password_protected_file 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7c8e29e2bfe872a6fc6c04ce9b97c2586280676c
+  data.tar.gz: b907e163dc55ec86cd3c363a2c02a32ca3519225
+SHA512:
+  metadata.gz: 9562a35d9f717ff823ad65fa65b768eff99154ca2fd99209a0872e4d7c12e38b9ecd3580703ff1a14f35f2334755934f9dcdeae1b123ba32ae615a7b3a3d4b8c
+  data.tar.gz: 454ad97ea0115614d4641b060af66b497add655ae51142927b4f95894470954877f819b7c6d2edfdc467cd003b5ccc08c18696eedbe4e8af8b28405d613d5346

data/lib/password_protected_file.rb

@@ -0,0 +1,137 @@
+class PasswordProtectedFile
+  DEFAULT_ITERATIONS = 20_000
+  ITERATION_BYTES = 8
+  KEY_BYTES = 32
+  SALT_BYTES = 16
+  IV_BYTES = 16
+  HASH_FUNCTION = OpenSSL::Digest::SHA256
+
+  private_class_method :new
+
+  def self.open(file_name, password)
+    assert_file_exists(file_name)
+    assert_valid_password(password)
+    assert_valid_filename(file_name)
+    new(file_name, password).tap { |o| o.__send__(:open_existing) }
+  end
+
+  def self.create(file_name, password, data = '')
+    assert_file_does_not_exist(file_name)
+    assert_valid_password(password)
+    assert_valid_filename(file_name)
+    new(file_name, password).tap { |o| o.__send__(:create_new, data) }
+  end
+
+  def data
+    @data.clone
+  end
+
+  def data=(new_data)
+    fail InvalidDataError unless new_data.instance_of?(String)
+    fail InvalidStringEncodingError unless new_data.encoding == Encoding::UTF_8
+    @data = new_data.clone
+    write_file
+  end
+
+  private
+
+  def initialize(file_name, password)
+    @file_name = file_name
+    @password = password
+  end
+
+  def create_new(data)
+    @data = data
+    @iterations = DEFAULT_ITERATIONS
+    write_file
+  end
+
+  def open_existing
+    load_file(@file_name, @password)
+  end
+
+  def load_file(file_name, password)
+    file = File.binread(file_name).chars
+    pw_salt = file.shift(SALT_BYTES).join
+    pw_hash = file.shift(KEY_BYTES).join
+    aes_pw_salt = file.shift(SALT_BYTES).join
+    aes_iv = file.shift(IV_BYTES).join
+    @iterations = file.shift(ITERATION_BYTES).join.to_i
+    encrypted_data = file.join
+
+    hashed_pw = pbkdf2(password, pw_salt)
+    fail IncorrectPasswordError unless hashed_pw == pw_hash
+
+    aes_key = pbkdf2(password, aes_pw_salt)
+    cipher = new_aes256(:decrypt, aes_key, aes_iv)
+    @data = (cipher.update(encrypted_data) + cipher.final)[0..-2]
+  end
+
+  def write_file
+    pw_salt = new_salt
+    pw_hash = pbkdf2(@password, pw_salt)
+    aes_pw_salt = new_salt
+    aes_iv = SecureRandom.random_bytes(IV_BYTES)
+    aes_key = pbkdf2(@password, aes_pw_salt)
+
+    cipher = new_aes256(:encrypt, aes_key, aes_iv)
+    encrypted_data = cipher.update(@data + "\0") + cipher.final
+
+    File.open(@file_name, 'w') do |f|
+      f.print(pw_salt)
+      f.print(pw_hash)
+      f.print(aes_pw_salt)
+      f.print(aes_iv)
+      f.print(@iterations.to_s.rjust(ITERATION_BYTES))
+      f.print(encrypted_data)
+    end
+    true
+  end
+
+  def pbkdf2(password, salt)
+    OpenSSL::PKCS5::pbkdf2_hmac(password, salt, @iterations, KEY_BYTES, HASH_FUNCTION.new)
+  end
+
+  def new_aes256(mode, key, iv)
+    OpenSSL::Cipher::AES256.new(:CBC).tap do |c|
+      c.__send__(mode)
+      c.key = key
+      c.iv = iv
+    end
+  end
+
+  def new_salt
+    SecureRandom.random_bytes(SALT_BYTES)
+  end
+
+  def self.assert_file_exists(file_name)
+    return file_name if file_name.is_a?(String) && File.exist?(file_name)
+    fail FileNotFoundError.new("File #{file_name} not found")
+  end
+
+  def self.assert_file_does_not_exist(file_name)
+    return file_name unless file_name.is_a?(String) && File.exist?(file_name)
+    fail FilenameNotAvailableError.new("File #{file_name} already exists")
+  end
+
+  def self.assert_valid_password(password)
+    return password if password.is_a?(String) && !password.empty?
+    fail InvalidPasswordError.new("Invalid password given: #{password.inspect}")
+  end
+
+  def self.assert_valid_filename(file_name)
+    return file_name if file_name.is_a?(String) &&
+      !file_name.empty? &&
+      Dir.exist?(File.dirname(file_name))
+    fail InvalidFilenameError.new("Invalid filename given: #{file_name.inspect}")
+  end
+
+  class PasswordProtectedFileError < StandardError; end
+  class IncorrectPasswordError < PasswordProtectedFileError; end
+  class InvalidPasswordError < PasswordProtectedFileError; end
+  class InvalidDataError < PasswordProtectedFileError; end
+  class InvalidStringEncodingError < PasswordProtectedFileError; end
+  class InvalidFilenameError < PasswordProtectedFileError; end
+  class FileNotFoundError < PasswordProtectedFileError; end
+  class FilenameNotAvailableError < PasswordProtectedFileError; end
+end

metadata

@@ -0,0 +1,44 @@
+--- !ruby/object:Gem::Specification
+name: password_protected_file
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Isaac Post
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-06-06 00:00:00.000000000 Z
+dependencies: []
+description: An easy way to create files protected by a password
+email: post.isaac@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/password_protected_file.rb
+homepage: https://github.com/ipost/password_protected_file
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: An easy way to create files protected by a password
+test_files: []