rapid-vaults 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d67262209d01142c67ff7d217f1cc967e6adeb4e
-  data.tar.gz: 3702f2c91fb43a52189ab806c7bd7fb6b74c6bf9
+  metadata.gz: 16da5a6fcd72e890b88a34822a8d0018c2349988
+  data.tar.gz: fe28a0e78364d8cf28d316937ca632758176ead0
 SHA512:
-  metadata.gz: f11460cc7949a564f78d17488a63e0751058833d69715e5153ec3ee45f934dc1c0c22c9a2acd666f7f9d590573bf5157c9f5b6561d89a46c587e7d16501e708d
-  data.tar.gz: 11e1eb5da4c8c61a7012e8f966866b6d4e0eb88aadd96a75f8bb1b1c30bcf90012f8e9a722355fa20edaf4268ce4fc68f9b6c71cd94a370791205f0cf4276485
+  metadata.gz: 81c8373c61e40e22fb1489f990d7e3b5ed344c12c3e9382f994d0a2c9bbdf3787cd396735761b8e3439ec9eaff9c97793ae16b2e8cea4f4448db7882eed518ce
+  data.tar.gz: 1df691acfd5120d5ba32669c5e5f03f221d34abd3f8b4fd2884b0b86e4913c294a31d0fb7541d74bd251651f88411fb4838091c557dc69b0e20786f8e4235c77

data/README.md

@@ -1,6 +1,4 @@
 # Rapid Vaults
-Currently in beta and can be used without expectation of support.
-
 [![Build Status](https://travis-ci.org/mschuchard/rapid-vaults.svg?branch=master)](https://travis-ci.org/mschuchard/rapid-vaults)
 
 - [Description](#description)
@@ -25,15 +23,20 @@ Rapid Vaults is not similar to tools like RbNaCl or Hashicorp's Vault. RbNaCl of
 
 ### CLI
 
+Note trailing information for each flag/argument for possible differences with utilizing GPG.
+
 ```
 usage: rapid-vaults [options] file
-    -g, --generate                   Generate a key and nonce for encryption and decryption.
-    -e, --encrypt                    Encrypt a file using a key and nonce and generate a tag.
-    -d, --decrypt                    Decrypt a file using a key, nonce, and tag.
+        --gpg                        Use GNUPG/GPG instead of GNUTLS/OpenSSL for encryption/decryption.
+    -g, --generate                   Generate a key and nonce for encryption and decryption (GPG: n/a).
+    -e, --encrypt                    Encrypt a file using a key and nonce and generate a tag (GPG: key only).
+    -d, --decrypt                    Decrypt a file using a key, nonce, and tag (GPG: key only).
     -k, --key key                    Key file to be used for encryption or decryption.
-    -n, --nonce nonce                Nonce file to be used for encryption or decryption.
-    -t, --tag tag                    Tag file to be used for decryption.
-    -p, --password password          (optional) Password to be used for encryption or decryption.
+    -n, --nonce nonce                Nonce file to be used for encryption or decryption (GPG: n/a).
+    -t, --tag tag                    Tag file to be used for decryption (GPG: n/a).
+    -p, --password password          (optional) Password to be used for encryption or decryption (GPG: required).').
+    -f, --file-password password.txt (optional) Text file containing a password to be used for encryption or decryption (GPG: required).').
+    --gpgparams                      GPG Key params input file used during generation of keys.
 ```
 
 #### Generate Key and Nonce
@@ -47,9 +50,38 @@ usage: rapid-vaults [options] file
 
 `rapid-vaults -d -k cert.key -n nonce.txt -t tag.txt -p secret encrypted.txt`
 
+#### Generate Key with GPG
+This is the only situation where a `--gpgparams` flag and argument is required or utilized. The file provided as the argument should look like the following:
+
+```
+<GnupgKeyParms format="internal">
+Key-Type: DSA
+Key-Length: 1024
+Subkey-Type: ELG-E
+Subkey-Length: 1024
+Name-Real: Joe Tester
+Name-Comment: with stupid passphrase
+Name-Email: joe@foo.bar
+Expire-Date: 0
+Passphrase: abc
+</GnupgKeyParms>
+```
+
+The environment variable `GNUPGHOME` must be set in the shell prior to generating the keys (`export GNUPGHOME=`). This establishes the home directory for the keys and support files. This should normally be a `/user_home_dir/.gnupg`.
+
+#### Encrypt File with GPG
+Currently you set the path to the keys and other files via the environment variable `GNUPGHOME` prior to executing. Otherwise, the code will look in the default directory for the current user.
+
+`rapid-vaults --gpg -e -p password unencrypted.txt`
+
+#### Decrypt a File with GPG
+Currently you set the path to the keys and other files via the environment variable `GNUPGHOME` prior to executing. Otherwise, the code will look in the default directory for the current user.
+
+`rapid-vaults --gpg -d -p password encrypted.txt`
+
 ### API
 
-#### Generate Key and Nonce
+#### Generate SSL Key and Nonce
 
 ```ruby
 require 'rapid-vaults'
@@ -57,6 +89,8 @@ require 'rapid-vaults'
 options = {}
 options[:action] = :generate
 key, nonce = RapidVaults::API.main(options)
+File.write('key.txt', key)
+File.write('nonce.txt', nonce)
 ```
 
 #### Encrypt with SSL
@@ -88,6 +122,65 @@ options[:pw] = File.read('/path/to/password.txt') # optional
 decrypted_contents = RapidVaults::API.main(options)
 ```
 
+#### Generate GPG Keys
+```ruby
+require 'rapid-vaults'
+
+ENV['GNUPGHOME'] = '/home/alice/.gnupg'
+
+options = {}
+options[:action] = :generate
+options[:algorithm] = :gpgme
+options[:gpgparams] = gpgparams: File.read('gpgparams.txt')
+RapidVaults::API.main(options)
+```
+
+The `:gpgparams` string should look like the following:
+
+```
+<GnupgKeyParms format="internal">
+Key-Type: DSA
+Key-Length: 1024
+Subkey-Type: ELG-E
+Subkey-Length: 1024
+Name-Real: Joe Tester
+Name-Comment: with stupid passphrase
+Name-Email: joe@foo.bar
+Expire-Date: 0
+Passphrase: abc
+</GnupgKeyParms>
+```
+
+#### Encrypt with GPG
+
+```ruby
+require 'rapid-vaults'
+
+ENV['GNUPGHOME'] = '/home/bob/.gnupg'
+
+options = {}
+options[:action] = :encrypt
+options[:algorithm] = :gpgme
+options[:file] = '/path/to/data.txt'
+options[:pw] = File.read('/path/to/password.txt')
+encrypted_contents = RapidVaults::API.main(options)
+```
+
+#### Decrypt with GPG
+
+```ruby
+require 'rapid-vaults'
+
+ENV['GNUPGHOME'] = '/home/chris/.gnupg'
+
+options = {}
+options[:action] = :decrypt
+options[:algorithm] = :gpgme
+options[:file] = '/path/to/data.txt'
+options[:pw] = File.read('/path/to/password.txt')
+decrypted_contents = RapidVaults::API.main(options)
+```
+
 ## Contributing
 Code should pass all spec tests. New features should involve new spec tests. Adherence to Rubocop and Reek is expected where not overly onerous or where the check is of dubious cost/benefit.
 

data/lib/rapid-vaults/api.rb

@@ -4,17 +4,15 @@ require_relative '../rapid-vaults'
 class RapidVaults::API
   # lightweight api
   def self.main(settings)
-    # parse settings in api and denote using api
-    RapidVaults.settings = parse(settings)
-
-    # run RapidVaults with specified file
-    RapidVaults.new.main
+    # parse settings for api and run RapidVaults with specified settings
+    RapidVaults.new.main(parse(settings))
   end
 
   # parse api options
   def self.parse(settings)
-    # establish settings for api
+    # establish settings for api and denote using api
     settings[:ui] = :api
+    settings[:algorithm] = :openssl unless settings.key?(:algorithm)
     settings
   end
 end

data/lib/rapid-vaults/cli.rb

@@ -5,13 +5,13 @@ class RapidVaults::CLI
   # point of entry from executable
   def self.main(args)
     # parse args in cli and denote using cli
-    parse(args)
-    unless RapidVaults.settings[:action] == :generate
-      args.empty? ? (raise 'rapid-vaults: no file specified; try using --help') : RapidVaults.settings[:file] = args.first
+    settings = parse(args)
+    unless settings[:action] == :generate
+      args.empty? ? (raise 'rapid-vaults: no file specified; try using --help') : settings[:file] = args.first
     end
 
     # run RapidVaults with specified file
-    RapidVaults.new.main
+    RapidVaults.new.main(settings)
     0
   end
 
@@ -22,26 +22,44 @@ class RapidVaults::CLI
     # show help message if no args specified
     args = %w[-h] if args.empty?
 
+    # init settings
+    settings = {}
     # specify cli being used
-    RapidVaults.settings[:ui] = :cli
+    settings[:ui] = :cli
+    # default to openssl algorithm
+    settings[:algorithm] = :openssl
 
     opt_parser = OptionParser.new do |opts|
       # usage
       opts.banner = 'usage: rapid-vaults [options] file'
 
+      # base options
+      opts.on('--version', 'Display the current version.') do
+        puts 'rapid-vaults 1.1.0'
+        exit 0
+      end
+
+      # use gpg instead
+      opts.on('--gpg', 'Use GNUPG/GPG instead of GNUTLS/OpenSSL for encryption/decryption.') { settings[:algorithm] = :gpgme }
+
       # generate, encrypt, or decrypt
-      opts.on('-g', '--generate', 'Generate a key and nonce for encryption and decryption.') { RapidVaults.settings[:action] = :generate }
-      opts.on('-e', '--encrypt', 'Encrypt a file using a key and nonce and generate a tag.') { RapidVaults.settings[:action] = :encrypt }
-      opts.on('-d', '--decrypt', 'Decrypt a file using a key, nonce, and tag.') { RapidVaults.settings[:action] = :decrypt }
+      opts.on('-g', '--generate', 'Generate a key and nonce for encryption and decryption (GPG: n/a).') { settings[:action] = :generate }
+      opts.on('-e', '--encrypt', 'Encrypt a file using a key and nonce and generate a tag (GPG: key only).') { settings[:action] = :encrypt }
+      opts.on('-d', '--decrypt', 'Decrypt a file using a key, nonce, and tag (GPG: key only).') { settings[:action] = :decrypt }
 
       # key, nonce, password, and tag
-      opts.on('-k', '--key key', String, 'Key file to be used for encryption or decryption.') { |arg| RapidVaults.settings[:key] = arg }
-      opts.on('-n', '--nonce nonce', String, 'Nonce file to be used for encryption or decryption.') { |arg| RapidVaults.settings[:nonce] = arg }
-      opts.on('-t', '--tag tag', String, 'Tag file to be used for decryption.') { |arg| RapidVaults.settings[:tag] = arg }
-      opts.on('-p', '--password password', String, '(optional) Password to be used for encryption or decryption.') { |arg| RapidVaults.settings[:pw] = arg }
-      opts.on('-f', '--file-password password.txt', String, '(optional) Text file containing a password to be used for encryption or decryption.') { |arg| RapidVaults.settings[:pw] = File.read(arg) }
+      opts.on('-k', '--key key', String, 'Key file to be used for encryption or decryption.') { |arg| settings[:key] = arg }
+      opts.on('-n', '--nonce nonce', String, 'Nonce file to be used for encryption or decryption (GPG: n/a).') { |arg| settings[:nonce] = arg }
+      opts.on('-t', '--tag tag', String, 'Tag file to be used for decryption (GPG: n/a).') { |arg| settings[:tag] = arg }
+      opts.on('-p', '--password password', String, '(optional) Password to be used for encryption or decryption (GPG: required).') { |arg| settings[:pw] = arg }
+      opts.on('-f', '--file-password password.txt', String, '(optional) Text file containing a password to be used for encryption or decryption (GPG: required).') { |arg| settings[:pw] = File.read(arg) }
+
+      # gpg params file
+      opts.on('--gpgparams params.txt', String, 'GPG Key params input file used during generation of keys.') { |arg| settings[:gpgparams] = File.read(arg) }
     end
 
+    # parse args and return settings
     opt_parser.parse!(args)
+    settings
   end
 end

data/lib/rapid-vaults/decrypt.rb

@@ -1,9 +1,9 @@
-require 'openssl'
-
 # decrypts strings using supplied decryption settings
 class Decrypt
-  # decrypts a string
-  def self.main(settings)
+  # decrypts a string with openssl
+  def self.openssl(settings)
+    require 'openssl'
+
     # check tag size
     raise 'Tag is not 16 bytes.' unless settings[:tag].bytesize == 16
 
@@ -14,7 +14,7 @@ class Decrypt
     decipher.auth_tag = settings[:tag]
     decipher.auth_data = settings.key?(:pw) ? settings[:pw] : ''
 
-    # output the decrypted file
+    # output the decryption
     if settings[:ui] == :cli
       # output to file
       File.write('decrypted.txt', decipher.update(settings[:file]) + decipher.final)
@@ -24,4 +24,23 @@ class Decrypt
       decipher.update(settings[:file]) + decipher.final
     end
   end
+
+  # decrypts a string with gpgme
+  def self.gpgme(settings)
+    require 'gpgme'
+
+    # setup the decryption parameters
+    encrypted = GPGME::Data.new(settings[:file])
+    crypto = GPGME::Crypto.new(armor: true, pinentry_mode: GPGME::PINENTRY_MODE_LOOPBACK)
+
+    # output the decryption
+    if settings[:ui] == :cli
+      # output to file
+      File.write('decrypted.txt', crypto.decrypt(encrypted, password: settings[:pw]).read)
+      puts 'Your decrypted.txt has been written out to the current directory.'
+    elsif settings[:ui] == :api
+      # output to string
+      crypto.decrypt(encrypted, password: settings[:pw]).read
+    end
+  end
 end

data/lib/rapid-vaults/encrypt.rb

@@ -1,16 +1,16 @@
-require 'openssl'
-
 # encrypts strings using supplied encryption settings
 class Encrypt
-  # encrypts a string
-  def self.main(settings)
+  # encrypts a string with openssl
+  def self.openssl(settings)
+    require 'openssl'
+
     # setup the encryption parameters
     cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
     cipher.key = settings[:key]
     cipher.iv = settings[:nonce]
     cipher.auth_data = settings.key?(:pw) ? settings[:pw] : ''
 
-    # output the encrypted file and associated tag
+    # output the encryption and associated tag
     if settings[:ui] == :cli
       # output to file
       File.write('encrypted.txt', cipher.update(settings[:file]) + cipher.final)
@@ -21,4 +21,22 @@ class Encrypt
       [cipher.update(settings[:file]) + cipher.final, cipher.auth_tag]
     end
   end
+
+  # encrypts a string with gpgme
+  def self.gpgme(settings)
+    require 'gpgme'
+
+    # setup the encryption parameters
+    crypto = GPGME::Crypto.new(armor: true, pinentry_mode: GPGME::PINENTRY_MODE_LOOPBACK)
+
+    # output the encryption and associated tag
+    if settings[:ui] == :cli
+      # output to file
+      File.write('encrypted.txt', crypto.encrypt(settings[:file], symmetric: true, password: settings[:pw]).read)
+      puts 'Your encrypted.txt for this encryption have been generated in your current directory.'
+    elsif settings[:ui] == :api
+      # output to string
+      crypto.encrypt(settings[:file], symmetric: true, password: settings[:pw]).read
+    end
+  end
 end

data/lib/rapid-vaults/generate.rb

@@ -1,11 +1,12 @@
-require 'openssl'
-require_relative '../rapid-vaults'
-
 # generates files necessary for encryption and decryption
 class Generate
   # generates a key and nonce
-  def self.main(settings)
+  def self.openssl(settings)
+    require 'openssl'
+
+    # setup parameters
     cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
+
     if settings[:ui] == :cli
       # output to file
       File.write('key.txt', cipher.random_key)
@@ -16,4 +17,16 @@ class Generate
       [cipher.random_key, cipher.random_iv]
     end
   end
+
+  # generates a private and public key
+  def self.gpgme(settings)
+    require 'gpgme'
+
+    # ensure we have a place to store these output files
+    raise 'Environment variable GNUPGHOME was not set.' unless ENV['GNUPGHOME']
+
+    # create gpg keys
+    GPGME::Ctx.new.generate_key(settings[:gpgparams], nil, nil)
+    puts "Your GPG keys have been generated in #{ENV['GNUPGHOME']}." if settings[:ui] == :cli
+  end
 end

data/lib/rapid-vaults.rb

@@ -4,48 +4,52 @@ require_relative 'rapid-vaults/generate'
 
 # interfaces from cli/api, validates settings, and then distributes actions to appropriate classes
 class RapidVaults
-  # initialize settings hash
-  @settings = {}
-
-  # allow cli and api read/write access to settings with self since this is singleton
-  class << self
-    attr_accessor :settings
-  end
-
   # main runner for software
-  def main
-    # short circuit if we are generating
-    return Generate.main(self.class.settings) if self.class.settings[:action] == :generate
-
+  def main(settings)
     # process settings
-    self.class.process
+    self.class.process(settings)
 
-    # execute desired action via dynamic call
-    # public_send("#{self.class.settings[:action].capitalize}.main".to_sym)
-    case self.class.settings[:action]
-    when :encrypt then Encrypt.main(self.class.settings)
-    when :decrypt then Decrypt.main(self.class.settings)
+    # execute desired action and algorithm via dynamic call
+    # public_send("#{settings[:action].capitalize}.#{settings[:algorithm]}".to_sym)
+    case settings[:action]
+    when :generate then Generate.public_send(settings[:algorithm], settings)
+    when :encrypt then Encrypt.public_send(settings[:algorithm], settings)
+    when :decrypt then Decrypt.public_send(settings[:algorithm], settings)
     end
   end
 
   # method for processing the settings and inputs
-  def self.process
+  def self.process(settings)
     # check for problems with arguments
-    case @settings[:action]
-    when :encrypt
-      raise 'File, key, and nonce arguments are required for encryption.' unless @settings.key?(:file) && @settings.key?(:key) && @settings.key?(:nonce)
-    when :decrypt
-      raise 'File, key, nonce, and tag arguments are required for decryption.' unless @settings.key?(:file) && @settings.key?(:key) && @settings.key?(:nonce) && @settings.key?(:tag)
+    if settings[:algorithm] == :gpgme
+      case settings[:action]
+      when :generate
+        raise 'GPG params file argument required for generation.' unless settings.key?(:gpgparams)
+        return
+      when :decrypt, :encrypt
+        raise 'File and password arguments required for encryption or decryption.' unless settings.key?(:file) && settings.key?(:pw)
+      else raise 'Action must be one of generate, encrypt, or decrypt.'
+      end
     else
-      raise 'Action must be one of generate, encrypt, or decrypt.'
+      case settings[:action]
+      when :generate then return
+      when :encrypt
+        raise 'File, key, and nonce arguments are required for encryption.' unless settings.key?(:file) && settings.key?(:key) && settings.key?(:nonce)
+      when :decrypt
+        raise 'File, key, nonce, and tag arguments are required for decryption.' unless settings.key?(:file) && settings.key?(:key) && settings.key?(:nonce) && settings.key?(:tag)
+      else raise 'Action must be one of generate, encrypt, or decrypt.'
+      end
     end
 
     # check for problems with inputs and read in files
-    raise 'Password must be a string.' if @settings.key?(:pw) && !settings[:pw].is_a?(String)
-    File.file?(@settings[:file]) ? @settings[:file] = File.read(@settings[:file]) : (raise 'Input file is not an existing file.')
-    File.file?(@settings[:key]) ? @settings[:key] = File.read(@settings[:key]) : (raise 'Input key is not an existing file.')
-    File.file?(@settings[:nonce]) ? @settings[:nonce] = File.read(@settings[:nonce]) : (raise 'Input nonce is not an existing file.')
-    return unless @settings[:action] == :decrypt
-    File.file?(@settings[:tag]) ? @settings[:tag] = File.read(@settings[:tag]) : (raise 'Input tag is not an existing file.')
+    raise 'Password must be a string.' if settings.key?(:pw) && !settings[:pw].is_a?(String)
+    File.file?(settings[:file]) ? settings[:file] = File.read(settings[:file]) : (raise 'Input file is not an existing file.')
+    # gnugp only uses password and file
+    return if settings[:algorithm] == :gpgme
+    File.file?(settings[:key]) ? settings[:key] = File.read(settings[:key]) : (raise 'Input key is not an existing file.')
+    File.file?(settings[:nonce]) ? settings[:nonce] = File.read(settings[:nonce]) : (raise 'Input nonce is not an existing file.')
+    # only decrypt needs a tag input
+    return unless settings[:action] == :decrypt
+    File.file?(settings[:tag]) ? settings[:tag] = File.read(settings[:tag]) : (raise 'Input tag is not an existing file.')
   end
 end

data/spec/fixtures/gpgparams.txt

@@ -0,0 +1,11 @@
+<GnupgKeyParms format="internal">
+Key-Type: DSA
+Key-Length: 1024
+Subkey-Type: ELG-E
+Subkey-Length: 1024
+Name-Real: Joe Tester
+Name-Comment: with stupid passphrase
+Name-Email: joe@foo.bar
+Expire-Date: 0
+Passphrase: foo
+</GnupgKeyParms>

data/spec/rapid-vaults/api_spec.rb

@@ -4,13 +4,16 @@ require_relative '../../lib/rapid-vaults/api'
 describe RapidVaults::API do
   context '.parse' do
     it 'correctly parses the settings for encrypt' do
-      expect(RapidVaults::API.parse(action: :encrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', pw: 'secret')).to eq(ui: :api, action: :encrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', pw: 'secret')
+      expect(RapidVaults::API.parse(action: :encrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', pw: 'secret')).to eq(algorithm: :openssl, ui: :api, action: :encrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', pw: 'secret')
     end
     it 'correctly parses the settings for decrypt' do
-      expect(RapidVaults::API.parse(action: :decrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', pw: 'secret')).to eq(ui: :api, action: :decrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', pw: 'secret')
+      expect(RapidVaults::API.parse(action: :decrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', pw: 'secret')).to eq(algorithm: :openssl, ui: :api, action: :decrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', pw: 'secret')
     end
-    it 'correctly parses the settings for decrypt' do
-      expect(RapidVaults::API.parse(action: :generate)).to eq(ui: :api, action: :generate)
+    it 'correctly parses the settings for generate' do
+      expect(RapidVaults::API.parse(action: :generate)).to eq(algorithm: :openssl, ui: :api, action: :generate)
+    end
+    it 'correctly overrides the algorithm setting' do
+      expect(RapidVaults::API.parse(algorithm: :gpgme)).to eq(algorithm: :gpgme, ui: :api)
     end
   end
 end

data/spec/rapid-vaults/cli_spec.rb

@@ -3,18 +3,20 @@ require_relative '../../lib/rapid-vaults/cli'
 
 describe RapidVaults::CLI do
   context '.parse' do
+    it 'correctly parses the arguments for gpg' do
+      expect(RapidVaults::CLI.parse(%w[--gpg])).to eq(algorithm: :gpgme, ui: :cli)
+    end
     it 'correctly parses the user arguments for encrypt' do
-      RapidVaults::CLI.parse(%w[-e -k key.txt -n nonce.txt -p secret file.txt])
-      expect(RapidVaults.instance_variable_get(:@settings)).to eq(ui: :cli, action: :encrypt, key: 'key.txt', nonce: 'nonce.txt', pw: 'secret')
+      expect(RapidVaults::CLI.parse(%w[-e -k key.txt -n nonce.txt -p secret file.txt])).to eq(algorithm: :openssl, ui: :cli, action: :encrypt, key: 'key.txt', nonce: 'nonce.txt', pw: 'secret')
     end
     it 'correctly parses the arguments for decrypt' do
-      RapidVaults::CLI.parse(%w[-d -k key.txt -n nonce.txt -t tag.txt -p secret file.txt])
-      expect(RapidVaults.instance_variable_get(:@settings)).to eq(ui: :cli, action: :decrypt, key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', pw: 'secret')
+      expect(RapidVaults::CLI.parse(%w[-d -k key.txt -n nonce.txt -t tag.txt -p secret file.txt])).to eq(algorithm: :openssl, ui: :cli, action: :decrypt, key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', pw: 'secret')
+    end
+    it 'correctly parses the arguments for openssl generate' do
+      expect(RapidVaults::CLI.parse(%w[-g])).to eq(algorithm: :openssl, ui: :cli, action: :generate)
     end
-    it 'correctly parses the arguments for generate' do
-      RapidVaults.instance_variable_set(:@settings, {})
-      RapidVaults::CLI.parse(%w[-g])
-      expect(RapidVaults.instance_variable_get(:@settings)).to eq(ui: :cli, action: :generate)
+    it 'correctly parses the arguments for gpg generate' do
+      expect(RapidVaults::CLI.parse(%W[--gpg -g --gpgparams #{fixtures_dir}/file.yaml])).to eq(algorithm: :gpgme, ui: :cli, action: :generate, gpgparams: "foo: bar\n")
     end
   end
 end

data/spec/rapid-vaults/decrypt_spec.rb

@@ -3,27 +3,47 @@ require_relative '../../lib/rapid-vaults/encrypt'
 require_relative '../../lib/rapid-vaults/decrypt'
 
 describe Decrypt do
-  before(:all) do
-    Encrypt.main(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
-  end
-
   after(:all) do
     %w[tag.txt encrypted.txt decrypted.txt].each { |file| File.delete(file) }
   end
 
-  context '.decrypt' do
+  context '.openssl' do
+    before(:all) do
+      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
+    end
+
     it 'outputs a decrypted file with the key, nonce, and tag from the cli' do
-      Decrypt.main(ui: :cli, file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: File.read('tag.txt'))
+      Decrypt.openssl(ui: :cli, file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: File.read('tag.txt'))
       expect(File.file?('decrypted.txt')).to be true
       expect(File.read('decrypted.txt')).to eq("foo: bar\n")
     end
     it 'outputs decrypted content with the key, nonce, and tag from the api' do
-      decrypt = Decrypt.main(ui: :api, file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: File.read('tag.txt'))
+      decrypt = Decrypt.openssl(ui: :api, file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: File.read('tag.txt'))
       expect(decrypt).to be_a(String)
       expect(decrypt).to eq("foo: bar\n")
     end
     it 'raises an error for an invalid tag size' do
-      expect { Decrypt.main(file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: "�a����e�O_H|�\n") }.to raise_error('Tag is not 16 bytes.')
+      expect { Decrypt.openssl(file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: "�a����e�O_H|�\n") }.to raise_error('Tag is not 16 bytes.')
+    end
+  end
+
+  # travis ci cannot support non-interactive gpg encryption
+  unless File.directory?('/home/travis')
+    context '.gpgme' do
+      before(:all) do
+        Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
+      end
+
+      it 'outputs a decrypted file with the key from the cli' do
+        Decrypt.gpgme(ui: :cli, file: File.read('encrypted.txt'), key: '', pw: 'foo')
+        expect(File.file?('decrypted.txt')).to be true
+        expect(File.read('decrypted.txt')).to eq("foo: bar\n")
+      end
+      it 'outputs decrypted content with the key from the api' do
+        decrypt = Decrypt.gpgme(ui: :api, file: File.read('encrypted.txt'), key: '', pw: 'foo')
+        expect(decrypt).to be_a(String)
+        expect(decrypt).to eq("foo: bar\n")
+      end
     end
   end
 end

data/spec/rapid-vaults/encrypt_spec.rb

@@ -6,23 +6,37 @@ describe Encrypt do
     %w[tag.txt encrypted.txt].each { |file| File.delete(file) }
   end
 
-  context '.encrypt' do
+  context '.openssl' do
     it 'outputs an encrypted file with the key and nonce from the cli' do
-      Encrypt.main(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
+      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
       expect(File.file?('tag.txt')).to be true
       expect(File.file?('encrypted.txt')).to be true
     end
     it 'outputs an encrypted file with the key, nonce, and password from the cli' do
-      Encrypt.main(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', password: 'password')
+      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', pw: 'password')
       expect(File.file?('tag.txt')).to be true
       expect(File.file?('encrypted.txt')).to be true
     end
     it 'outputs an array of encrypted content and tag with the key and nonce from the api' do
-      encrypt = Encrypt.main(ui: :api, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
+      encrypt = Encrypt.openssl(ui: :api, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
       expect(encrypt).to be_a(Array)
       expect(encrypt[0]).to be_a(String)
       expect(encrypt[1]).to be_a(String)
       expect(encrypt.length).to eq(2)
     end
   end
+
+  # travis ci cannot support non-interactive gpg encryption
+  unless File.directory?('/home/travis')
+    context '.gpgme' do
+      it 'outputs an encrypted file with the key from the cli' do
+        Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
+        expect(File.file?('encrypted.txt')).to be true
+      end
+      it 'outputs a string of encrypted content with the key from the api' do
+        encrypt = Encrypt.gpgme(ui: :api, file: "foo: bar\n", key: '', pw: 'foo')
+        expect(encrypt).to be_a(String)
+      end
+    end
+  end
 end

data/spec/rapid-vaults/generate_spec.rb

@@ -1,25 +1,50 @@
 require_relative '../spec_helper'
 require_relative '../../lib/rapid-vaults/generate'
 
-describe RapidVaults do
-  after(:all) do
-    %w[key.txt nonce.txt].each { |file| File.delete(file) }
-  end
+describe Generate do
+  context '.openssl' do
+    after(:all) do
+      %w[key.txt nonce.txt].each { |file| File.delete(file) }
+    end
 
-  context '.generate' do
     it 'generates the key and nonce files from the cli' do
-      Generate.main(ui: :cli)
+      Generate.openssl(ui: :cli)
       expect(File.file?('key.txt')).to be true
       expect(File.file?('nonce.txt')).to be true
       expect(File.read('key.txt')).to be_a(String)
       expect(File.read('nonce.txt')).to be_a(String)
     end
     it 'outputs an array with the key and nonce from the api' do
-      generate = Generate.main(ui: :api)
+      generate = Generate.openssl(ui: :api)
       expect(generate).to be_a(Array)
       expect(generate[0]).to be_a(String)
       expect(generate[1]).to be_a(String)
       expect(generate.length).to eq(2)
     end
   end
+
+  context '.gpgme' do
+    it 'raises an error for a missing GNUPGHOME variable' do
+      expect { Generate.gpgme(gpgparams: File.read("#{fixtures_dir}/gpgparams.txt")) }.to raise_error('Environment variable GNUPGHOME was not set.')
+    end
+    # travis ci cannot support non-interactive gpg
+    unless File.directory?('/home/travis')
+      it 'generates the key files' do
+        require 'fileutils'
+
+        ENV['GNUPGHOME'] = fixtures_dir
+
+        Generate.gpgme(gpgparams: File.read("#{fixtures_dir}/gpgparams.txt"))
+        %w[trustdb.gpg pubring.kbx pubring.kbx~].each do |file|
+          expect(File.file?("#{fixtures_dir}/#{file}")).to be true
+          File.delete("#{fixtures_dir}/#{file}")
+        end
+        %w[openpgp-revocs.d private-keys-v1.d].each do |dir|
+          expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true
+          FileUtils.rm_r("#{fixtures_dir}/#{dir}")
+        end
+        %w[S.gpg-agent random_seed].each { |file| File.delete("#{fixtures_dir}/#{file}") if File.exist?(file) }
+      end
+    end
+  end
 end

data/spec/rapid-vaults_spec.rb

@@ -2,31 +2,34 @@ require_relative 'spec_helper'
 require_relative '../lib/rapid-vaults'
 
 describe RapidVaults do
-  #  let(:rapidvaults) { RapidVaults.new('fixtures/foo.yml', 'fixtures/key.txt', 'fixtures/nonce.txt', 'fixtures/tag.txt') }
-
   context '.process' do
-    it 'raises an error for a non-string password' do
-      RapidVaults.instance_variable_set(:@settings, action: :encrypt, file: 'a', key: 'b', nonce: 'c', pw: 1)
-      expect { RapidVaults.process }.to raise_error('Password must be a string.')
+    it 'raises an error for a non-string password with openssl' do
+      expect { RapidVaults.process(algorithm: :openssl, action: :encrypt, file: 'a', key: 'b', nonce: 'c', pw: 1) }.to raise_error('Password must be a string.')
+    end
+    it 'raises an error for a missing argument to encrypt with openssl' do
+      expect { RapidVaults.process(algorithm: :openssl, action: :encrypt, file: 'a', key: 'b') }.to raise_error('File, key, and nonce arguments are required for encryption.')
+    end
+    it 'raises an error for a missing argument to decrypt with openssl' do
+      expect { RapidVaults.process(algorithm: :openssl, action: :decrypt, file: 'a', key: 'b', nonce: 'c') }.to raise_error('File, key, nonce, and tag arguments are required for decryption.')
+    end
+    it 'raises an error for a missing argument to decrypt with gpgme' do
+      expect { RapidVaults.process(algorithm: :gpgme, action: :decrypt, file: 'a') }.to raise_error('File and password arguments required for encryption or decryption.')
     end
-    it 'raises an error for a missing argument to encrypt' do
-      RapidVaults.instance_variable_set(:@settings, action: :encrypt, file: 'a', key: 'b')
-      expect { RapidVaults.process }.to raise_error('File, key, and nonce arguments are required for encryption.')
+    it 'raises an error for a missing action with openssl' do
+      expect { RapidVaults.process(algorithm: :openssl, file: 'a', key: 'b', nonce: 'c', tag: 'd') }.to raise_error('Action must be one of generate, encrypt, or decrypt.')
     end
-    it 'raises an error for a missing argument to decrypt' do
-      RapidVaults.instance_variable_set(:@settings, action: :decrypt, file: 'a', key: 'b', nonce: 'c')
-      expect { RapidVaults.process }.to raise_error('File, key, nonce, and tag arguments are required for decryption.')
+    it 'raises an error for a missing action with gpgme' do
+      expect { RapidVaults.process(algorithm: :gpgme, file: 'a', key: 'b') }.to raise_error('Action must be one of generate, encrypt, or decrypt.')
     end
-    it 'raises an error for a missing action' do
-      RapidVaults.instance_variable_set(:@settings, file: 'a', key: 'b', nonce: 'c', tag: 'd')
-      expect { RapidVaults.process }.to raise_error('Action must be one of generate, encrypt, or decrypt.')
+    it 'raises an error for a missing argument to generate with gpgme' do
+      expect { RapidVaults.process(algorithm: :gpgme, action: :generate) }.to raise_error('GPG params file argument required for generation.')
     end
     it 'raises an error for a nonexistent input file' do
-      RapidVaults.instance_variable_set(:@settings, action: :encrypt, file: 'a', key: 'b', nonce: 'c', tag: 'd')
-      expect { RapidVaults.process }.to raise_error('Input file is not an existing file.')
+      expect { RapidVaults.process(algorithm: :openssl, action: :encrypt, file: 'a', key: 'b', nonce: 'c', tag: 'd') }.to raise_error('Input file is not an existing file.')
     end
     it 'reads in all input files correctly for decryption' do
-      #
+      dummy = fixtures_dir + 'file.yaml'
+      expect { RapidVaults.process(algorithm: :openssl, action: :encrypt, file: dummy, key: dummy, nonce: dummy, pw: 'password') }.not_to raise_exception
     end
   end
 end

data/spec/system/system_spec.rb

@@ -4,7 +4,13 @@ require_relative '../../lib/rapid-vaults/api'
 
 describe RapidVaults do
   after(:all) do
+    require 'fileutils'
+
     %w[key.txt nonce.txt tag.txt encrypted.txt decrypted.txt].each { |file| File.delete(file) }
+    unless File.directory?('/home/travis')
+      %w[S.gpg-agent random_seed pubring.kbx trustdb.gpg pubring.kbx~].each { |file| File.delete(file) }
+      %w[openpgp-revocs.d private-keys-v1.d].each { |dir| FileUtils.rm_r(dir) }
+    end
   end
 
   context 'executed as a system from the CLI with settings and a file to be processed' do
@@ -40,15 +46,68 @@ describe RapidVaults do
       expect(File.file?('nonce.txt')).to be true
 
       # generate encrypted file
-      encrypt, tag = RapidVaults::API.main(action: :encrypt, file: 'file.yaml', key: 'key.txt', nonce: 'nonce.txt', password: 'password')
+      encrypt, tag = RapidVaults::API.main(action: :encrypt, file: 'file.yaml', key: 'key.txt', nonce: 'nonce.txt', pw: 'foo')
       expect(encrypt).to be_a(String)
       expect(tag).to be_a(String)
 
       # generate decrypted file
       File.write('encrypted.txt', encrypt)
       File.write('tag.txt', tag)
-      decrypt = RapidVaults::API.main(action: :decrypt, file: 'encrypted.txt', key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', password: 'password')
+      decrypt = RapidVaults::API.main(action: :decrypt, file: 'encrypted.txt', key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', pw: 'foo')
+      expect(decrypt).to be_a(String)
       expect(decrypt).to eq("foo: bar\n")
     end
   end
+
+  # travis ci cannot support non-interactive gpg encryption
+  unless File.directory?('/home/travis')
+    context 'executed wtih gpg as a system from the CLI with settings and a file to be processed' do
+      it 'encrypts a file and then decrypts a file in order' do
+        ENV['GNUPGHOME'] = fixtures_dir
+
+        # generate and utilize files inside suitable directory
+        Dir.chdir(fixtures_dir)
+
+        puts fixtures_dir
+
+        # generate keys
+        RapidVaults::CLI.main(%w[-g --gpg --gpgparams gpgparams.txt])
+        %w[trustdb.gpg pubring.kbx pubring.kbx~].each { |file| expect(File.file?("#{fixtures_dir}/#{file}")).to be true }
+        %w[openpgp-revocs.d private-keys-v1.d].each { |dir| expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true }
+
+        # generate encrypted file
+        RapidVaults::CLI.main(%w[--gpg -e -p foo file.yaml])
+        expect(File.file?('encrypted.txt')).to be true
+
+        # generate decrypted file
+        RapidVaults::CLI.main(%w[--gpg -d -p foo encrypted.txt])
+        expect(File.file?('decrypted.txt')).to be true
+        expect(File.read('decrypted.txt')).to eq("foo: bar\n")
+      end
+    end
+
+    context 'executed with gpg as a system from the API with settings and a file to be processed' do
+      it 'encrypts a file and then decrypts a file in order' do
+        ENV['GNUPGHOME'] = fixtures_dir
+
+        # generate and utilize files inside suitable directory
+        Dir.chdir(fixtures_dir)
+
+        # generate keys
+        RapidVaults::API.main(action: :generate, algorithm: :gpgme, gpgparams: File.read('gpgparams.txt'), ui: :cli)
+        %w[trustdb.gpg pubring.kbx pubring.kbx~].each { |file| expect(File.file?("#{fixtures_dir}/#{file}")).to be true }
+        %w[openpgp-revocs.d private-keys-v1.d].each { |dir| expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true }
+
+        # generate encrypted file
+        encrypt = RapidVaults::API.main(algorithm: :gpgme, action: :encrypt, file: 'file.yaml', pw: 'password')
+        expect(encrypt).to be_a(String)
+
+        # generate decrypted file
+        File.write('encrypted.txt', encrypt)
+        decrypt = RapidVaults::API.main(algorithm: :gpgme, action: :decrypt, file: 'encrypted.txt', pw: 'password')
+        expect(decrypt).to be_a(String)
+        expect(decrypt).to eq("foo: bar\n")
+      end
+    end
+  end
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: rapid-vaults
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Matt Schuchard
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-18 00:00:00.000000000 Z
+date: 2018-05-18 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: gpgme
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -64,14 +78,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.51'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.51'
 description: Ad-hoc encrypt and decrypt data behind multiple layers of protection
   via OpenSSL or GPG.
 email: 
@@ -89,6 +103,7 @@ files:
 - lib/rapid-vaults/encrypt.rb
 - lib/rapid-vaults/generate.rb
 - spec/fixtures/file.yaml
+- spec/fixtures/gpgparams.txt
 - spec/rapid-vaults/api_spec.rb
 - spec/rapid-vaults/cli_spec.rb
 - spec/rapid-vaults/decrypt_spec.rb
@@ -123,6 +138,7 @@ specification_version: 4
 summary: Ad-hoc encrypt and decrypt data.
 test_files:
 - spec/fixtures/file.yaml
+- spec/fixtures/gpgparams.txt
 - spec/rapid-vaults/api_spec.rb
 - spec/rapid-vaults/cli_spec.rb
 - spec/rapid-vaults/decrypt_spec.rb