opensecret 0.0.962 → 0.0.988

data/lib/crypto/collect.rb

@@ -1,140 +0,0 @@
-#!/usr/bin/ruby
-
-module OpenSecret
-
-  require 'io/console'
-
-  # This class will be refactored into an interface implemented by a set
-  # of plugins that will capture sensitive information from users from an
-  # Ubuntu, Windows, RHEL, CoreOS, iOS or CentOS command line interface.
-  #
-  # An equivalent REST API will also be available for bringing in sensitive
-  # information in the most secure (but simple) manner.
-  class Collect
-
-
-    # <tt>Collect something sensitive from the command line</tt> with a
-    # minimum length specified in the first parameter. This method can't
-    # know whether the information is a password, a pin number or whatever
-    # so it takes the integer minimum size at its word.
-    #
-    # @param min_size [Integer] the minimum size of the collected secret
-    #    whereby one (1) is the least we can expect. The maximum bound is
-    #    not constrained here so will fall under what is allowed by the
-    #    interface, be it a CLI, Rest API, Web UI or Mobile App.
-    #
-    # @param prompt_twice [Boolean] indicate whether the user should be
-    #    prompted twice. If true the prompt_2 text must be provided and
-    #    converse is also true. A true value asserts that both times the
-    #    user enters the same (case sensitive) string.
-    #
-    # @param prompt_1 [String] the text (aide memoire) used to prompt the user
-    #
-    # @param prompt_2 [String] if the prompt twice boolean is TRUE, this
-    #    second prompt (aide memoire) must be provided.
-    #
-    # @return [String] the collected string text ( watch out for non-ascii chars)
-    # @raise [ArgumentError] if the minimum size is less than one
-    def self.secret_text min_size, prompt_twice, prompt_1, prompt_2=nil
-
-# put this into caller class if reading from facts.
-# put this into caller class if reading from facts.
-# put this into caller class if reading from facts.
-#      min_msg = "The minimum size #{min_size.to_s} must be an integer."
-#      raise ArgumentError, min_msg unless min_size.instance_of? Integer
-
-      assert_min_size min_size
-
-      sleep(1)
-      puts "\n#{prompt_1} : "
-      first_secret = STDIN.noecho(&:gets).chomp
-
-      assert_input_text_size first_secret.length, min_size
-      return first_secret unless prompt_twice
-
-      sleep(1)
-      puts "\n#{prompt_2} : "
-      check_secret = STDIN.noecho(&:gets).chomp
-
-      assert_same_size_text first_secret, check_secret
-      
-      return first_secret
-
-    end
-
-
-    # --
-    # -- Raise an exception if asked to collect text that is less
-    # -- than 3 characters in length.
-    # --
-    def self.assert_min_size min_size
-
-      min_length_msg = "\n\nCrypts with 2 (or less) characters open up exploitable holes.\n\n"
-      raise ArgumentError.new min_length_msg if min_size < 3
-
-    end
-
-
-    # --
-    # -- Output an error message and then exit if the entered input
-    # -- text size does not meet the minimum requirements.
-    # --
-    def self.assert_input_text_size input_size, min_size
-
-      if( input_size < min_size  )
-
-        puts
-        puts "Input is too short. Please enter at least #{min_size} characters."
-        puts
-
-        exit
-
-      end
-
-    end
-
-
-    # --
-    # -- Assert that the text entered the second time is exactly (case sensitive)
-    # -- the same as the text entered the first time.
-    # --
-    def self.assert_same_size_text first_text, second_text
-      
-      unless( first_text.eql? second_text )
-
-        puts
-        puts "Those two bits of text are not the same (in my book)!"
-        puts
-
-        exit
-
-      end
-
-    end
-
-
-    # --
-    # -- Print out the machine password that is to be kept as an environment variable
-    # -- on any workstation used for material decryption.
-    # --
-    # -- Remember that neither the human nor machine passwords are required for the
-    # -- encryption phase. That is the beauty of assymetric cryptography - you don't
-    # -- need a private key to encrypt - just the end user's public key.
-    # --
-    def self.print_secret_env_var env_var_name, env_var_value
-
-      machine_to_env_txt = "sudo echo \"#{env_var_name}=#{env_var_value}\" >> /etc/environment"
-
-      puts
-      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-      puts "@@@ Add as environment variable @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-      puts machine_to_env_txt
-      puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
-      puts
-
-    end
-
-  end
-
-end

data/lib/crypto/verify.rb

@@ -1,33 +0,0 @@
-#!/usr/bin/ruby
-
-module OpenSecret
-
-  # This class verifies domain names, email addresses and othe external
-  # reference data.
-  class Verify
-
-    # Register two fundamental opensecret crypt pointers 
-    #
-    # - an opensecret domain like » **lecturers@harvard**
-    # - the url to a backend store like Git, S3 or an SSH accessible drive.
-    #
-    # The domain will be extended to cover verified internet domains.
-    # They will also latch onto LDAP domains so when admins add, revoke
-    # or remove users, their opensecret access is adjusted accordingly.
-    #
-    # @param domain [String] the DOMAIN eg lecturers@harvard for your family or work group.
-    # @param store_url [String] the STORE_URL for connecting to the backend storage service
-    #
-    def self.verify_domain domain, store_url
-
-      # -> read config file map
-      # -> create new domain in map
-      # -> add type and store url to map
-      # -> backup configuration
-      # -> overwrite the ini config file
-
-    end
-
-  end
-
-end

data/lib/opensecret.rb

@@ -1,236 +0,0 @@
-require "thor"
-require "fileutils"
-
-require "session/time.stamp"
-require "session/attributes"
-require "logging/gem.logging"
-require "session/require.gem"
-
-# Include the logger mixins so that every class can enjoy "import free"
-# logging through pointers to the (extended) log behaviour.
-include OpenLogger
-
-# This standard out sync command flushes text destined for STDOUT immediately,
-# without waiting either for a full cache or script completion.
-$stdout.sync = true
-
-# Recursively require all gems that are either in or under the directory
-# that this code is executing from. Only use this tool if your library is
-# relatively small but highly interconnected. In these instances it raises
-# productivity and reduces harassing "not found" exceptions.
-OpenSession::RecursivelyRequire.now( __FILE__ )
-
-
-# This command line processor extends the Thor gem CLI tools in order to
-#
-# - read the posted commands, options and switches
-# - maps the incoming string data to objects
-# - assert that the mandatory options exist
-# - assert the type of each parameter
-# - ensure that the parameter values are in range
-# - delegate processing to the registered handlers
-#
-class CliInterpreter < Thor
-
-  OpenSession::Session.instance.context = "opensecret"
-  log.info(x) {"opensecret session initiated at [#{OpenSession::Stamp.yyjjj_hhmm_sst}]." }
-  log.info(x) {"opensecret session context is [#{OpenSession::Session.instance.context}]." }
-
-  #
-  # This class option allows every CLI call the option to include
-  # a --debug  boolean switch which will up the verbosity of the
-  # content logged to the file .opensecret/opensecret.log
-  #
-  class_option :debug, :type => :boolean
-  
-
-
-  # Description of the init configuration call.
-  desc "init", "initialize secret keys and check access to the crypt store"
-
-  # Initialize secret keys and check access to the crypt store.
-  #
-  # - checks the installed configuration.
-  def init
-    OpenSecret::Init.new.flow_of_events
-  end
-
-
-  # Description of the lock use case command line call.
-  desc "lock", "Lock away the (secret stuffed) envelope into key and crypt stores."
-
-  # Lock away the (secret stuffed) envelope into key and crypt stores.
-  def lock
-    OpenSecret::Lock.new.flow_of_events
-  end
-
-
-  # Description of the open use case command.
-  desc "open OUTER_PATH", "OUTER_PATH to envelope of secrets to stuff and then lock."
-
-  # Open up a conduit from which we can add, subtract, update and list secrets
-  # before they are committed (and pushed) into permanent locked storage.
-  #
-  # @param outer_path [String] the path to USB key for storing encrypted keys
-  def open outer_path
-
-    open_uc = OpenSecret::Open.new
-    open_uc.outer_path = outer_path
-    open_uc.flow_of_events
-
-  end
-
-  # Description of the unlock use case command.
-  desc "unlock OUTER_PATH", "OUTER_PATH to locked secrets to open for reading or stuffing."
-
-  # If confident that command history cannot be exploited to gain the human password
-  # or if the agent running opensecret is itself a script, the <tt>with</tt> option can
-  # be used to convey the password.
-  option :with
-
-  # Unlock a secrets envelope at the specified outer path so that we can read, put
-  # and discard secrets.
-  #
-  # This use case requires the human (agent) password unless the <tt>--no-human-password</tt>
-  # flag was posted along with the <tt>init</tt> command.
-  #
-  # There are two ways to provide the password (for the <b><em>my/gadgets</em></b> group)
-  #
-  # - <tt>opensecret unlock my/gadgets</tt> and respond to the password prompt (or)
-  # - <tt>opensecret unlock my/gadgets --with="hUM4n-0pen$3cr3t"</tt>
-  #
-  # If providing the password on the command line, one must be confident that the shell's
-  # command history cannot be exploited to capture it.
-  #
-  # @param outer_path [String] the path to the (previously) locked secrets in frozen storage.
-  def unlock outer_path
-
-    unlock_uc = OpenSecret::Unlock.new
-    unlock_uc.outer_path = outer_path
-    unlock_uc.master_p4ss = options[:with] if options[:with]
-    unlock_uc.flow_of_events
-
-  end
-
-  # Description of the put secret command.
-  desc "put <secret_id> <secret_value>", "put secret like login/username into opened context."
-
-  # Put a secret with an id like login/username and a value like joebloggs into the
-  # context (eg work/laptop) that was opened with the open command.
-  #
-  # @param secret_id [String] the id of the secret to put into the opened context
-  # @param secret_value [String] the value of the secret to put into the opened context
-  def put secret_id, secret_value
-
-    put_uc = OpenSecret::Put.new
-    put_uc.secret_id = secret_id
-    put_uc.secret_value = secret_value
-    put_uc.flow_of_events
-
-  end
-
-
-  # Description of the mandatory safe and (safe directory) configuration.
-  desc "safe SAFE_DIR", "SAFE_DIR full path to the (ideally USB key) storage location"
-
-  #
-  # A USB key drive is the ideal store for the encrypted private
-  # key and the tamper proof configuration file. This method collects
-  # the usb drive path and then
-  #
-  # - checks the path exists
-  # - if not, it attempts to create the path
-  # - if successful it's written into HOME/.opensecret/opensecret.keydir.txt
-  #
-  # @param safe_dir [String] the path to USB key for storing encrypted keys
-  #
-  def safe safe_dir
-
-    configure_safe_uc = OpenSecret::Safe.new
-    configure_safe_uc.safe_path = safe_dir
-    configure_safe_uc.flow_of_events
-
-  end
-
-
-  #
-  # Description of the email-address that is unique
-  # for the domain in question.
-  #
-  desc "email EMAIL_ADDRESS", "EMAIL_ADDRESS Your email address unique for the domain."
-
-  #
-  # This method collects the email address that is unique for the domain in
-  # question. For the email address to be valid it must consist of only alphanumerics,
-  # underscores, periods, hyphens and (at most) one @ symbol.
-  #
-  # Note that underscores, periods, hyphens and @ symbol are permissable if not
-  # at the start or end of the email address nor can they appear consecutively.
-  #
-  # <tt>a@b.cd</tt> is the minimum size of an externally addressable email
-  # address so 6 or more characters is enforced by this configuation method.
-  #
-  #    email validation will be added to opensecret including
-  #    - validation of the email address character array
-  #    - proof of control and ownership of the email address
-  #
-  # If an email address already exists within the domain section of the
-  # configuration file, it is overwritten. If there is no configuration
-  # file yet, one is created within the auspices of the home directory.
-  #
-  # @param email_address [String] email address of the user (eg a@b.cd)
-  #
-  def email email_address
-
-    if email_address.length < 6
-      abort "The tiniest (externally accessible) email address [a@b.cd] has 6 characters."
-    end
-    
-    OpenSession::Attributes.stash "opensecret", "opensecret", "email", email_address
-
-  end
-
-
-  desc "store STORE_URL", "STORE_URL denotes the location of the backend crypt store"
-
-  #
-  # Here we define the location (the URL) of the crypt store. The crypt store will hold
-  # the cipher text and is known as <tt>backend storage</tt>.
-  #
-  # The planned list of backend storage systems (each onlined with a plugin), is
-  #
-  # - Git (including GitHub, GitLab, BitBucket, OpenGit and private repositories.
-  # - S3 Buckets from the Amazon Web Services (AWS) cloud.
-  # - SSH, SCP, SFTP connected file-systems
-  # - network storage including Samba, NFS, VMWare vSAN and
-  # - GoogleDrive (only Windows has suitable synchronized support).
-  #
-  # @param store_url [String] the STORE_URL identifying a filesystem or Git or S3 storage location
-  def store store_url
-
-
-    if store_url.strip.length < 3
-      abort "4 characters is the minimum domain name length."
-    end
-
-    OpenSession::Attributes.stash "opensecret", "opensecret", "store", store_url.strip
-
-###    if( File.exists?( store_url ) && !(File.directory? store_url) )
-###      abort "The store url path cannot be a file => #{store_url}"
-###    end
-
-  end
-
-
-  desc "on", "Open a session to encrypt (lock) one or more secrets"
-
-  # The [on] message tells opensecret to prepare to lock one or more secrets.
-  def on
-
-####    FileUtils.mkdir_p store_url unless File.exists? store_url
-####    OpenSession::Attributes.stash "opensecret", "store.id.#{store_id}", store_url
-
-  end
-
-
-end

data/lib/plugins/cipher.rb

@@ -1,203 +0,0 @@
-#!/usr/bin/ruby
-# coding: utf-8
-
-module OpenSecret
-
-  require "base64"
-
-
-  # {OpenSecret::Cipher} is a base class that enables cipher varieties
-  # to be plugged and played with minimal effort. This Cipher implements much
-  # of the use case functionality - all extension classes need to do, is
-  # to subclass and implement only the core behaviour that define its identity.
-  #
-  # == Double Encryption | Cipher Parent vs Cipher Child
-  #
-  # Double encryption first with a symmetric and then an asymmetric one fulfills
-  # the +opensecret+ promise of making the stored ciphertext utterly worthless.
-  #
-  # The child ciphers implement the inner symmetric encyption whilst the parent
-  # implements the outer asymmetric encryption algorithm.
-  #
-  # The process is done twice resulting in two stores that are mirrored in structure.
-  # The front end store holds doubly encrypted keys whist the backend store holds
-  # the doubly encrypted secrets.
-  #
-  # Attackers wouldn't be able to distinguish one from the other. Even if they
-  # theoretically cracked the asymmetric encryption - they would then be faced
-  # with a powerful symmetric encryption algorithm which could be any one of the
-  # leading ciphers such as TwoFish or the Advanced Encryption Standard (AES).
-  #
-  # == Ciphers at 3 Levels
-  #
-  # Ciphers are implemented at three distinct levels.
-  #
-  # <b>Low Level Ciphers</b>
-  #
-  # Low level ciphers are given text to encrypt and an instantiated dictionary
-  # in which to place the encryption parameters such as keys and initialization
-  # vectors (iv)s.
-  #
-  # Some more specific ciphers can handle authorization data for example the
-  # Galois Counter Mode (GCM) cipher.
-  #
-  # Low level ciphers know nothing about text IO nor reading and writing to
-  # persistence structures like files, queues and databases.
-  #
-  # <b>Mid Level Ciphers</b>
-  #
-  # Mid level ciphers talk to the low level ciphers and bring in input and output
-  # textual formats like OpenSecret's two-part block structures.
-  #
-  # Mid level ciphers still know nothing of persistence structures like files,
-  # queues and databases.
-  #
-  # <b>Use Case Level Ciphers</b>
-  #
-  # The ciphers operating at the use case level talk to mid level ciphers. They
-  # interact with the <b>opensecret store API</b> which brings persistence
-  # functions such as <b>read/write</b> as well as remoting functions such as
-  # <b>push/pull</b>.
-  #
-  # Use Case level ciphers interact with the latest crypt technologies due to
-  # interface separation. Also they talk classes implementing persistence stores
-  # allowing assets liek Git, S3, DropBox, simple files, SSH filesystems, Samba
-  # to hold locked key and material crypts.
-  #
-  # Databases stores will be introduced soon allowing opensecret to plug in and
-  # exploit database managers like Mongo, Hadoop, MySQL, Maria, and PostgreSQL.
-  #
-  # Plugging into DevOps orchestration platforms like Terraform, Ansible, Chef
-  # and Puppet will soon be available. Add this with integrations to other credential
-  # managers like HashiCorp's Vault, Credstash, Amazon KMS, Git Secrets, PGP,
-  # LastPass, KeePass and KeePassX.
-  #
-  # == How to Implement a Cipher
-  #
-  # Extend this base class to inherit lots of +unexciting+ functionality
-  # that essentially
-  #
-  # - manages the main encryption and decryption use case flow
-  # - +concatenates+ the symmetric encryption meta data with ciphertext +after encryption+
-  # - _splits_ and objectifies the key/value metadata plus ciphertext +before decryption+
-  # - +handles file read/writes+ in conjunction with the store plugins
-  # - handles +exceptions+ and +malicious input detection+ and incubation
-  # - +_performs the asymmetric encryption_+ of the cipher's symmetrically encrypted output
-  #
-  # == What Behaviour Must Ciphers Implement
-  #
-  # Ciphers bring the cryptographic mathematics and implementation algorithms
-  # to the table. So when at home they must implement
-  #
-  # - <tt>do_symmetric_encryption(plain_text)</tt> - resulting in ciphertext
-  # - <tt>do_symmetric_decryption(ciphertext, encryption_dictionary)</tt> &raquo; plaintext
-  #
-  # and also set the <tt>@dictionary</tt> hash (map) of pertinent
-  # key/value pairs including the encryption algorithm, the encryption key and
-  # the ciphertext signature to thwart any at-rest tampering.
-  #
-  # That's It. Cipher children can rely on the {OpenSecret::Cipher} parent to
-  # do the nitty gritty of file-handling plus managing stores and paths.
-  class Cipher
-
-    # Ciphers use <b>symmetric algorithms</b> to encrypt the given text, which
-    # is then wrapped up along with the encryption key and other <b>metadata</b>
-    # pertinent to the algorithm, they then encrypt this bundle with the
-    # <b>public key</b> provided and return the text that can safely be stored in
-    # a text file.
-    #
-    # Ciphers should never interact with the filesystem which makes them
-    # reusable in API and remote store scenarios.
-    #
-    # Binary files should be converted into the base64 format before being
-    # presented to ciphers.
-    #
-    # Every component in the pipeline bears the responsibility for nullifying
-    # and rejecting malicious content.
-    #
-    # @param public_key [OpenSSL::PKey::RSA]
-    #    an {OpenSSL::PKey::RSA} public key. The unique selling point of
-    #    asymmetric encryption is it can be done without recourse to the heavily
-    #    protected private key. Thus the encryption process can continue with
-    #    just a public key as long as its authenticity is assured.
-    #
-    # @param payload_text [String]
-    #    plaintext (or base64 encoded) text to encrypt
-    #
-    # @return [String] doubly (symmetric and asymmetric) encrypted cipher text
-    def self.encrypt_it public_key, payload_text
-
-      crypt_data = {}
-      crypted_payload = Base64.encode64( Aes256.do_encrypt( crypt_data, payload_text ) )
-      unified_material = CryptIO.inner_crypt_serialize crypt_data, crypted_payload
-
-      outer_crypt_key = OpenSecret::Engineer.strong_key( 128 )
-      crypted_cryptkey = Base64.encode64( public_key.public_encrypt( outer_crypt_key ) )
-
-      crypted_material = Base64.encode64(Blowfish.new.encryptor unified_material, outer_crypt_key)
-
-      return CryptIO.outer_crypt_serialize( crypted_cryptkey, crypted_material )
-
-    end
-
-
-    # This method takes and <b><em>opensecret formatted</em></b> cipher-text block
-    # generated by {self.encrypt_it} and returns the original message that has effectively
-    # been doubly encrypted using a symmetric and asymmetric cipher. This type of
-    # encryption is standard best practice when serializing secrets.
-    #
-    # opensecret cipher-text blocks <b><em>look like a two(2) part bundle</em></b>
-    # but they are <b><em>actually a three(3) part bundle</em></b> because the second
-    # part is in itself an amalgam of two distinct objects, serialized as text blocks.
-    #
-    # <b>The 3 OpenSecret Blocks</b>
-    #
-    # Even though the incoming text <b><em>appears to contain two (2) blocks</em></b>,
-    # it <b><em>actually contains three (3)</em></b>.
-    #
-    # - a massive symmetric encryption key (locked by an asymmetric keypair)
-    # - a dictionary denoting the algorithm and parameters used to encrypt the 3rd block
-    # - the true message whose encryption is parametized by the dictionary (in 2nd block)
-    #
-    # The second and third block are only revealed by asymmetrically decrypting
-    # the key in the first block and using it to symmetrically decrypt what appears
-    # to be a unified second block.
-    #
-    # @param private_key [OpenSSL::PKey::RSA]
-    #    the <b>asymmetric private key</b> whose corresponding public key was
-    #    employed during the encryption of a super-strong 128 character symmetric
-    #    key embalmed by the first ciphertext block.
-    #
-    # @param os_block_text [String]
-    #    the locked cipher text is the opensecret formatted block which comes
-    #    in two main chunks. First is the <b>long strong</b> symmetric encryption
-    #    key crypted with the public key portion of the private key in the first
-    #    parameter.
-    #
-    #    The second chunk is the symmetrically crypted text that was locked with
-    #    the encryption key revealed in the first chunk.
-    #
-    # @return [String]
-    #    the doubly encrypted plain text that is locked by a symmetric key and
-    #    that symmetric key itself locked using the public key portion of the
-    #    private key whose crypted form is presented in the first parameter.
-    def self.decrypt_it private_key, os_block_text
-
-      first_block = Base64.decode64( CryptIO.outer_crypt_deserialize os_block_text, true  )
-      trail_block = Base64.decode64( CryptIO.outer_crypt_deserialize os_block_text, false )
-
-      decrypt_key = private_key.private_decrypt first_block
-      inner_block = Blowfish.new.decryptor( trail_block, decrypt_key )
-
-      crypt_props = Hash.new
-      cipher_text = CryptIO.inner_crypt_deserialize( crypt_props, inner_block )
-
-      return Aes256.do_decrypt( crypt_props, cipher_text )
-
-    end
-
-
-  end
-
-
-end