perfect_world 0.1.0

data/README.md

@@ -0,0 +1,151 @@
+# Perfect World Manager (pwm)
+
+The perfect world manager is the attempt to build a simple but secure
+password manager for the cli.
+
+This is work in progress and has not been audited by security experts.
+Do NOT use for your actual passwords yet!
+
+## How?
+
+The procedure is pretty simple.
+
+To retrieve passwords a gpg encrypted Yaml file is opened, decrypted,
+deserialized and the password is displayed to the user.
+
+To add new passwords the encrypted file is opened and decrypted. The new
+password is added to the data (a simple Ruby hash), the data is serialized
+to Yaml, encrypted by gpg and written to disk.
+
+This should make it even possible to sync the password "database" between
+machines using Dropbox or other "untrusted" services. (I actually trust
+Dropbox, but they should not get my passwords.)
+
+## Concerns
+
+I am no security expert. Maybe my concerns are no problem at all and there
+are some other problems i couldn't even think of.
+
+### Is the config file trusted user input?
+
+At the moment pwm uses Psych to parse the config file. Given the recent
+problems with Psych related to arbitrary code execution, my concerns are not
+unfounded. But if an attacker has access to a config file in my home folder
+she probably also has access to my private gpg key and can read the whole
+"database" anyway.
+
+### The clipboard feature
+
+pwm has the ability to copy passwords to the users clipboard. It's a very
+nice feature. You don't have to select/copy the password from the command
+line, what kinda sucks. But it begs for some questions. What are the different
+clipboard implementations (xclip, xsel, clip) actually doing with the
+data? And more important, who can access the data in the clipboard? Well,
+every programm on the machine i guess, just like pwm. What about the crazy
+old flash hacks? Are they still working? That would be a huge problem.
+
+# Install
+
+If you are still considering to download pwm, read on.
+
+## Dependecies
+
+You need an installed and set up version of gnupg. It should be available
+in the package repo of your linux distribution. There are also several ways
+to install it on a Mac. I tested the code with version 2.0.19.
+
+In addition you will need at least Ruby 1.9.
+
+## pwm
+
+Install the gem.
+
+    gem install perfect_world
+
+Or clone the repo.
+
+    git clone https://github.com/ushis/perfect_world.git
+    cd perfect_world
+    bundle install
+    rake spec
+    rake build
+
+# Usage
+
+    $ pwm --help
+    Usage: pwm [options]
+
+    Options:
+        -b, --backup FILE                Writes a backup to another database.
+        -c, --config FILE                Specifies the path to the config file.
+        -C, --clipboard                  Copies the password to the clipboard.
+        -d, --delete ID                  Deletes the password.
+        -D, --database [FILE]            Prints or sets the used database.
+        -g, --get ID                     Prints the password for an ID.
+        -G, --generate ID                Generates and stores a new passord.
+        -h, --help                       Prints this message and exits.
+        -l, --list                       Lists all passwords.
+        -L, --length [LENGTH]            Prints or sets the length of new passwords.
+        -o, --owner [OWNER]              Prints or sets the encryption recipient.
+
+## Examples
+
+Let's create some passwords.
+
+    $ pwm --generate github
+    9&sq'8Gz.Bpb8#%M.T-Xyi#&.sDcTYFE.=qFyEbld Z[wA'By75y?NA?qUy}U>xd   github
+    $ pwm --generate google
+    8UN:'I1^M)H\kj'U{4l!.tK3\v9V+}L4$XNal \rzE@c\["&u#@#TRINt5"Jj[6A   google
+
+And retrieve them.
+
+    $ pwm --list
+    9&sq'8Gz.Bpb8#%M.T-Xyi#&.sDcTYFE.=qFyEbld Z[wA'By75y?NA?qUy}U>xd   github
+    8UN:'I1^M)H\kj'U{4l!.tK3\v9V+}L4$XNal \rzE@c\["&u#@#TRINt5"Jj[6A   google
+
+Or just one.
+
+    $ pwm --get github
+    9&sq'8Gz.Bpb8#%M.T-Xyi#&.sDcTYFE.=qFyEbld Z[wA'By75y?NA?qUy}U>xd   github
+
+Directly to the clipboard.
+
+    $ pwm --clipboard --get google
+    Copied the password for 'google' to your clipboard.
+
+And delete one.
+
+    $ pwm --delete google
+    Deleted the password for 'google'.
+
+## Config file
+
+pwm looks for the config file at ```~/.pwmrc``` by default. This can be
+changed with the ```--config``` switch. It contains straight forward Yaml.
+
+    ---
+    owner: ushi.              # Used as ecryption recipient by gpg.
+    length: 64                # Length of the generated password.
+    database: ~/.pwm.yml.gpg  # Path to the password database.
+
+# License (MIT)
+
+Copyright (c) 2013 ushi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+IN THE SOFTWARE.

data/bin/pwm

@@ -0,0 +1,101 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+
+require 'psych'
+require 'optparse'
+require 'perfect_world'
+
+
+# Lets parse some options.
+options = {}
+
+parser = OptionParser.new do |parser|
+  parser.banner = "Usage: #{$0} [options]"
+
+  parser.separator ''
+  parser.separator 'Options:'
+
+  parser.on('-b', '--backup FILE', 'Writes a backup to another database.') do |f|
+    options[:backup] = f
+  end
+
+  parser.on('-c', '--config FILE', 'Specifies the path to the config file.') do |f|
+    options[:config] = f
+  end
+
+  parser.on('-C', '--clipboard', "Copies the password to the clipboard.") do |c|
+    options[:clipboard] = c
+  end
+
+  parser.on('-d', '--delete ID', 'Deletes the password.') do |id|
+    options[:delete] = id
+  end
+
+  parser.on('-D', '--database [FILE]', 'Prints or sets the used database.') do |f|
+    options[:database] = f
+  end
+
+  parser.on('-g', '--get ID', 'Prints the password for an ID.') do |id|
+    options[:get] = id
+  end
+
+  parser.on('-G', '--generate ID', 'Generates and stores a new passord.') do |id|
+    options[:generate] = id
+  end
+
+  parser.on('-h', '--help', 'Prints this message and exits.') do
+    puts parser.help; exit
+  end
+
+  parser.on('-l', '--list', 'Lists all passwords.') do |l|
+    options[:list] = l
+  end
+
+  parser.on('-L', '--length [LENGTH]', Integer, "Prints or sets the length of new passwords.") do |l|
+    options[:length] = l
+  end
+
+  parser.on('-o', '--owner [OWNER]', 'Prints or sets the encryption recipient.') do |o|
+    options[:owner] = o
+  end
+
+  parser.separator ''
+  parser.separator 'Please report bugs at: http://github.com/ushis/perfect_world/issues'
+end
+
+begin
+  parser.parse!
+rescue OptionParser::ParseError
+  $stderr.puts parser.help
+  exit(1)
+end
+
+
+# Load the config file and init the manager.
+config = File.expand_path(options.fetch(:config, '~/.pwmrc'))
+config = File.file?(config) ? Psych.load_file(config) : {}
+
+[:database, :length, :owner, :clipboard].each do |option|
+  config[option.to_s] = options.delete(option) unless options[option].nil?
+end
+
+pwm = PerfectWorld::Manager.new(config)
+
+
+# Action!
+options.each do |key, value|
+  case key
+  when :backup    then pwm.save(value)
+  when :database  then pwm.print_config('database')
+  when :delete    then pwm.delete(value)
+  when :generate  then pwm.generate(value)
+  when :get       then pwm.get(value)
+  when :length    then pwm.print_config('length')
+  when :list      then pwm.list
+  when :owner     then pwm.print_config('owner')
+  end
+end
+
+# Closing time.
+pwm.close

data/lib/perfect_world/error.rb

@@ -0,0 +1,12 @@
+module PerfectWorld
+
+  # Base error for all perfect world errors.
+  class Error < StandardError; end
+
+  # Should be raised, when gpg key could not be found.
+  class KeyNotFound < Error
+    def initialize(owner)
+      super("Couldn't find key for '#{owner}'.")
+    end
+  end
+end

data/lib/perfect_world/manager.rb

@@ -0,0 +1,95 @@
+require 'clipboard'
+require 'perfect_world/store'
+require 'perfect_world/error'
+
+module PerfectWorld
+
+  # Manages our perfec world store.
+  class Manager
+
+    # Default options.
+    OPTIONS = {
+      'length' => 64,
+      'database' => File.expand_path('~/.pwm.yml.gpg'),
+      'clipboard' => false
+    }
+
+    # Inits our perfect world.
+    def initialize(options = {})
+      @options = OPTIONS.merge(options)
+      db = @options.fetch('database')
+      @store = File.file?(db) ? Store.load(db) : Store.new({})
+    rescue Error => e
+      die("Couldn't load database: " << e.message)
+    end
+
+    # Fetches the password and sends it to stdout.
+    def get(id)
+      print_or_copy_to_clipboard(id, @store.fetch(id))
+    rescue KeyError
+      not_found(id)
+    end
+
+    # Generats a new password and sends it to stdout.
+    def generate(id)
+      print_or_copy_to_clipboard(id, @store.create(id, @options.fetch('length')))
+    rescue Error => e
+      $stderr.puts("Couldn't create password: " << e.message)
+    end
+
+    # Deletes a password.
+    def delete(id)
+      if @store.delete(id)
+        puts "Deleted the password for '#{id}'."
+      else
+        not_found(id)
+      end
+    end
+
+    # Lists all passwords.
+    def list
+      @store.each { |id, password| print_password(id, password) }
+    end
+
+    # Prints the path to the currently used database.
+    def print_config(key)
+      puts @options[key]
+    end
+
+    def close
+      save(@options.fetch('database')) if @store.changed?
+    end
+
+    def save(database)
+      @store.save(database, @options['owner'])
+    rescue Error => e
+      die("Couldn't save database: " << e.message)
+    end
+
+    private
+
+    def die(message)
+      $stderr.puts(message)
+      exit(1)
+    end
+
+    # Sends a not found message to stderr.
+    def not_found(id)
+      $stderr.puts "Couldn't find the password for '#{id}'."
+    end
+
+    def print_or_copy_to_clipboard(id, password)
+      if @options.fetch('clipboard')
+        Clipboard.copy(password)
+        puts "Copied the password for '#{id}' to your clipboard."
+      else
+        print_password(id, password)
+      end
+    end
+
+    # Prints a password.
+    def print_password(id, password)
+      puts "#{password}   #{id}"
+    end
+  end
+end

data/lib/perfect_world/store.rb

@@ -0,0 +1,100 @@
+require 'securerandom'
+require 'psych'
+require 'gpgme'
+require 'perfect_world/error'
+
+module PerfectWorld
+
+  # Handles the password database.
+  class Store
+
+    # Loads the database and returns a new store.
+    def self.load(database)
+      File.open(database, 'r') do |f|
+        f.flock(File::LOCK_SH)
+        new(Psych.load(GPGME::Crypto.new.decrypt(f).to_s))
+      end
+    rescue SystemCallError, IOError, GPGME::Error, Psych::Exception => e
+      raise Error, e.message
+    end
+
+    # Inits the store and sets the initial passwords.
+    def initialize(passwords = {})
+      @passwords = passwords
+      @changed = false
+    end
+
+    # Generates a new password and puts it in the store.
+    #
+    # Returns the new password.
+    def create(id, len = 64)
+      @passwords[id] = generate(len)
+      @changed = true
+      @passwords[id]
+    end
+
+    # Returns the password for the id or nil, if not found.
+    def [](id)
+      @passwords[id]
+    end
+
+    # Fetches a password from the store. It behaves like Hash#fetch.
+    def fetch(id, *default)
+      @passwords.fetch(id, *default)
+    end
+
+    # Deletes the password from the store.
+    #
+    # Returns nil if not found.
+    def delete(id)
+      if (password = @passwords.delete(id))
+        @changed = true
+        password
+      end
+    end
+
+    # Returns true, when the store has changed, else false.
+    def changed?
+      @changed
+    end
+
+    # Iterates over all passwords.
+    def each(&block)
+      @passwords.each(&block)
+    end
+
+    # Encryptes the database and writes it to disk.
+    def save(database, owner = nil)
+      key = key_for(owner)
+
+      File.open(database, File::RDWR|File::CREAT, 0600) do |f|
+        yaml = Psych.dump(@passwords)
+        f.flock(File::LOCK_EX)
+        f.truncate(0)
+        f << GPGME::Crypto.new(key: key).encrypt(yaml, recipients: key)
+      end
+    rescue SystemCallError, IOError, Psych::Exception, GPGME::Error => e
+      raise Error, e.message
+    end
+
+    # Generates a new password and returns it.
+    def generate(len = 64)
+      password = ''
+
+      begin
+        password << SecureRandom.random_bytes(len * 3).gsub(/[^[:print:]]/, '')
+      end while password.length < len
+
+      password[0..(len - 1)]
+    rescue SystemCallError, NotImplementedError => e
+      raise Error, e.message
+    end
+
+    private
+
+    # Returns the key for an owner.
+    def key_for(owner)
+      GPGME::Key.find(:secret, owner).first || raise(KeyNotFound, owner)
+    end
+  end
+end

data/lib/perfect_world/version.rb

@@ -0,0 +1,3 @@
+module PerfectWorld
+  VERSION = '0.1.0'
+end

data/lib/perfect_world.rb

@@ -0,0 +1 @@
+require 'perfect_world/manager'

metadata

@@ -0,0 +1,115 @@
+--- !ruby/object:Gem::Specification
+name: perfect_world
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- ushi
+autorequire: 
+bindir: bin
+cert_chain:
+- !binary |-
+  LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQWhhZ0F3SUJB
+  Z0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREE5TVEwd0N3WURWUVFEREFSMWMy
+  aHAKTVJjd0ZRWUtDWkltaVpQeUxHUUJHUllIY0c5eWEySnZlREVUTUJFR0Nn
+  bVNKb21UOGl4a0FSa1dBMjVsZERBZQpGdzB4TXpBeU1ESXlNekEyTVRSYUZ3
+  MHhOREF5TURJeU16QTJNVFJhTUQweERUQUxCZ05WQkFNTUJIVnphR2t4CkZ6
+  QVZCZ29Ka2lhSmsvSXNaQUVaRmdkd2IzSnJZbTk0TVJNd0VRWUtDWkltaVpQ
+  eUxHUUJHUllEYm1WME1JSUIKSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4
+  QU1JSUJDZ0tDQVFFQXdmU1ovSHJTNFBSV0M2eGw5UGFyejlwegpzSXFKWGFZ
+  WlBJNWJxeFVsdm1IVkdZL0lJclpZOUZSUjFLdDhFZjlGbDJxaWw4ZStPSW9J
+  REkxbW5XSi9BM25uCkRKa1Ntd2I0MVQ5M2laQno3NER5VU9xbVBGYkxSUm1G
+  aGV6ekJ2T0pPUVM1OGtHMysvcmxONTR3UjI5L3BWbEgKVUs5NlByRVhzdmRH
+  VmpuN09WM2M3eTJUZDNheXdFVWJpSFVtRjVJaFBDcW5FOXpaZVI0U2pGQ3Uz
+  VXFKVUE3TApzNjdhNURtTTlLdTcwMWxoYnpGL2RtZGd1MU1SamJnbngrZnVx
+  OW9HcVpaTUhhWVpRb0xndTNBaDlaVlRhWjdCCnMxdVVuOTlRUitqdGxMNWlI
+  T0U2TktISE16UjFaNWxtaEY0aUFqSXRjbzAzZEE5K2p1eHBFTm1PK24xdjVR
+  SUQKQVFBQm96a3dOekFKQmdOVkhSTUVBakFBTUIwR0ExVWREZ1FXQkJRd0pN
+  NkF2M0psSVlBM0xGTkZEQ2RMTFgzYQp1akFMQmdOVkhROEVCQU1DQkxBd0RR
+  WUpLb1pJaHZjTkFRRUZCUUFEZ2dFQkFFd2c2bVpYd2g4KzE3WlFXbkxQCnk0
+  NmxodGNON0t6RHc0cjdNbGp3THdoT3EzNmEvSkR1aHFNSDN4NFNjb3o5dzRX
+  aWZEVE5EbitQemJEQWQrVW8KakVUNjJCTTJRK29veGN4djh4eVRFK1VycXF3
+  eTNTTVdjQi9ONnhwYzB3ZDdVWWtVMmc0ZUg3SFo4Q2dBM0pzagpTUU40NkxT
+  WTZOa3dXZzRacUZCS25OYVpjSWlrSHJCclhHZXg4TTdZZG9yRlFZMmZIQml5
+  cXg5ZEVraDlRZjFOCkJBVVlUTlVLQVFzT0R3ZkYrU2U4SmNMZlJGbjQ2QUNB
+  bjRVQmxyeTVQVzB6ZzY0VEk5L1AzNEFHUXQ2SStUOHMKQnh0dUdkZ0YyMkpt
+  M3ZYbGlySkJJSStvMDdIeDV3ZjJEUGRDMTRKRU1UUVZoRVFkc2ZwbU9ub2Q0
+  SnpLdWRxNwpES1U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+date: 2013-02-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: gpgme
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.0.1
+- !ruby/object:Gem::Dependency
+  name: clipboard
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+description: An attempt to build a simple but secure password manager.
+email:
+- ushi@porkbox.net
+executables:
+- pwm
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/perfect_world.rb
+- lib/perfect_world/version.rb
+- lib/perfect_world/error.rb
+- lib/perfect_world/manager.rb
+- lib/perfect_world/store.rb
+- bin/pwm
+- README.md
+homepage: http://github.com/ushis/perfect_world
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 1106683263290744133
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.3.6
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Password Manager for the CLI.
+test_files: []