rapid-vaults 1.1.2 → 1.3.0

data/lib/rapid-vaults/grpc.rb

@@ -0,0 +1,77 @@
+require_relative '../rapid_vaults'
+require_relative 'bindings/rapid_vaults_services_pb'
+
+# provides a grpc server
+class RapidVaults::GRPC < Rapidvaults::RapidVaults::Service
+  # start the server
+  def server(addr = '0.0.0.0:8080')
+    server = GRPC::RpcServer.new
+    server.add_http2_port(addr, :this_port_is_insecure)
+    server.handle(RapidVaults.new)
+    server.run_till_terminated
+  end
+
+  # grpc api for generate openssl
+  def ssl_generate(geninputs, _call)
+    settings = geninputs.to_hash
+    settings_process(settings)
+    Generate.openssl(settings)
+  end
+
+  # grpc api for generate gpg
+  def gpg_generate(geninputs, _call)
+    settings = geninputs.to_hash
+    settings_process(settings)
+    Generate.gpgme(settings)
+  end
+
+  # grpc api for encrypt ssl
+  def ssl_encrypt(unencrypted, _call)
+    settings = {}
+    settings[:file] = unencrypted.text
+    settings[:key] = unencrypted.key
+    settings[:nonce] = unencrypted.nonce
+    settings[:pw] = unencrypted.password
+    settings_process(settings)
+    Encrypt.openssl(settings)
+  end
+
+  # grpc api for encrypt gpg
+  def gpg_encrypt(unencrypted, _call)
+    settings = {}
+    settings[:file] = unencrypted.text
+    settings[:pw] = unencrypted.password
+    settings_process(settings)
+    Encrypt.gpgme(settings)
+  end
+
+  # grpc api for ssl decrypt
+  def ssl_decrypt(undecrypted, _call)
+    settings = {}
+    settings[:file] = undecrypted.text
+    settings[:key] = undecrypted.key
+    settings[:nonce] = undecrypted.nonce
+    settings[:tag] = undecrypted.tag
+    settings[:pw] = undecrypted.password
+    settings_process(settings)
+    Decrypt.openssl(settings)
+  end
+
+  # grpc api for gpg decrypt
+  def gpg_decrypt(undecrypted, _call)
+    settings = {}
+    settings[:file] = undecrypted.text
+    settings[:pw] = undecrypted.password
+    settings_process(settings)
+    Decrypt.gpgme(settings)
+  end
+
+  private
+
+  # helper method
+  def settings_process(settings)
+    settings[:ui] = :api
+    RapidVaults.process(settings)
+    settings
+  end
+end

data/lib/{rapid-vaults.rb → rapid_vaults.rb}

@@ -7,11 +7,10 @@ require_relative 'rapid-vaults/binding'
 class RapidVaults
   # main runner for software
   def main(settings)
-    # process settings
+    # process settings via pass-by-reference
     self.class.process(settings)
 
     # execute desired action and algorithm via dynamic call
-    # public_send("#{settings[:action].capitalize}.#{settings[:algorithm]}".to_sym, settings)
     case settings[:action]
     when :generate then Generate.public_send(settings[:algorithm], settings)
     when :encrypt then Encrypt.public_send(settings[:algorithm], settings)
@@ -22,9 +21,9 @@ class RapidVaults
 
   # method for processing the settings and inputs
   def self.process(settings)
-    # :outdir only relevant for :cli
+    # default to openssl algorithm and `pwd` output directory
     if settings[:ui] == :cli
-      # default to openssl algorithm and `pwd` output directory
+      # :outdir only relevant for :cli
       settings[:outdir] ||= Dir.pwd
       settings[:outdir] += '/' unless settings[:outdir][-1] == '/'
     end
@@ -33,7 +32,7 @@ class RapidVaults
     settings[:algorithm] ||= :openssl
 
     # check for problems with arguments and inputs
-    public_send("process_#{settings[:algorithm]}".to_sym, settings)
+    public_send(:"process_#{settings[:algorithm]}", settings)
   end
 
   # processing openssl
@@ -50,13 +49,22 @@ class RapidVaults
     end
 
     # lambda for input processing
-    process_input = ->(input) { File.file?(settings[input]) ? settings[input] = File.read(settings[input]) : (raise "Input #{input} is not an existing file.") }
+    process_input = ->(input) { File.readable?(settings[input]) ? settings[input] = File.read(settings[input]) : (raise "Input file '#{settings[input]}' for argument '#{input}' is not an existing readable file.") }
 
     # check inputs and read in files
     raise 'Password must be a string.' if settings.key?(:pw) && !settings[:pw].is_a?(String)
     %i[file key nonce].each(&process_input)
-    # only decrypt needs a tag input
+
+    # validate key and nonce
+    raise 'The key is not a valid 32 byte key.' unless settings[:key].bytesize == 32
+    raise 'The nonce is not a valid 12 byte nonce.' unless settings[:nonce].bytesize == 12
+
+    # decrypt: check inputs and read in files, and validate encrypted and tag
+    return unless settings[:action] == :decrypt
     process_input.call(:tag) if settings[:action] == :decrypt
+
+    raise 'The encrypted data is not a valid multiple of 9 bytes.' unless (settings[:file].bytesize % 9).zero?
+    raise 'Tag is not 16 bytes.' unless settings[:tag].bytesize == 16
   end
 
   # processing gpgme
@@ -66,14 +74,12 @@ class RapidVaults
     case settings[:action]
     when :generate
       raise 'GPG params file argument required for generation.' unless settings.key?(:gpgparams)
-      return
     when :decrypt, :encrypt
+      # check inputs and read in files
       raise 'File and password arguments required for encryption or decryption.' unless settings.key?(:file) && settings.key?(:pw)
+      raise 'Password must be a string.' unless settings[:pw].is_a?(String)
+      settings[:file] = File.readable?(settings[:file]) ? File.read(settings[:file]) : (raise "Input file '#{settings[:file]}' for argument 'file' is not an existing readable file.")
     else raise 'Action must be one of generate, encrypt, or decrypt.'
     end
-
-    # check inputs and read in files
-    raise 'Password must be a string.' unless settings[:pw].is_a?(String)
-    File.file?(settings[:file]) ? settings[:file] = File.read(settings[:file]) : (raise 'Input file is not an existing file.')
   end
 end

data/lib/rapid_vaults.rbs

@@ -0,0 +1,40 @@
+# Classes
+class Binding
+  CRYPT: [String, String]
+  ACTION: [String, String]
+
+  def self.puppet: (Hash[Symbol, untyped]) -> nil
+  def self.chef: (Hash[Symbol, untyped]) -> nil
+end
+
+class Decrypt
+  def self.openssl: (Hash[Symbol, untyped]) -> String?
+  def self.gpgme: (Hash[Symbol, untyped]) -> String?
+end
+
+class Encrypt
+  def self.openssl: (Hash[Symbol, untyped]) -> [String, String]?
+  def self.gpgme: (Hash[Symbol, untyped]) -> String?
+end
+
+class Generate
+  def self.openssl: (Hash[Symbol, untyped]) -> [String, String]?
+  def self.gpgme: (Hash[Symbol, untyped]) -> nil
+end
+
+class RapidVaults
+  def main: (Hash[Symbol, untyped]) -> nil
+  def self.process: (Hash[Symbol, untyped]) -> nil
+  def self.process_openssl: (Hash[Symbol, untyped]) -> nil
+  def self.process_gpgme: (Hash[Symbol, untyped]) -> nil
+
+  class API
+    def self.main: (Hash[Symbol, untyped]) -> nil
+    def self.parse: (Hash[Symbol, untyped]) -> Hash[Symbol, untyped]
+  end
+
+  class CLI
+    def self.main: ([String]) -> Integer
+    def self.parse: ([String]) -> Hash[Symbol, untyped]
+  end
+end

data/rapid-vaults.gemspec

@@ -0,0 +1,23 @@
+Gem::Specification.new do |spec|
+  spec.name          = 'rapid-vaults'
+  spec.version       = '1.3.0'
+  spec.authors       = ['Matt Schuchard']
+  spec.description   = 'Ad-hoc encrypt and decrypt data behind multiple layers of protection via OpenSSL or GPG.'
+  spec.summary       = 'Ad-hoc encrypt and decrypt data.'
+  spec.homepage      = 'https://www.github.com/mschuchard/rapid-vaults'
+  spec.license       = 'MIT'
+
+  spec.files         = Dir['bin/**/*', 'lib/**/*', 'spec/**/*', 'CHANGELOG.md', 'LICENSE.md', 'README.md', 'rapid-vaults.gemspec']
+  spec.executables   = spec.files.grep(%r{^bin/}) { |file| File.basename(file) }
+  spec.require_paths = Dir['lib']
+
+  spec.required_ruby_version = '>= 2.6.0'
+  spec.add_dependency 'gpgme', '~> 2.0'
+  spec.add_development_dependency 'grpc', '~> 1.0'
+  spec.add_development_dependency 'grpc-tools', '~> 1.0'
+  spec.add_development_dependency 'rake', '~> 13.0'
+  spec.add_development_dependency 'reek', '~> 6.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rubocop', '~> 1.0'
+  spec.add_development_dependency 'rubocop-performance', '~> 1.0'
+end

data/spec/rapid-vaults/cli_spec.rb

@@ -22,10 +22,10 @@ describe RapidVaults::CLI do
       expect(RapidVaults::CLI.parse(%w[-b puppet -o .])).to eq(ui: :cli, action: :binding, binding: :puppet, outdir: '.')
     end
     it 'raises an error for a nonexistent password file' do
-      expect { RapidVaults::CLI.parse(%w[-f /nopasswordhere]) }.to raise_error('Password file /nopasswordhere is not an existing file!')
+      expect { RapidVaults::CLI.parse(%w[-f /nopasswordhere]) }.to raise_error('Password file /nopasswordhere is not an existing readable file!')
     end
     it 'raises an error for a nonexistent gpg parameters file' do
-      expect { RapidVaults::CLI.parse(%w[--gpgparams /foo/bar]) }.to raise_error('GPG Parameters file /foo/bar is not an existing file!')
+      expect { RapidVaults::CLI.parse(%w[--gpgparams /foo/bar]) }.to raise_error('GPG Parameters file /foo/bar is not an existing readable file!')
     end
     it 'raises an error for a nonexistent output directory' do
       expect { RapidVaults::CLI.parse(%w[-o /foo/bar/baz]) }.to raise_error('The output directory /foo/bar/baz does not exist or is not a directory!')

data/spec/rapid-vaults/decrypt_spec.rb

@@ -4,8 +4,13 @@ require_relative '../../lib/rapid-vaults/decrypt'
 
 describe Decrypt do
   context '.openssl' do
+    require 'openssl'
+    cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
+    key = cipher.random_key
+    nonce = cipher.random_iv
+
     before(:all) do
-      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
+      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: key, nonce: nonce)
     end
 
     after(:all) do
@@ -13,41 +18,35 @@ describe Decrypt do
     end
 
     it 'outputs a decrypted file with the key, nonce, and tag from the cli' do
-      Decrypt.openssl(ui: :cli, file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: File.read('tag.txt'))
+      Decrypt.openssl(ui: :cli, file: File.read('encrypted.txt'), key: key, nonce: nonce, tag: File.read('tag.txt'))
       expect(File.file?('decrypted.txt')).to be true
       expect(File.read('decrypted.txt')).to eq("foo: bar\n")
     end
     it 'outputs decrypted content with the key, nonce, and tag from the api' do
-      decrypt = Decrypt.openssl(ui: :api, file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: File.read('tag.txt'))
+      decrypt = Decrypt.openssl(ui: :api, file: File.read('encrypted.txt'), key: key, nonce: nonce, tag: File.read('tag.txt'))
       expect(decrypt).to be_a(String)
       expect(decrypt).to eq("foo: bar\n")
     end
-    it 'raises an error for an invalid tag size' do
-      expect { Decrypt.openssl(file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: "�a����e�O_H|�\n") }.to raise_error('Tag is not 16 bytes.')
-    end
   end
 
-  # travis ci cannot support non-interactive gpg encryption
-  unless File.directory?('/home/travis')
-    context '.gpgme' do
-      before(:all) do
-        Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
-      end
+  context '.gpgme' do
+    before(:all) do
+      Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
+    end
 
-      after(:all) do
-        %w[encrypted.txt decrypted.txt].each { |file| File.delete(file) }
-      end
+    after(:all) do
+      %w[encrypted.txt decrypted.txt].each { |file| File.delete(file) }
+    end
 
-      it 'outputs a decrypted file with the key from the cli' do
-        Decrypt.gpgme(ui: :cli, file: File.read('encrypted.txt'), key: '', pw: 'foo')
-        expect(File.file?('decrypted.txt')).to be true
-        expect(File.read('decrypted.txt')).to eq("foo: bar\n")
-      end
-      it 'outputs decrypted content with the key from the api' do
-        decrypt = Decrypt.gpgme(ui: :api, file: File.read('encrypted.txt'), key: '', pw: 'foo')
-        expect(decrypt).to be_a(String)
-        expect(decrypt).to eq("foo: bar\n")
-      end
+    it 'outputs a decrypted file with the key from the cli' do
+      Decrypt.gpgme(ui: :cli, file: File.read('encrypted.txt'), key: '', pw: 'foo')
+      expect(File.file?('decrypted.txt')).to be true
+      expect(File.read('decrypted.txt')).to eq("foo: bar\n")
+    end
+    it 'outputs decrypted content with the key from the api' do
+      decrypt = Decrypt.gpgme(ui: :api, file: File.read('encrypted.txt'), key: '', pw: 'foo')
+      expect(decrypt).to be_a(String)
+      expect(decrypt).to eq("foo: bar\n")
     end
   end
 end

data/spec/rapid-vaults/encrypt_spec.rb

@@ -3,40 +3,42 @@ require_relative '../../lib/rapid-vaults/encrypt'
 
 describe Encrypt do
   context '.openssl' do
+    require 'openssl'
+    cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
+    key = cipher.random_key
+    nonce = cipher.random_iv
+
     after(:all) do
       %w[tag.txt encrypted.txt].each { |file| File.delete(file) }
     end
 
     it 'outputs an encrypted file with the key and nonce from the cli' do
-      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
+      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: key, nonce: nonce)
       expect(File.file?('tag.txt')).to be true
       expect(File.file?('encrypted.txt')).to be true
     end
     it 'outputs an encrypted file with the key, nonce, and password from the cli' do
-      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', pw: 'password')
+      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: key, nonce: nonce, pw: 'password')
       expect(File.file?('tag.txt')).to be true
       expect(File.file?('encrypted.txt')).to be true
     end
     it 'outputs an array of encrypted content and tag with the key and nonce from the api' do
-      encrypt = Encrypt.openssl(ui: :api, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
+      encrypt = Encrypt.openssl(ui: :api, file: "foo: bar\n", key: key, nonce: nonce)
       expect(encrypt).to be_a(Array)
+      expect(encrypt.length).to eq(2)
       expect(encrypt[0]).to be_a(String)
       expect(encrypt[1]).to be_a(String)
-      expect(encrypt.length).to eq(2)
     end
   end
 
-  # travis ci cannot support non-interactive gpg encryption
-  unless File.directory?('/home/travis')
-    context '.gpgme' do
-      it 'outputs an encrypted file with the key from the cli' do
-        Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
-        expect(File.file?('encrypted.txt')).to be true
-      end
-      it 'outputs a string of encrypted content with the key from the api' do
-        encrypt = Encrypt.gpgme(ui: :api, file: "foo: bar\n", key: '', pw: 'foo')
-        expect(encrypt).to be_a(String)
-      end
+  context '.gpgme' do
+    it 'outputs an encrypted file with the key from the cli' do
+      Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
+      expect(File.file?('encrypted.txt')).to be true
+    end
+    it 'outputs a string of encrypted content with the key from the api' do
+      encrypt = Encrypt.gpgme(ui: :api, file: "foo: bar\n", key: '', pw: 'foo')
+      expect(encrypt).to be_a(String)
     end
   end
 end

data/spec/rapid-vaults/generate_spec.rb

@@ -17,9 +17,9 @@ describe Generate do
     it 'outputs an array with the key and nonce from the api' do
       generate = Generate.openssl(ui: :api)
       expect(generate).to be_a(Array)
+      expect(generate.length).to eq(2)
       expect(generate[0]).to be_a(String)
       expect(generate[1]).to be_a(String)
-      expect(generate.length).to eq(2)
     end
   end
 
@@ -27,24 +27,21 @@ describe Generate do
     it 'raises an error for a missing GNUPGHOME variable' do
       expect { Generate.gpgme(gpgparams: File.read("#{fixtures_dir}/gpgparams.txt")) }.to raise_error('Environment variable "GNUPGHOME" was not set.')
     end
-    # travis ci cannot support non-interactive gpg
-    unless File.directory?('/home/travis')
-      it 'generates the key files' do
-        require 'fileutils'
+    it 'generates the key files' do
+      require 'fileutils'
 
-        ENV['GNUPGHOME'] = fixtures_dir
+      ENV['GNUPGHOME'] = fixtures_dir
 
-        Generate.gpgme(gpgparams: File.read("#{fixtures_dir}/gpgparams.txt"))
-        %w[trustdb.gpg pubring.kbx pubring.kbx~].each do |file|
-          expect(File.file?("#{fixtures_dir}/#{file}")).to be true
-          File.delete("#{fixtures_dir}/#{file}")
-        end
-        %w[openpgp-revocs.d private-keys-v1.d].each do |dir|
-          expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true
-          FileUtils.rm_r("#{fixtures_dir}/#{dir}")
-        end
-        %w[S.gpg-agent random_seed].each { |file| File.delete("#{fixtures_dir}/#{file}") if File.exist?(file) }
+      Generate.gpgme(gpgparams: File.read("#{fixtures_dir}/gpgparams.txt"))
+      %w[trustdb.gpg pubring.kbx pubring.kbx~].each do |file|
+        expect(File.file?("#{fixtures_dir}/#{file}")).to be true
+        File.delete("#{fixtures_dir}/#{file}")
+      end
+      %w[openpgp-revocs.d private-keys-v1.d].each do |dir|
+        expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true
+        FileUtils.rm_r("#{fixtures_dir}/#{dir}")
       end
+      %w[S.gpg-agent random_seed].each { |file| File.delete("#{fixtures_dir}/#{file}") if File.file?(file) }
     end
   end
 end

data/spec/rapid-vaults/grpc_spec.rb

@@ -0,0 +1,50 @@
+require_relative '../../lib/rapid-vaults/grpc'
+
+# TODO: use RapidVaults::GRPC.server instead?
+
+# stub = Rapidvaults::RapidVaults::Stub.new('localhost:0.0.0.0:8080', :this_channel_is_insecure)
+describe GRPC do
+  context '.Stub' do
+    it 'starts a rapaid-vaults api local server' do
+      expect { Rapidvaults::RapidVaults::Stub.new('localhost:0.0.0.0:8080', :this_channel_is_insecure) }.not_to raise_error
+    end
+  end
+end
+
+# need to create class with encode member method to pass in as dummy
+# ssl generate
+# outputs = stub.ssl_generate('string')
+=begin
+puts outputs.key
+puts outputs.nonce
+
+# gpg generate
+stub.gpg_generate
+
+# ssl encrypt
+# TODO: unencrypted should be an object
+unencrypted.text = ''
+unencrypted.key = ''
+unencrypted.nonce = ''
+outputs = stub.ssl_encrypt(unencrypted)
+puts outputs.text
+puts outputs.tag
+
+# gpg encrypt
+unencrypted.text = ''
+unencrypted.password = ''
+puts stub.gpg_encrypt(unencrypted).text
+
+# ssl decrypt
+# TODO: undecrypted should be an object
+undecrypted.text = ''
+undecrypted.key = ''
+undecrypted.nonce = ''
+undecrypted.tag = ''
+puts stub.ssl_decrypt(undecrypted).text
+
+# gpg decrypt
+undecrypted.text = ''
+undecrypted.password = ''
+puts stub.gpg_decrypt(undecrypted).text
+=end

data/spec/rapid_vaults_spec.rb

@@ -0,0 +1,73 @@
+require_relative 'spec_helper'
+require_relative '../lib/rapid_vaults'
+
+describe RapidVaults do
+  context '.process' do
+    # prepare for support file validation tests
+    require 'securerandom'
+    before(:all) do
+      File.write('key_bad.txt', SecureRandom.random_bytes(64).strip)
+      File.write('key_good.txt', SecureRandom.random_bytes(32).strip)
+      File.write('nonce_bad.txt', SecureRandom.random_bytes(24).strip)
+      File.write('nonce_good.txt', SecureRandom.random_bytes(12).strip)
+      File.write('tag_bad.txt', SecureRandom.random_bytes(24).strip)
+      File.write('tag_good.txt', SecureRandom.random_bytes(16).strip)
+      File.write('encrypted_bad.txt', SecureRandom.random_bytes(16).strip)
+      File.write('encrypted_good.txt', '')
+    end
+
+    after(:all) do
+      %w[key nonce tag encrypted].each { |file| File.delete("#{file}_bad.txt", "#{file}_good.txt") }
+    end
+
+    it 'raises an error for a non-string password with openssl' do
+      expect { RapidVaults.process(action: :encrypt, file: 'a', key: 'b', nonce: 'c', pw: 1) }.to raise_error('Password must be a string.')
+    end
+    it 'raises an error for a non-string password with gpgme' do
+      expect { RapidVaults.process(action: :encrypt, file: 'a', key: 'b', nonce: 'c', pw: 1) }.to raise_error('Password must be a string.')
+    end
+    it 'raises an error for a missing argument to generate with gpgme' do
+      expect { RapidVaults.process(algorithm: :gpgme, action: :generate) }.to raise_error('GPG params file argument required for generation.')
+    end
+    it 'raises an error for a missing argument to encrypt with openssl' do
+      expect { RapidVaults.process(action: :encrypt, file: 'a', key: 'b') }.to raise_error('File, key, and nonce arguments are required for encryption.')
+    end
+    it 'raises an error for a missing argument to decrypt with openssl' do
+      expect { RapidVaults.process(action: :decrypt, file: 'a', key: 'b', nonce: 'c') }.to raise_error('File, key, nonce, and tag arguments are required for decryption.')
+    end
+    it 'raises an error for a missing argument to decrypt with gpgme' do
+      expect { RapidVaults.process(algorithm: :gpgme, action: :decrypt, file: 'a') }.to raise_error('File and password arguments required for encryption or decryption.')
+    end
+    it 'raises an error for a missing action with openssl' do
+      expect { RapidVaults.process(file: 'a', key: 'b', nonce: 'c', tag: 'd') }.to raise_error('Action must be one of generate, encrypt, or decrypt.')
+    end
+    it 'raises an error for a missing action with gpgme' do
+      expect { RapidVaults.process(algorithm: :gpgme, file: 'a', key: 'b') }.to raise_error('Action must be one of generate, encrypt, or decrypt.')
+    end
+    it 'raises an error for a nonexistent input file with openssl' do
+      expect { RapidVaults.process(action: :encrypt, file: 'a', key: 'b', nonce: 'c', tag: 'd') }.to raise_error('Input file \'a\' for argument \'file\' is not an existing readable file.')
+    end
+    it 'raises an error for a nonexistent input file with gpgme' do
+      expect { RapidVaults.process(algorithm: :gpgme, action: :encrypt, file: 'a', pw: 'password') }.to raise_error('Input file \'a\' for argument \'file\' is not an existing readable file.')
+    end
+    it 'raises an error for an invalid key size' do
+      expect { RapidVaults.process(action: :encrypt, file: "#{fixtures_dir}file.yaml", key: 'key_bad.txt', nonce: 'nonce_good.txt') }.to raise_error('The key is not a valid 32 byte key.')
+    end
+    it 'raises an error for an invalid nonce size' do
+      expect { RapidVaults.process(action: :encrypt, file: "#{fixtures_dir}file.yaml", key: 'key_good.txt', nonce: 'nonce_bad.txt') }.to raise_error('The nonce is not a valid 12 byte nonce.')
+    end
+    it 'raises an error for an invalid tag size' do
+      expect { RapidVaults.process(action: :decrypt, file: 'encrypted_good.txt', key: 'key_good.txt', nonce: 'nonce_good.txt', tag: 'tag_bad.txt') }.to raise_error('Tag is not 16 bytes.')
+    end
+    it 'raises an error for corrupted encrypted file content' do
+      expect { RapidVaults.process(action: :decrypt, file: 'encrypted_bad.txt', key: 'key_good.txt', nonce: 'nonce_good.txt', tag: 'tag_good.txt') }.to raise_error('The encrypted data is not a valid multiple of 9 bytes.')
+    end
+    it 'reads in all input files correctly for openssl encryption' do
+      expect { RapidVaults.process(action: :decrypt, file: 'encrypted_good.txt', key: 'key_good.txt', nonce: 'nonce_good.txt', tag: 'tag_good.txt', pw: 'password') }.not_to raise_exception
+    end
+    it 'reads in all input files correctly for gpgme decryption' do
+      dummy = "#{fixtures_dir}file.yaml"
+      expect { RapidVaults.process(algorithm: :gpgme, action: :decrypt, file: dummy, pw: 'password') }.not_to raise_exception
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -4,7 +4,7 @@ require 'rspec'
 module Variables
   extend RSpec::SharedContext
 
-  let(:fixtures_dir) { File.dirname(__FILE__) + '/fixtures/' }
+  let(:fixtures_dir) { "#{File.dirname(__FILE__)}/fixtures/" }
 end
 
 RSpec.configure do |config|

data/spec/system/system_spec.rb

@@ -7,13 +7,13 @@ describe RapidVaults do
     require 'fileutils'
 
     %w[key.txt nonce.txt tag.txt encrypted.txt decrypted.txt chef.rb puppet_gpg_decrypt.rb puppet_gpg_encrypt.rb puppet_ssl_decrypt.rb puppet_ssl_encrypt.rb].each { |file| File.delete(file) }
-    unless File.directory?('/home/travis')
-      %w[random_seed pubring.kbx trustdb.gpg pubring.kbx~ S.gpg-agent].each { |file| File.delete(file) }
+    unless ENV['CIRCLECI'] == 'true' || ENV['GITHUB_ACTIONS'] == 'true'
+      %w[random_seed pubring.kbx trustdb.gpg pubring.kbx~].each { |file| File.delete(file) }
       %w[openpgp-revocs.d private-keys-v1.d].each { |dir| FileUtils.rm_r(dir) }
     end
   end
 
-  context 'executed as a system from the CLI with settings and a file to be processed' do
+  context 'executed with openssl algorithm as a system from the CLI with settings and a file to be processed' do
     it 'generates key and nonce, encrypts a file, and then decrypts a file in order' do
       # generate and utilize files inside suitable directory
       Dir.chdir(fixtures_dir)
@@ -35,7 +35,7 @@ describe RapidVaults do
     end
   end
 
-  context 'executed as a system from the API with settings and a file to be processed' do
+  context 'executed with openssl algorithm as a system from the API with settings and a file to be processed' do
     it 'generates key and nonce, encrypts a file, and then decrypts a file in order' do
       # generate and utilize files inside suitable directory
       Dir.chdir(fixtures_dir)
@@ -59,17 +59,15 @@ describe RapidVaults do
     end
   end
 
-  # travis ci cannot support non-interactive gpg encryption
-  unless File.directory?('/home/travis')
-    context 'executed wtih gpg as a system from the CLI with settings and a file to be processed' do
+  # ci platforms cannot support end-to-end gpg generate/encrypt/decrypt
+  unless ENV['CIRCLECI'] == 'true' || ENV['GITHUB_ACTIONS'] == 'true'
+    context 'executed wtih gpg algorithm as a system from the CLI with settings and a file to be processed' do
       it 'encrypts a file and then decrypts a file in order' do
         ENV['GNUPGHOME'] = fixtures_dir
 
         # generate and utilize files inside suitable directory
         Dir.chdir(fixtures_dir)
 
-        puts fixtures_dir
-
         # generate keys
         RapidVaults::CLI.main(%w[-g --gpg --gpgparams gpgparams.txt])
         %w[trustdb.gpg pubring.kbx pubring.kbx~].each { |file| expect(File.file?("#{fixtures_dir}/#{file}")).to be true }
@@ -86,7 +84,7 @@ describe RapidVaults do
       end
     end
 
-    context 'executed with gpg as a system from the API with settings and a file to be processed' do
+    context 'executed with gpg algorithm as a system from the API with settings and a file to be processed' do
       it 'encrypts a file and then decrypts a file in order' do
         ENV['GNUPGHOME'] = fixtures_dir
 
@@ -94,7 +92,7 @@ describe RapidVaults do
         Dir.chdir(fixtures_dir)
 
         # generate keys
-        RapidVaults::API.main(action: :generate, algorithm: :gpgme, gpgparams: File.read('gpgparams.txt'), ui: :cli)
+        RapidVaults::API.main(action: :generate, algorithm: :gpgme, gpgparams: File.read('gpgparams.txt'))
         %w[trustdb.gpg pubring.kbx pubring.kbx~].each { |file| expect(File.file?("#{fixtures_dir}/#{file}")).to be true }
         %w[openpgp-revocs.d private-keys-v1.d].each { |dir| expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true }