rapid-vaults 1.1.2 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 928d90da27078d0b09c9a933e3054d8a3b26183dc5f0dc88e70fe84d2726c6cb
-  data.tar.gz: 1a4c48a2dbcba14708170f0209105a5523d6fd1286e7ee6ef5d6509c728fe96a
+  metadata.gz: ff3321864a63230a5cb7c5c3b57dfbfc403e2cc06f4c903e78c3bcbf4f52a4c3
+  data.tar.gz: 302469d5ba1c2306c16a438552a47dcf895423f3b661f76088ac1c8eaab21770
 SHA512:
-  metadata.gz: 248e094660ee327365c43feebd24361ef99038b83b8b52ad8efde76fa1f6727b2f275c1ca0e5a5caae39cefa5fc4423c1aeee6616e4798e3fb461e9507af3047
-  data.tar.gz: 4b56a0496557448fb94d6e4c4ba5277448972a0c1518bac0a0c21e2cdfb5f6aecbefb9e9dc4289b3575c20c63874cb3dc227e300a643e406eab71e0563cc7130
+  metadata.gz: 6668ff3eb490e4b68335f602693ba84ffa9b2079bf614c9f730d006a26d8ac66caa324bdf8b29dd4a15141c3ae8bb230192d97255c124930c31f296038c5f3d1
+  data.tar.gz: d79506278d8708890866ee20a742a60cb9d36d4c75f552ff0e5d051ae32f1923cbf2094bb5b0ab580677be2c36e49d458b9e90a7f9cf4091cbad689693576392

data/CHANGELOG.md

@@ -0,0 +1,23 @@
+### 1.3.0
+- Bump minimum Ruby version to 2.6.
+- Code optimization and validation improvements.
+
+### 1.2.0
+- Add GRPC support (alpha).
+- Bump minimum Ruby version to 2.5.
+- Add additional validation for key, nonce, and encrypted file contents.
+- Fix erroneous argument validations for GPG when action is `generate`.
+
+### 1.1.2
+- Added checks on input files and directories.
+- Fix bugs blocking bindings output.
+
+### 1.1.1
+- Added Puppet and Chef bindings.
+- Add `outdir` CLI option.
+
+### 1.1.0
+- Added capability to encrypt and decrypt with GNUPG/GPG.
+
+### 1.0.0
+- Initial Release

data/LICENSE.md

@@ -0,0 +1,20 @@
+Copyright (c) 2018 Matt Schuchard
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -1,13 +1,12 @@
 # Rapid Vaults
-[![Build Status](https://travis-ci.org/mschuchard/rapid-vaults.svg?branch=master)](https://travis-ci.org/mschuchard/rapid-vaults)
-
 - [Description](#description)
 - [Usage](#usage)
   - [CLI](#cli)
   - [API](#api)
+  - [gRPC](#grpc)
+  - [Docker](#docker)
   - [Ansible](#ansible)
   - [Puppet](#puppet)
-  - [Hiera](#hiera)
   - [Chef](#chef)
 - [Contributing](#contributing)
 
@@ -21,7 +20,7 @@ Ansible-Vault is very similar to Rapid Vaults. Both are streamlined and easy to
 
 ### Non-Comparative Software
 
-Rapid Vaults is not similar to tools like RbNaCl or Hashicorp's Vault. RbNaCl offers advanced encryption techniques by providing bindings to libsodium. Rapid Vaults relies upon AES-256-GCM (OpenSSL) or GPG's algorithms (RSA, SHA-512, etc.). Hashicorp's Vault is Enterprise level software with many powerful features and conveniences. Rapid Vaults is a lightweight and narrowly focused tool.
+Rapid Vaults is not similar to tools like RbNaCl or Hashicorp's Vault. RbNaCl offers advanced encryption techniques by providing bindings to libsodium. Rapid Vaults relies upon AES-256-GCM (OpenSSL) or GPG's algorithms (RSA, SHA-512, etc.). Hashicorp's Vault is Enterprise level software with many powerful features and conveniences. Rapid Vaults is a lightweight and narrowly focused tool. However, Rapid Vaults can be considered algorithmically very similar to Vault's Transit secret engine.
 
 ## Usage
 
@@ -50,11 +49,11 @@ usage: rapid-vaults [options] file
 
 #### Encrypt File with SSL
 
-`rapid-vaults -e -k cert.key -n nonce.txt -p secret -o /output/dir unencrypted.txt`
+`rapid-vaults -e -k key.txt -n nonce.txt -p secret -o /output/dir unencrypted.txt`
 
 #### Decrypt a File with SSL
 
-`rapid-vaults -d -k cert.key -n nonce.txt -t tag.txt -p secret -o /output/dir encrypted.txt`
+`rapid-vaults -d -k key.txt -n nonce.txt -t tag.txt -p secret -o /output/dir encrypted.txt`
 
 #### Generate Keys with GPG
 This is the only situation where a `--gpgparams` flag and argument is required or utilized. The file provided as the argument should look like the following:
@@ -97,8 +96,7 @@ Currently you set the path to the keys and other files via the environment varia
 ```ruby
 require 'rapid-vaults'
 
-options = {}
-options[:action] = :generate
+options = { action: :generate }
 key, nonce = RapidVaults::API.main(options)
 File.write('key.txt', key)
 File.write('nonce.txt', nonce)
@@ -109,12 +107,13 @@ File.write('nonce.txt', nonce)
 ```ruby
 require 'rapid-vaults'
 
-options = {}
-options[:action] = :encrypt
-options[:file] = '/path/to/data.txt'
-options[:key] = '/path/to/cert.key'
-options[:nonce] = '/path/to/nonce.txt'
-options[:pw] = File.read('/path/to/password.txt') # optional
+options = {
+  action: :encrypt,
+  file: '/path/to/data.txt',
+  key: '/path/to/key.txt',
+  nonce: '/path/to/nonce.txt',
+  pw: File.read('/path/to/password.txt') # optional
+}
 encrypted_contents, tag = RapidVaults::API.main(options)
 ```
 
@@ -123,13 +122,14 @@ encrypted_contents, tag = RapidVaults::API.main(options)
 ```ruby
 require 'rapid-vaults'
 
-options = {}
-options[:action] = :decrypt
-options[:file] = '/path/to/encrypted_data.txt'
-options[:key] = '/path/to/cert.key'
-options[:nonce] = '/path/to/nonce.txt'
-options[:tag] = '/path/to/tag.txt'
-options[:pw] = File.read('/path/to/password.txt') # optional
+options = {
+  action: :decrypt,
+  file: '/path/to/encrypted_data.txt',
+  key: '/path/to/key.txt',
+  nonce: '/path/to/nonce.txt',
+  tag: '/path/to/tag.txt',
+  pw: File.read('/path/to/password.txt') # optional
+}
 decrypted_contents = RapidVaults::API.main(options)
 ```
 
@@ -139,10 +139,11 @@ require 'rapid-vaults'
 
 ENV['GNUPGHOME'] = '/home/alice/.gnupg'
 
-options = {}
-options[:action] = :generate
-options[:algorithm] = :gpgme
-options[:gpgparams] = File.read('gpgparams.txt')
+options = {
+  action: :generate,
+  algorithm: :gpgme,
+  gpgparams: File.read('gpgparams.txt')
+}
 RapidVaults::API.main(options)
 ```
 
@@ -169,11 +170,12 @@ require 'rapid-vaults'
 
 ENV['GNUPGHOME'] = '/home/bob/.gnupg' # optional
 
-options = {}
-options[:action] = :encrypt
-options[:algorithm] = :gpgme
-options[:file] = '/path/to/data.txt'
-options[:pw] = File.read('/path/to/password.txt')
+options = {
+  action: :encrypt,
+  algorithm: :gpgme,
+  file: '/path/to/data.txt',
+  pw: File.read('/path/to/password.txt')
+}
 encrypted_contents = RapidVaults::API.main(options)
 ```
 
@@ -184,14 +186,23 @@ require 'rapid-vaults'
 
 ENV['GNUPGHOME'] = '/home/chris/.gnupg' # optional
 
-options = {}
-options[:action] = :decrypt
-options[:algorithm] = :gpgme
-options[:file] = '/path/to/encrypted_data.txt'
-options[:pw] = File.read('/path/to/password.txt')
+options = {
+  action: :decrypt,
+  algorithm: :gpgme,
+  file: '/path/to/encrypted_data.txt',
+  pw: File.read('/path/to/password.txt')
+}
 decrypted_contents = RapidVaults::API.main(options)
 ```
 
+### Docker
+
+A supported [Docker image](https://hub.docker.com/r/matthewschuchard/rapid-vaults) of Rapid-Vaults is now available from the public Docker Hub registry. Please consult the repository documentation for further usage information.
+
+### gRPC
+
+forthcoming
+
 ### Ansible
 
 forthcoming

data/lib/rapid-vaults/api.rb

@@ -1,17 +1,16 @@
-require_relative '../rapid-vaults'
+require_relative '../rapid_vaults'
 
 # provides an application programming interface to interact with rapid vaults
 class RapidVaults::API
   # lightweight api
   def self.main(settings)
-    # parse settings for api and run RapidVaults with specified settings
+    # parse pass-by-value settings for api and run RapidVaults with specified settings
     RapidVaults.new.main(parse(settings))
   end
 
-  # parse api options
+  # parse api options; this is mostly here for unit testing
   def self.parse(settings)
     # establish settings for api and denote using api
-    settings[:ui] = :api
-    settings
+    settings.merge({ ui: :api })
   end
 end

data/lib/rapid-vaults/binding.rb

@@ -1,10 +1,14 @@
 # class to output bindings with other software
 class Binding
+  # bindings matrix consts
+  CRYPT = %w[gpg ssl].freeze
+  ACTION = %w[encrypt decrypt].freeze
+
   # outputs puppet bindings
   def self.puppet(settings)
     # output puppet bindings to output directory
-    %w[gpg ssl].each do |algo|
-      %w[encrypt decrypt].each do |action|
+    CRYPT.each do |algo|
+      ACTION.each do |action|
         content = File.read("#{__dir__}/bindings/puppet_#{algo}_#{action}.rb")
         File.write("#{settings[:outdir]}puppet_#{algo}_#{action}.rb", content)
       end

data/lib/rapid-vaults/bindings/chef.rb

@@ -2,31 +2,32 @@ require 'rapid-vaults'
 
 # returns key, nonce
 def ssl_generate
-  options = {}
-  options[:action] = :generate
+  options = { action: :generate }
   RapidVaults::API.main(options)
 end
 
 # returns encrypted_contents, tag
 def ssl_encrypt
-  options = {}
-  options[:action] = :encrypt
-  options[:file] = '/path/to/data.txt'
-  options[:key] = '/path/to/cert.key'
-  options[:nonce] = '/path/to/nonce.txt'
-  options[:pw] = File.read('/path/to/password.txt') # optional
+  options = {
+    action: :encrypt,
+    file: '/path/to/data.txt',
+    key: '/path/to/key.txt',
+    nonce: '/path/to/nonce.txt',
+    pw: File.read('/path/to/password.txt') # optional
+  }
   RapidVaults::API.main(options)
 end
 
 # returns decrypted_contents
 def ssl_decrypt
-  options = {}
-  options[:action] = :decrypt
-  options[:file] = '/path/to/encrypted_data.txt'
-  options[:key] = '/path/to/cert.key'
-  options[:nonce] = '/path/to/nonce.txt'
-  options[:tag] = '/path/to/tag.txt'
-  options[:pw] = File.read('/path/to/password.txt') # optional
+  options = {
+    action: :decrypt,
+    file: '/path/to/encrypted_data.txt',
+    key: '/path/to/key.txt',
+    nonce: '/path/to/nonce.txt',
+    tag: '/path/to/tag.txt',
+    pw: File.read('/path/to/password.txt') # optional
+  }
   RapidVaults::API.main(options)
 end
 
@@ -34,10 +35,11 @@ end
 def gpg_generate
   ENV['GNUPGHOME'] = '/home/alice/.gnupg'
 
-  options = {}
-  options[:action] = :generate
-  options[:algorithm] = :gpgme
-  options[:gpgparams] = File.read('gpgparams.txt')
+  options = {
+    action: :generate,
+    algorithm: :gpgme,
+    gpgparams: File.read('gpgparams.txt')
+  }
   RapidVaults::API.main(options)
 end
 
@@ -45,11 +47,12 @@ end
 def gpg_encrypt
   ENV['GNUPGHOME'] = '/home/bob/.gnupg'
 
-  options = {}
-  options[:action] = :encrypt
-  options[:algorithm] = :gpgme
-  options[:file] = '/path/to/data.txt'
-  options[:pw] = File.read('/path/to/password.txt')
+  options = {
+    action: :encrypt,
+    algorithm: :gpgme,
+    file: '/path/to/data.txt',
+    pw: File.read('/path/to/password.txt')
+  }
   RapidVaults::API.main(options)
 end
 
@@ -57,10 +60,11 @@ end
 def gpg_decrypt
   ENV['GNUPGHOME'] = '/home/chris/.gnupg'
 
-  options = {}
-  options[:action] = :decrypt
-  options[:algorithm] = :gpgme
-  options[:file] = '/path/to/encrypted_data.txt'
-  options[:pw] = File.read('/path/to/password.txt')
+  options = {
+    action: :decrypt,
+    algorithm: :gpgme,
+    file: '/path/to/encrypted_data.txt',
+    pw: File.read('/path/to/password.txt')
+  }
   RapidVaults::API.main(options)
 end

data/lib/rapid-vaults/bindings/puppet_gpg_decrypt.rb

@@ -1,5 +1,5 @@
 # mymodule/lib/puppet/functions/gpg_decrypt.rb
-Puppet::Functions.create_function(:'gpg_decrypt') do
+Puppet::Functions.create_function(:gpg_decrypt) do
   # Decrypts a file with GnuPG.
   # @param [String] file The file to decrypt.
   # @param [String] gpghome The path to the GnuPG home directory containing the credentials.

data/lib/rapid-vaults/bindings/puppet_gpg_encrypt.rb

@@ -1,5 +1,5 @@
 # mymodule/lib/puppet/functions/gpg_encrypt.rb
-Puppet::Functions.create_function(:'gpg_encrypt') do
+Puppet::Functions.create_function(:gpg_encrypt) do
   # Encrypts a file with GnuPG.
   # @param [String] file The file to encrypt.
   # @param [String] gpghome The path to the GnuPG home directory containing the credentials.

data/lib/rapid-vaults/bindings/puppet_ssl_decrypt.rb

@@ -1,5 +1,5 @@
 # mymodule/lib/puppet/functions/ssl_decrypt.rb
-Puppet::Functions.create_function(:'ssl_decrypt') do
+Puppet::Functions.create_function(:ssl_decrypt) do
   # Decrypts a file with OpenSSL.
   # @param [String] file The file to decrypt.
   # @param [String] key The key file to use for decryption.
@@ -25,10 +25,11 @@ Puppet::Functions.create_function(:'ssl_decrypt') do
       raise 'Rapid Vaults is required to be installed on the puppet master to use this custom function!'
     end
 
-    if password_file.nil?
-      RapidVaults::API.main(action: :decrypt, file: file, key: key, nonce: nonce, tag: tag)
-    else
-      RapidVaults::API.main(action: :encrypt, file: file, key: key, nonce: nonce, tag: tag, pw: File.read(password_file))
-    end
+    # initialize settings
+    settings = { action: :decrypt, file: file, key: key, nonce: nonce, tag: tag }
+    # update settings with password if input
+    settings[pw: File.read(password_file)] unless password_file.nil?
+
+    RapidVaults::API.main(settings)
   end
 end

data/lib/rapid-vaults/bindings/puppet_ssl_encrypt.rb

@@ -1,5 +1,5 @@
 # mymodule/lib/puppet/functions/ssl_encrypt.rb
-Puppet::Functions.create_function(:'ssl_encrypt') do
+Puppet::Functions.create_function(:ssl_encrypt) do
   # Encrypts a file with OpenSSL.
   # @param [String] file The file to encrypt.
   # @param [String] key The key file to use for encryption.
@@ -23,12 +23,14 @@ Puppet::Functions.create_function(:'ssl_encrypt') do
       raise 'Rapid Vaults is required to be installed on the puppet master to use this custom function!'
     end
 
-    hash = {}
-    if password_file.nil?
-      hash[:encrypted_contents], hash[:tag] = RapidVaults::API.main(action: :encrypt, file: file, key: key, nonce: nonce)
-    else
-      hash[:encrypted_contents], hash[:tag] = RapidVaults::API.main(action: :encrypt, file: file, key: key, nonce: nonce, pw: File.read(password_file))
-    end
-    hash
+    # initialize settings and return
+    settings = { action: :encrypt, file: file, key: key, nonce: nonce }
+    return_hash = {}
+    # update settings with password if input
+    settings[pw: File.read(password_file)] unless password_file.nil?
+
+    return_hash[:encrypted_contents], return_hash[:tag] = RapidVaults::API.main(settings)
+
+    return_hash
   end
 end

data/lib/rapid-vaults/bindings/rapid_vaults_pb.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: rapid_vaults.proto
+
+require 'google/protobuf'
+
+
+descriptor_data = "\n\x12rapid_vaults.proto\x12\x0brapidvaults\"\x0b\n\tGenInputs\"(\n\nGenOutputs\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05nonce\x18\x02 \x01(\t\"I\n\x0bUnencrypted\x12\x0c\n\x04text\x18\x01 \x01(\t\x12\x0b\n\x03key\x18\x02 \x01(\t\x12\r\n\x05nonce\x18\x03 \x01(\t\x12\x10\n\x08password\x18\x04 \x01(\t\"&\n\tEncrypted\x12\x0c\n\x04text\x18\x01 \x01(\t\x12\x0b\n\x03tag\x18\x02 \x01(\t\"V\n\x0bUndecrypted\x12\x0c\n\x04text\x18\x01 \x01(\t\x12\x0b\n\x03key\x18\x02 \x01(\t\x12\r\n\x05nonce\x18\x03 \x01(\t\x12\x0b\n\x03tag\x18\x04 \x01(\t\x12\x10\n\x08password\x18\x05 \x01(\t\"\x19\n\tDecrypted\x12\x0c\n\x04text\x18\x01 \x01(\t2\x99\x03\n\x0bRapidVaults\x12@\n\x0bSSLGenerate\x12\x16.rapidvaults.GenInputs\x1a\x17.rapidvaults.GenOutputs\"\x00\x12@\n\x0bGPGGenerate\x12\x16.rapidvaults.GenInputs\x1a\x17.rapidvaults.GenOutputs\"\x00\x12@\n\nSSLEncrypt\x12\x18.rapidvaults.Unencrypted\x1a\x16.rapidvaults.Encrypted\"\x00\x12@\n\nGPGEncrypt\x12\x18.rapidvaults.Unencrypted\x1a\x16.rapidvaults.Encrypted\"\x00\x12@\n\nSSLDecrypt\x12\x18.rapidvaults.Undecrypted\x1a\x16.rapidvaults.Decrypted\"\x00\x12@\n\nGPGDecrypt\x12\x18.rapidvaults.Undecrypted\x1a\x16.rapidvaults.Decrypted\"\x00\x62\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+pool.add_serialized_file(descriptor_data)
+
+module Rapidvaults
+  GenInputs = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("rapidvaults.GenInputs").msgclass
+  GenOutputs = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("rapidvaults.GenOutputs").msgclass
+  Unencrypted = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("rapidvaults.Unencrypted").msgclass
+  Encrypted = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("rapidvaults.Encrypted").msgclass
+  Undecrypted = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("rapidvaults.Undecrypted").msgclass
+  Decrypted = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("rapidvaults.Decrypted").msgclass
+end

data/lib/rapid-vaults/bindings/rapid_vaults_services_pb.rb

@@ -0,0 +1,33 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: rapid_vaults.proto for package 'rapidvaults'
+
+require 'grpc'
+require_relative 'rapid_vaults_pb'
+
+module Rapidvaults
+  module RapidVaults
+    class Service
+
+      include ::GRPC::GenericService
+
+      self.marshal_class_method = :encode
+      self.unmarshal_class_method = :decode
+      self.service_name = 'rapidvaults.RapidVaults'
+
+      # generate SSL key and nonce
+      rpc :SSLGenerate, ::Rapidvaults::GenInputs, ::Rapidvaults::GenOutputs
+      # generate GPG key and nonce
+      rpc :GPGGenerate, ::Rapidvaults::GenInputs, ::Rapidvaults::GenOutputs
+      # encrypt with SSL
+      rpc :SSLEncrypt, ::Rapidvaults::Unencrypted, ::Rapidvaults::Encrypted
+      # encrypt with GPG
+      rpc :GPGEncrypt, ::Rapidvaults::Unencrypted, ::Rapidvaults::Encrypted
+      # decrypt with SSL
+      rpc :SSLDecrypt, ::Rapidvaults::Undecrypted, ::Rapidvaults::Decrypted
+      # decrypt with GPG
+      rpc :GPGDecrypt, ::Rapidvaults::Undecrypted, ::Rapidvaults::Decrypted
+    end
+
+    Stub = Service.rpc_stub_class
+  end
+end

data/lib/rapid-vaults/cli.rb

@@ -1,4 +1,4 @@
-require_relative '../rapid-vaults'
+require_relative '../rapid_vaults'
 
 # provides a command line interface to interact with rapid vaults
 class RapidVaults::CLI
@@ -6,7 +6,7 @@ class RapidVaults::CLI
   def self.main(args)
     # parse args in cli and denote using cli
     settings = parse(args)
-    if settings[:action] == :encrypt || settings[:action] == :decrypt
+    if %i[encrypt decrypt].include?(settings[:action])
       args.empty? ? (raise 'rapid-vaults: no file specified; try using --help') : settings[:file] = args.first
     end
 
@@ -22,10 +22,8 @@ class RapidVaults::CLI
     # show help message if no args specified
     args = %w[-h] if args.empty?
 
-    # init settings
-    settings = {}
-    # specify cli being used
-    settings[:ui] = :cli
+    # init settings with cli setting
+    settings = { ui: :cli }
 
     opt_parser = OptionParser.new do |opts|
       # usage
@@ -33,7 +31,9 @@ class RapidVaults::CLI
 
       # base options
       opts.on('--version', 'Display the current version.') do
-        puts 'rapid-vaults 1.1.2'
+        require 'rubygems'
+
+        puts Gem::Specification.load("#{File.dirname(__FILE__)}/../../rapid-vaults.gemspec").version
         exit 0
       end
 
@@ -51,7 +51,7 @@ class RapidVaults::CLI
       opts.on('-t', '--tag tag', String, 'Tag file to be used for decryption (GPG: n/a).') { |arg| settings[:tag] = arg }
       opts.on('-p', '--password password', String, '(optional) Password to be used for encryption or decryption (GPG: required).') { |arg| settings[:pw] = arg }
       opts.on('-f', '--file-password password.txt', String, '(optional) Text file containing a password to be used for encryption or decryption (GPG: required).') do |arg|
-        raise "Password file #{arg} is not an existing file!" unless File.file?(arg)
+        raise "Password file #{arg} is not an existing readable file!" unless File.readable?(arg)
         settings[:pw] = File.read(arg)
       end
 
@@ -63,7 +63,7 @@ class RapidVaults::CLI
 
       # other
       opts.on('--gpgparams params.txt', String, 'GPG Key params input file used during generation of keys.') do |arg|
-        raise "GPG Parameters file #{arg} is not an existing file!" unless File.file?(arg)
+        raise "GPG Parameters file #{arg} is not an existing readable file!" unless File.readable?(arg)
         settings[:gpgparams] = File.read(arg)
       end
       opts.on('-o --outdir', String, 'Optional output directory for generated files (default: pwd). (GPG: optional)') do |arg|

data/lib/rapid-vaults/decrypt.rb

@@ -4,9 +4,6 @@ class Decrypt
   def self.openssl(settings)
     require 'openssl'
 
-    # check tag size
-    raise 'Tag is not 16 bytes.' unless settings[:tag].bytesize == 16
-
     # setup the decryption parameters
     decipher = OpenSSL::Cipher.new('aes-256-gcm').decrypt
     decipher.key = settings[:key]
@@ -15,11 +12,12 @@ class Decrypt
     decipher.auth_data = settings.key?(:pw) ? settings[:pw] : ''
 
     # output the decryption
-    if settings[:ui] == :cli
+    case settings[:ui]
+    when :cli
       # output to file
       File.write("#{settings[:outdir]}decrypted.txt", decipher.update(settings[:file]) + decipher.final)
       puts "Your decrypted.txt has been written out to #{settings[:outdir]}."
-    elsif settings[:ui] == :api
+    when :api
       # output to string
       decipher.update(settings[:file]) + decipher.final
     end
@@ -30,18 +28,19 @@ class Decrypt
     require 'gpgme'
 
     # check if GPGHOME env was set
-    puts "Environment variable 'GNUPGHOME' was not set. Files in #{ENV['HOME']}/.gnupg will be used for authentication." unless ENV['GNUPGHOME']
+    puts "Environment variable 'GNUPGHOME' was not set. Files in #{Dir.home}/.gnupg will be used for authentication." unless ENV.fetch('GNUPGHOME', false)
 
     # setup the decryption parameters
     encrypted = GPGME::Data.new(settings[:file])
     crypto = GPGME::Crypto.new(armor: true, pinentry_mode: GPGME::PINENTRY_MODE_LOOPBACK)
 
     # output the decryption
-    if settings[:ui] == :cli
+    case settings[:ui]
+    when :cli
       # output to file
       File.write("#{settings[:outdir]}decrypted.txt", crypto.decrypt(encrypted, password: settings[:pw]).read)
       puts "Your decrypted.txt has been written out to #{settings[:outdir]}."
-    elsif settings[:ui] == :api
+    when :api
       # output to string
       crypto.decrypt(encrypted, password: settings[:pw]).read
     end

data/lib/rapid-vaults/encrypt.rb

@@ -11,13 +11,14 @@ class Encrypt
     cipher.auth_data = settings.key?(:pw) ? settings[:pw] : ''
 
     # output the encryption and associated tag
-    if settings[:ui] == :cli
+    case settings[:ui]
+    when :cli
       # output to file
       File.write("#{settings[:outdir]}encrypted.txt", cipher.update(settings[:file]) + cipher.final)
       File.write("#{settings[:outdir]}tag.txt", cipher.auth_tag)
       puts "Your encrypted.txt and associated tag.txt for this encryption have been generated in #{settings[:outdir]}."
-    elsif settings[:ui] == :api
-      # output to array
+    when :api
+      # return as array
       [cipher.update(settings[:file]) + cipher.final, cipher.auth_tag]
     end
   end
@@ -27,18 +28,19 @@ class Encrypt
     require 'gpgme'
 
     # check if GPGHOME env was set
-    puts "Environment variable 'GNUPGHOME' was not set. Files in #{ENV['HOME']}/.gnupg will be used for authentication." unless ENV['GNUPGHOME']
+    puts "Environment variable 'GNUPGHOME' was not set. Files in #{Dir.home}/.gnupg will be used for authentication." unless ENV.fetch('GNUPGHOME', false)
 
     # setup the encryption parameters
     crypto = GPGME::Crypto.new(armor: true, pinentry_mode: GPGME::PINENTRY_MODE_LOOPBACK)
 
     # output the encryption and associated tag
-    if settings[:ui] == :cli
+    case settings[:ui]
+    when :cli
       # output to file
       File.write("#{settings[:outdir]}encrypted.txt", crypto.encrypt(settings[:file], symmetric: true, password: settings[:pw]).read)
-      puts "Your encrypted.txt for this encryption have been generated in #{settings[:outdir]}."
-    elsif settings[:ui] == :api
-      # output to string
+      puts "Your encrypted.txt for this encryption has been generated in #{settings[:outdir]}."
+    when :api
+      # return as string
       crypto.encrypt(settings[:file], symmetric: true, password: settings[:pw]).read
     end
   end

data/lib/rapid-vaults/generate.rb

@@ -7,13 +7,14 @@ class Generate
     # setup parameters
     cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
 
-    if settings[:ui] == :cli
+    case settings[:ui]
+    when :cli
       # output to file
       File.write("#{settings[:outdir]}key.txt", cipher.random_key)
       File.write("#{settings[:outdir]}nonce.txt", cipher.random_iv)
       puts "Your key.txt and nonce.txt have been generated in #{settings[:outdir]}."
-    elsif settings[:ui] == :api
-      # output to string
+    when :api
+      # return as array
       [cipher.random_key, cipher.random_iv]
     end
   end
@@ -23,10 +24,10 @@ class Generate
     require 'gpgme'
 
     # ensure we have a place to store these output files
-    raise 'Environment variable "GNUPGHOME" was not set.' unless ENV['GNUPGHOME']
+    raise 'Environment variable "GNUPGHOME" was not set.' unless ENV.fetch('GNUPGHOME', false)
 
     # create gpg keys
     GPGME::Ctx.new.generate_key(settings[:gpgparams], nil, nil)
-    puts "Your GPG keys have been generated in #{ENV['GNUPGHOME']}." if settings[:ui] == :cli
+    puts "Your GPG keys have been generated in #{ENV.fetch['GNUPGHOME']}." if settings[:ui] == :cli
   end
 end