pkcs7-cryptographer 0.1.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c3b2d20fdc0a9804d2e748fbb952795720231ac668903f8e7bc3843194147c5f
-  data.tar.gz: 8fe66251f456e340ef033201d4e865920780c89d5c46fc16af49095eb9a373b9
+  metadata.gz: a33a97c4086f5f9780f1098df7d5983802301bcd6566b42030572871450cd304
+  data.tar.gz: d6257773adc3d2c0fd25383ad1b243c04317d091fee682e477b8dc384201dfec
 SHA512:
-  metadata.gz: e7285b506e68a68533b7623d83d54a8ab2335505c10fe161784ea6040207fe935890f02e44745b49568605d8fb81653a5ab2b6db1dea59374f666b0103e0076c
-  data.tar.gz: 89710d821aa0f16cc5e695d2506718738b5c8c05f3a7bbfb76eb7ef333cbe4abf604016616ca09487150fb8827aad1c0cf0670c4164f659666576b2dd73402a1
+  metadata.gz: 7a58da6fe867dfe729490b054a6ba53d1a07a5ccfde2812acdbd2d892af10e4f29f7345741b2c9f51bcf4af400d8f7cb19392b95d27a981850afdc47d76c816f
+  data.tar.gz: 7a30d3664b52f8789fc118d9b8b5b00a74187dec24db6edff6b850fddeee31e0058ce008d56734c2a8e1b9e7a081780fb99dfcfc21f15e50cef0f3857a0d6c73

data/.rubocop.yml

@@ -1,6 +1,9 @@
+require:
+  - rubocop-rake
+  - rubocop-rspec
+
 AllCops:
   NewCops: enable
-  SuggestExtensions: false
 Style/StringLiterals:
   Enabled: true
   EnforcedStyle: double_quotes
@@ -13,4 +16,10 @@ Layout/LineLength:
   Max: 80
 
 Metrics/BlockLength:
-  IgnoredMethods: ['describe', 'context']
+  IgnoredMethods: ['describe', 'context']
+
+RSpec/MultipleMemoizedHelpers:
+  Enabled: false
+
+RSpec/NestedGroups:
+  Max: 4

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    pkcs7-cryptographer (0.1.0)
+    pkcs7-cryptographer (0.2.1)
 
 GEM
   remote: https://rubygems.org/
@@ -33,19 +33,24 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
     rspec-support (3.10.2)
-    rubocop (0.93.1)
+    rubocop (1.12.0)
       parallel (~> 1.10)
-      parser (>= 2.7.1.5)
+      parser (>= 3.0.0.0)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8)
+      regexp_parser (>= 1.8, < 3.0)
       rexml
-      rubocop-ast (>= 0.6.0)
+      rubocop-ast (>= 1.2.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
+      unicode-display_width (>= 1.4.0, < 3.0)
     rubocop-ast (1.4.1)
       parser (>= 2.7.1.5)
+    rubocop-rake (0.5.1)
+      rubocop
+    rubocop-rspec (2.2.0)
+      rubocop (~> 1.0)
+      rubocop-ast (>= 1.1.0)
     ruby-progressbar (1.11.0)
-    unicode-display_width (1.7.0)
+    unicode-display_width (2.0.0)
 
 PLATFORMS
   x86_64-darwin-19
@@ -56,7 +61,9 @@ DEPENDENCIES
   pry
   rake (~> 13.0)
   rspec (~> 3.2)
-  rubocop (~> 0.80)
+  rubocop (= 1.12.0)
+  rubocop-rake (= 0.5.1)
+  rubocop-rspec (= 2.2.0)
 
 BUNDLED WITH
    2.2.3

data/README.md

@@ -1,11 +1,17 @@
 # PKCS7::Cryptographer
 
-Cryptographer is an small utility that allows to encrypt and decrypt messages
+[![Gem Version](https://badge.fury.io/rb/pkcs7-cryptographer.svg)](https://badge.fury.io/rb/pkcs7-cryptographer)
+![main workflow](https://github.com/dmuneras/pkcs7-cryptographer/actions/workflows/main.yml/badge.svg)
+
+
+
+Cryptographer is an small utility to encrypt and decrypt messages
 using PKCS7.
 
-PKCS7 is used to store signed and encrypted data.It uses aes-256-cbc
-as chipher in the encryption process. If you want to read more information about
-the involved data structures and theory around this, please visit:
+PKCS7 is used to store signed and encrypted data.This specific implementation
+uses aes-256-cbc as chipher in the encryption process. If you want to read more
+information about the involved data structures and theory around this,
+please visit:
 
 - https://ruby-doc.org/stdlib-3.0.0/libdoc/openssl/rdoc/OpenSSL.html
 - https://tools.ietf.org/html/rfc5652
@@ -20,30 +26,36 @@ gem 'pkcs7-cryptographer'
 
 And then execute:
 
+```sh
   $ bundle install
+```
 
 Or install it yourself as:
 
+```sh
   $ gem install pkcs7-cryptographer
-
+```
 ## Usage
 
 After installing the gem you will have the `PKCS7::Cryptographer` available.
 
-`PKCS7::Cryptographer` is a class that provides to public methods:
+`PKCS7::Cryptographer` is a class that provides two public methods:
 
 - `sign_and_encrypt`
 - `decrypt_and_verify`
 
-Read the following example to get a better undertanding:
+Read the following examples to get a better undertanding:
+
+
+### Using bare PKCS7::Cryptographer
 
 ```ruby
 
   # This script assumes you have a read_file method to read the certificates and
   # keys.
 
-  # What we are going to do is sign an encrypt a message from the CA Authority
-  # and read it from the Client:
+  # What we are going to do is signing an encrypting a message from the CA
+  # Authority and read it from the Client:
 
   # Certificate Authority PKI data
   CA_KEY = read_file("ca.key")
@@ -62,6 +74,8 @@ Read the following example to get a better undertanding:
   # It could be read if the CA_STORE of the reader has certificate of the
   # CA that signed the client certificate as trusted.
 
+  cryptographer = PKCS7::Cryptographer.new
+
   # Client <------------------------- CA Authority API
   encrypted_data = cryptographer.sign_and_encrypt(
     data: "Atletico Nacional de Medellin",
@@ -87,6 +101,55 @@ Read the following example to get a better undertanding:
   # decrypted_data returns: "Atletico Nacional de Medellin"
 ```
 
+### Using PKCS7::Cryptographer::Entity
+
+```ruby
+
+  # This script assumes you have a read_file method to read the certificates and
+  # keys. If you have any question about how to generate the keys/certificates
+  # check this post: https://mariadb.com/kb/en/certificate-creation-with-openssl/
+
+  # What we are going to do is sending a message from the CA Authority and read
+  # it from the Client:
+
+  # Certificate Authority PKI data
+  CA_KEY = read_file("ca.key")
+  CA_CERTIFICATE = read_file("ca.crt")
+
+  # Client PKI data
+  CLIENT_CERTIFICATE = read_file("client.crt")
+  CLIENT_KEY = read_file("client.key")
+
+  CA_STORE = OpenSSL::X509::Store.new
+  CA_STORE.add_cert(OpenSSL::X509::Certificate.new(CA_CERTIFICATE))
+
+  ca_entity = PKCS7::Cryptographer::Entity.new(
+    key: CA_KEY,
+    certificate: CA_CERTIFICATE,
+    ca_store: CA_STORE
+  )
+
+  client_entity = PKCS7::Cryptographer::Entity.new(
+    key: CLIENT_KEY,
+    certificate: CLIENT_CERTIFICATE,
+    ca_store: CA_STORE
+  )
+
+  # SEND MESSAGE TO THE CLIENT
+  # ----------------------------------------------------------------------------
+  data = "Victor Ibarbo"
+  encrypted_data = ca_entity.encrypt_data(data: data, to: client_entity)
+
+  # READ MESSAGE IN CLIENT
+  # ----------------------------------------------------------------------------
+  decrypted_data = client_entity.decrypt_data(
+    data: encrypted_data,
+    from: ca_entity
+  )
+
+  # decrypted_data returns: "Victor Ibarbo"
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run

data/bin/console

@@ -3,6 +3,7 @@
 
 require "bundler/setup"
 require "pkcs7/cryptographer"
+require "pkcs7/cryptographer/entity"
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.

data/lib/pkcs7/cryptographer.rb

@@ -2,6 +2,7 @@
 
 require "openssl"
 require_relative "cryptographer/version"
+require_relative "cryptographer/initializers"
 
 module PKCS7
   ###
@@ -14,6 +15,8 @@ module PKCS7
   # - https://tools.ietf.org/html/rfc5652
   ###
   class Cryptographer
+    include PKCS7::Cryptographer::Initializers
+
     # PUBLIC METHODS
     # --------------------------------------------------------------------------
 
@@ -75,25 +78,5 @@ module PKCS7
 
       signed_data.data
     end
-
-    # PRIVATE METHODS
-    # --------------------------------------------------------------------------
-    private
-
-    def x509_certificate(certificate)
-      wrap_in_class_or_return(certificate, OpenSSL::X509::Certificate)
-    end
-
-    def rsa_key(key)
-      wrap_in_class_or_return(key, OpenSSL::PKey::RSA)
-    end
-
-    def pkcs7(pkcs7)
-      wrap_in_class_or_return(pkcs7, OpenSSL::PKCS7)
-    end
-
-    def wrap_in_class_or_return(data, klass)
-      data.instance_of?(klass) ? data : klass.new(data)
-    end
   end
 end

data/lib/pkcs7/cryptographer/entity.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+require_relative "initializers"
+
+module PKCS7
+  class Cryptographer
+    ###
+    # Define an entity abel to decrypt or encrypt messages to send them to other
+    # entities. It uses a Cryptographer to do the dirty work and just provide a
+    # more human readable way to read an pass messages between trustable
+    # entities.
+    ###
+    class Entity
+      include PKCS7::Cryptographer::Initializers
+
+      attr_reader :certificate
+
+      # PUBLIC METHODS
+      # ------------------------------------------------------------------------
+      def initialize(key:, certificate:, ca_store: OpenSSL::X509::Store.new)
+        @key = rsa_key(key)
+        @certificate = x509_certificate(certificate)
+        @cryptographer = PKCS7::Cryptographer.new
+        @ca_store = ca_store
+      end
+
+      def trustable_entity?(entity)
+        @ca_store.verify(entity.certificate)
+      end
+
+      def encrypt_data(data:, to:)
+        perform_safely(to) do
+          @cryptographer.sign_and_encrypt(
+            data: data,
+            key: @key,
+            certificate: @certificate,
+            public_certificate: to.certificate
+          )
+        end
+      end
+
+      def decrypt_data(data:, from:)
+        perform_safely(from) do
+          @cryptographer.decrypt_and_verify(
+            data: data,
+            key: @key,
+            certificate: @certificate,
+            public_certificate: from.certificate,
+            ca_store: @ca_store
+          )
+        end
+      end
+
+      # PRIVATE METHODS
+      # ------------------------------------------------------------------------
+      private
+
+      def perform_safely(entity)
+        return false unless trustable_entity?(entity)
+
+        yield
+      end
+    end
+  end
+end

data/lib/pkcs7/cryptographer/initializers.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module PKCS7
+  class Cryptographer
+    ###
+    # Provides a set of methods to initialize OpenSSL objects if necessary. It
+    # allow consumers to pass either the OpenSSL ruby objects or the
+    # certificate, key or encrypted message string.
+    ###
+    module Initializers
+      def x509_certificate(certificate)
+        wrap_in_class_or_return(certificate, OpenSSL::X509::Certificate)
+      end
+
+      def rsa_key(key)
+        wrap_in_class_or_return(key, OpenSSL::PKey::RSA)
+      end
+
+      def pkcs7(pkcs7)
+        wrap_in_class_or_return(pkcs7, OpenSSL::PKCS7)
+      end
+
+      def wrap_in_class_or_return(data, klass)
+        data.instance_of?(klass) ? data : klass.new(data)
+      end
+    end
+  end
+end

data/lib/pkcs7/cryptographer/version.rb

@@ -2,6 +2,6 @@
 
 module PKCS7
   class Cryptographer
-    VERSION = "0.1.0"
+    VERSION = "0.2.1"
   end
 end

data/pkcs7-cryptographer.gemspec

@@ -31,5 +31,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "pry"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.2"
-  spec.add_development_dependency "rubocop", "~> 0.80"
+  spec.add_development_dependency "rubocop", "1.12.0"
+  spec.add_development_dependency "rubocop-rake", "0.5.1"
+  spec.add_development_dependency "rubocop-rspec", "2.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pkcs7-cryptographer
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Daniel Munera Sanchez
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-03-24 00:00:00.000000000 Z
+date: 2021-03-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -70,16 +70,44 @@ dependencies:
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.80'
+        version: 1.12.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.12.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.80'
+        version: 2.2.0
 description: Utility to encrypt and decrypt messages using OpenSSL::PKCS7
 email:
 - dmunera119@gmail.com
@@ -100,6 +128,8 @@ files:
 - bin/console
 - bin/setup
 - lib/pkcs7/cryptographer.rb
+- lib/pkcs7/cryptographer/entity.rb
+- lib/pkcs7/cryptographer/initializers.rb
 - lib/pkcs7/cryptographer/version.rb
 - pkcs7-cryptographer.gemspec
 homepage: https://github.com/dmuneras/pkcs7-cryptographer