passbox 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 04ac7ed6574fa1f0647f44dc8f19d522cd668c35ab1b0bc680c4af28f724fb7d
+  data.tar.gz: c21638c4eb47791c5e39fa682a30083744307670a9046101ccfdb515374329b5
+SHA512:
+  metadata.gz: 595b8fdff85d782828e65731955a03524be9a45e178befc0559bb06b2b68b9c39ea4602a201072e81a105d7110e659b933b34fc426f54fa519a1d590e9bd8423
+  data.tar.gz: a43ac4ec10eada49313a1ae5b77c553cd49c970475dd5df494bda03bdf288804216dc8fabbc35f386e9a6f2455840ef9ec7250f5f603f87aa51bc5b614296fe9

data/README.md

@@ -0,0 +1,95 @@
+# passbox
+
+A Ruby based minimalistic offline cli password manager using strong AES encryption.     
+
+## Table of Contents   
+- [1. Introduction](#introduction)   
+- [2. Installation](#install)   
+- [3. Usage](#usage)   
+    - [3a. Initial Setup](#init)    
+    - [3b. Add a new password](#add)    
+    - [3c. Read an existing password](#read)   
+    - [3d. Update an existing password](#update)  
+    - [3e. Delete an existing account](#delete)   
+    - [3f. List all available accounts](#list)
+- [Contributing](#contributing)   
+- [Issues](#issues)  
+     
+     
+## <a name="introduction"></a> 1. Introduction    
+Passbox is a Ruby based cli password manager which uses strong AES encryption and is completely offline.   
+
+I had initially created this little password manager utility for my personal use and one fine day a few colleagues saw it, liked it and suggested to share it with them and here it is, so yeah, its pretty minimalistic but gets the job done and that too securely.   
+
+If you feel you can improve passbox, feel free to drop in your suggestions or even better, fork it and start contributing.    
+      
+Note: I wouldn't say its uncrackable as nothing in the world is.
+     
+     
+## <a name="install"></a> 2. Installation  
+Passbox currently only supports Linux/MacOS based envvrionments.   
+As its a ruby based, it needs a working installation of Ruby version 2 and above installed as a pre-requisite.   
+It can be installed as just any other gem.    
+      
+``` gem install passbox ```     
+     
+     
+## <a name="usage"></a> 3. Usage    
+As mentioned above, passbox is a cli based utility. Below are few basic functions which you can perform.     
+      
+### <a name="init"></a> 3a. Initial Setup
+Before starting, you need to setup the passbox utility which will include creating a base directory and creating your master password.    
+This can be easily done using the init command as follows:    
+     
+``` passbox init ```    
+
+This will ask you create a master password, its recommended you create this one time master password really complex and more than 10 characters to make it really difficult to brute force.    
+      
+### <a name="add"></a> 3b. Add a new password      
+Once passbox is setup, you can start adding password. It can be done using the create command which can be used as follows:     
+     
+``` passbox add ```     
+     
+This command will ask you 3 questions:
+- first to enter your account name (no special charaters)    
+    - eg twitter, facebook etc     
+- second to enter your account username     
+- last to enter your password    
+     
+### <a name="read"></a> 3c. Read an existing password     
+Once you have saved your password, you can view them as and when needed, authenticating using your master password and entering your account name of the password you want to view, as follows :     
+       
+``` passbox read ```    
+     
+This command will ask you 2 questions:
+- to enter you account name for which you want to view the password.     
+- to enter you master password for authentication purposes.    
+     
+### <a name="update"></a> 3d. Update an existing password     
+You can update your account details (username and password) when needed, authenticating using your master password and entering your account name you need to update :     
+       
+``` passbox update ```    
+     
+This command will ask you 4 questions:     
+- First to enter you account name for which you want to update the password.     
+- Next, to enter you master password for authentication purposes.    
+- Then to enter your new updated account username     
+- Last to enter your new updated password   
+     
+### <a name="delete"></a> 3e. Delete an existing account
+You can delete an existing account, if you do not need it anymore. It can be done using the delete command and does not require any kind of authentication.     
+     
+``` passbox delete ```   
+    
+This command will only ask you the account name to delete.    
+
+### <a name="list"></a> 3f. List all available accounts   
+You can list all accounts you have using the following command without any authentication required.    
+    
+``` passbox list ```    
+    
+## <a name="contributing"></a> 4. Contributing    
+Ideas and suggestions are always always most welcome. Please fork this code and feel free to add any updates, suggestions etc and create a pull request.   
+
+## <a name="issues"></a> 5. Issues    
+If you face any problem related to syntax, usability, documentation then please raise an [issues](https://github.com/krupani/passbox/issues) . Please note to add in detailed description of the issue you are facing.    

data/bin/passbox

@@ -0,0 +1,68 @@
+#!/usr/bin/env ruby
+
+require 'passbox'
+
+def print_help
+    puts <<HELP
+
+        Usage: passbox <command>
+
+        Commands 
+
+            version :   Prints the version of passbox 
+                        currently installed.
+                        Usage: passbox --version | passbox -v
+
+            help    :   Prints help information
+                        (No authentication required.)
+
+            init    :   Helps setup a passbox store and
+                        setup a master password. 
+
+            list    :   Lists all the accounts present
+                        in passbox.
+                        (No authentication required.)
+
+            add     :   add a new account with username and
+                        password into passbox.
+                        (Authentication required.)
+
+            read    :   read username and password from an
+                        existing account present in passbox.
+                        (Authentication required.)
+
+            update  :   update username and password in an 
+                        existing account present in passbox.
+                        (Authentication required.)
+                        
+            delete  :   delete an account from passbox.
+                        (Authentication required.)
+                        
+HELP
+end
+
+if ARGV.length == 0
+    print_help
+else
+    cmd = ARGV.shift
+    case(cmd.downcase)
+    when "help", "--help", "-h"
+        print_help
+    when 'version', '--version', '-v'
+        puts File.read(File.expand_path("../../lib/passbox/version", __FILE__))
+    when "init"
+        init
+    when "add"
+        create_pass
+    when "read"
+        read_pass
+    when "update"
+        update_pass
+    when "delete"
+        delete_pass
+    when "list"
+        list_of_accounts
+    else
+        puts "Invalid Command. Enter 'passbox help' to show usage"
+    end
+end

data/lib/passbox.rb

@@ -0,0 +1,5 @@
+require 'passbox/aes'
+require 'passbox/auth'
+require 'passbox/init'
+require 'passbox/crud'
+include Passbox

data/lib/passbox/aes.rb

@@ -0,0 +1,27 @@
+module Passbox
+    require 'openssl'
+    def encrypt(data, key, file)
+        cipher = OpenSSL::Cipher::AES256.new(:CTR)
+        cipher.encrypt
+        $iv = cipher.random_iv
+        cipher.key = key[0..31]
+        encrypted_data = $iv + cipher.update(data) + cipher.final
+        file = File.open(file, 'wb')
+        file.write(encrypted_data)
+        file.close
+    end
+
+    def decrypt(datafile, key)
+        file = File.open(datafile, 'rb')
+        data = file.read
+        file.close
+        decipher = OpenSSL::Cipher::AES256.new(:CTR)
+        decipher.decrypt
+        decipher.iv = data[0..15]
+        data = data[16..]
+        decipher.key = key[0..31]
+        decrypted_data = decipher.update(data) + decipher.final
+        return decrypted_data
+    end
+
+end

data/lib/passbox/auth.rb

@@ -0,0 +1,52 @@
+module Passbox
+    require 'io/console'
+    require 'digest'
+
+    def get_password_from_user(action=:account)
+        if (action == :account)
+            print "Please enter your account password: "
+            return password_input(action)
+        elsif (action == :master)
+            while(true)
+                print "Please create your master password (min 8 chars): "
+                pass256 = password_input(action)
+                return pass256 if pass256;
+            end
+        elsif (action == :auth)
+            print "Please enter your master password: "
+            return password_input(action)
+        end
+    end
+
+    def password_input(action)
+        pass = STDIN.noecho(&:gets).chomp
+        if (pass.length < 8 && action != :account) 
+            if (action == :master) 
+                print "\nPassword should be minimum 8 characters, try again!!\n"
+                return false
+            elsif (action == :auth)
+                print "\nInvalid Password!!\n"
+                exit(0)
+            end 
+        elsif (action == :account)
+            print("\n")
+            return pass
+        else
+            print("\n")
+            return Digest::SHA256.hexdigest(pass)
+        end
+    end
+
+    def passbox_auth
+        pass256User = get_password_from_user(:auth)
+        pass256File = decrypt($passfile, pass256User)
+        if pass256File == pass256User
+            print("Authentication Successful!!\n")
+            return pass256File
+        else
+            print("Authentication Failed!!\n")
+            return false
+        end
+    end
+
+end

data/lib/passbox/crud.rb

@@ -0,0 +1,77 @@
+module Passbox
+    require 'json'
+
+    def verify_account
+        print "Please enter you account name (case-sensitive): "
+        acc = gets.chomp
+        if (!File.exists?("#{$pbdir}/#{acc}.pb"))
+            print "Account not found, Use 'passbox list' to see all your existing accounts.\n"
+            exit(0)
+        end
+        return acc
+    end
+
+    def creds(acc, key)
+        print "Please enter in your account username: "
+        uname = gets.chomp
+        pass = get_password_from_user(:account)
+        hash = {:username => uname, :password => pass}
+        json = hash.to_json
+        encrypt(json, key, "#{$pbdir}/#{acc}.pb")
+    end
+
+    def create_pass
+        check_passbox
+        key = passbox_auth
+        if key
+            while(true)
+                print "\nEnter you account name (alphabets/numbers only): "
+                acc = gets.chomp.downcase
+                if (acc.count("a-z0-9") == acc.length) 
+                    break
+                else
+                    "\nAccount name can only have Alphabets and Numbers (no special characters), try again!!"
+                end
+            end
+        end
+        creds(acc,key)
+        print "Account #{acc} has been successfully created!! \n"
+    end
+
+    def read_pass
+        check_passbox
+        acc=verify_account
+        key = passbox_auth
+        if key
+            data = JSON.parse(decrypt("#{$pbdir}/#{acc}.pb", key))
+            print "username : #{data['username']}\n"
+            print "password : #{data['password']}\n"
+        end
+    end
+
+    def update_pass
+        check_passbox
+        acc=verify_account
+        key = passbox_auth
+        creds(acc,key)
+        print "Account details has been successfully updated!! \n"
+    end
+
+    def delete_pass
+        check_passbox
+        acc = verify_account
+        if key
+            File.delete("#{$pbdir}/#{acc}.pb")
+            print("\nAccount #{acc} has been deleted!!")
+        end
+    end
+
+    def list_of_accounts
+        check_passbox
+        files_ext = Dir["#{$pbdir}/*.pb"]
+        files_ext.each_with_index do |file,i|
+            print "#{i+1}. #{file.split('/').last.split('.').first}\n"
+        end
+    end
+
+end

data/lib/passbox/init.rb

@@ -0,0 +1,30 @@
+
+module Passbox
+    homedir = Dir.home
+    $pbdir =  homedir+"/.passbox"
+    $passfile = $pbdir+"/pass.mp"
+
+    def init
+        pass256=""
+        
+        if (Dir.exists?($pbdir))
+            if(File.exists?($passfile))
+                print "Your passbox is already setup. Please type 'passbox help' to see usage.\n"
+                return
+            else
+                pass256 = get_password_from_user(:master)
+            end
+        else
+            pass256 = get_password_from_user(:master)
+            Dir.mkdir($pbdir)
+        end
+        encrypt(pass256, pass256, $passfile)
+    end
+
+    def check_passbox
+        if !File.exists?($passfile)
+            print "Passbox is not setup, please start with 'passbox init' command to start using passbox\n"
+        end
+    end
+
+end

data/lib/passbox/version

@@ -0,0 +1 @@
+1.0.0

metadata

@@ -0,0 +1,53 @@
+--- !ruby/object:Gem::Specification
+name: passbox
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Kaushal Rupani
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-08-26 00:00:00.000000000 Z
+dependencies: []
+description: A gem to store and manage password offline, encrypted using AES 256 strong
+  encryption.
+email: kushrupani@live.com
+executables:
+- passbox
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- bin/passbox
+- lib/passbox.rb
+- lib/passbox/aes.rb
+- lib/passbox/auth.rb
+- lib/passbox/crud.rb
+- lib/passbox/init.rb
+- lib/passbox/version
+homepage: https://github.com/krupani/passbox
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: 'PassBox gem : AES encrypted offline password manager'
+test_files: []