opensecret 0.0.960 → 0.0.962
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/notepad/{blow.rb → scratch.pad.rb} +1 -1
- data/lib/opensecret.rb +36 -5
- data/lib/plugins/cipher.rb +100 -201
- data/lib/plugins/ciphers/aes-256.rb +85 -101
- data/lib/plugins/ciphers/blowfish.rb +2 -2
- data/lib/plugins/coldstore.rb +38 -2
- data/lib/plugins/crypt.io.rb +220 -0
- data/lib/plugins/secrets.uc.rb +44 -0
- data/lib/plugins/usecases/init.rb +9 -1
- data/lib/plugins/usecases/lock.rb +3 -3
- data/lib/plugins/usecases/open.rb +4 -4
- data/lib/plugins/usecases/put.rb +1 -1
- data/lib/plugins/usecases/unlock.rb +208 -0
- data/lib/version.rb +1 -1
- metadata +5 -10
- data/lib/opensecret/executors/crypt.keys/crypt.keys.ini +0 -26
- data/lib/opensecret/executors/crypt.keys/crypt.keys.rb +0 -68
- data/lib/opensecret/executors/decrypt/decrypt.ini +0 -64
- data/lib/opensecret/executors/decrypt/decrypt.rb +0 -49
- data/lib/opensecret/executors/encrypt/encrypt.ini +0 -55
- data/lib/opensecret/executors/encrypt/encrypt.rb +0 -82
- data/lib/using.txt +0 -247
data/lib/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: opensecret
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.962
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Apollo Akora
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-03-
|
11
|
+
date: 2018-03-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: inifile
|
@@ -87,19 +87,14 @@ files:
|
|
87
87
|
- lib/extension/string.rb
|
88
88
|
- lib/factbase/facts.opensecret.io.ini
|
89
89
|
- lib/logging/gem.logging.rb
|
90
|
-
- lib/notepad/
|
90
|
+
- lib/notepad/scratch.pad.rb
|
91
91
|
- lib/opensecret.rb
|
92
|
-
- lib/opensecret/executors/crypt.keys/crypt.keys.ini
|
93
|
-
- lib/opensecret/executors/crypt.keys/crypt.keys.rb
|
94
|
-
- lib/opensecret/executors/decrypt/decrypt.ini
|
95
|
-
- lib/opensecret/executors/decrypt/decrypt.rb
|
96
|
-
- lib/opensecret/executors/encrypt/encrypt.ini
|
97
|
-
- lib/opensecret/executors/encrypt/encrypt.rb
|
98
92
|
- lib/opensecret/plugins.io/git/git.flow.rb
|
99
93
|
- lib/plugins/cipher.rb
|
100
94
|
- lib/plugins/ciphers/aes-256.rb
|
101
95
|
- lib/plugins/ciphers/blowfish.rb
|
102
96
|
- lib/plugins/coldstore.rb
|
97
|
+
- lib/plugins/crypt.io.rb
|
103
98
|
- lib/plugins/envelope.rb
|
104
99
|
- lib/plugins/secrets.uc.rb
|
105
100
|
- lib/plugins/usecase.rb
|
@@ -108,6 +103,7 @@ files:
|
|
108
103
|
- lib/plugins/usecases/open.rb
|
109
104
|
- lib/plugins/usecases/put.rb
|
110
105
|
- lib/plugins/usecases/safe.rb
|
106
|
+
- lib/plugins/usecases/unlock.rb
|
111
107
|
- lib/session/attributes.rb
|
112
108
|
- lib/session/dictionary.rb
|
113
109
|
- lib/session/fact.finder.rb
|
@@ -116,7 +112,6 @@ files:
|
|
116
112
|
- lib/session/session.rb
|
117
113
|
- lib/session/time.stamp.rb
|
118
114
|
- lib/session/user.home.rb
|
119
|
-
- lib/using.txt
|
120
115
|
- lib/version.rb
|
121
116
|
- opensecret.gemspec
|
122
117
|
homepage: https://www.eco-platform.co.uk
|
@@ -1,26 +0,0 @@
|
|
1
|
-
[crypt.keys]
|
2
|
-
|
3
|
-
min.passwd.len = e>> 16
|
4
|
-
nickname = godzilla
|
5
|
-
root.domain = devopswiki.co.uk
|
6
|
-
env.var.name = SECRET_MATERIAL
|
7
|
-
ratio = e>> 3
|
8
|
-
bit.key.size = e>> 8192
|
9
|
-
key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
|
10
|
-
secret.keyname = e>> @s[:nickname] + dot + @s[:root_domain] + dot + @f[:time][:stamp] + ".txt"
|
11
|
-
secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
|
12
|
-
secret.keypath = e>> File.join @s[:secret_keydir], @s[:secret_keyname]
|
13
|
-
|
14
|
-
repo.name = material_data
|
15
|
-
local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
|
16
|
-
public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
|
17
|
-
public.dirname = public_keys
|
18
|
-
|
19
|
-
public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
|
20
|
-
public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
|
21
|
-
public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
|
22
|
-
public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
|
23
|
-
|
24
|
-
prompt.1 = Enter a Robust Password
|
25
|
-
prompt.2 = Re-enter that Password
|
26
|
-
|
@@ -1,68 +0,0 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
|
3
|
-
# --
|
4
|
-
# -- This plugin creates cryptographic keys, installs them and then messages
|
5
|
-
# -- and notifies as required.
|
6
|
-
# --
|
7
|
-
# -- Input
|
8
|
-
# --
|
9
|
-
# -- [1] - memorable portion of password
|
10
|
-
# -- [2] - memorable password entered again for validation
|
11
|
-
# --
|
12
|
-
# -- Output
|
13
|
-
# --
|
14
|
-
# -- [1] - machine portion of password to be added as environment variable
|
15
|
-
# -- [2] - secured (password locked) private key to put on removable media
|
16
|
-
# -- [3] - an open [public key] to be placed on web accessible destination
|
17
|
-
# -- [4] - a message detailing that a new keypair is now created/installed
|
18
|
-
# --
|
19
|
-
class CryptKeys
|
20
|
-
|
21
|
-
|
22
|
-
def core_provisioning
|
23
|
-
|
24
|
-
log.info(ere) { "# ## ####### ########################################## ## #" }
|
25
|
-
log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
|
26
|
-
log.info(ere) { "# -- [crypt] This plugin encrypts a file or string. --- -- #" }
|
27
|
-
log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
|
28
|
-
log.info(ere) { "# ## ####### ########################################## ## #" }
|
29
|
-
|
30
|
-
natural_password = Crypto.collect_secret @p[:min_passwd_len], @p[:prompt_1], @p[:prompt_2]
|
31
|
-
machine_password = Crypto.get_machine_password natural_password.length, @p[:ratio]
|
32
|
-
amalgam_password = Crypto.get_amalgam_password natural_password, machine_password, @p[:ratio]
|
33
|
-
|
34
|
-
asymmetric_keys = OpenSSL::PKey::RSA.new @p[:bit_key_size]
|
35
|
-
secured_keytext = asymmetric_keys.export @p[:key_cipher], amalgam_password
|
36
|
-
public_key_text = asymmetric_keys.public_key.to_pem
|
37
|
-
|
38
|
-
Dir.mkdir @p[:secret_keydir] unless File.exists? @p[:secret_keydir]
|
39
|
-
File.write @p[:secret_keypath], secured_keytext
|
40
|
-
|
41
|
-
Crypto.print_secret_env_var @p[:env_var_name], machine_password
|
42
|
-
|
43
|
-
GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
|
44
|
-
FileUtils.mkdir_p @p[:public_keydir]
|
45
|
-
File.write @p[:public_keypath], public_key_text
|
46
|
-
GitFlow.push @p[:local_gitrepo], @p[:public_keyname], @c[:time][:stamp]
|
47
|
-
|
48
|
-
exit
|
49
|
-
|
50
|
-
|
51
|
-
key4_pem = File.read 'private.secure.pem'
|
52
|
-
pass_phrase = 'superduperpasswordistoBeENTEREDRIGHT1234HereandRightNOW'
|
53
|
-
key4 = OpenSSL::PKey::RSA.new key4_pem, pass_phrase
|
54
|
-
decrypted_text = key4.private_decrypt(Base64.decode64(encrypted_string))
|
55
|
-
|
56
|
-
print "\nHey we have done the decryption.\n", "\n"
|
57
|
-
print decrypted_text, "\n"
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
|
63
|
-
log.info(ere) { "# ## ####### ########################################## ## #" }
|
64
|
-
|
65
|
-
end
|
66
|
-
|
67
|
-
|
68
|
-
end
|
@@ -1,64 +0,0 @@
|
|
1
|
-
[decrypt]
|
2
|
-
|
3
|
-
# ---> secret.id = DEVOPS_SECRET_MATERIAL
|
4
|
-
# ---> secret.part = e>> ENV[@s[:secret_id]]
|
5
|
-
# ---> secret.key = e>> @s[:secret_part] + CmdLine.instance.key_values[:key]
|
6
|
-
# ---> secret.dir = e>> @f[@i[:workstation]][:secrets_dir]
|
7
|
-
# ---> secret.file = e>> "DELETE_" + @f[:time][:stamp] + "_" + CmdLine.instance.key_values[:file]
|
8
|
-
# ---> secret.in = e>> File.join @s[:secret_dir], CmdLine.instance.key_values[:file]
|
9
|
-
# ---> secret.out = e>> File.join Dir.tmpdir, @s[:secret_file]
|
10
|
-
# ---> secret.crypt = e>> File.read(@s[:secret_in]).chomp
|
11
|
-
# ---> temporary.dir = e>> Dir.tmpdir
|
12
|
-
|
13
|
-
|
14
|
-
prompt.1 = Enter your Key Password
|
15
|
-
prompt.2 = Re-enter the Key Password
|
16
|
-
|
17
|
-
min.passwd.len = e>> 16
|
18
|
-
nickname = godzilla
|
19
|
-
root.domain = devopswiki.co.uk
|
20
|
-
env.var.name = SECRET_MATERIAL
|
21
|
-
machine.secret = e>> ENV[@s[:env_var_name]]
|
22
|
-
ratio = e>> 3
|
23
|
-
bit.key.size = e>> 8192
|
24
|
-
key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
|
25
|
-
|
26
|
-
secret.leadtxt = e>> @s[:nickname] + dot + @s[:root_domain]
|
27
|
-
secret.keyname = e>> @s[:secret_leadtxt] + dot + @f[:time][:stamp] + ".txt"
|
28
|
-
secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
|
29
|
-
secret.rubydir = e>> Dir.new @s[:secret_keydir]
|
30
|
-
secret.newest = e>> @s[:secret_rubydir].ascii_order_file_starting_with @s[:secret_leadtxt]
|
31
|
-
secret.keytext = e>> File.read @s[:secret_newest]
|
32
|
-
|
33
|
-
repo.name = material_data
|
34
|
-
local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
|
35
|
-
public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
|
36
|
-
public.dirname = public_keys
|
37
|
-
|
38
|
-
public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
|
39
|
-
public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
|
40
|
-
public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
|
41
|
-
public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
|
42
|
-
|
43
|
-
|
44
|
-
# --
|
45
|
-
# -- Note that we can only predict the crypt folder from looking at full path.
|
46
|
-
# -- This is because the user may enter a path string like the below.
|
47
|
-
# --
|
48
|
-
# -- --path=dates/bithdays/wife.birthday
|
49
|
-
# --
|
50
|
-
# -- So we extrapolate the crypt directory from the full file path.
|
51
|
-
# -- We also extrapolate the crypt filename from the final segment.
|
52
|
-
# --
|
53
|
-
crypt.dir.name = crypt_files
|
54
|
-
crypt.rel.base = e>> File.join @s[:root_domain], @s[:crypt_dir_name]
|
55
|
-
crypt.rel.path = e>> File.join @s[:crypt_rel_base], CmdLine.instance.key_values[:name]
|
56
|
-
crypt.sudopath = e>> File.join @s[:local_gitrepo], @s[:crypt_rel_path]
|
57
|
-
crypt.dir.path = e>> File.dirname @s[:crypt_sudopath]
|
58
|
-
crypt.filename = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".crypt.txt"
|
59
|
-
crypt.filepath = e>> File.join @s[:crypt_dir_path], @s[:crypt_filename]
|
60
|
-
|
61
|
-
|
62
|
-
plaintext.name = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".plain.txt"
|
63
|
-
plaintext.file = e>> "DELETE_" + @f[:time][:stamp] + "_" + @s[:plaintext_name]
|
64
|
-
plaintext.path = e>> File.join Dir.tmpdir, @s[:plaintext_file]
|
@@ -1,49 +0,0 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
|
3
|
-
# --
|
4
|
-
# -- This decryption plugin brings together many elements to
|
5
|
-
# -- decrypt text that is a union of the public key and the
|
6
|
-
# -- plaintext material.
|
7
|
-
# --
|
8
|
-
# -- To perform the decryption we
|
9
|
-
# --
|
10
|
-
# -- [1] - read the human entered relative path to the material
|
11
|
-
# -- [2] - request and read the human portion of the password
|
12
|
-
# -- [3] - read the machine password in the environment variable
|
13
|
-
# -- [4] - amalgamate (join) the human and the machine passwords
|
14
|
-
# -- [5] - download the encryptd material from a git repository
|
15
|
-
# -- [6] - access the private key from a [local] removable drive
|
16
|
-
# -- [7] - unlock the private key with the amalgamated password
|
17
|
-
# -- [8] - decrypt the text into the pre-configured destination
|
18
|
-
# --
|
19
|
-
class Decrypt
|
20
|
-
|
21
|
-
|
22
|
-
def core_provisioning
|
23
|
-
|
24
|
-
log.info(ere) { "# ## ######### ######################################## ## #" }
|
25
|
-
log.info(ere) { "# -- [decrypt] ---------------------------------------- -- #" }
|
26
|
-
log.info(ere) { "# -- [decrypt] This plugin decrypts a filed string. --- -- #" }
|
27
|
-
log.info(ere) { "# -- [decrypt] ---------------------------------------- -- #" }
|
28
|
-
log.info(ere) { "# ## ######### ######################################## ## #" }
|
29
|
-
|
30
|
-
|
31
|
-
GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
|
32
|
-
Throw.if_not_exists @p[:crypt_filepath]
|
33
|
-
|
34
|
-
crypted_material = File.read @p[:crypt_filepath]
|
35
|
-
natural_password = Crypto.collect_secret @p[:min_passwd_len], @p[:prompt_1], @p[:prompt_2]
|
36
|
-
amalgam_password = Crypto.get_amalgam_password natural_password, @p[:machine_secret], @p[:ratio]
|
37
|
-
|
38
|
-
decryption_key = OpenSSL::PKey::RSA.new @p[:secret_keytext], amalgam_password
|
39
|
-
decrypted_text = decryption_key.private_decrypt(Base64.decode64(crypted_material))
|
40
|
-
|
41
|
-
File.write @p[:plaintext_path], decrypted_text
|
42
|
-
|
43
|
-
log.info(ere) { "# -- [decrypt] ------------------------------------------ -- #" }
|
44
|
-
log.info(ere) { "# ## ######### ########################################## ## #" }
|
45
|
-
|
46
|
-
end
|
47
|
-
|
48
|
-
|
49
|
-
end
|
@@ -1,55 +0,0 @@
|
|
1
|
-
[encrypt]
|
2
|
-
|
3
|
-
prompt.1 = Enter Secret Text
|
4
|
-
prompt.2 = Re-enter the Text
|
5
|
-
|
6
|
-
min.passwd.len = e>> 16
|
7
|
-
nickname = godzilla
|
8
|
-
root.domain = devopswiki.co.uk
|
9
|
-
env.var.name = SECRET_MATERIAL
|
10
|
-
ratio = e>> 3
|
11
|
-
bit.key.size = e>> 8192
|
12
|
-
key.cipher = e>> OpenSSL::Cipher.new 'AES-128-CBC'
|
13
|
-
secret.keyname = e>> @s[:nickname] + dot + @s[:root_domain] + dot + @f[:time][:stamp] + ".txt"
|
14
|
-
secret.keydir = e>> @f[@i[:workstation]][:secrets_dir]
|
15
|
-
secret.keypath = e>> File.join @s[:secret_keydir], @s[:secret_keyname]
|
16
|
-
|
17
|
-
repo.name = material_data
|
18
|
-
local.gitrepo = e>> File.join @i[:dir], @s[:repo_name]
|
19
|
-
public.gitrepo = https://www.eco-platform.co.uk/content/material.data.git
|
20
|
-
public.dirname = public_keys
|
21
|
-
|
22
|
-
public.keyroute = e>> File.join @s[:root_domain], @s[:public_dirname]
|
23
|
-
public.keydir = e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
|
24
|
-
public.keyname = e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
|
25
|
-
public.keypath = e>> File.join @s[:public_keydir], @s[:public_keyname]
|
26
|
-
|
27
|
-
# --
|
28
|
-
# -- Note that we can only predict the crypt folder from looking at full path.
|
29
|
-
# -- This is because the user may enter a path string like the below.
|
30
|
-
# --
|
31
|
-
# -- --path=dates/bithdays/wife.birthday
|
32
|
-
# --
|
33
|
-
# -- So we extrapolate the crypt directory from the full file path.
|
34
|
-
# -- We also extrapolate the crypt filename from the final segment.
|
35
|
-
# --
|
36
|
-
crypt.dir.name = crypt_files
|
37
|
-
crypt.rel.base = e>> File.join @s[:root_domain], @s[:crypt_dir_name]
|
38
|
-
crypt.rel.path = e>> File.join @s[:crypt_rel_base], CmdLine.instance.key_values[:name]
|
39
|
-
crypt.sudopath = e>> File.join @s[:local_gitrepo], @s[:crypt_rel_path]
|
40
|
-
crypt.dir.path = e>> File.dirname @s[:crypt_sudopath]
|
41
|
-
crypt.filename = e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".crypt.txt"
|
42
|
-
crypt.filepath = e>> File.join @s[:crypt_dir_path], @s[:crypt_filename]
|
43
|
-
|
44
|
-
|
45
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
46
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
47
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
48
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
49
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
50
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
51
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
52
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
53
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
54
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
55
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
@@ -1,82 +0,0 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
|
3
|
-
# --
|
4
|
-
# -- This simple [cipher] plugin encrypts either the inputted string or
|
5
|
-
# -- file, using the configured public key and writes the cryptic material
|
6
|
-
# -- to a file that is checked into a git repository.
|
7
|
-
# --
|
8
|
-
# -- -----------------------
|
9
|
-
# -- Example Parameters
|
10
|
-
# -- -----------------------
|
11
|
-
# --
|
12
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
13
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
14
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
15
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
16
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
17
|
-
# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
|
18
|
-
# --
|
19
|
-
# -- --name=dates/birthdays (mandatory)
|
20
|
-
# -- --file=/home/joe/laptop.key (optional)
|
21
|
-
# --
|
22
|
-
# -- ---------------------------------------------
|
23
|
-
# -- Escaping - Prefer BACKSLASH to DOUBLE QUOTES
|
24
|
-
# -- ---------------------------------------------
|
25
|
-
# --
|
26
|
-
# -- Sensitive keys and passwords usually contain non standard characters.
|
27
|
-
# -- Now you can use either BACKSLASHES or DOUBLE QUOTES to escape them.
|
28
|
-
# --
|
29
|
-
# -- Prefer backslash to double quotes.
|
30
|
-
# --
|
31
|
-
# -- Why? Example1 = --text=wow!wow!wee Will FAIL
|
32
|
-
# -- Example2 = --text=wow\!wow\!wee Will SUCCEED
|
33
|
-
# -- Example3 = --text=in(doubt)here Will FAIL
|
34
|
-
# -- Example4 = --text="in(doubt)here" Will SUCCEED
|
35
|
-
# -- Example5 = --text="no!way" Will FAIL
|
36
|
-
# -- Example6 = --text="no\!and(oh)my" SUCCEEDS BUT INCLUDES backslash
|
37
|
-
# -- Example7 = --text=no\!and\(oh\)my SUCCEEDS (NO backslash)
|
38
|
-
# --
|
39
|
-
# -- Example 6 will succeed but the decrypted string will include the
|
40
|
-
# -- backslash like => no\!and(oh)my
|
41
|
-
# --
|
42
|
-
# -- Example 7 is the best for when exclamation marks and soft quotes exist.
|
43
|
-
# -- Decrypted string is => no!and(oh)my
|
44
|
-
# --
|
45
|
-
class Encrypt
|
46
|
-
|
47
|
-
def core_provisioning
|
48
|
-
|
49
|
-
log.info(ere) { "# ## ######### ########################################## ## #" }
|
50
|
-
log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
|
51
|
-
log.info(ere) { "# -- [encrypt] This plugin encrypts a file or string. --- -- #" }
|
52
|
-
log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
|
53
|
-
log.info(ere) { "# ## ######### ########################################## ## #" }
|
54
|
-
|
55
|
-
plaintext_secret = ""
|
56
|
-
|
57
|
-
if CmdLine.include? :file then
|
58
|
-
plaintext_filepath = CmdLine.instance.key_values[:file]
|
59
|
-
Throw.if_not_exists plaintext_filepath
|
60
|
-
plaintext_secret = File.read plaintext_filepath
|
61
|
-
else
|
62
|
-
plaintext_secret = Crypto.collect_secret 3, @p[:prompt_1], @p[:prompt_2]
|
63
|
-
end
|
64
|
-
|
65
|
-
GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
|
66
|
-
|
67
|
-
public_key_text = File.read @p[:public_keypath]
|
68
|
-
encryption_key = OpenSSL::PKey::RSA.new public_key_text
|
69
|
-
binary_crypt_text = encryption_key.public_encrypt plaintext_secret
|
70
|
-
crypt_material = Base64.encode64 binary_crypt_text
|
71
|
-
|
72
|
-
FileUtils.mkdir_p @p[:crypt_dir_path]
|
73
|
-
File.write @p[:crypt_filepath], crypt_material
|
74
|
-
GitFlow.push @p[:local_gitrepo], @p[:crypt_filename], @c[:time][:stamp]
|
75
|
-
|
76
|
-
log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
|
77
|
-
log.info(ere) { "# ## ######### ########################################## ## #" }
|
78
|
-
|
79
|
-
end
|
80
|
-
|
81
|
-
|
82
|
-
end
|
data/lib/using.txt
DELETED
@@ -1,247 +0,0 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
==============================================================================================
|
5
|
-
|
6
|
-
open office/laptop
|
7
|
-
(or pull)
|
8
|
-
|
9
|
-
put login/username=myname
|
10
|
-
put login/password=mysecret
|
11
|
-
list
|
12
|
-
put disk/password=anothersecret
|
13
|
-
swap disk/password=bettersecret
|
14
|
-
|
15
|
-
lock
|
16
|
-
(or push)
|
17
|
-
==============================================================================================
|
18
|
-
==============================================================================================
|
19
|
-
|
20
|
-
On Curent Workstation
|
21
|
-
--------------------------
|
22
|
-
os copy config
|
23
|
-
|
24
|
-
|
25
|
-
Go to new Workstation
|
26
|
-
--------------------------
|
27
|
-
enter usb key/phone dir (wherever safe is)
|
28
|
-
sudo gem install opensecret
|
29
|
-
os safe /path/to/safe
|
30
|
-
os store /path/to/store (if different)
|
31
|
-
os paste config
|
32
|
-
(Now carry on as normal - no need for os init)
|
33
|
-
|
34
|
-
|
35
|
-
==============================================================================================
|
36
|
-
==============================================================================================
|
37
|
-
|
38
|
-
To Decommission from Workstation
|
39
|
-
------------------------------------
|
40
|
-
os delete config
|
41
|
-
|
42
|
-
If necessary you can do
|
43
|
-
gem uninstall opensecret
|
44
|
-
|
45
|
-
|
46
|
-
==============================================================================================
|
47
|
-
==============================================================================================
|
48
|
-
|
49
|
-
To Backup
|
50
|
-
------------------------------------
|
51
|
-
Create single backup reference number
|
52
|
-
Create huge symmetric key
|
53
|
-
Baseline each file with signature and date / time
|
54
|
-
os rekeys and takes direction on where to send crypted + amalgamated keystore and cryptstore
|
55
|
-
That goes to one backup location (even tape drive)
|
56
|
-
|
57
|
-
Then the machine config and othe sensitive items can be emailed - saved on phone - use os's rest services.
|
58
|
-
|
59
|
-
It emails you with a key wealth report.
|
60
|
-
If you bring them back together it will rebuild (restore) everything for you.
|
61
|
-
|
62
|
-
==============================================================================================
|
63
|
-
==============================================================================================
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
You can output in the key EAI data formats - the default is INI.
|
70
|
-
|
71
|
-
os read office/laptop # outputs all groups and key/value pairs (INI format)
|
72
|
-
os read office/laptop/login # outputs the login group and its key/value pairs (INI)
|
73
|
-
os read office/laptop/login/username # outputs only the secret value
|
74
|
-
|
75
|
-
os peek office/laptop # (secrets redacted) outputs groups and key/value pairs
|
76
|
-
os peek office/laptop/login # (secrets redacted) outputs login group and its keys
|
77
|
-
os peek office/laptop/login/username # exact mirror of full read command
|
78
|
-
|
79
|
-
Kiss and Tell
|
80
|
-
==================
|
81
|
-
os kiss # taints the secret (and/or secret tree) prepping it for a tell (share)
|
82
|
-
os tell # send secret by sending keys os tell london/safe-houses
|
83
|
-
|
84
|
-
os put
|
85
|
-
|
86
|
-
os remove
|
87
|
-
os wipe
|
88
|
-
os open x/y (when packet exists)
|
89
|
-
|
90
|
-
os lock
|
91
|
-
|
92
|
-
os unlock (a file)
|
93
|
-
os undo
|
94
|
-
os zip
|
95
|
-
os push (after a zip or file locking operation)
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
==============================================================================================
|
102
|
-
==============================================================================================
|
103
|
-
|
104
|
-
Input
|
105
|
-
======
|
106
|
-
|
107
|
-
file
|
108
|
-
use bash pipes
|
109
|
-
cli string
|
110
|
-
sensitive collection
|
111
|
-
zip files in folder
|
112
|
-
recursive zip with all lower folders
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
==============================================================================================
|
117
|
-
==============================================================================================
|
118
|
-
|
119
|
-
|
120
|
-
open office/laptop --with=asdfasdflkhlkh
|
121
|
-
(or pull)
|
122
|
-
|
123
|
-
list
|
124
|
-
get login
|
125
|
-
get disk
|
126
|
-
trash disk
|
127
|
-
list
|
128
|
-
get login/password
|
129
|
-
|
130
|
-
lock
|
131
|
-
(or push)
|
132
|
-
==============================================================================================
|
133
|
-
|
134
|
-
|
135
|
-
lock <<path/to/a/file.txt>> ## locks (encrypts) the file in-place | you must delete it
|
136
|
-
lock <<path/to/a/folder>> --zip ## zips and encrypts folder (in-place) | you must delete it
|
137
|
-
|
138
|
-
==============================================================================================
|
139
|
-
|
140
|
-
Command => open office/laptop
|
141
|
-
|
142
|
-
Effect1 => Creates in-memory INI string (see below) and writes (in effect2) to file
|
143
|
-
Effect2 => Creates a an openkey eg asdfa234234234sfss and a long password.
|
144
|
-
Effect3 => Creates a file ../<<email>>/opened.files/office/laptop.asdfa234234234sfss.x.txt
|
145
|
-
Effect4 => Puts long password in $HOME/.opensecret/session.keys/asdfa234234234sfss.x.txt
|
146
|
-
|
147
|
-
-------------------------------------
|
148
|
-
in-memory INI string
|
149
|
-
-------------------------------------
|
150
|
-
[opensecret]
|
151
|
-
|
152
|
-
secret.path = office/laptop
|
153
|
-
-------------------------------------
|
154
|
-
|
155
|
-
Assert => no office/laptop exists before opening (if so prompt user to => trash office/laptop
|
156
|
-
|
157
|
-
==============================================================================================
|
158
|
-
|
159
|
-
Command => open office/laptop/login/fullname="Mr Blobby"
|
160
|
-
|
161
|
-
Effect1 => Creates in-memory INI string (see below) and writes (in effect2) to file
|
162
|
-
Effect2 => Creates a file ../<<email>>/opened.files/office/laptop.asdfa234234234sfss.x.txt
|
163
|
-
Effect3 => With its encrypt-key in $HOME/.opensecret/session.keys/asdfa234234234sfss.x.txt
|
164
|
-
|
165
|
-
-------------------------------------
|
166
|
-
in-memory INI string
|
167
|
-
-------------------------------------
|
168
|
-
[opensecret]
|
169
|
-
|
170
|
-
secret.path = office/laptop
|
171
|
-
|
172
|
-
[login]
|
173
|
-
fullname = Mr Blobby
|
174
|
-
-------------------------------------
|
175
|
-
|
176
|
-
Assert => no office/laptop exists before opening (if so prompt user to => trash office/laptop
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
inner_key
|
181
|
-
outer_key
|
182
|
-
filename
|
183
|
-
foldername
|
184
|
-
office/room2/rack6/server4/username
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
open
|
190
|
-
|
191
|
-
get session id as time string
|
192
|
-
use
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
close
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
lock wifi/password
|
204
|
-
|
205
|
-
[keys]
|
206
|
-
wifi = asdff234523
|
207
|
-
password = dfgsdfgsfg
|
208
|
-
|
209
|
-
|
210
|
-
asdff234523/dfgsdfgsfg
|
211
|
-
|
212
|
-
[home]
|
213
|
-
|
214
|
-
wifi=asdfasd
|
215
|
-
alarm=fdghdfg
|
216
|
-
safe1=3456hjk3h45
|
217
|
-
safe2=2n34lijss
|
218
|
-
|
219
|
-
======================================
|
220
|
-
|
221
|
-
in asdfasd (wifi)
|
222
|
-
|
223
|
-
[home/wifi]
|
224
|
-
|
225
|
-
ssid = 3452454
|
226
|
-
password = 2452345
|
227
|
-
|
228
|
-
|
229
|
-
office/room2/rack6/server4/username
|
230
|
-
office/accounts/sage
|
231
|
-
office/alarm/pin
|
232
|
-
office/gmail/username
|
233
|
-
|
234
|
-
|
235
|
-
[office]
|
236
|
-
|
237
|
-
room2 = asddf345
|
238
|
-
accounts = 9o8udfg
|
239
|
-
alarm = 345ljdfg
|
240
|
-
gmail = ldf2345
|
241
|
-
|
242
|
-
|
243
|
-
[office/room2]
|
244
|
-
|
245
|
-
rack6 = asdf234
|
246
|
-
|
247
|
-
[office/room2]
|