pwkeep 0.0.1

data/.gitignore

@@ -0,0 +1,2 @@
+.bundle
+pkg/

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+gemspec
+gem 'rake'

data/Gemfile.lock

@@ -0,0 +1,41 @@
+PATH
+  remote: .
+  specs:
+    pwkeep (0.0.1)
+      bundler
+      colorize
+      hashr
+      highline
+      keepass-password-generator
+      lockfile
+      ruco
+      trollop
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    clipboard (1.0.5)
+    colorize (0.6.0)
+    dispel (0.0.3)
+    hashr (0.0.22)
+    highline (1.6.20)
+    keepass-password-generator (0.1.1)
+    language_sniffer (1.0.2)
+    lockfile (2.1.0)
+    plist (3.1.0)
+    rake (10.1.1)
+    ruco (0.2.19)
+      clipboard (>= 0.9.8)
+      dispel
+      language_sniffer
+      textpow (>= 1.3.0)
+    textpow (1.3.1)
+      plist (>= 3.0.1)
+    trollop (2.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  pwkeep!
+  rake

data/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Aki Tuomi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,68 @@
+PassWord Keep (pwkeep)
+======================
+
+Simple password storage system. 
+
+Quick start guide
+=================
+
+Run pwkeep -i to initialize a new storage into ~/.pwkeep. This will create an RSA key pair.
+
+If you want to tune the algorithm(s), key sizes and such, you can create ~/.pwkeep/config.yml (see below for syntax).
+
+If you want to place it somewhere else, set PWKEEP\_HOME environment variable, or use -H (--home) parameter when running pwkeep. 
+
+To add credentials, use
+
+    pwkeep -c -n <name of cred>
+
+To modify them
+
+    pwkeep -e -n <name>
+
+And to show
+
+    pwkeep -v -n <name>
+
+See --help for more options.
+
+Features
+========
+
+Password keep is intended to be simple and easy to use. It uses RSA + AES256 encryption for your credentials. The
+data is not restricted to usernames and passwords, you can store whatever you want.
+
+Editing is done with embedded ruco text editor using memory-only backing. No temporary files are used. 
+
+Configuration
+=============
+
+The configuration file is a simple YAML formatted file with following syntax (*NOT YET SUPPORTED*)
+
+```yaml
+---
+  # less than 1k makes no sense. your files will be at least this / 8 bytes. 
+  keysize: 2048 
+  iterations: 2000
+  # do not edit the following unless you know what you are doing. 
+  cipher: AES-256-CTR
+```
+
+File formats
+============
+
+The private.pem file contains your private key. It is fully manipulatable with openssl binary without any specialities.
+
+system-\* files contain actual credentials. The file name consists from system- prefix and hashed system name. The system
+name is hashed iterations time with chosen hash, SHA512 by default.
+
+The actual file format is:
+ 
+  * header (encrypted with your public key)
+    * nil terminated algorithm name
+    * 16 byte iv (algorithm dependant)
+    * 32 byte key (algorithm dependant)
+  * data: encrypted credential with above key+id
+
+You cannot decrypt this with openssl directly, but you can easily write a program to do this. The header is padded with OAEP 
+padding. 

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks

data/bin/pwkeep

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# vim:syntax=ruby:
+require 'bundler/setup'
+require 'pwkeep'
+
+PWKeep::Main.run

data/lib/pwkeep.rb

@@ -0,0 +1,31 @@
+require 'bundler/setup'
+require 'trollop'
+require 'digest/sha2'
+require 'logger'
+require 'pathname'
+require 'colorize'
+require 'lockfile'
+require 'openssl'
+require 'ruco'
+
+module PWKeep
+  extend self
+
+  def logger
+    unless @logger
+      @logger = Logger.new(STDOUT)
+      @logger.formatter = proc do |severity, datetime, progname, msg| 
+        "#{msg}\n"
+      end
+    end
+    @logger
+  end 
+
+  class Exception < ::Exception
+  end
+end
+
+require 'pwkeep/main'
+require 'pwkeep/generator'
+require 'pwkeep/storage'
+require 'pwkeep/editor'

data/lib/pwkeep/config.rb

@@ -0,0 +1,10 @@
+require 'yaml'
+require 'singleton'
+
+module PWKeep
+  class Config < Hashr 
+    def load(file)
+      self.merge YAML.load_file(file)
+    end
+  end
+end

data/lib/pwkeep/editor.rb

@@ -0,0 +1,462 @@
+require 'clipboard'
+
+module PWKeep
+  def self.run_editor(data, options) 
+    ret = [false, data]
+
+    Dispel::Screen.open do |screen|
+      $ruco_screen = screen
+      app = PWKeep::EditorApplication.new(data.to_s,
+        :lines => screen.lines, :columns => screen.columns
+      )
+
+      screen.draw *app.display_info
+
+      Dispel::Keyboard.output do |key|
+        if key == :resize
+          app.resize(screen.lines, screen.columns)
+        else
+          result = app.key key
+          if result == :quit
+            ret = [app.editor.saved_content != data, app.editor.saved_content]
+            break
+          end
+        end
+
+        screen.draw *app.display_info
+      end
+    end
+
+    return ret
+  end
+
+  class EditorApplication
+    attr_reader :editor, :status, :command, :options
+
+    def initialize(data, options)
+      @options = Ruco::OptionAccessor.new(options)
+      @data = data
+
+      setup_actions
+      setup_keys
+      create_components
+    end
+
+    def display_info
+      [view, style_map, cursor]
+    end
+
+    def view
+      [status.view, editor.view, command.view].join("\n")
+    end
+
+    def style_map
+      status.style_map + editor.style_map + command.style_map
+    end
+
+    def cursor
+      Ruco::Position.new(@focused.cursor.line + @status_lines, @focused.cursor.column)
+    end
+
+    # user typed a key
+    def key(key)
+      # deactivate select_mode if its not re-enabled in this action
+      @select_mode_was_on = @select_mode
+      @select_mode = false
+
+      if bound = @bindings[key]
+        return execute_action(bound)
+      end
+
+      case key
+
+      # move
+      when :down then move_with_select_mode :relative, 1,0
+      when :right then move_with_select_mode :relative, 0,1
+      when :up then move_with_select_mode :relative, -1,0
+      when :left then move_with_select_mode :relative, 0,-1
+      when :page_up then move_with_select_mode :page_up
+      when :page_down then move_with_select_mode :page_down
+      when :"Ctrl+right", :"Alt+f" then move_with_select_mode :jump, :right
+      when :"Ctrl+left", :"Alt+b" then move_with_select_mode :jump, :left
+
+      # select
+      when :"Shift+down" then @focused.selecting { move(:relative, 1, 0) }
+      when :"Shift+right" then @focused.selecting { move(:relative, 0, 1) }
+      when :"Shift+up" then @focused.selecting { move(:relative, -1, 0) }
+      when :"Shift+left" then @focused.selecting { move(:relative, 0, -1) }
+      when :"Ctrl+Shift+left", :"Alt+Shift+left" then @focused.selecting{ move(:jump, :left) }
+      when :"Ctrl+Shift+right", :"Alt+Shift+right" then @focused.selecting{ move(:jump, :right) }
+      when :"Shift+end" then @focused.selecting{ move(:to_eol) }
+      when :"Shift+home" then @focused.selecting{ move(:to_bol) }
+
+
+      # modify
+      when :tab then
+        if @editor.selection
+          @editor.indent
+        else
+          @focused.insert("\t")
+        end
+      when :"Shift+tab" then @editor.unindent
+      when :enter then @focused.insert("\n")
+      when :backspace then @focused.delete(-1)
+      when :delete then @focused.delete(1)
+
+      when :escape then # escape from focused
+        @focused.reset
+        @focused = editor
+      else
+        @focused.insert(key) if key.is_a?(String)
+      end
+    end
+
+    def bind(key, action=nil, &block)
+      raise "Ctrl+m cannot be bound" if key == :"Ctrl+m" # would shadow enter -> bad
+      raise "Cannot bind an action and a block" if action and block
+      @bindings[key] = action || block
+    end
+
+    def action(name, &block)
+      @actions[name] = block
+    end
+
+    def ask(question, options={}, &block)
+      @focused = command
+      command.ask(question, options) do |response|
+        @focused = editor
+        block.call(response)
+      end
+    end
+
+    def loop_ask(question, options={}, &block)
+      ask(question, options) do |result|
+        finished = (block.call(result) == :finished)
+        loop_ask(question, options, &block) unless finished
+      end
+    end
+
+    def configure(&block)
+      instance_exec(&block)
+    end
+
+    def resize(lines, columns)
+      @options[:lines] = lines
+      @options[:columns] = columns
+      create_components
+      @editor.resize(editor_lines, columns)
+    end
+
+    private
+
+    def setup_actions
+      @actions = {}
+
+      action :paste do
+        @focused.insert(Clipboard.paste)
+      end
+
+      action :copy do
+        Clipboard.copy(@focused.text_in_selection)
+      end
+
+      action :cut do
+        Clipboard.copy(@focused.text_in_selection)
+        @focused.delete(0)
+      end
+
+      action :save do
+        result = editor.save
+        if result != true
+          ask("#{result.slice(0,100)} -- Enter=Retry Esc=Cancel "){ @actions[:save].call }
+        end
+      end
+
+      action :quit do
+        if editor.modified?
+          ask("Lose changes? Enter=Yes Esc=Cancel") do
+            editor.store_session
+            :quit
+          end
+        else
+          editor.store_session
+          :quit
+        end
+      end
+
+      action :go_to_line do
+        ask('Go to Line: ') do |result|
+          editor.move(:to_line, result.to_i - 1)
+        end
+      end
+
+      action :delete_line do
+        editor.delete_line
+      end
+
+      action :select_mode do
+        @select_mode = !@select_mode_was_on
+      end
+
+      action :select_all do
+        @focused.move(:to, 0, 0)
+        @focused.selecting do
+          move(:to, 9999, 9999)
+        end
+      end
+
+      action :find do
+        ask("Find: ", :cache => true) do |result|
+          next if editor.find(result)
+
+          if editor.content.include?(result)
+            ask("No matches found -- Enter=First match ESC=Stop") do
+              editor.move(:to, 0,0)
+              editor.find(result)
+            end
+          else
+            ask("No matches found in entire file", :auto_enter => true){}
+          end
+        end
+      end
+
+      action :find_and_replace do
+        ask("Find: ", :cache => true) do |term|
+          if editor.find(term)
+            ask("Replace with: ", :cache => true) do |replace|
+              loop_ask("Replace=Enter Skip=s All=a Cancel=Esc", :auto_enter => true) do |ok|
+                case ok
+                when '' # enter
+                  editor.insert(replace)
+                when 'a'
+                  stop = true
+                  editor.insert(replace)
+                  editor.insert(replace) while editor.find(term)
+                when 's' # do nothing
+                else
+                  stop = true
+                end
+
+                :finished if stop or not editor.find(term)
+              end
+            end
+          end
+        end
+      end
+
+      action(:undo){ @editor.undo if @focused == @editor }
+      action(:redo){ @editor.redo if @focused == @editor }
+      action(:move_line_up){ @editor.move_line(-1) if @focused == @editor }
+      action(:move_line_down){ @editor.move_line(1) if @focused == @editor }
+
+      action(:move_to_eol){ move_with_select_mode :to_eol }
+      action(:move_to_bol){ move_with_select_mode :to_bol }
+
+      action(:insert_hash_rocket){ @editor.insert(' => ') }
+    end
+
+    def setup_keys
+      @bindings = {}
+      bind :"Ctrl+s", :save
+      bind :"Ctrl+w", :quit
+      bind :"Ctrl+q", :quit
+      bind :"Ctrl+g", :go_to_line
+      bind :"Ctrl+f", :find
+      bind :"Ctrl+r", :find_and_replace
+      bind :"Ctrl+b", :select_mode
+      bind :"Ctrl+a", :select_all
+      bind :"Ctrl+d", :delete_line
+      bind :"Ctrl+l", :insert_hash_rocket
+      bind :"Ctrl+x", :cut
+      bind :"Ctrl+c", :copy
+      bind :"Ctrl+v", :paste
+      bind :"Ctrl+z", :undo
+      bind :"Ctrl+y", :redo
+      bind :"Alt+Ctrl+down", :move_line_down
+      bind :"Alt+Ctrl+up", :move_line_up
+      bind :end, :move_to_eol
+      bind :"Ctrl+e", :move_to_eol # for OsX
+      bind :home, :move_to_bol
+    end
+
+    def load_user_config
+      Ruco.application = self
+      config = File.expand_path(@options[:rc] || "~/.ruco.rb")
+      load config if File.exist?(config)
+    end
+
+    def create_components
+      @status_lines = 1
+
+      editor_options = @options.slice(
+        :columns, :convert_tabs, :convert_newlines, :undo_stack_size, :color_theme
+      ).merge(
+        :window => @options.nested(:window),
+        :history => @options.nested(:history),
+        :lines => editor_lines
+      ).merge(@options.nested(:editor))
+
+      @editor ||= PWKeep::Editor.new(@data, editor_options)
+      @status = PWKeep::StatusBar.new(@editor, @options.nested(:status_bar).merge(:columns => options[:columns]))
+      @command = Ruco::CommandBar.new(@options.nested(:command_bar).merge(:columns => options[:columns]))
+      command.cursor_line = editor_lines
+      @focused = @editor
+    end
+
+    def editor_lines
+      command_lines = 1
+      @options[:lines] - @status_lines - command_lines
+    end
+
+    def parse_file_and_line(file)
+      if file.to_s.include?(':') and not File.exist?(file)
+        short_file, go_to_line = file.split(':',2)
+        if File.exist?(short_file)
+          file = short_file
+        else
+          go_to_line = nil
+        end
+      end
+      [file, go_to_line]
+    end
+
+    def move_with_select_mode(*args)
+      @select_mode = true if @select_mode_was_on
+      if @select_mode
+        @focused.selecting do
+          move(*args)
+        end
+      else
+        @focused.send(:move, *args)
+      end
+    end
+
+    def execute_action(action)
+      if action.is_a?(Symbol)
+        @actions[action].call
+      else
+        action.call
+      end
+    end
+  end
+
+  class Editor
+    attr_reader :file
+    attr_reader :text_area
+    attr_reader :history
+    attr_reader :saved_content
+
+    private :text_area
+    delegate :view, :style_map, :cursor, :position,
+      :insert, :indent, :unindent, :delete, :delete_line,
+      :redo, :undo, :save_state,
+      :selecting, :selection, :text_in_selection, :reset,
+      :move, :resize, :move_line,
+      :to => :text_area
+
+    def initialize(data, options)
+      @options = options
+
+      content = data
+      @options[:language] ||= LanguageSniffer.detect(@file, :content => content).language
+      content.tabs_to_spaces! if @options[:convert_tabs]
+
+      # cleanup newline formats
+      @newline = content.match("\r\n|\r|\n")
+      @newline = (@newline ? @newline[0] : "\n")
+      content.gsub!(/\r\n?/,"\n")
+
+      @saved_content = content
+      @text_area = Ruco::EditorArea.new(content, @options)
+      @history = @text_area.history
+      restore_session
+    end
+
+    def find(text)
+      move(:relative, 0,0) # reset selection
+      start = text_area.content.index(text, text_area.index_for_position+1)
+      return unless start
+
+      # select the found word
+      finish = start + text.size
+      move(:to_index, finish)
+      selecting{ move(:to_index, start) }
+
+      true
+    end
+
+    def modified?
+      @saved_content != text_area.content
+    end
+
+    def save
+      lines = text_area.send(:lines)
+      lines.each(&:rstrip!) if @options[:remove_trailing_whitespace_on_save]
+      lines << '' if @options[:blank_line_before_eof_on_save] and lines.last.to_s !~ /^\s*$/
+      content = lines * @newline
+
+      @saved_content = content.gsub(/\r?\n/, "\n")
+
+      true
+    rescue Object => e
+      e.message
+    end
+
+    def store_session
+    end
+
+    def content
+      text_area.content.freeze # no modifications allowed
+    end
+
+    private
+
+    def restore_session
+    end
+
+    def session_store
+    end
+  end
+
+  class StatusBar
+    def initialize(editor, options)
+      @editor = editor
+      @options = options
+    end
+
+    def view
+      columns = @options[:columns]
+
+      version = "Ruco #{Ruco::VERSION} -- "
+      position = " #{@editor.position.line + 1}:#{@editor.position.column + 1}"
+      indicators = "#{change_indicator}#{writable_indicator}"
+      essential = version + position + indicators
+      space_left = [columns - essential.size, 0].max
+
+      # fit file name into remaining space
+      "#{version}#{indicators}#{' ' * space_left}#{position}"[0, columns]
+    end
+
+    def style_map
+      Dispel::StyleMap.single_line_reversed(@options[:columns])
+    end
+
+    def change_indicator
+      @editor.modified? ? '*' : ' '
+    end
+
+    def writable_indicator
+      true
+    end
+
+    private
+
+    # fill the line with left column and then overwrite the right section
+    def spread(left, right)
+      empty = [@options[:columns] - left.size, 0].max
+      line = left + (" " * empty)
+      line[(@options[:columns] - right.size - 1)..-1] = ' ' + right
+      line
+    end
+  end
+end

data/lib/pwkeep/main.rb

@@ -0,0 +1,174 @@
+require 'highline/import'
+require 'keepass/password'
+
+module PWKeep
+  class Main
+     attr :opts
+  
+     def initialize
+       @opts = { :home => ENV['PWKEEP_HOME'] || '~/.pwkeep' } # required value
+     end
+  
+     def setup
+       @opts = Trollop::options do
+         version "0.0.1 (c) 2014 Aki Tuomi"
+         banner <<-EOS
+This program is a simple password storage utility. Distributed under MIT license. NO WARRANTY.
+  
+Usage:
+       #{$0} [options]
+  
+Where [options] are
+    
+EOS
+         opt :system, "System name", :type => :string, :short => '-n'
+         opt :initialize, "Initialize storage at ~/.pwkeep (you can change this with PWKEEP_HOME or --home)", :short => '-i'
+         opt :create, "Create new entry", :short => '-c'
+         opt :view, "View entry", :short => '-v'
+         opt :edit, "Edit entry", :short => '-e'
+         opt :delete, "Delete entry", :short => '-d'
+         opt :search, "Search for system or username", :type => :string, :short => '-s'
+         opt :list, "List all known systems", :short => '-l'
+         opt :help, "Show usage", :short => '-h'
+         opt :home, "Home directory", :short => '-H', :type => :string, :default => ( ENV['PWKEEP_HOME'] || '~/.pwkeep' )
+         opt :version, "Show version", :short => '-V'
+       end
+  
+       # validate options
+       Trollop::die :system, "must be given for create/show/edit/delete" if opts[:system].nil? and (opts[:edit] or opts[:view] or opts[:delete] or opts[:create])
+       Trollop::die :create, "can only have one mode of operation" if opts[:create] and (opts[:edit] or opts[:view] or opts[:delete] or opts[:search] or opts[:initialize] or opts[:list])
+       Trollop::die :edit, "can only have one mode of operation" if opts[:edit] and (opts[:create] or opts[:view] or opts[:delete] or opts[:search] or opts[:initialize] or opts[:list])
+       Trollop::die :view, "can only have one mode of operation" if opts[:view] and (opts[:edit] or opts[:create] or opts[:delete] or opts[:search] or opts[:initialize] or opts[:list])
+       Trollop::die :delete, "can only have one mode of operation" if opts[:delete] and (opts[:edit] or opts[:view] or opts[:create] or opts[:search] or opts[:initialize] or opts[:list])
+       Trollop::die :search, "can only have one mode of operation" if opts[:search] and (opts[:edit] or opts[:view] or opts[:delete] or opts[:create] or opts[:initialize] or opts[:list])
+       Trollop::die :initialize, "can only have one mode of operation" if opts[:initialize] and (opts[:edit] or opts[:view] or opts[:delete] or opts[:create] or opts[:search] or opts[:list])
+       Trollop::die :list, "can only have one mode of operation" if opts[:list] and (opts[:edit] or opts[:view] or opts[:delete] or opts[:create] or opts[:search] or opts[:initialize])
+  
+       Trollop::die "You must choose one mode of operation" unless opts[:create] or opts[:edit] or opts[:view] or opts[:delete] or opts[:search] or opts[:initialize] or opts[:list]
+     end
+  
+     def self.run
+       Main.new.run
+     end
+  
+     def load_config
+       config_file = Pathname.new(@opts[:home]).expand_path.join('config.yml')
+       if config_file.exist? 
+          PWKeep::Config.instance.load(config_file)
+       end 
+     end
+  
+     def run
+       setup
+       load_config
+       @storage = PWKeep::Storage.new(:path => opts[:home])
+  
+       begin
+         if opts[:initialize]
+           @storage.create
+  
+           if @storage.valid? 
+             say("<%= color('WARNING!', BOLD) %> a valid pwkeep storage was found!")
+             say("If you continue, the existing storage becomes <%= color('UNUSABLE', BOLD) %>")
+             unless agree("Continue (y/n)? ") 
+               raise PWKeep::Exception, "Storage initialization aborted" 
+             end
+           end
+  
+           # create a keypair
+           pw_a = ""
+           pw_b = ""
+           while(pw_a == "" or pw_a != pw_b)
+              pw_a = ask("Enter your password:   ") { |q| q.echo = false }
+              pw_b = ask("Confirm your password: ") { |q| q.echo = false }
+              say("<%= color('Passwords did not match', RED %>") unless pw_a == pw_b
+           end
+           @storage.keypair_create(pw_b)
+           # this concludes initialization
+           say("<%= color('Password storage initialized', GREEN %>")
+           return
+         end
+   
+         raise "Storage not initialized (run with --initialize)" unless @storage.valid? 
+  
+         if opts[:view]
+           pw = ask("Enter your password:") { |q| q.echo = false }
+           @storage.keypair_load pw
+   
+           data = @storage.load_system opts[:system]
+  
+           say("Last edited: #{data[:stored_at]}\nSystem: #{data[:system]}\n\n")
+           say(data[:data])
+           return 
+         end
+  
+         if opts[:create]
+           data = "Username: \nPassword: #{KeePass::Password.generate('uullA{6}')}"
+           
+           result = PWKeep.run_editor(data, {})
+  
+           unless result[0]
+             raise "Not modified"
+           end
+  
+           pw = ask("Enter your password:") { |q| q.echo = false }
+           @storage.keypair_load pw
+           @storage.save_system opts[:system], result[1]
+           say("<%= color('Changes stored', GREEN)%>")
+           return
+         end
+  
+         if opts[:edit]
+           pw = ask("Enter your password:") { |q| q.echo = false }
+           @storage.keypair_load pw
+           data = @storage.load_system opts[:system]
+           result = PWKeep.run_editor(data[:data], {})
+           unless result[0]
+             raise "Not modified"
+           end
+           @storage.save_system opts[:system], result[1]
+           say("<%= color('Changes stored', GREEN)%>")
+           return
+         end
+  
+         if opts[:delete]
+           pw = ask("Enter your password:") { |q| q.echo = false }
+           @storage.keypair_load pw
+           data = @storage.load_system opts[:system]
+           # just to be sure
+           unless agree("Are you <%=color('SURE',BOLD)%> you want to delete #{data[:system]}?")
+             @storage.delete data[:system]
+           end
+           say("<%= color('System deleted', YELLOW)%>")
+           return
+         end
+  
+         if opts[:search]
+           pw = ask("Enter your password:") { |q| q.echo = false }
+           @storage.keypair_load pw
+           say("All matching systems\n")
+           @storage.list_all_systems.sort.each do |system|
+             if system.match opts[:search]
+               say("  - #{system}")
+             end
+           end
+           return
+         end
+  
+         if opts[:list]
+           pw = ask("Enter your password:") { |q| q.echo = false }
+           @storage.keypair_load pw
+           say("All known systems\n")
+           @storage.list_all_systems.sort.each do |system| 
+             say("  - #{system}")
+           end
+           return
+         end
+       rescue PWKeep::Exception => e
+        PWKeep::logger.error e.message.colorize(:red)
+       rescue OpenSSL::PKey::RSAError => e
+        PWKeep::logger.error "Cannot load private key".colorize(:red)
+       end
+     end
+  end
+end

data/lib/pwkeep/storage.rb

@@ -0,0 +1,177 @@
+require 'securerandom'
+require 'base64'
+require 'json'
+require 'hashr'
+
+module PWKeep
+
+class Storage
+   def path
+     @options[:path]
+   end
+
+   def initialize(options)
+     @options = options
+ 
+     @options[:cipher] ||= 'AES-256-CTR'
+     @options[:keysize] ||= 2048
+     @options[:iterations] ||= 2000
+     @options[:digest] ||= 'sha512'
+
+     unless @options[:path].class == Pathname
+       @options[:path] = Pathname.new(@options[:path].to_s).expand_path
+     end
+  
+     if path.exist? 
+       @lockfile = Lockfile.new path.join(".lock").to_s, :retries => 0
+       @lockfile.lock
+       ObjectSpace.define_finalizer(self, proc { @lockfile.unlock })
+     end
+   end
+
+   def create
+     return if path.exist?
+     path.mkdir
+     @lockfile = Lockfile.new path.join(".lock").to_s, :retries => 0
+     @lockfile.lock
+     ObjectSpace.define_finalizer(self, proc { @lockfile.unlock })
+   end
+
+   def keypair_create(password)
+     # ensure it does not exist
+     @key = OpenSSL::PKey::RSA.new @options[:keysize]
+     cipher = OpenSSL::Cipher.new @options[:keycipher]
+
+     path.join('private.pem').open 'w' do |io| io.write @key.export(cipher, password) end
+   end
+
+   def keypair_load(password)
+     key_pem = path.join('private.pem').read
+     @key = OpenSSL::PKey::RSA.new key_pem, password
+   end
+
+   def master_key_load
+     unless @key
+       raise PWKeep::Exception, "RSA private key required"
+     end
+
+     # load the key
+     @master_key = @key.private_decrypt(path.join('master.key').open('rb') { |io| io.read },4)
+   end
+
+   def system_to_hash(system)
+     d = Digest.const_get(@options[:digest].upcase).new
+
+     system_h = system.downcase
+     (0..@options[:iterations]).each do
+         system_h = d.update(system_h).digest
+         d.reset
+     end
+     "system-#{Base64.urlsafe_encode64(system_h)}"
+   end
+
+   def decrypt_system(file)
+     unless @key
+       raise PWKeep::Exception, "Private key required"
+     end
+     # found it, decrypt and load json
+     # the file contains crypto name, iv len, iv, data
+     header = nil
+     data = nil
+     file.open('rb') { |io|
+       header = io.read @options[:keysize]/8
+       data = io.read
+     }
+
+     # header
+     cipher = @key.private_decrypt(header,4).unpack('Z*')[0]
+     cipher = OpenSSL::Cipher.new cipher
+     # re-unpack now that we know the size of the rest of the fields...
+     header = @key.private_decrypt(header,4).unpack("Z*a#{cipher.iv_len}a#{cipher.key_len}")
+
+     cipher.decrypt
+     cipher.iv = header[1]
+     cipher.key = header[2]
+
+     # perform decrypt
+     cipher.update(data) + cipher.final
+   end
+
+   def encrypt_system(file, data)
+     unless @key
+       raise PWKeep::Exception, "Private key required"
+     end
+
+     # encrypt data
+     cipher = OpenSSL::Cipher::Cipher.new @options[:cipher]
+     cipher.encrypt
+
+     # use one time key and iv
+     iv = cipher.random_iv
+     key = cipher.random_key
+
+     header = [cipher.name, iv, key].pack("Z*a#{cipher.iv_len}a#{cipher.key_len}")
+     blob = cipher.update(data) + cipher.final
+
+     # store system name to make search work
+     file.open('wb') do |io|
+         io.write @key.public_encrypt header, 4
+         io.write blob
+     end
+
+     true
+   end
+
+   def load_system(system)
+     unless @key
+       raise PWKeep::Exception, "Private key required"
+     end
+
+     system_h = system_to_hash(system)
+     raise "Cannot find #{system}" unless path.join(system_h).exist?
+
+     data = decrypt_system(path.join(system_h))
+
+     unless data[0] == "{" and data[-1] == "}" 
+       raise PWKeep::Exception, "Corrupted data file"
+     end
+
+     JSON.load(data).deep_symbolize_keys
+   end
+
+   def save_system(system, data)
+     unless @key
+       raise PWKeep::Exception, "Private key required"
+     end
+
+     # write system
+     system_h = system_to_hash(system)
+
+     data = { :system => system, :data => data, :stored_at => Time.now }
+     encrypt_system(path.join(system_h), data)
+   end
+
+   def valid?
+     path.join('private.pem').exist? 
+   end
+
+   def delete(system)
+     data = load_system(system)
+     unless data[:system] == system
+       raise "System not found"
+     end
+    
+     path.join(system_to_hash(system)).delete!
+   end
+
+   def list_all_systems
+     systems = []
+     path.entries.each do |s|
+         next unless s.fnmatch? "system-*"
+         systems << JSON.load(decrypt_system(path.join(s)))["system"]
+     end
+     systems
+   end
+end
+
+end

data/pwkeep.gemspec

@@ -0,0 +1,22 @@
+Gem::Specification.new do |s|
+  s.name = 'pwkeep'
+  s.version = '0.0.1'
+  s.platform = Gem::Platform::RUBY
+  s.authors = [ 'Aki Tuomi']
+  s.email = %w( aki.tuomi@g-works.fi )
+  s.summary = 'Simple password storage gem'
+  s.description = 'A simple password storage utility'
+  s.rubyforge_project = s.name
+  s.files = `git ls-files`.split("\n")
+  s.executables = %w( pwkeep )
+  s.require_path = 'lib'
+  s.license = 'MIT'
+  s.add_dependency 'bundler'
+  s.add_dependency 'colorize'
+  s.add_dependency 'highline'
+  s.add_dependency 'trollop'
+  s.add_dependency 'lockfile'
+  s.add_dependency 'hashr'
+  s.add_dependency 'ruco'
+  s.add_dependency 'keepass-password-generator'
+end

metadata

@@ -0,0 +1,190 @@
+--- !ruby/object:Gem::Specification
+name: pwkeep
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Aki Tuomi
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-01-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: trollop
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: lockfile
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: hashr
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ruco
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: keepass-password-generator
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A simple password storage utility
+email:
+- aki.tuomi@g-works.fi
+executables:
+- pwkeep
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- bin/pwkeep
+- lib/pwkeep.rb
+- lib/pwkeep/config.rb
+- lib/pwkeep/editor.rb
+- lib/pwkeep/generator.rb
+- lib/pwkeep/main.rb
+- lib/pwkeep/storage.rb
+- pwkeep.gemspec
+homepage: 
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: pwkeep
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Simple password storage gem
+test_files: []
+has_rdoc: