|
37
|
-
|
38
|
-
decryption_key = OpenSSL::PKey::RSA.new @p[:secret_keytext], amalgam_password
|
39
|
-
decrypted_text = decryption_key.private_decrypt(Base64.decode64(crypted_material))
|
40
|
-
|
41
|
-
File.write @p[:plaintext_path], decrypted_text
|
42
|
-
|
43
|
-
log.info(ere) { "# -- [decrypt] ------------------------------------------ -- #" }
|
44
|
-
log.info(ere) { "# ## ######### ########################################## ## #" }
|
45
|
-
|
46
|
-
end
|
47
|
-
|
48
|
-
|
49
|
-
end
|
@@ -1,55 +0,0 @@
|
|
1
|
-
[encrypt]
|
2
|
-
|
3
|
-
prompt.1 = Enter Secret Text
|
4
|
-
prompt.2 = Re-enter the Text
|
5
|
-
|
6
|
-
min.passwd.len = e>> 16
|
7
|
-
nickname = godzilla
|
8
|
-
root.domain = devopswiki.co.uk
|
9
|
-
env.var.name = SECRET_MATERIAL
|
10
|
-
ratio = e>> 3
|
11
|
-
bit.key.size = e>> 8192
|
12
|
-
key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
|
13
|
-
secret.keyname = e>> @s[:nickname] + dot + @s[:root_domain] + dot + @f[:time][:stamp] + ".txt"
|
14
|
-
secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
|
15
|
-
secret.keypath = e>> File.join @s[:secret_keydir], @s[:secret_keyname]
|
16
|
-
|
17
|
-
repo.name = material_data
|
18
|
-
local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
|
19
|
-
public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
|
20
|
-
public.dirname = public_keys
|
21
|
-
|
22
|
-
public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
|
23
|
-
public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
|
24
|
-
public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
|
25
|
-
public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
|
26
|
-
|
27
|
-
# --
|
28
|
-
# -- Note that we can only predict the crypt folder from looking at full path.
|
29
|
-
# -- This is because the user may enter a path string like the below.
|
30
|
-
# --
|
31
|
-
# -- --path=dates/bithdays/wife.birthday
|
32
|
-
# --
|
33
|
-
# -- So we extrapolate the crypt directory from the full file path.
|
34
|
-
# -- We also extrapolate the crypt filename from the final segment.
|
35
|
-
# --
|
36
|
-
crypt.dir.name = crypt_files
|
37
|
-
crypt.rel.base = e>> File.join @s[:root_domain], @s[:crypt_dir_name]
|
38
|
-
crypt.rel.path = e>> File.join @s[:crypt_rel_base], CmdLine.instance.key_values[:name]
|
39
|
-
crypt.sudopath = e>> File.join @s[:local_gitrepo], @s[:crypt_rel_path]
|
40
|
-
crypt.dir.path = e>> File.dirname @s[:crypt_sudopath]
|
41
|
-
crypt.filename = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".crypt.txt"
|
42
|
-
crypt.filepath = e>> File.join @s[:crypt_dir_path], @s[:crypt_filename]
|
43
|
-
|
44
|
-
|
45
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
46
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
47
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
48
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
49
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
50
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
51
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
52
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
53
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
54
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
55
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
@@ -1,82 +0,0 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
|
3
|
-
# --
|
4
|
-
# -- This simple [cipher] plugin encrypts either the inputted string or
|
5
|
-
# -- file, using the configured public key and writes the cryptic material
|
6
|
-
# -- to a file that is checked into a git repository.
|
7
|
-
# --
|
8
|
-
# -- -----------------------
|
9
|
-
# -- Example Parameters
|
10
|
-
# -- -----------------------
|
11
|
-
# --
|
12
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
13
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
14
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
15
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
16
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
17
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
18
|
-
# --
|
19
|
-
# -- --name=dates/birthdays (mandatory)
|
20
|
-
# -- --file=/home/joe/laptop.key (optional)
|
21
|
-
# --
|
22
|
-
# -- ---------------------------------------------
|
23
|
-
# -- Escaping - Prefer BACKSLASH to DOUBLE QUOTES
|
24
|
-
# -- ---------------------------------------------
|
25
|
-
# --
|
26
|
-
# -- Sensitive keys and passwords usually contain non standard characters.
|
27
|
-
# -- Now you can use either BACKSLASHES or DOUBLE QUOTES to escape them.
|
28
|
-
# --
|
29
|
-
# -- Prefer backslash to double quotes.
|
30
|
-
# --
|
31
|
-
# -- Why? Example1 = --text=wow!wow!wee Will FAIL
|
32
|
-
# -- Example2 = --text=wow\!wow\!wee Will SUCCEED
|
33
|
-
# -- Example3 = --text=in(doubt)here Will FAIL
|
34
|
-
# -- Example4 = --text="in(doubt)here" Will SUCCEED
|
35
|
-
# -- Example5 = --text="no!way" Will FAIL
|
36
|
-
# -- Example6 = --text="no\!and(oh)my" SUCCEEDS BUT INCLUDES backslash
|
37
|
-
# -- Example7 = --text=no\!and\(oh\)my SUCCEEDS (NO backslash)
|
38
|
-
# --
|
39
|
-
# -- Example 6 will succeed but the decrypted string will include the
|
40
|
-
# -- backslash like => no\!and(oh)my
|
41
|
-
# --
|
42
|
-
# -- Example 7 is the best for when exclamation marks and soft quotes exist.
|
43
|
-
# -- Decrypted string is => no!and(oh)my
|
44
|
-
# --
|
45
|
-
class Encrypt
|
46
|
-
|
47
|
-
def core_provisioning
|
48
|
-
|
49
|
-
log.info(ere) { "# ## ######### ########################################## ## #" }
|
50
|
-
log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
|
51
|
-
log.info(ere) { "# -- [encrypt] This plugin encrypts a file or string. --- -- #" }
|
52
|
-
log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
|
53
|
-
log.info(ere) { "# ## ######### ########################################## ## #" }
|
54
|
-
|
55
|
-
plaintext_secret = ""
|
56
|
-
|
57
|
-
if CmdLine.include? :file then
|
58
|
-
plaintext_filepath = CmdLine.instance.key_values[:file]
|
59
|
-
Throw.if_not_exists plaintext_filepath
|
60
|
-
plaintext_secret = File.read plaintext_filepath
|
61
|
-
else
|
62
|
-
plaintext_secret = Crypto.collect_secret 3, @p[:prompt_1], @p[:prompt_2]
|
63
|
-
end
|
64
|
-
|
65
|
-
GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
|
66
|
-
|
67
|
-
public_key_text = File.read @p[:public_keypath]
|
68
|
-
encryption_key = OpenSSL::PKey::RSA.new public_key_text
|
69
|
-
binary_crypt_text = encryption_key.public_encrypt plaintext_secret
|
70
|
-
crypt_material = Base64.encode64 binary_crypt_text
|
71
|
-
|
72
|
-
FileUtils.mkdir_p @p[:crypt_dir_path]
|
73
|
-
File.write @p[:crypt_filepath], crypt_material
|
74
|
-
GitFlow.push @p[:local_gitrepo], @p[:crypt_filename], @c[:time][:stamp]
|
75
|
-
|
76
|
-
log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
|
77
|
-
log.info(ere) { "# ## ######### ########################################## ## #" }
|
78
|
-
|
79
|
-
end
|
80
|
-
|
81
|
-
|
82
|
-
end
|
data/lib/using.txt
DELETED
@@ -1,247 +0,0 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
==============================================================================================
|
5
|
-
|
6
|
-
open office/laptop
|
7
|
-
(or pull)
|
8
|
-
|
9
|
-
put login/username=myname
|
10
|
-
put login/password=mysecret
|
11
|
-
list
|
12
|
-
put disk/password=anothersecret
|
13
|
-
swap disk/password=bettersecret
|
14
|
-
|
15
|
-
lock
|
16
|
-
(or push)
|
17
|
-
==============================================================================================
|
18
|
-
==============================================================================================
|
19
|
-
|
20
|
-
On Curent Workstation
|
21
|
-
--------------------------
|
22
|
-
os copy config
|
23
|
-
|
24
|
-
|
25
|
-
Go to new Workstation
|
26
|
-
--------------------------
|
27
|
-
enter usb key/phone dir (wherever safe is)
|
28
|
-
sudo gem install opensecret
|
29
|
-
os safe /path/to/safe
|
30
|
-
os store /path/to/store (if different)
|
31
|
-
os paste config
|
32
|
-
(Now carry on as normal - no need for os init)
|
33
|
-
|
34
|
-
|
35
|
-
==============================================================================================
|
36
|
-
==============================================================================================
|
37
|
-
|
38
|
-
To Decommission from Workstation
|
39
|
-
------------------------------------
|
40
|
-
os delete config
|
41
|
-
|
42
|
-
If necessary you can do
|
43
|
-
gem uninstall opensecret
|
44
|
-
|
45
|
-
|
46
|
-
==============================================================================================
|
47
|
-
==============================================================================================
|
48
|
-
|
49
|
-
To Backup
|
50
|
-
------------------------------------
|
51
|
-
Create single backup reference number
|
52
|
-
Create huge symmetric key
|
53
|
-
Baseline each file with signature and date / time
|
54
|
-
os rekeys and takes direction on where to send crypted + amalgamated keystore and cryptstore
|
55
|
-
That goes to one backup location (even tape drive)
|
56
|
-
|
57
|
-
Then the machine config and othe sensitive items can be emailed - saved on phone - use os's rest services.
|
58
|
-
|
59
|
-
It emails you with a key wealth report.
|
60
|
-
If you bring them back together it will rebuild (restore) everything for you.
|
61
|
-
|
62
|
-
==============================================================================================
|
63
|
-
==============================================================================================
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
You can output in the key EAI data formats - the default is INI.
|
70
|
-
|
71
|
-
os read office/laptop # outputs all groups and key/value pairs (INI format)
|
72
|
-
os read office/laptop/login # outputs the login group and its key/value pairs (INI)
|
73
|
-
os read office/laptop/login/username # outputs only the secret value
|
74
|
-
|
75
|
-
os peek office/laptop # (secrets redacted) outputs groups and key/value pairs
|
76
|
-
os peek office/laptop/login # (secrets redacted) outputs login group and its keys
|
77
|
-
os peek office/laptop/login/username # exact mirror of full read command
|
78
|
-
|
79
|
-
Kiss and Tell
|
80
|
-
==================
|
81
|
-
os kiss # taints the secret (and/or secret tree) prepping it for a tell (share)
|
82
|
-
os tell # send secret by sending keys os tell london/safe-houses
|
83
|
-
|
84
|
-
os put
|
85
|
-
|
86
|
-
os remove
|
87
|
-
os wipe
|
88
|
-
os open x/y (when packet exists)
|
89
|
-
|
90
|
-
os lock
|
91
|
-
|
92
|
-
os unlock (a file)
|
93
|
-
os undo
|
94
|
-
os zip
|
95
|
-
os push (after a zip or file locking operation)
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
==============================================================================================
|
102
|
-
==============================================================================================
|
103
|
-
|
104
|
-
Input
|
105
|
-
======
|
106
|
-
|
107
|
-
file
|
108
|
-
use bash pipes
|
109
|
-
cli string
|
110
|
-
sensitive collection
|
111
|
-
zip files in folder
|
112
|
-
recursive zip with all lower folders
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
==============================================================================================
|
117
|
-
==============================================================================================
|
118
|
-
|
119
|
-
|
120
|
-
open office/laptop --with=asdfasdflkhlkh
|
121
|
-
(or pull)
|
122
|
-
|
123
|
-
list
|
124
|
-
get login
|
125
|
-
get disk
|
126
|
-
trash disk
|
127
|
-
list
|
128
|
-
get login/password
|
129
|
-
|
130
|
-
lock
|
131
|
-
(or push)
|
132
|
-
==============================================================================================
|
133
|
-
|
134
|
-
|
135
|
-
lock <<path/to/a/file.txt>> ## locks (encrypts) the file in-place | you must delete it
|
136
|
-
lock <<path/to/a/folder>> --zip ## zips and encrypts folder (in-place) | you must delete it
|
137
|
-
|
138
|
-
==============================================================================================
|
139
|
-
|
140
|
-
Command => open office/laptop
|
141
|
-
|
142
|
-
Effect1 => Creates in-memory INI string (see below) and writes (in effect2) to file
|
143
|
-
Effect2 => Creates a an openkey eg asdfa234234234sfss and a long password.
|
144
|
-
Effect3 => Creates a file ../<<email>>/opened.files/office/laptop.asdfa234234234sfss.x.txt
|
145
|
-
Effect4 => Puts long password in $HOME/.opensecret/session.keys/asdfa234234234sfss.x.txt
|
146
|
-
|
147
|
-
-------------------------------------
|
148
|
-
in-memory INI string
|
149
|
-
-------------------------------------
|
150
|
-
[opensecret]
|
151
|
-
|
152
|
-
secret.path = office/laptop
|
153
|
-
-------------------------------------
|
154
|
-
|
155
|
-
Assert => no office/laptop exists before opening (if so prompt user to => trash office/laptop
|
156
|
-
|
157
|
-
==============================================================================================
|
158
|
-
|
159
|
-
Command => open office/laptop/login/fullname="Mr Blobby"
|
160
|
-
|
161
|
-
Effect1 => Creates in-memory INI string (see below) and writes (in effect2) to file
|
162
|
-
Effect2 => Creates a file ../<<email>>/opened.files/office/laptop.asdfa234234234sfss.x.txt
|
163
|
-
Effect3 => With its encrypt-key in $HOME/.opensecret/session.keys/asdfa234234234sfss.x.txt
|
164
|
-
|
165
|
-
-------------------------------------
|
166
|
-
in-memory INI string
|
167
|
-
-------------------------------------
|
168
|
-
[opensecret]
|
169
|
-
|
170
|
-
secret.path = office/laptop
|
171
|
-
|
172
|
-
[login]
|
173
|
-
fullname = Mr Blobby
|
174
|
-
-------------------------------------
|
175
|
-
|
176
|
-
Assert => no office/laptop exists before opening (if so prompt user to => trash office/laptop
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
inner_key
|
181
|
-
outer_key
|
182
|
-
filename
|
183
|
-
foldername
|
184
|
-
office/room2/rack6/server4/username
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
open
|
190
|
-
|
191
|
-
get session id as time string
|
192
|
-
use
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
close
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
lock wifi/password
|
204
|
-
|
205
|
-
[keys]
|
206
|
-
wifi = asdff234523
|
207
|
-
password = dfgsdfgsfg
|
208
|
-
|
209
|
-
|
210
|
-
asdff234523/dfgsdfgsfg
|
211
|
-
|
212
|
-
[home]
|
213
|
-
|
214
|
-
wifi=asdfasd
|
215
|
-
alarm=fdghdfg
|
216
|
-
safe1=3456hjk3h45
|
217
|
-
safe2=2n34lijss
|
218
|
-
|
219
|
-
======================================
|
220
|
-
|
221
|
-
in asdfasd (wifi)
|
222
|
-
|
223
|
-
[home/wifi]
|
224
|
-
|
225
|
-
ssid = 3452454
|
226
|
-
password = 2452345
|
227
|
-
|
228
|
-
|
229
|
-
office/room2/rack6/server4/username
|
230
|
-
office/accounts/sage
|
231
|
-
office/alarm/pin
|
232
|
-
office/gmail/username
|
233
|
-
|
234
|
-
|
235
|
-
[office]
|
236
|
-
|
237
|
-
room2 = asddf345
|
238
|
-
accounts = 9o8udfg
|
239
|
-
alarm = 345ljdfg
|
240
|
-
gmail = ldf2345
|
241
|
-
|
242
|
-
|
243
|
-
[office/room2]
|
244
|
-
|
245
|
-
rack6 = asdf234
|
246
|
-
|
247
|
-
[office/room2]
|