opensecret 0.0.988 → 0.0.9925
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +56 -159
- data/bin/opensecret +2 -2
- data/bin/ops +17 -2
- data/lib/extension/string.rb +14 -16
- data/lib/{interpreter.rb → interprete.rb} +53 -29
- data/lib/keytools/binary.map.rb +49 -0
- data/lib/keytools/kdf.api.rb +249 -0
- data/lib/keytools/kdf.bcrypt.rb +64 -29
- data/lib/keytools/kdf.pbkdf2.rb +92 -83
- data/lib/keytools/kdf.scrypt.rb +190 -0
- data/lib/keytools/key.64.rb +326 -0
- data/lib/keytools/key.algo.rb +109 -0
- data/lib/keytools/key.api.rb +1281 -0
- data/lib/keytools/key.db.rb +265 -0
- data/lib/keytools/{key.module.rb → key.docs.rb} +55 -0
- data/lib/keytools/key.error.rb +110 -0
- data/lib/keytools/key.id.rb +271 -0
- data/lib/keytools/key.iv.rb +107 -0
- data/lib/keytools/key.local.rb +265 -0
- data/lib/keytools/key.mach.rb +248 -0
- data/lib/keytools/key.now.rb +402 -0
- data/lib/keytools/key.pair.rb +259 -0
- data/lib/keytools/key.pass.rb +120 -0
- data/lib/keytools/key.rb +428 -298
- data/lib/keytools/keydebug.txt +295 -0
- data/lib/logging/gem.logging.rb +3 -3
- data/lib/modules/cryptology/collect.rb +20 -0
- data/lib/session/require.gem.rb +1 -1
- data/lib/usecase/cmd.rb +417 -0
- data/lib/usecase/id.rb +36 -0
- data/lib/usecase/import.rb +174 -0
- data/lib/usecase/init.rb +78 -0
- data/lib/usecase/login.rb +70 -0
- data/lib/usecase/logout.rb +30 -0
- data/lib/usecase/open.rb +126 -0
- data/lib/{interprete → usecase}/put.rb +100 -47
- data/lib/usecase/read.rb +89 -0
- data/lib/{interprete → usecase}/safe.rb +0 -0
- data/lib/{interprete → usecase}/set.rb +0 -0
- data/lib/usecase/token.rb +111 -0
- data/lib/{interprete → usecase}/use.rb +0 -0
- data/lib/version.rb +1 -1
- data/opensecret.gemspec +4 -3
- metadata +39 -33
- data/lib/exception/cli.error.rb +0 -53
- data/lib/exception/errors/cli.errors.rb +0 -31
- data/lib/interprete/begin.rb +0 -232
- data/lib/interprete/cmd.rb +0 -621
- data/lib/interprete/export.rb +0 -163
- data/lib/interprete/init.rb +0 -205
- data/lib/interprete/key.rb +0 -119
- data/lib/interprete/open.rb +0 -148
- data/lib/interprete/seal.rb +0 -129
- data/lib/keytools/digester.rb +0 -245
- data/lib/keytools/key.data.rb +0 -227
- data/lib/keytools/key.derivation.rb +0 -341
- data/lib/modules/mappers/collateral.rb +0 -282
- data/lib/modules/mappers/envelope.rb +0 -127
- data/lib/modules/mappers/settings.rb +0 -170
- data/lib/notepad/scratch.pad.rb +0 -224
- data/lib/store-commands.txt +0 -180
data/lib/notepad/scratch.pad.rb
DELETED
@@ -1,224 +0,0 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
# coding: utf-8
|
3
|
-
|
4
|
-
|
5
|
-
## ########################### ##
|
6
|
-
## Trial and Error Scratch-Pad ##
|
7
|
-
## ########################### ##
|
8
|
-
|
9
|
-
|
10
|
-
class Trial
|
11
|
-
|
12
|
-
|
13
|
-
=begin
|
14
|
-
|
15
|
-
How to Sign
|
16
|
-
Signature Code
|
17
|
-
Sign Using Public/Private Keys
|
18
|
-
|
19
|
-
00 ------------------------------------
|
20
|
-
|
21
|
-
to_sign_segments = [ secured_keytext, public_key_64, @email_addr, @c[:global][:stamp_23] ]
|
22
|
-
to_sign_packet = to_sign_segments.alphanumeric_union.concat_length
|
23
|
-
signature_string = Base64.urlsafe_encode64( asymmetric_keys.sign( OpenSSL::Digest::SHA256.new, to_sign_packet ) )
|
24
|
-
|
25
|
-
00 ------------------------------------
|
26
|
-
|
27
|
-
=end
|
28
|
-
|
29
|
-
def self.ciphername
|
30
|
-
|
31
|
-
require 'openssl'
|
32
|
-
require "base64"
|
33
|
-
|
34
|
-
crypt_cipher = OpenSSL::Cipher::AES256.new(:CBC)
|
35
|
-
puts "Cipher Name => #{crypt_cipher.class.name}"
|
36
|
-
|
37
|
-
end
|
38
|
-
|
39
|
-
####### ======> Trial.ciphername
|
40
|
-
|
41
|
-
|
42
|
-
def self.certify
|
43
|
-
|
44
|
-
require 'openssl'
|
45
|
-
require "base64"
|
46
|
-
|
47
|
-
key = OpenSSL::PKey::RSA.new(1024)
|
48
|
-
public_key = key.public_key
|
49
|
-
|
50
|
-
subject = "/C=BE/O=Test/OU=Test/CN=Test"
|
51
|
-
|
52
|
-
cert = OpenSSL::X509::Certificate.new
|
53
|
-
cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
|
54
|
-
cert.not_before = Time.now
|
55
|
-
cert.not_after = Time.now + 365 * 24 * 60 * 60
|
56
|
-
cert.public_key = public_key
|
57
|
-
cert.serial = 0x0
|
58
|
-
cert.version = 2
|
59
|
-
|
60
|
-
ef = OpenSSL::X509::ExtensionFactory.new
|
61
|
-
ef.subject_certificate = cert
|
62
|
-
ef.issuer_certificate = cert
|
63
|
-
cert.extensions = [
|
64
|
-
ef.create_extension("basicConstraints","CA:TRUE", true),
|
65
|
-
ef.create_extension("subjectKeyIdentifier", "hash"),
|
66
|
-
# ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
|
67
|
-
]
|
68
|
-
cert.add_extension ef.create_extension("authorityKeyIdentifier",
|
69
|
-
"keyid:always,issuer:always")
|
70
|
-
|
71
|
-
cert.sign key, OpenSSL::Digest::SHA1.new
|
72
|
-
|
73
|
-
puts cert.to_pem
|
74
|
-
|
75
|
-
end
|
76
|
-
|
77
|
-
|
78
|
-
##### -----> Trial.certify
|
79
|
-
|
80
|
-
|
81
|
-
def self.crypt
|
82
|
-
|
83
|
-
require 'openssl'
|
84
|
-
require "base64"
|
85
|
-
|
86
|
-
=begin
|
87
|
-
puts ""
|
88
|
-
puts Time.now.strftime "%9N"
|
89
|
-
puts Time.now.strftime "%12N"
|
90
|
-
puts Time.now.strftime "%15N"
|
91
|
-
puts Time.now.strftime "%18N"
|
92
|
-
puts ""
|
93
|
-
exit
|
94
|
-
=end
|
95
|
-
|
96
|
-
## --------------------------------------------------------------------------------------------
|
97
|
-
## --------------------------------------------------------------------------------------------
|
98
|
-
|
99
|
-
key = OpenSSL::PKey::RSA.new(2048)
|
100
|
-
|
101
|
-
|
102
|
-
payload = "55fff4c5895bb247676c6edd2307f17c665305457b3bcfcd985c398246b8780f54e337252c5407afd4895a5e3a2415fce5b703a483da3edc88739cb7787262a19d69fb9416f900fed797c046aaec83b8e15b14edb032ed76535def8ada77108936e5442a839d4078048ca01449a6acd7315c9b7a7b8802dba0c83eb4c13e21b1051efa77a420a3ffd3cbf1fa13182933a0503f23cce95b68787081f3af33c69049657bdbf1fd30d79f108d604faad1fbee198a3e2c1b28cdddf7ebb84b6b0c1d3e9b47665bd96d7df8407e11d00e4d9275e805c7b9e61b6739802d6d87ac8283ef92a593ed53db2096cd1dc9496307f40942cc3d54a7c864ede71e0b192ce152"
|
103
|
-
|
104
|
-
puts ""
|
105
|
-
puts ""
|
106
|
-
puts public_key_text = key.public_key.to_pem
|
107
|
-
puts ""
|
108
|
-
puts "Payload size is #{payload.length}"
|
109
|
-
puts ""
|
110
|
-
=begin
|
111
|
-
puts ""
|
112
|
-
puts encrypted_string = key.public_encrypt( payload, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
|
113
|
-
puts ""
|
114
|
-
puts base64text = Base64.urlsafe_encode64(encrypted_string)
|
115
|
-
puts ""
|
116
|
-
puts signature = key.sign(OpenSSL::Digest::SHA256.new, payload )
|
117
|
-
puts ""
|
118
|
-
puts hex_data = signature.unpack("H*").first
|
119
|
-
puts ""
|
120
|
-
puts "Length is #{hex_data.length}"
|
121
|
-
puts ""
|
122
|
-
puts key.public_key.verify(OpenSSL::Digest::SHA256.new, signature, payload)
|
123
|
-
puts ""
|
124
|
-
puts encrypted_string.unpack("H*").first
|
125
|
-
puts ""
|
126
|
-
puts ""
|
127
|
-
puts "Padding => #{OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING}"
|
128
|
-
puts ""
|
129
|
-
puts key.private_decrypt( encrypted_string, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING )
|
130
|
-
puts ""
|
131
|
-
=end
|
132
|
-
email_address = "bob@hotmail.com"
|
133
|
-
time_stamp = "5th.April.2020.20:21pm"
|
134
|
-
|
135
|
-
secured_privatekey = key.export( OpenSSL::Cipher::AES256.new(:CBC), "secret12345abcde" )
|
136
|
-
|
137
|
-
|
138
|
-
second_key = OpenSSL::PKey::RSA.new(2048)
|
139
|
-
second_public_key_text = second_key.public_key.to_pem
|
140
|
-
|
141
|
-
context_string_dirty = secured_privatekey + public_key_text + email_address + time_stamp
|
142
|
-
context_string_clean = context_string_dirty.delete("^A-Za-z0-9")
|
143
|
-
context_string_clean += context_string_clean.length.to_s
|
144
|
-
#### context_signature_str = Base64.urlsafe_encode64(second_key.sign OpenSSL::Digest::SHA256.new, context_string_clean)
|
145
|
-
context_signature_str = Base64.urlsafe_encode64(key.sign OpenSSL::Digest::SHA256.new, context_string_clean)
|
146
|
-
|
147
|
-
|
148
|
-
## --------------------------------------------------------------------------------------------
|
149
|
-
## --------------------------------------------------------------------------------------------
|
150
|
-
|
151
|
-
reinstated_key = OpenSSL::PKey::RSA.new "#{public_key_text}"
|
152
|
-
### reinstated_key = OpenSSL::PKey::RSA.new "#{second_public_key_text}"
|
153
|
-
raw_signature_text = Base64.urlsafe_decode64(context_signature_str)
|
154
|
-
is_valid = reinstated_key.public_key.verify OpenSSL::Digest::SHA256.new, raw_signature_text, (context_string_clean)
|
155
|
-
raise ArgumentError, "Keys not validated" unless is_valid
|
156
|
-
|
157
|
-
## --------------------------------------------------------------------------------------------
|
158
|
-
## --------------------------------------------------------------------------------------------
|
159
|
-
|
160
|
-
puts "======================================================================================"
|
161
|
-
puts "======================================================================================"
|
162
|
-
puts context_string_dirty
|
163
|
-
puts "======================================================================================"
|
164
|
-
puts "======================================================================================"
|
165
|
-
puts context_string_clean
|
166
|
-
puts "======================================================================================"
|
167
|
-
puts "======================================================================================"
|
168
|
-
puts context_signature_str
|
169
|
-
puts "======================================================================================"
|
170
|
-
puts "======================================================================================"
|
171
|
-
puts "Keys Are Valid => #{is_valid}"
|
172
|
-
puts "======================================================================================"
|
173
|
-
puts "======================================================================================"
|
174
|
-
puts ""
|
175
|
-
|
176
|
-
end
|
177
|
-
|
178
|
-
=begin
|
179
|
-
ddGKDqfhF6HnkJuIdTECZk7J7E9xx9LiYRDywCdIuDxYQQs+if+3qxP37+ah
|
180
|
-
HwGYgjxpIjqS9slhLOveVexSeHUD4DCbjHW2AlMsaUxwoSY0UfgzrO+2LDG9
|
181
|
-
tyizUYA6n8a+vBzJqRFP2BW7/AxwP0jm0yADWwBOGFL1+g==
|
182
|
-
|
183
|
-
<-|@| < || opensecret outer crypt material axis || > |@|->
|
184
|
-
|
185
|
-
HNkUjWaFoI5dPTRUUymyf7uKMaXFhiIZaOq+ZYj4TWPN92qv6ANTd3pRvVa3
|
186
|
-
S+aQSOX7q3FkKIOc5yfWLushGAMSwidgH1kzLvocCf+SSWH5BY3zTb7NAGjW
|
187
|
-
=end
|
188
|
-
|
189
|
-
# -------->
|
190
|
-
# --------> Trial.crypt
|
191
|
-
# -------->
|
192
|
-
|
193
|
-
def try
|
194
|
-
|
195
|
-
require "pp"
|
196
|
-
require "inifile"
|
197
|
-
new_map = { "string1" => "value1", "string2" => "value2" }
|
198
|
-
|
199
|
-
ini_pairs = IniFile.new
|
200
|
-
ini_pairs["dictionary"] = new_map
|
201
|
-
|
202
|
-
puts ""
|
203
|
-
puts ini_pairs.to_s
|
204
|
-
puts ""
|
205
|
-
|
206
|
-
|
207
|
-
puts "--------------------"
|
208
|
-
puts new_map
|
209
|
-
puts "--------------------"
|
210
|
-
puts "#{pp new_map}"
|
211
|
-
puts "--------------------"
|
212
|
-
puts "#{new_map.to_s}"
|
213
|
-
puts "--------------------"
|
214
|
-
puts ""
|
215
|
-
|
216
|
-
## x = "messagess"
|
217
|
-
## x += "x" until x.bytesize % 8 == 0
|
218
|
-
|
219
|
-
## puts "Now x string is [#{x}]."
|
220
|
-
## puts "x is now [#{x.length}] characters long."
|
221
|
-
|
222
|
-
end
|
223
|
-
|
224
|
-
end
|
data/lib/store-commands.txt
DELETED
@@ -1,180 +0,0 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
ops init john@example.com
|
4
|
-
ops open monday/menu
|
5
|
-
|
6
|
-
ops put breakfast/cereal weetabix
|
7
|
-
ops add breakfast/cereal cornflakes
|
8
|
-
|
9
|
-
if accidentally you do
|
10
|
-
|
11
|
-
ops put breakfast/cereal cocopops
|
12
|
-
|
13
|
-
it says
|
14
|
-
"I have overwritten the value of breakfast/cereal"
|
15
|
-
To alter this type "ops undo"
|
16
|
-
After every command create a backup file with session timestamp on it.
|
17
|
-
So later we can do
|
18
|
-
|
19
|
-
ops revert <<session time stamp>>
|
20
|
-
(will jump back to that point in time)
|
21
|
-
|
22
|
-
All files are deleted on close (lock) command.
|
23
|
-
|
24
|
-
================================================
|
25
|
-
Global CRUD Commands
|
26
|
-
================================================
|
27
|
-
|
28
|
-
init == creates the object
|
29
|
-
open == opens a path to the object
|
30
|
-
put == puts something inside the object (overwrites if need be)
|
31
|
-
add == add something to the object (if exists becomes a list which even allows duplicates like stack)
|
32
|
-
remove == takes out what was last put in (unless parameter declared)
|
33
|
-
close == closes object (or last opened entity -- and recurses back to another entity)
|
34
|
-
use == switches to use object with specified ID
|
35
|
-
|
36
|
-
|
37
|
-
Either Changing OBJECT - Or changing META-DATA about the OBJECT
|
38
|
-
|
39
|
-
================================================
|
40
|
-
|
41
|
-
|
42
|
-
All commands are applicable to all key objects, however there is one default object that is assumed when none is specified.
|
43
|
-
|
44
|
-
So
|
45
|
-
|
46
|
-
ops open secret abc/def
|
47
|
-
ops open store xyz
|
48
|
-
ops open domain abc.com
|
49
|
-
|
50
|
-
But if un-specific command given
|
51
|
-
|
52
|
-
ops open abc/def
|
53
|
-
|
54
|
-
Then the default "secret" is assumed.
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
==== =========================================================== ====
|
59
|
-
==== The Open Format for Command Line (or REST API) Driven Tools ====
|
60
|
-
==== =========================================================== ====
|
61
|
-
|
62
|
-
|
63
|
-
ops open domain xxxxxxxxxx
|
64
|
-
|
65
|
-
ops close == will close everything (domains, secrets ...)
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
Question "Close domain xxx or secret ...." - more than one is open
|
71
|
-
|
72
|
-
ops close domain
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
ops open store store123
|
78
|
-
|
79
|
-
ops put type git
|
80
|
-
ops put url http://asdfasdf.com
|
81
|
-
ops put credentials my.aws.keys.txt
|
82
|
-
|
83
|
-
1 = ops close 2 = ops close store 3 = ops close store123
|
84
|
-
1 = Closes everything 2 = Closes every store 3 = Closes the particular store
|
85
|
-
|
86
|
-
|
87
|
-
Then need ops use or (ops attach).
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
==================================================================================================
|
92
|
-
Key Classes
|
93
|
-
==================================================================================================
|
94
|
-
|
95
|
-
domain
|
96
|
-
store
|
97
|
-
session (etcd or redis or ...)
|
98
|
-
session (think about services jvms stuff that can be started and then referred to)
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
ops config store --url=/home/bob/crypt-store
|
103
|
-
|
104
|
-
ops config store --type=
|
105
|
-
|
106
|
-
ops safe url /home/bob/safe
|
107
|
-
ops safe url /media/phone/ops-data
|
108
|
-
|
109
|
-
ops safe type git
|
110
|
-
ops safe url https://my.domain.com/storage/
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
ops base /home/bob/credentials
|
115
|
-
ops safe
|
116
|
-
|
117
|
-
|
118
|
-
ops use domainxyz
|
119
|
-
ops use safe x123
|
120
|
-
ops use base 4sdfgy
|
121
|
-
|
122
|
-
|
123
|
-
ops configure safe/url https://www.asdf.com/asdfa.git
|
124
|
-
|
125
|
-
ops configure safe/id blue.usb.key
|
126
|
-
ops configure blue.usb.key safe/type file
|
127
|
-
ops configure safe
|
128
|
-
|
129
|
-
|
130
|
-
==================================================================================================
|
131
|
-
==================================================================================================
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
To Connect to Samsung S8 (or any other Android Device) - on Ubuntu
|
137
|
-
|
138
|
-
Most times it will be here
|
139
|
-
cd /run/user/1000/gvfs/
|
140
|
-
|
141
|
-
Then something like this
|
142
|
-
cd /run/user/1000/gvfs/mtp:host=%5Busb%3A001%2C015%5D
|
143
|
-
(but changes)
|
144
|
-
|
145
|
-
olooks like this
|
146
|
-
mtp://[usb:001,010]/Phone/OSX
|
147
|
-
|
148
|
-
mtp:host=%5Busb%3A001%2C015%5D
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
Do ls hardware then scroll to usb section it may look like this on one of them.
|
153
|
-
sudo lshw
|
154
|
-
|
155
|
-
*-usb:0
|
156
|
-
description: Generic USB device
|
157
|
-
product: SAMSUNG_Android
|
158
|
-
vendor: SAMSUNG
|
159
|
-
physical id: 1
|
160
|
-
bus info: usb@1:1
|
161
|
-
version: 4.00
|
162
|
-
serial: 9889db344b4436374d
|
163
|
-
capabilities: usb-2.10
|
164
|
-
configuration: driver=usbfs maxpower=64mA speed=480Mbit/s
|
165
|
-
|
166
|
-
|
167
|
-
very useful
|
168
|
-
sudo apt-get install mtpfs
|
169
|
-
mtp-detect
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
if open in nautilus
|
174
|
-
lsof -c nautilus
|
175
|
-
|
176
|
-
|
177
|
-
Try these commands
|
178
|
-
|
179
|
-
sudo fdisk -l
|
180
|
-
sudo cat /etc/fstab
|