opensecret 0.0.988 → 0.0.9925
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +56 -159
- data/bin/opensecret +2 -2
- data/bin/ops +17 -2
- data/lib/extension/string.rb +14 -16
- data/lib/{interpreter.rb → interprete.rb} +53 -29
- data/lib/keytools/binary.map.rb +49 -0
- data/lib/keytools/kdf.api.rb +249 -0
- data/lib/keytools/kdf.bcrypt.rb +64 -29
- data/lib/keytools/kdf.pbkdf2.rb +92 -83
- data/lib/keytools/kdf.scrypt.rb +190 -0
- data/lib/keytools/key.64.rb +326 -0
- data/lib/keytools/key.algo.rb +109 -0
- data/lib/keytools/key.api.rb +1281 -0
- data/lib/keytools/key.db.rb +265 -0
- data/lib/keytools/{key.module.rb → key.docs.rb} +55 -0
- data/lib/keytools/key.error.rb +110 -0
- data/lib/keytools/key.id.rb +271 -0
- data/lib/keytools/key.iv.rb +107 -0
- data/lib/keytools/key.local.rb +265 -0
- data/lib/keytools/key.mach.rb +248 -0
- data/lib/keytools/key.now.rb +402 -0
- data/lib/keytools/key.pair.rb +259 -0
- data/lib/keytools/key.pass.rb +120 -0
- data/lib/keytools/key.rb +428 -298
- data/lib/keytools/keydebug.txt +295 -0
- data/lib/logging/gem.logging.rb +3 -3
- data/lib/modules/cryptology/collect.rb +20 -0
- data/lib/session/require.gem.rb +1 -1
- data/lib/usecase/cmd.rb +417 -0
- data/lib/usecase/id.rb +36 -0
- data/lib/usecase/import.rb +174 -0
- data/lib/usecase/init.rb +78 -0
- data/lib/usecase/login.rb +70 -0
- data/lib/usecase/logout.rb +30 -0
- data/lib/usecase/open.rb +126 -0
- data/lib/{interprete → usecase}/put.rb +100 -47
- data/lib/usecase/read.rb +89 -0
- data/lib/{interprete → usecase}/safe.rb +0 -0
- data/lib/{interprete → usecase}/set.rb +0 -0
- data/lib/usecase/token.rb +111 -0
- data/lib/{interprete → usecase}/use.rb +0 -0
- data/lib/version.rb +1 -1
- data/opensecret.gemspec +4 -3
- metadata +39 -33
- data/lib/exception/cli.error.rb +0 -53
- data/lib/exception/errors/cli.errors.rb +0 -31
- data/lib/interprete/begin.rb +0 -232
- data/lib/interprete/cmd.rb +0 -621
- data/lib/interprete/export.rb +0 -163
- data/lib/interprete/init.rb +0 -205
- data/lib/interprete/key.rb +0 -119
- data/lib/interprete/open.rb +0 -148
- data/lib/interprete/seal.rb +0 -129
- data/lib/keytools/digester.rb +0 -245
- data/lib/keytools/key.data.rb +0 -227
- data/lib/keytools/key.derivation.rb +0 -341
- data/lib/modules/mappers/collateral.rb +0 -282
- data/lib/modules/mappers/envelope.rb +0 -127
- data/lib/modules/mappers/settings.rb +0 -170
- data/lib/notepad/scratch.pad.rb +0 -224
- data/lib/store-commands.txt +0 -180
data/lib/notepad/scratch.pad.rb
DELETED
@@ -1,224 +0,0 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
# coding: utf-8
|
3
|
-
|
4
|
-
|
5
|
-
## ########################### ##
|
6
|
-
## Trial and Error Scratch-Pad ##
|
7
|
-
## ########################### ##
|
8
|
-
|
9
|
-
|
10
|
-
class Trial
|
11
|
-
|
12
|
-
|
13
|
-
=begin
|
14
|
-
|
15
|
-
How to Sign
|
16
|
-
Signature Code
|
17
|
-
Sign Using Public/Private Keys
|
18
|
-
|
19
|
-
00 ------------------------------------
|
20
|
-
|
21
|
-
to_sign_segments = [ secured_keytext, public_key_64, @email_addr, @c[:global][:stamp_23] ]
|
22
|
-
to_sign_packet = to_sign_segments.alphanumeric_union.concat_length
|
23
|
-
signature_string = Base64.urlsafe_encode64( asymmetric_keys.sign( OpenSSL::Digest::SHA256.new, to_sign_packet ) )
|
24
|
-
|
25
|
-
00 ------------------------------------
|
26
|
-
|
27
|
-
=end
|
28
|
-
|
29
|
-
def self.ciphername
|
30
|
-
|
31
|
-
require 'openssl'
|
32
|
-
require "base64"
|
33
|
-
|
34
|
-
crypt_cipher = OpenSSL::Cipher::AES256.new(:CBC)
|
35
|
-
puts "Cipher Name => #{crypt_cipher.class.name}"
|
36
|
-
|
37
|
-
end
|
38
|
-
|
39
|
-
####### ======> Trial.ciphername
|
40
|
-
|
41
|
-
|
42
|
-
def self.certify
|
43
|
-
|
44
|
-
require 'openssl'
|
45
|
-
require "base64"
|
46
|
-
|
47
|
-
key = OpenSSL::PKey::RSA.new(1024)
|
48
|
-
public_key = key.public_key
|
49
|
-
|
50
|
-
subject = "/C=BE/O=Test/OU=Test/CN=Test"
|
51
|
-
|
52
|
-
cert = OpenSSL::X509::Certificate.new
|
53
|
-
cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)
|
54
|
-
cert.not_before = Time.now
|
55
|
-
cert.not_after = Time.now + 365 * 24 * 60 * 60
|
56
|
-
cert.public_key = public_key
|
57
|
-
cert.serial = 0x0
|
58
|
-
cert.version = 2
|
59
|
-
|
60
|
-
ef = OpenSSL::X509::ExtensionFactory.new
|
61
|
-
ef.subject_certificate = cert
|
62
|
-
ef.issuer_certificate = cert
|
63
|
-
cert.extensions = [
|
64
|
-
ef.create_extension("basicConstraints","CA:TRUE", true),
|
65
|
-
ef.create_extension("subjectKeyIdentifier", "hash"),
|
66
|
-
# ef.create_extension("keyUsage", "cRLSign,keyCertSign", true),
|
67
|
-
]
|
68
|
-
cert.add_extension ef.create_extension("authorityKeyIdentifier",
|
69
|
-
"keyid:always,issuer:always")
|
70
|
-
|
71
|
-
cert.sign key, OpenSSL::Digest::SHA1.new
|
72
|
-
|
73
|
-
puts cert.to_pem
|
74
|
-
|
75
|
-
end
|
76
|
-
|
77
|
-
|
78
|
-
##### -----> Trial.certify
|
79
|
-
|
80
|
-
|
81
|
-
def self.crypt
|
82
|
-
|
83
|
-
require 'openssl'
|
84
|
-
require "base64"
|
85
|
-
|
86
|
-
=begin
|
87
|
-
puts ""
|
88
|
-
puts Time.now.strftime "%9N"
|
89
|
-
puts Time.now.strftime "%12N"
|
90
|
-
puts Time.now.strftime "%15N"
|
91
|
-
puts Time.now.strftime "%18N"
|
92
|
-
puts ""
|
93
|
-
exit
|
94
|
-
=end
|
95
|
-
|
96
|
-
## --------------------------------------------------------------------------------------------
|
97
|
-
## --------------------------------------------------------------------------------------------
|
98
|
-
|
99
|
-
key = OpenSSL::PKey::RSA.new(2048)
|
100
|
-
|
101
|
-
|
102
|
-
payload = "55fff4c5895bb247676c6edd2307f17c665305457b3bcfcd985c398246b8780f54e337252c5407afd4895a5e3a2415fce5b703a483da3edc88739cb7787262a19d69fb9416f900fed797c046aaec83b8e15b14edb032ed76535def8ada77108936e5442a839d4078048ca01449a6acd7315c9b7a7b8802dba0c83eb4c13e21b1051efa77a420a3ffd3cbf1fa13182933a0503f23cce95b68787081f3af33c69049657bdbf1fd30d79f108d604faad1fbee198a3e2c1b28cdddf7ebb84b6b0c1d3e9b47665bd96d7df8407e11d00e4d9275e805c7b9e61b6739802d6d87ac8283ef92a593ed53db2096cd1dc9496307f40942cc3d54a7c864ede71e0b192ce152"
|
103
|
-
|
104
|
-
puts ""
|
105
|
-
puts ""
|
106
|
-
puts public_key_text = key.public_key.to_pem
|
107
|
-
puts ""
|
108
|
-
puts "Payload size is #{payload.length}"
|
109
|
-
puts ""
|
110
|
-
=begin
|
111
|
-
puts ""
|
112
|
-
puts encrypted_string = key.public_encrypt( payload, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
|
113
|
-
puts ""
|
114
|
-
puts base64text = Base64.urlsafe_encode64(encrypted_string)
|
115
|
-
puts ""
|
116
|
-
puts signature = key.sign(OpenSSL::Digest::SHA256.new, payload )
|
117
|
-
puts ""
|
118
|
-
puts hex_data = signature.unpack("H*").first
|
119
|
-
puts ""
|
120
|
-
puts "Length is #{hex_data.length}"
|
121
|
-
puts ""
|
122
|
-
puts key.public_key.verify(OpenSSL::Digest::SHA256.new, signature, payload)
|
123
|
-
puts ""
|
124
|
-
puts encrypted_string.unpack("H*").first
|
125
|
-
puts ""
|
126
|
-
puts ""
|
127
|
-
puts "Padding => #{OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING}"
|
128
|
-
puts ""
|
129
|
-
puts key.private_decrypt( encrypted_string, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING )
|
130
|
-
puts ""
|
131
|
-
=end
|
132
|
-
email_address = "bob@hotmail.com"
|
133
|
-
time_stamp = "5th.April.2020.20:21pm"
|
134
|
-
|
135
|
-
secured_privatekey = key.export( OpenSSL::Cipher::AES256.new(:CBC), "secret12345abcde" )
|
136
|
-
|
137
|
-
|
138
|
-
second_key = OpenSSL::PKey::RSA.new(2048)
|
139
|
-
second_public_key_text = second_key.public_key.to_pem
|
140
|
-
|
141
|
-
context_string_dirty = secured_privatekey + public_key_text + email_address + time_stamp
|
142
|
-
context_string_clean = context_string_dirty.delete("^A-Za-z0-9")
|
143
|
-
context_string_clean += context_string_clean.length.to_s
|
144
|
-
#### context_signature_str = Base64.urlsafe_encode64(second_key.sign OpenSSL::Digest::SHA256.new, context_string_clean)
|
145
|
-
context_signature_str = Base64.urlsafe_encode64(key.sign OpenSSL::Digest::SHA256.new, context_string_clean)
|
146
|
-
|
147
|
-
|
148
|
-
## --------------------------------------------------------------------------------------------
|
149
|
-
## --------------------------------------------------------------------------------------------
|
150
|
-
|
151
|
-
reinstated_key = OpenSSL::PKey::RSA.new "#{public_key_text}"
|
152
|
-
### reinstated_key = OpenSSL::PKey::RSA.new "#{second_public_key_text}"
|
153
|
-
raw_signature_text = Base64.urlsafe_decode64(context_signature_str)
|
154
|
-
is_valid = reinstated_key.public_key.verify OpenSSL::Digest::SHA256.new, raw_signature_text, (context_string_clean)
|
155
|
-
raise ArgumentError, "Keys not validated" unless is_valid
|
156
|
-
|
157
|
-
## --------------------------------------------------------------------------------------------
|
158
|
-
## --------------------------------------------------------------------------------------------
|
159
|
-
|
160
|
-
puts "======================================================================================"
|
161
|
-
puts "======================================================================================"
|
162
|
-
puts context_string_dirty
|
163
|
-
puts "======================================================================================"
|
164
|
-
puts "======================================================================================"
|
165
|
-
puts context_string_clean
|
166
|
-
puts "======================================================================================"
|
167
|
-
puts "======================================================================================"
|
168
|
-
puts context_signature_str
|
169
|
-
puts "======================================================================================"
|
170
|
-
puts "======================================================================================"
|
171
|
-
puts "Keys Are Valid => #{is_valid}"
|
172
|
-
puts "======================================================================================"
|
173
|
-
puts "======================================================================================"
|
174
|
-
puts ""
|
175
|
-
|
176
|
-
end
|
177
|
-
|
178
|
-
=begin
|
179
|
-
ddGKDqfhF6HnkJuIdTECZk7J7E9xx9LiYRDywCdIuDxYQQs+if+3qxP37+ah
|
180
|
-
HwGYgjxpIjqS9slhLOveVexSeHUD4DCbjHW2AlMsaUxwoSY0UfgzrO+2LDG9
|
181
|
-
tyizUYA6n8a+vBzJqRFP2BW7/AxwP0jm0yADWwBOGFL1+g==
|
182
|
-
|
183
|
-
<-|@| < || opensecret outer crypt material axis || > |@|->
|
184
|
-
|
185
|
-
HNkUjWaFoI5dPTRUUymyf7uKMaXFhiIZaOq+ZYj4TWPN92qv6ANTd3pRvVa3
|
186
|
-
S+aQSOX7q3FkKIOc5yfWLushGAMSwidgH1kzLvocCf+SSWH5BY3zTb7NAGjW
|
187
|
-
=end
|
188
|
-
|
189
|
-
# -------->
|
190
|
-
# --------> Trial.crypt
|
191
|
-
# -------->
|
192
|
-
|
193
|
-
def try
|
194
|
-
|
195
|
-
require "pp"
|
196
|
-
require "inifile"
|
197
|
-
new_map = { "string1" => "value1", "string2" => "value2" }
|
198
|
-
|
199
|
-
ini_pairs = IniFile.new
|
200
|
-
ini_pairs["dictionary"] = new_map
|
201
|
-
|
202
|
-
puts ""
|
203
|
-
puts ini_pairs.to_s
|
204
|
-
puts ""
|
205
|
-
|
206
|
-
|
207
|
-
puts "--------------------"
|
208
|
-
puts new_map
|
209
|
-
puts "--------------------"
|
210
|
-
puts "#{pp new_map}"
|
211
|
-
puts "--------------------"
|
212
|
-
puts "#{new_map.to_s}"
|
213
|
-
puts "--------------------"
|
214
|
-
puts ""
|
215
|
-
|
216
|
-
## x = "messagess"
|
217
|
-
## x += "x" until x.bytesize % 8 == 0
|
218
|
-
|
219
|
-
## puts "Now x string is [#{x}]."
|
220
|
-
## puts "x is now [#{x.length}] characters long."
|
221
|
-
|
222
|
-
end
|
223
|
-
|
224
|
-
end
|
data/lib/store-commands.txt
DELETED
@@ -1,180 +0,0 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
ops init john@example.com
|
4
|
-
ops open monday/menu
|
5
|
-
|
6
|
-
ops put breakfast/cereal weetabix
|
7
|
-
ops add breakfast/cereal cornflakes
|
8
|
-
|
9
|
-
if accidentally you do
|
10
|
-
|
11
|
-
ops put breakfast/cereal cocopops
|
12
|
-
|
13
|
-
it says
|
14
|
-
"I have overwritten the value of breakfast/cereal"
|
15
|
-
To alter this type "ops undo"
|
16
|
-
After every command create a backup file with session timestamp on it.
|
17
|
-
So later we can do
|
18
|
-
|
19
|
-
ops revert <<session time stamp>>
|
20
|
-
(will jump back to that point in time)
|
21
|
-
|
22
|
-
All files are deleted on close (lock) command.
|
23
|
-
|
24
|
-
================================================
|
25
|
-
Global CRUD Commands
|
26
|
-
================================================
|
27
|
-
|
28
|
-
init == creates the object
|
29
|
-
open == opens a path to the object
|
30
|
-
put == puts something inside the object (overwrites if need be)
|
31
|
-
add == add something to the object (if exists becomes a list which even allows duplicates like stack)
|
32
|
-
remove == takes out what was last put in (unless parameter declared)
|
33
|
-
close == closes object (or last opened entity -- and recurses back to another entity)
|
34
|
-
use == switches to use object with specified ID
|
35
|
-
|
36
|
-
|
37
|
-
Either Changing OBJECT - Or changing META-DATA about the OBJECT
|
38
|
-
|
39
|
-
================================================
|
40
|
-
|
41
|
-
|
42
|
-
All commands are applicable to all key objects, however there is one default object that is assumed when none is specified.
|
43
|
-
|
44
|
-
So
|
45
|
-
|
46
|
-
ops open secret abc/def
|
47
|
-
ops open store xyz
|
48
|
-
ops open domain abc.com
|
49
|
-
|
50
|
-
But if un-specific command given
|
51
|
-
|
52
|
-
ops open abc/def
|
53
|
-
|
54
|
-
Then the default "secret" is assumed.
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
==== =========================================================== ====
|
59
|
-
==== The Open Format for Command Line (or REST API) Driven Tools ====
|
60
|
-
==== =========================================================== ====
|
61
|
-
|
62
|
-
|
63
|
-
ops open domain xxxxxxxxxx
|
64
|
-
|
65
|
-
ops close == will close everything (domains, secrets ...)
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
Question "Close domain xxx or secret ...." - more than one is open
|
71
|
-
|
72
|
-
ops close domain
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
ops open store store123
|
78
|
-
|
79
|
-
ops put type git
|
80
|
-
ops put url http://asdfasdf.com
|
81
|
-
ops put credentials my.aws.keys.txt
|
82
|
-
|
83
|
-
1 = ops close 2 = ops close store 3 = ops close store123
|
84
|
-
1 = Closes everything 2 = Closes every store 3 = Closes the particular store
|
85
|
-
|
86
|
-
|
87
|
-
Then need ops use or (ops attach).
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
==================================================================================================
|
92
|
-
Key Classes
|
93
|
-
==================================================================================================
|
94
|
-
|
95
|
-
domain
|
96
|
-
store
|
97
|
-
session (etcd or redis or ...)
|
98
|
-
session (think about services jvms stuff that can be started and then referred to)
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
ops config store --url=/home/bob/crypt-store
|
103
|
-
|
104
|
-
ops config store --type=
|
105
|
-
|
106
|
-
ops safe url /home/bob/safe
|
107
|
-
ops safe url /media/phone/ops-data
|
108
|
-
|
109
|
-
ops safe type git
|
110
|
-
ops safe url https://my.domain.com/storage/
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
ops base /home/bob/credentials
|
115
|
-
ops safe
|
116
|
-
|
117
|
-
|
118
|
-
ops use domainxyz
|
119
|
-
ops use safe x123
|
120
|
-
ops use base 4sdfgy
|
121
|
-
|
122
|
-
|
123
|
-
ops configure safe/url https://www.asdf.com/asdfa.git
|
124
|
-
|
125
|
-
ops configure safe/id blue.usb.key
|
126
|
-
ops configure blue.usb.key safe/type file
|
127
|
-
ops configure safe
|
128
|
-
|
129
|
-
|
130
|
-
==================================================================================================
|
131
|
-
==================================================================================================
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
To Connect to Samsung S8 (or any other Android Device) - on Ubuntu
|
137
|
-
|
138
|
-
Most times it will be here
|
139
|
-
cd /run/user/1000/gvfs/
|
140
|
-
|
141
|
-
Then something like this
|
142
|
-
cd /run/user/1000/gvfs/mtp:host=%5Busb%3A001%2C015%5D
|
143
|
-
(but changes)
|
144
|
-
|
145
|
-
olooks like this
|
146
|
-
mtp://[usb:001,010]/Phone/OSX
|
147
|
-
|
148
|
-
mtp:host=%5Busb%3A001%2C015%5D
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
Do ls hardware then scroll to usb section it may look like this on one of them.
|
153
|
-
sudo lshw
|
154
|
-
|
155
|
-
*-usb:0
|
156
|
-
description: Generic USB device
|
157
|
-
product: SAMSUNG_Android
|
158
|
-
vendor: SAMSUNG
|
159
|
-
physical id: 1
|
160
|
-
bus info: usb@1:1
|
161
|
-
version: 4.00
|
162
|
-
serial: 9889db344b4436374d
|
163
|
-
capabilities: usb-2.10
|
164
|
-
configuration: driver=usbfs maxpower=64mA speed=480Mbit/s
|
165
|
-
|
166
|
-
|
167
|
-
very useful
|
168
|
-
sudo apt-get install mtpfs
|
169
|
-
mtp-detect
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
if open in nautilus
|
174
|
-
lsof -c nautilus
|
175
|
-
|
176
|
-
|
177
|
-
Try these commands
|
178
|
-
|
179
|
-
sudo fdisk -l
|
180
|
-
sudo cat /etc/fstab
|