opensecret 0.0.962 → 0.0.988

Sign up to get free protection for your applications and to get access to all the features.
Files changed (70) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +16 -10
  3. data/bin/opensecret +3 -4
  4. data/bin/ops +5 -0
  5. data/lib/extension/string.rb +114 -0
  6. data/lib/factbase/facts.opensecret.io.ini +9 -21
  7. data/lib/interprete/begin.rb +232 -0
  8. data/lib/interprete/cmd.rb +621 -0
  9. data/lib/{plugins/usecases/unlock.rb → interprete/export.rb} +25 -70
  10. data/lib/interprete/init.rb +205 -0
  11. data/lib/interprete/key.rb +119 -0
  12. data/lib/interprete/open.rb +148 -0
  13. data/lib/{plugins/usecases → interprete}/put.rb +19 -6
  14. data/lib/{plugins/usecases → interprete}/safe.rb +2 -1
  15. data/lib/{plugins/usecases/lock.rb → interprete/seal.rb} +24 -34
  16. data/lib/interprete/set.rb +46 -0
  17. data/lib/interprete/use.rb +43 -0
  18. data/lib/interpreter.rb +165 -0
  19. data/lib/keytools/binary.map.rb +245 -0
  20. data/lib/keytools/digester.rb +245 -0
  21. data/lib/keytools/doc.conversion.to.ones.and.zeroes.ruby +179 -0
  22. data/lib/keytools/doc.rsa.radix.binary-mapping.ruby +190 -0
  23. data/lib/keytools/doc.star.schema.strategy.txt +77 -0
  24. data/lib/keytools/doc.using.pbkdf2.kdf.ruby +95 -0
  25. data/lib/keytools/doc.using.pbkdf2.pkcs.ruby +266 -0
  26. data/lib/keytools/kdf.bcrypt.rb +180 -0
  27. data/lib/keytools/kdf.pbkdf2.rb +164 -0
  28. data/lib/keytools/key.data.rb +227 -0
  29. data/lib/keytools/key.derivation.rb +341 -0
  30. data/lib/keytools/key.module.rb +140 -0
  31. data/lib/keytools/key.rb +481 -0
  32. data/lib/logging/gem.logging.rb +1 -2
  33. data/lib/modules/cryptology.md +43 -0
  34. data/lib/{plugins/ciphers → modules/cryptology}/aes-256.rb +6 -0
  35. data/lib/{crypto → modules/cryptology}/amalgam.rb +6 -0
  36. data/lib/modules/cryptology/blowfish.rb +130 -0
  37. data/lib/modules/cryptology/cipher.rb +207 -0
  38. data/lib/modules/cryptology/collect.rb +118 -0
  39. data/lib/{plugins → modules/cryptology}/crypt.io.rb +5 -0
  40. data/lib/{crypto → modules/cryptology}/engineer.rb +7 -1
  41. data/lib/{crypto → modules/cryptology}/open.bcrypt.rb +0 -0
  42. data/lib/modules/mappers/collateral.rb +282 -0
  43. data/lib/modules/mappers/dictionary.rb +288 -0
  44. data/lib/modules/mappers/envelope.rb +127 -0
  45. data/lib/modules/mappers/settings.rb +170 -0
  46. data/lib/modules/storage/coldstore.rb +186 -0
  47. data/lib/{opensecret/plugins.io/git/git.flow.rb → modules/storage/git.store.rb} +11 -0
  48. data/lib/notepad/scratch.pad.rb +17 -0
  49. data/lib/session/fact.finder.rb +13 -0
  50. data/lib/session/require.gem.rb +5 -0
  51. data/lib/store-commands.txt +180 -0
  52. data/lib/version.rb +1 -1
  53. data/opensecret.gemspec +5 -6
  54. metadata +74 -29
  55. data/lib/crypto/blowfish.rb +0 -85
  56. data/lib/crypto/collect.rb +0 -140
  57. data/lib/crypto/verify.rb +0 -33
  58. data/lib/opensecret.rb +0 -236
  59. data/lib/plugins/cipher.rb +0 -203
  60. data/lib/plugins/ciphers/blowfish.rb +0 -126
  61. data/lib/plugins/coldstore.rb +0 -181
  62. data/lib/plugins/envelope.rb +0 -116
  63. data/lib/plugins/secrets.uc.rb +0 -94
  64. data/lib/plugins/usecase.rb +0 -239
  65. data/lib/plugins/usecases/init.rb +0 -145
  66. data/lib/plugins/usecases/open.rb +0 -108
  67. data/lib/session/attributes.rb +0 -279
  68. data/lib/session/dictionary.rb +0 -191
  69. data/lib/session/file.path.rb +0 -53
  70. data/lib/session/session.rb +0 -80
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 06aed72d992d1b8f9ae2533681c47e20d9974e05
4
- data.tar.gz: 04b41b862706f7f98d95f78bdbc18405c0e5b80a
3
+ metadata.gz: 66c7d8d35a57f8a3cdb9b474e91449ec0e99860a
4
+ data.tar.gz: 613a5d83b7106f5ba575375a19d2afd2a800349a
5
5
  SHA512:
6
- metadata.gz: 993f8128c462a648fb3599326cac9ee378a17d8bbaea620aee11223a6b10584205df2c2c68b2856223befccb2a0e02207188ddbd80dfe3e0bd615c6f1d95a66f
7
- data.tar.gz: 6684892e42493e09e13549591ef8b048ad95d0b586c4a8f1226e4d1f063fc42401241326a814c35c78699aa2a2d441fceb9f69ea9ce050c909eed090258168dd
6
+ metadata.gz: b7f868866c2aeaefdf7175bc3908c6fd099c9b012459cabb95ce896bb3cbf97c07669e37fd821463d604e1a8b24096e7ba7522d2976a997e0e868402bae223d2
7
+ data.tar.gz: e4c370058f6531ba3195d2555b8f1e53e3fbd61d27d8ebbbd5acce7dd71aa243c57e7c2558254aa8ba78a94b434e321494cc196fbcd035aaeef833c88d0faf17
data/README.md CHANGED
@@ -4,23 +4,24 @@ opensecret [![Build Status](https://secure.travis-ci.org/TwP/inifile.png)](http:
4
4
  opensecret | Install and Configure
5
5
  -----------
6
6
 
7
- opensecret stashes uncrackable secrets into your Git, S3, DropBox, Google Drive and filesystems backends. You interface with its intuitive Linux, Windows, iOS front ends and it offers SDKs and plugins for Ruby, Python, Go, Java, Jenkins, CodeShip, Ansible, Terraform, Puppet and Chef. Soon, support will be added for database and keystore backends such as MySQL, MongoDB, PostgreSQL, Redis, Memcached and etcd.
7
+ opensecret locks secrets and sensitive data in a simple and highly secure manner. <b><em>It never accesses the cloud</em></b>. It produces files that are precious to you but <b><em>worthless</em></b> to everyone else. As well as the filesystem, you can choose Git, Amazon S3 or a remote drive as your backend store.
8
8
 
9
- **opensecret never accesses the cloud.** It can operate on a wee non-networked laptop if you so wish. opensecret takes a fresh approach to security and challenges common misconceptions - in order to deliver a simple, highly secure credentials management system.
9
+ opensecret takes a fresh approach in its quest to be both simple and highly secure.
10
10
 
11
11
 
12
- ### opensecret | Install It
12
+ ### Install
13
13
 
14
14
  $ gem install opensecret
15
15
 
16
- ### opensecret | Configure It
16
+ ### Initialize
17
+
18
+ $ opensecret init joe@example.com
19
+
20
+ It doesn't have to be an email address. <tt>smith.family.info</tt> will do just fine. Choose a memorable (but not easily guessable) password.
21
+
22
+ ### Open envelope | Put secrets | Seal envelope
17
23
 
18
- $ opensecret safe /path/to/usb/key/safe
19
- $ opensecret email joebloggs@harvard.edu
20
- $ opensecret store https://www.eco-platform.co.uk/crypt/lecturers.git
21
- $ opensecret init
22
24
 
23
- These directives tell opensecret **where**, **who** and **which** - the order doesn't matter.
24
25
 
25
26
  - <tt>**keydir**</tt> &raquo; best practise is a usb key drive with your **actual keys**
26
27
  - <tt>**name**</tt> &raquo; single word lowercase and short - how your peers call you
@@ -36,7 +37,7 @@ Init(ialize) creates an uncrackable **8192 bit private/public key pair**, locked
36
37
 
37
38
  Or you can enter the password on the command line.
38
39
 
39
- $ opensecret init --password="seeKr33t-p4ssw0RD@x"
40
+ $ opensecret init --password="sEeKr33tp4$$w@RD"
40
41
 
41
42
 
42
43
  ### opensecret | All Done!
@@ -53,6 +54,11 @@ It's simple for Joe but nigh impossible for Susan. That's why you need a USB key
53
54
  Your ability to access your own secrets (even after disaster scenarios) is as important as preventing the secrets being accessed. This is why opensecret piggy backs off your (already configured) redundancy and backup solutions.
54
55
 
55
56
 
57
+ == Export the Session Key
58
+
59
+ export OPS_KEY=`ops key`
60
+
61
+
56
62
  opensecret | Lock and Unlock
57
63
  -----------
58
64
 
@@ -1,6 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
2
 
3
- # --> require 'opensecret/safe'
4
- require 'opensecret'
5
-
6
- CliInterpreter.start(ARGV)
3
+ require 'interpreter'
4
+
5
+ Interpreter.start(ARGV)
data/bin/ops ADDED
@@ -0,0 +1,5 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'interpreter'
4
+
5
+ Interpreter.start(ARGV)
@@ -12,6 +12,120 @@
12
12
  class String
13
13
 
14
14
 
15
+ # Encrypt this string with the parameter symmetric encryption/decryption key
16
+ # and then return the Base64 (block mode) encoded result.
17
+ #
18
+ # @example
19
+ # cipher_text = "Hello crypt world".encrypt_block_encode "ABC123XYZ"
20
+ # original_txt = cipher_text.block_decode_decrypt "ABC123XYZ"
21
+ # puts original_txt # "Hello crypt world"
22
+ #
23
+ # @param crypt_key [String]
24
+ # a strong long encryption key that is used to encrypt this string before
25
+ # applying the Base64 block encoding.
26
+ def encrypt_block_encode crypt_key
27
+ encrypted_text = OpenSecret::ToolBelt::Blowfish.encryptor( self, crypt_key )
28
+ return Base64.encode64( encrypted_text )
29
+ end
30
+
31
+
32
+
33
+ # First apply a base64 (block mode) decode to this string and then use the
34
+ # parameter symmetric decryption key to decrypt the result. The output is then
35
+ # returned within a new string.
36
+ #
37
+ # @example
38
+ # cipher_text = "Hello crypt world".decrypt_block_encode "ABC123XYZ"
39
+ # original_txt = cipher_text.block_decode_decrypt "ABC123XYZ"
40
+ # puts original_txt # "Hello crypt world"
41
+ #
42
+ # @param crypt_key [String]
43
+ # a strong long decryption key that is used to decrypt this string after
44
+ # the Base64 block decoding has been applied.
45
+ def block_decode_decrypt crypt_key
46
+ the_ciphertxt = Base64.decode64( self )
47
+ return OpenSecret::ToolBelt::Blowfish.decryptor( the_ciphertxt, crypt_key )
48
+ end
49
+
50
+
51
+
52
+ # Encrypt this string with the parameter symmetric encryption/decryption key
53
+ # and then return the Base64 (url safe mode) encoded result.
54
+ #
55
+ # The output will be a single line and differs from the block mode with
56
+ #
57
+ # - underscores printed instead of forward slash characters
58
+ # - hyphens printed instead of plus characters
59
+ # - no (blocked) carriage return or new line characters
60
+ #
61
+ # Note however that sometimes one or more equals characters will be printed at
62
+ # the end of the string by way of padding. In places like environment variables
63
+ # that are sensitive to the equals character this can be replaced by an <b>@</b>
64
+ # symbol.
65
+ #
66
+ # @example
67
+ # cipher_text = "Hello @:==:@ world".encrypt_url_encode "ABC123XYZ"
68
+ # original_txt = cipher_text.url_decode_decrypt "ABC123XYZ"
69
+ # puts original_txt # "Hello @:==:@ world"
70
+ #
71
+ # @param crypt_key [String]
72
+ # a strong long encryption key that is used to encrypt this string before
73
+ # applying the Base64 ul safe encoding.
74
+ def encrypt_url_encode crypt_key
75
+
76
+ ## ################################################
77
+ ## ################################################
78
+ ## ################################################
79
+ ## ################################################
80
+ ## https://www.di-mgt.com.au/cryptokeys.html
81
+ ## ################################################
82
+ ## ################################################
83
+ ## ################################################
84
+ ## ################################################
85
+ ## ################################################
86
+
87
+ log.info(x){ "Encrypt Length => [ #{self.length} ]" }
88
+ log.info(x){ "The Key Length => [ #{crypt_key.length} ]" }
89
+ log.info(x){ "Encrypt String => [ #{self} ]" }
90
+ log.info(x){ "Encryption Key => [ #{crypt_key} ]" }
91
+
92
+ encrypted_text = OpenSecret::ToolBelt::Blowfish.encryptor( self, crypt_key )
93
+
94
+ log.info(x){ "Encrypt Result => [ #{encrypted_text} ]" }
95
+ log.info(x){ "Encrypted Text => [ #{Base64.urlsafe_encode64(encrypted_text)} ]" }
96
+
97
+ return Base64.urlsafe_encode64(encrypted_text)
98
+
99
+ end
100
+
101
+
102
+
103
+ # First apply a base64 (url safe mode) decode to this string and then use the
104
+ # parameter symmetric decryption key to decrypt the result. The output is then
105
+ # returned within a new string.
106
+ #
107
+ # The input must will be a single line and differs from the block mode with
108
+ #
109
+ # - underscores printed instead of forward slash characters
110
+ # - hyphens printed instead of plus characters
111
+ # - no (blocked) carriage return or new line characters
112
+ #
113
+ # @example
114
+ # cipher_text = "Hello @:==:@ world".encrypt_url_encode "ABC123XYZ"
115
+ # original_txt = cipher_text.url_decode_decrypt "ABC123XYZ"
116
+ # puts original_txt # "Hello @:==:@ world"
117
+ #
118
+ # @param crypt_key [String]
119
+ # a strong long decryption key that is used to decrypt this string after
120
+ # the Base64 url safe decoding has been applied.
121
+ def url_decode_decrypt crypt_key
122
+ the_ciphertxt = Base64.urlsafe_decode64( self )
123
+ return OpenSecret::ToolBelt::Blowfish.decryptor( the_ciphertxt, crypt_key )
124
+ end
125
+
126
+
127
+
128
+
15
129
  # Overtly long file paths (eg in logs) can hamper readability so this
16
130
  # <b>human readable filepath converter</b> counters the problem by
17
131
  # returning (only) the 2 immediate ancestors of the filepath.
@@ -3,36 +3,26 @@
3
3
 
4
4
  name = opensecret
5
5
  min.passwd.len = rb>> 6
6
- nickname = godzilla
7
6
  root.domain = devopswiki.co.uk
8
7
  env.var.name = SECRET_MATERIAL
9
8
  ratio = rb>> 3
10
9
  bit.key.size = rb>> 8192
11
10
  key.cipher = rb>> OpenSSL::Cipher::AES256.new(:CBC)
12
- secret.keydir = rb>> OpenSession::Attributes.instance.get_value @s[:name], @s[:name], "safe"
13
- email.address = rb>> OpenSession::Attributes.instance.get_value @s[:name], @s[:name], "email"
14
- safe.user = rb>> File.join @s[:secret_keydir], @s[:email_address]
15
- master.dirname = master.keys
16
- master.dirpath = rb>> File.join @s[:safe_user], @s[:master_dirname]
17
-
18
- master.sig.file = master.signature.os.txt
19
- master.prv.name = master.private.key.xx.txt
20
- master.sig.path = rb>> File.join @s[:master_dirpath], @s[:master_sig_file]
21
- master.prv.key = rb>> File.join @s[:master_dirpath], @s[:master_prv_name]
22
-
23
- stamp.key = stamp
11
+
12
+ domain.now.id = current.domain
13
+ front.path.id = frontend.path
14
+ machine.key.id = machine.p4ssk3y
15
+ time.stamp.id = domain.stamp
16
+ user.secret.id = user.secret
17
+
24
18
  stamp.14 = rb>> OpenSession::Stamp.yyjjj_hhmm_sst
25
19
  stamp.23 = rb>> OpenSession::Stamp.yyjjj_hhmm_ss_nanosec
26
20
 
27
- base.path = rb>> File.join FilePath.context_path(@s[:name]), @s[:email_address]
28
- store.keyspath = rb>> File.join @s[:base_path], "coldstore.keys"
29
- store.mainpath = rb>> File.join @s[:base_path], "coldstore.main"
30
-
31
- machine.key.x = os.x
32
21
  separator.a = %$os$%
33
- publickey.id = public.key
34
22
 
35
23
  repo.name = material_data
24
+ config.file = ops.workstation.directive.ini
25
+ session.file = ops.session.configuration.ini
36
26
 
37
27
  prompt.1 = Enter a Robust Password
38
28
  prompt.2 = Re-enter that Password
@@ -40,8 +30,6 @@ prompt.2 = Re-enter that Password
40
30
  [open]
41
31
 
42
32
  open.name = session
43
- open.dirname = session.material
44
- open.dirpath = rb>> File.join @f[:global][:safe_user], @s[:open_dirname]
45
33
  open.idlen = rb>> 10
46
34
  open.keylen = rb>> 56
47
35
  open.idname = session.id
@@ -0,0 +1,232 @@
1
+ #!/usr/bin/ruby
2
+
3
+ module OpenSecret
4
+
5
+ require 'openssl'
6
+
7
+ # Collecting and immediately <b>locking up the master password</b> is
8
+ # the sole purpose of the <tt>begin use case</tt>.
9
+ #
10
+ # Under certain conditions this {Begin} use case takes the human (key)
11
+ # password and transforms it using a powerful message digester and then
12
+ # uses the decrypted form of the <b>OPS_KEY environment variable</b> to
13
+ # securely encrypt the generated key.
14
+ #
15
+ # This use case then writes (or overwrites) into the workstation configuration
16
+ # under the domain three (3) key/value pairs which are
17
+ #
18
+ # - the parent shell id encrypted using the decrypted OPS_KEY form
19
+ # - the time stamp that will be used as a nonce by future cases
20
+ # - the generated digested hash encrypted with the decrypted OPS_KEY
21
+ #
22
+ # Then the use case prints a success message and exits.
23
+ #
24
+ # <b>Laziness | The 4 Conditions Instigating Action</b>
25
+ #
26
+ # No state is changed unless 3 conditions are met. We take action only if
27
+ # all four of the below conditions are true.
28
+ #
29
+ # - the encrypted private key is present under the domain's front end drive
30
+ # - the OPS_KEY is present - Otherwise we report the error and then EXIT
31
+ # - the decrypted PPID is not present or does not match - Otherwise all is good
32
+ # - the password is found in at least 1 of 7 places - Otherwise we error EXIT
33
+ #
34
+ # If all four conditions are true then we take action and ultimately write
35
+ # (or overwrite) the 3 key/value pairs stated above into the domain section of
36
+ # the workstation's configuration file.
37
+ #
38
+ # == OPS_KEY environment variable | Pre-Condition
39
+ #
40
+ # We cannot securely lock the master password without the uncrackable
41
+ # <b>48 character session key</b> encrypted so that it is only accessible
42
+ # by the single shell that opensecret is being called from.
43
+ #
44
+ # Therefore it is a pre-requisite that the session key has been created
45
+ # and locked down by the {key} use case using the below shell command.
46
+ #
47
+ # $ export OPS_KEY=`ops key` # Export the generated session key
48
+ # $ env | grep OPS_KEY # Check that OPS_KEY indeed exists
49
+ #
50
+ # Note the <b>back-ticks</b> surrounding the <tt>ops key</tt> call.
51
+ #
52
+ # == Where Does {Begin} Fit?
53
+ #
54
+ # The <tt>ops begin</tt> use case is called near the beginning of EVERY
55
+ # opensecret command session.
56
+ #
57
+ # <b>Called Before (once per domain)</b>
58
+ #
59
+ # $ ops init <<domain_name>>, <<drive_path>>
60
+ #
61
+ # <b>Called Before (once per session)</b>
62
+ #
63
+ # At the beginning of every sitting (session) we must create a session key.
64
+ #
65
+ # $ export OPS_KEY=`ops key` # Export the generated session key
66
+ # $ ops begin # Kicks off the opensecret session
67
+ #
68
+ # The password will then be retrieved safely via a prompt. Note there are
69
+ # several other ways to deliver a password securely and/or via non-human
70
+ # actors <b>like scripts</b>.
71
+ #
72
+ # <b>Called After</b>
73
+ #
74
+ # A whole plethora of commands such as open, put, seal, post, reopen, read
75
+ # write, import and export.
76
+ #
77
+ # The {end} use case safely cleans up and tears down session keys and data.
78
+ #
79
+ # $ ops end
80
+ #
81
+ # When the shell closes OPS_KEY disappears forever. However if you want to
82
+ # continue using the same shell you can wipe this away.
83
+ #
84
+ # $ unset OPS_KEY # Delete the shell session key
85
+ # $ env | grep OPS_KEY # Check OPS_KEY is deleted
86
+ #
87
+ # You can also delete every env var created by this shell.
88
+ #
89
+ # $ env -i bash # Rewind to (after) login variables
90
+ #
91
+ #
92
+ # <b>The 7 Ways to Communicate a Password</b>
93
+ #
94
+ # Soon, seven secure methods of password delivery will be implemented and
95
+ # will include
96
+ #
97
+ # - collection from an environment varialbe set before execution
98
+ # - collection from a (possibly encrypted) local file
99
+ # - collection key-value stores such as Redis, etcd and Cassandra
100
+ # - collection via secure (https) including to tokenized S3 urls
101
+ #
102
+ class Begin < Command
103
+
104
+ attr_writer :outer_path, :master_p4ss, :domain_name
105
+
106
+
107
+ # If <b>4 conditions are met</b> this {Begin} use case takes the human (key)
108
+ # password and transforms it using a powerful message digester and then
109
+ # uses the decrypted form of the <b>OPS_KEY environment variable</b> to
110
+ # securely encrypt the generated key.
111
+ #
112
+ # This use case then writes (or overwrites) into the workstation configuration
113
+ # under the domain three (3) key/value pairs which are
114
+ #
115
+ # - the parent shell id encrypted using the decrypted OPS_KEY form
116
+ # - the time stamp that will be used as a nonce by future cases
117
+ # - the generated digested hash encrypted with the decrypted OPS_KEY
118
+ #
119
+ # Then the use case prints a success message and exits.
120
+ #
121
+ # <b>Laziness | The 4 Conditions Instigating Action</b>
122
+ #
123
+ # No state is changed unless 3 conditions are met. We take action only if
124
+ # all four of the below conditions are true.
125
+ #
126
+ # - the encrypted private key is present under the domain's front end drive
127
+ # - the OPS_KEY is present - Otherwise we report the error and then EXIT
128
+ # - the decrypted PPID is not present or does not match - Otherwise all is good
129
+ # - the password is found in at least 1 of 7 places - Otherwise we error EXIT
130
+ #
131
+ # If all four conditions are true then we take action and ultimately write
132
+ # (or overwrite) the 3 key/value pairs stated above into the domain section of
133
+ # the workstation's configuration file.
134
+ #
135
+ #
136
+ # <b>The 7 Ways to Communicate a Password</b>
137
+ #
138
+ # Soon, seven secure methods of password delivery will be implemented and
139
+ # will include
140
+ #
141
+ # - collection from an environment varialbe set before execution
142
+ # - collection from a (possibly encrypted) local file
143
+ # - collection key-value stores such as Redis, etcd and Cassandra
144
+ # - collection via secure (https) including to tokenized S3 urls
145
+ #
146
+ # <b>Begin | Observable Value</b>
147
+ #
148
+ # There are three valuable state changes enacted by this use case.
149
+ #
150
+ # - the <b>password for the domain is collected</b> (in one of several ways)
151
+ # - the <b>session key</b> is acquired from crypted OPS_KEY environment variable
152
+ # - an <b>encrypted password</b> results from locking password with session key
153
+ # - the <b>encrypted password</b> is put into the domain's configuration keystore
154
+ # - a <b>timestamped session folder</b> is created to harbour session artifacts
155
+ #
156
+ # <b>Summary </b>
157
+ #
158
+ # Observable value is the opensecret domain password locked with a robust
159
+ # symmetric encryption key that is at least 48 characters in length and
160
+ # placed into the domain's keystore configuration file.
161
+ def execute
162
+
163
+ hash_dict = OpenKey::Dictionary.create_with_section "/home/apollo/.opensecret.io/tmp.backing.file.txt", "this.section"
164
+ OpenKey::Key256.generate( "human_secret", hash_dict )
165
+
166
+ exit
167
+
168
+ for n in 0 .. 63
169
+
170
+ bcrypt_key = OpenKey::BCryptKeyGen.new.generate_key("human_secret")
171
+ bcrypt_len = bcrypt_key.to_s.length
172
+ pbkdf2_key = OpenKey::Pbkdf2KeyGen.new.generate_key("human_secret")
173
+ pbkdf2_len = pbkdf2_key.to_s.length
174
+
175
+ index = "%02d" % [ n.to_s ]
176
+
177
+ puts "---------------------------------------------------------------------"
178
+ puts "Calculation Number [#{index}]"
179
+ puts "---------------------------------------------------------------------"
180
+ puts "Len #{bcrypt_key.to_oc64.length} => #{bcrypt_key.to_oc64}"
181
+ puts "Len #{bcrypt_len} => #{bcrypt_key.to_s}"
182
+ puts "Len #{pbkdf2_key.to_oc64.length} => #{pbkdf2_key.to_oc64}"
183
+ puts "Len #{pbkdf2_len} => #{pbkdf2_key.to_s}"
184
+
185
+ end
186
+
187
+ exit
188
+
189
+
190
+
191
+ return unless ops_key_exists?
192
+
193
+ instantiate_collateral
194
+ @domain_name = @collateral.domain_name
195
+
196
+ return unless private_key_exists?
197
+
198
+ lock_stored = Mapper::Settings.contains_key?( session_id, MASTER_LOCK_KEY_NAME )
199
+ print_success_initializing if lock_stored
200
+ return if lock_stored
201
+
202
+ unless @master_p4ss
203
+ @master_p4ss = ToolBelt::Collect.secret_text(
204
+ @c[:global][:min_passwd_len],
205
+ false,
206
+ "Enter Ops Password "
207
+ )
208
+ end
209
+
210
+ create_crypt_store_locking_key
211
+ print_success_initializing
212
+
213
+ end
214
+
215
+
216
+ # Perform pre-conditional validations in preparation to executing the main flow
217
+ # of events for this use case. This method may throw the below exceptions.
218
+ #
219
+ # @raise [SafeDirNotConfigured] if the safe's url has not been configured
220
+ # @raise [EmailAddrNotConfigured] if the email address has not been configured
221
+ # @raise [StoreUrlNotConfigured] if the crypt store url is not configured
222
+ def pre_validation
223
+
224
+ end
225
+
226
+
227
+ end
228
+
229
+
230
+ end
231
+
232
+