rapid-vaults 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +102 -9
- data/lib/rapid-vaults/api.rb +4 -6
- data/lib/rapid-vaults/cli.rb +31 -13
- data/lib/rapid-vaults/decrypt.rb +24 -5
- data/lib/rapid-vaults/encrypt.rb +23 -5
- data/lib/rapid-vaults/generate.rb +17 -4
- data/lib/rapid-vaults.rb +35 -31
- data/spec/fixtures/gpgparams.txt +11 -0
- data/spec/rapid-vaults/api_spec.rb +7 -4
- data/spec/rapid-vaults/cli_spec.rb +10 -8
- data/spec/rapid-vaults/decrypt_spec.rb +28 -8
- data/spec/rapid-vaults/encrypt_spec.rb +18 -4
- data/spec/rapid-vaults/generate_spec.rb +32 -7
- data/spec/rapid-vaults_spec.rb +20 -17
- data/spec/system/system_spec.rb +61 -2
- metadata +20 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 16da5a6fcd72e890b88a34822a8d0018c2349988
|
4
|
+
data.tar.gz: fe28a0e78364d8cf28d316937ca632758176ead0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 81c8373c61e40e22fb1489f990d7e3b5ed344c12c3e9382f994d0a2c9bbdf3787cd396735761b8e3439ec9eaff9c97793ae16b2e8cea4f4448db7882eed518ce
|
7
|
+
data.tar.gz: 1df691acfd5120d5ba32669c5e5f03f221d34abd3f8b4fd2884b0b86e4913c294a31d0fb7541d74bd251651f88411fb4838091c557dc69b0e20786f8e4235c77
|
data/README.md
CHANGED
@@ -1,6 +1,4 @@
|
|
1
1
|
# Rapid Vaults
|
2
|
-
Currently in beta and can be used without expectation of support.
|
3
|
-
|
4
2
|
[![Build Status](https://travis-ci.org/mschuchard/rapid-vaults.svg?branch=master)](https://travis-ci.org/mschuchard/rapid-vaults)
|
5
3
|
|
6
4
|
- [Description](#description)
|
@@ -25,15 +23,20 @@ Rapid Vaults is not similar to tools like RbNaCl or Hashicorp's Vault. RbNaCl of
|
|
25
23
|
|
26
24
|
### CLI
|
27
25
|
|
26
|
+
Note trailing information for each flag/argument for possible differences with utilizing GPG.
|
27
|
+
|
28
28
|
```
|
29
29
|
usage: rapid-vaults [options] file
|
30
|
-
|
31
|
-
-
|
32
|
-
-
|
30
|
+
--gpg Use GNUPG/GPG instead of GNUTLS/OpenSSL for encryption/decryption.
|
31
|
+
-g, --generate Generate a key and nonce for encryption and decryption (GPG: n/a).
|
32
|
+
-e, --encrypt Encrypt a file using a key and nonce and generate a tag (GPG: key only).
|
33
|
+
-d, --decrypt Decrypt a file using a key, nonce, and tag (GPG: key only).
|
33
34
|
-k, --key key Key file to be used for encryption or decryption.
|
34
|
-
-n, --nonce nonce Nonce file to be used for encryption or decryption.
|
35
|
-
-t, --tag tag Tag file to be used for decryption.
|
36
|
-
-p, --password password (optional) Password to be used for encryption or decryption.
|
35
|
+
-n, --nonce nonce Nonce file to be used for encryption or decryption (GPG: n/a).
|
36
|
+
-t, --tag tag Tag file to be used for decryption (GPG: n/a).
|
37
|
+
-p, --password password (optional) Password to be used for encryption or decryption (GPG: required).').
|
38
|
+
-f, --file-password password.txt (optional) Text file containing a password to be used for encryption or decryption (GPG: required).').
|
39
|
+
--gpgparams GPG Key params input file used during generation of keys.
|
37
40
|
```
|
38
41
|
|
39
42
|
#### Generate Key and Nonce
|
@@ -47,9 +50,38 @@ usage: rapid-vaults [options] file
|
|
47
50
|
|
48
51
|
`rapid-vaults -d -k cert.key -n nonce.txt -t tag.txt -p secret encrypted.txt`
|
49
52
|
|
53
|
+
#### Generate Key with GPG
|
54
|
+
This is the only situation where a `--gpgparams` flag and argument is required or utilized. The file provided as the argument should look like the following:
|
55
|
+
|
56
|
+
```
|
57
|
+
<GnupgKeyParms format="internal">
|
58
|
+
Key-Type: DSA
|
59
|
+
Key-Length: 1024
|
60
|
+
Subkey-Type: ELG-E
|
61
|
+
Subkey-Length: 1024
|
62
|
+
Name-Real: Joe Tester
|
63
|
+
Name-Comment: with stupid passphrase
|
64
|
+
Name-Email: joe@foo.bar
|
65
|
+
Expire-Date: 0
|
66
|
+
Passphrase: abc
|
67
|
+
</GnupgKeyParms>
|
68
|
+
```
|
69
|
+
|
70
|
+
The environment variable `GNUPGHOME` must be set in the shell prior to generating the keys (`export GNUPGHOME=`). This establishes the home directory for the keys and support files. This should normally be a `/user_home_dir/.gnupg`.
|
71
|
+
|
72
|
+
#### Encrypt File with GPG
|
73
|
+
Currently you set the path to the keys and other files via the environment variable `GNUPGHOME` prior to executing. Otherwise, the code will look in the default directory for the current user.
|
74
|
+
|
75
|
+
`rapid-vaults --gpg -e -p password unencrypted.txt`
|
76
|
+
|
77
|
+
#### Decrypt a File with GPG
|
78
|
+
Currently you set the path to the keys and other files via the environment variable `GNUPGHOME` prior to executing. Otherwise, the code will look in the default directory for the current user.
|
79
|
+
|
80
|
+
`rapid-vaults --gpg -d -p password encrypted.txt`
|
81
|
+
|
50
82
|
### API
|
51
83
|
|
52
|
-
#### Generate Key and Nonce
|
84
|
+
#### Generate SSL Key and Nonce
|
53
85
|
|
54
86
|
```ruby
|
55
87
|
require 'rapid-vaults'
|
@@ -57,6 +89,8 @@ require 'rapid-vaults'
|
|
57
89
|
options = {}
|
58
90
|
options[:action] = :generate
|
59
91
|
key, nonce = RapidVaults::API.main(options)
|
92
|
+
File.write('key.txt', key)
|
93
|
+
File.write('nonce.txt', nonce)
|
60
94
|
```
|
61
95
|
|
62
96
|
#### Encrypt with SSL
|
@@ -88,6 +122,65 @@ options[:pw] = File.read('/path/to/password.txt') # optional
|
|
88
122
|
decrypted_contents = RapidVaults::API.main(options)
|
89
123
|
```
|
90
124
|
|
125
|
+
#### Generate GPG Keys
|
126
|
+
```ruby
|
127
|
+
require 'rapid-vaults'
|
128
|
+
|
129
|
+
ENV['GNUPGHOME'] = '/home/alice/.gnupg'
|
130
|
+
|
131
|
+
options = {}
|
132
|
+
options[:action] = :generate
|
133
|
+
options[:algorithm] = :gpgme
|
134
|
+
options[:gpgparams] = gpgparams: File.read('gpgparams.txt')
|
135
|
+
RapidVaults::API.main(options)
|
136
|
+
```
|
137
|
+
|
138
|
+
The `:gpgparams` string should look like the following:
|
139
|
+
|
140
|
+
```
|
141
|
+
<GnupgKeyParms format="internal">
|
142
|
+
Key-Type: DSA
|
143
|
+
Key-Length: 1024
|
144
|
+
Subkey-Type: ELG-E
|
145
|
+
Subkey-Length: 1024
|
146
|
+
Name-Real: Joe Tester
|
147
|
+
Name-Comment: with stupid passphrase
|
148
|
+
Name-Email: joe@foo.bar
|
149
|
+
Expire-Date: 0
|
150
|
+
Passphrase: abc
|
151
|
+
</GnupgKeyParms>
|
152
|
+
```
|
153
|
+
|
154
|
+
#### Encrypt with GPG
|
155
|
+
|
156
|
+
```ruby
|
157
|
+
require 'rapid-vaults'
|
158
|
+
|
159
|
+
ENV['GNUPGHOME'] = '/home/bob/.gnupg'
|
160
|
+
|
161
|
+
options = {}
|
162
|
+
options[:action] = :encrypt
|
163
|
+
options[:algorithm] = :gpgme
|
164
|
+
options[:file] = '/path/to/data.txt'
|
165
|
+
options[:pw] = File.read('/path/to/password.txt')
|
166
|
+
encrypted_contents = RapidVaults::API.main(options)
|
167
|
+
```
|
168
|
+
|
169
|
+
#### Decrypt with GPG
|
170
|
+
|
171
|
+
```ruby
|
172
|
+
require 'rapid-vaults'
|
173
|
+
|
174
|
+
ENV['GNUPGHOME'] = '/home/chris/.gnupg'
|
175
|
+
|
176
|
+
options = {}
|
177
|
+
options[:action] = :decrypt
|
178
|
+
options[:algorithm] = :gpgme
|
179
|
+
options[:file] = '/path/to/data.txt'
|
180
|
+
options[:pw] = File.read('/path/to/password.txt')
|
181
|
+
decrypted_contents = RapidVaults::API.main(options)
|
182
|
+
```
|
183
|
+
|
91
184
|
## Contributing
|
92
185
|
Code should pass all spec tests. New features should involve new spec tests. Adherence to Rubocop and Reek is expected where not overly onerous or where the check is of dubious cost/benefit.
|
93
186
|
|
data/lib/rapid-vaults/api.rb
CHANGED
@@ -4,17 +4,15 @@ require_relative '../rapid-vaults'
|
|
4
4
|
class RapidVaults::API
|
5
5
|
# lightweight api
|
6
6
|
def self.main(settings)
|
7
|
-
# parse settings
|
8
|
-
RapidVaults.
|
9
|
-
|
10
|
-
# run RapidVaults with specified file
|
11
|
-
RapidVaults.new.main
|
7
|
+
# parse settings for api and run RapidVaults with specified settings
|
8
|
+
RapidVaults.new.main(parse(settings))
|
12
9
|
end
|
13
10
|
|
14
11
|
# parse api options
|
15
12
|
def self.parse(settings)
|
16
|
-
# establish settings for api
|
13
|
+
# establish settings for api and denote using api
|
17
14
|
settings[:ui] = :api
|
15
|
+
settings[:algorithm] = :openssl unless settings.key?(:algorithm)
|
18
16
|
settings
|
19
17
|
end
|
20
18
|
end
|
data/lib/rapid-vaults/cli.rb
CHANGED
@@ -5,13 +5,13 @@ class RapidVaults::CLI
|
|
5
5
|
# point of entry from executable
|
6
6
|
def self.main(args)
|
7
7
|
# parse args in cli and denote using cli
|
8
|
-
parse(args)
|
9
|
-
unless
|
10
|
-
args.empty? ? (raise 'rapid-vaults: no file specified; try using --help') :
|
8
|
+
settings = parse(args)
|
9
|
+
unless settings[:action] == :generate
|
10
|
+
args.empty? ? (raise 'rapid-vaults: no file specified; try using --help') : settings[:file] = args.first
|
11
11
|
end
|
12
12
|
|
13
13
|
# run RapidVaults with specified file
|
14
|
-
RapidVaults.new.main
|
14
|
+
RapidVaults.new.main(settings)
|
15
15
|
0
|
16
16
|
end
|
17
17
|
|
@@ -22,26 +22,44 @@ class RapidVaults::CLI
|
|
22
22
|
# show help message if no args specified
|
23
23
|
args = %w[-h] if args.empty?
|
24
24
|
|
25
|
+
# init settings
|
26
|
+
settings = {}
|
25
27
|
# specify cli being used
|
26
|
-
|
28
|
+
settings[:ui] = :cli
|
29
|
+
# default to openssl algorithm
|
30
|
+
settings[:algorithm] = :openssl
|
27
31
|
|
28
32
|
opt_parser = OptionParser.new do |opts|
|
29
33
|
# usage
|
30
34
|
opts.banner = 'usage: rapid-vaults [options] file'
|
31
35
|
|
36
|
+
# base options
|
37
|
+
opts.on('--version', 'Display the current version.') do
|
38
|
+
puts 'rapid-vaults 1.1.0'
|
39
|
+
exit 0
|
40
|
+
end
|
41
|
+
|
42
|
+
# use gpg instead
|
43
|
+
opts.on('--gpg', 'Use GNUPG/GPG instead of GNUTLS/OpenSSL for encryption/decryption.') { settings[:algorithm] = :gpgme }
|
44
|
+
|
32
45
|
# generate, encrypt, or decrypt
|
33
|
-
opts.on('-g', '--generate', 'Generate a key and nonce for encryption and decryption.') {
|
34
|
-
opts.on('-e', '--encrypt', 'Encrypt a file using a key and nonce and generate a tag.') {
|
35
|
-
opts.on('-d', '--decrypt', 'Decrypt a file using a key, nonce, and tag.') {
|
46
|
+
opts.on('-g', '--generate', 'Generate a key and nonce for encryption and decryption (GPG: n/a).') { settings[:action] = :generate }
|
47
|
+
opts.on('-e', '--encrypt', 'Encrypt a file using a key and nonce and generate a tag (GPG: key only).') { settings[:action] = :encrypt }
|
48
|
+
opts.on('-d', '--decrypt', 'Decrypt a file using a key, nonce, and tag (GPG: key only).') { settings[:action] = :decrypt }
|
36
49
|
|
37
50
|
# key, nonce, password, and tag
|
38
|
-
opts.on('-k', '--key key', String, 'Key file to be used for encryption or decryption.') { |arg|
|
39
|
-
opts.on('-n', '--nonce nonce', String, 'Nonce file to be used for encryption or decryption.') { |arg|
|
40
|
-
opts.on('-t', '--tag tag', String, 'Tag file to be used for decryption.') { |arg|
|
41
|
-
opts.on('-p', '--password password', String, '(optional) Password to be used for encryption or decryption.') { |arg|
|
42
|
-
opts.on('-f', '--file-password password.txt', String, '(optional) Text file containing a password to be used for encryption or decryption.') { |arg|
|
51
|
+
opts.on('-k', '--key key', String, 'Key file to be used for encryption or decryption.') { |arg| settings[:key] = arg }
|
52
|
+
opts.on('-n', '--nonce nonce', String, 'Nonce file to be used for encryption or decryption (GPG: n/a).') { |arg| settings[:nonce] = arg }
|
53
|
+
opts.on('-t', '--tag tag', String, 'Tag file to be used for decryption (GPG: n/a).') { |arg| settings[:tag] = arg }
|
54
|
+
opts.on('-p', '--password password', String, '(optional) Password to be used for encryption or decryption (GPG: required).') { |arg| settings[:pw] = arg }
|
55
|
+
opts.on('-f', '--file-password password.txt', String, '(optional) Text file containing a password to be used for encryption or decryption (GPG: required).') { |arg| settings[:pw] = File.read(arg) }
|
56
|
+
|
57
|
+
# gpg params file
|
58
|
+
opts.on('--gpgparams params.txt', String, 'GPG Key params input file used during generation of keys.') { |arg| settings[:gpgparams] = File.read(arg) }
|
43
59
|
end
|
44
60
|
|
61
|
+
# parse args and return settings
|
45
62
|
opt_parser.parse!(args)
|
63
|
+
settings
|
46
64
|
end
|
47
65
|
end
|
data/lib/rapid-vaults/decrypt.rb
CHANGED
@@ -1,9 +1,9 @@
|
|
1
|
-
require 'openssl'
|
2
|
-
|
3
1
|
# decrypts strings using supplied decryption settings
|
4
2
|
class Decrypt
|
5
|
-
# decrypts a string
|
6
|
-
def self.
|
3
|
+
# decrypts a string with openssl
|
4
|
+
def self.openssl(settings)
|
5
|
+
require 'openssl'
|
6
|
+
|
7
7
|
# check tag size
|
8
8
|
raise 'Tag is not 16 bytes.' unless settings[:tag].bytesize == 16
|
9
9
|
|
@@ -14,7 +14,7 @@ class Decrypt
|
|
14
14
|
decipher.auth_tag = settings[:tag]
|
15
15
|
decipher.auth_data = settings.key?(:pw) ? settings[:pw] : ''
|
16
16
|
|
17
|
-
# output the
|
17
|
+
# output the decryption
|
18
18
|
if settings[:ui] == :cli
|
19
19
|
# output to file
|
20
20
|
File.write('decrypted.txt', decipher.update(settings[:file]) + decipher.final)
|
@@ -24,4 +24,23 @@ class Decrypt
|
|
24
24
|
decipher.update(settings[:file]) + decipher.final
|
25
25
|
end
|
26
26
|
end
|
27
|
+
|
28
|
+
# decrypts a string with gpgme
|
29
|
+
def self.gpgme(settings)
|
30
|
+
require 'gpgme'
|
31
|
+
|
32
|
+
# setup the decryption parameters
|
33
|
+
encrypted = GPGME::Data.new(settings[:file])
|
34
|
+
crypto = GPGME::Crypto.new(armor: true, pinentry_mode: GPGME::PINENTRY_MODE_LOOPBACK)
|
35
|
+
|
36
|
+
# output the decryption
|
37
|
+
if settings[:ui] == :cli
|
38
|
+
# output to file
|
39
|
+
File.write('decrypted.txt', crypto.decrypt(encrypted, password: settings[:pw]).read)
|
40
|
+
puts 'Your decrypted.txt has been written out to the current directory.'
|
41
|
+
elsif settings[:ui] == :api
|
42
|
+
# output to string
|
43
|
+
crypto.decrypt(encrypted, password: settings[:pw]).read
|
44
|
+
end
|
45
|
+
end
|
27
46
|
end
|
data/lib/rapid-vaults/encrypt.rb
CHANGED
@@ -1,16 +1,16 @@
|
|
1
|
-
require 'openssl'
|
2
|
-
|
3
1
|
# encrypts strings using supplied encryption settings
|
4
2
|
class Encrypt
|
5
|
-
# encrypts a string
|
6
|
-
def self.
|
3
|
+
# encrypts a string with openssl
|
4
|
+
def self.openssl(settings)
|
5
|
+
require 'openssl'
|
6
|
+
|
7
7
|
# setup the encryption parameters
|
8
8
|
cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
|
9
9
|
cipher.key = settings[:key]
|
10
10
|
cipher.iv = settings[:nonce]
|
11
11
|
cipher.auth_data = settings.key?(:pw) ? settings[:pw] : ''
|
12
12
|
|
13
|
-
# output the
|
13
|
+
# output the encryption and associated tag
|
14
14
|
if settings[:ui] == :cli
|
15
15
|
# output to file
|
16
16
|
File.write('encrypted.txt', cipher.update(settings[:file]) + cipher.final)
|
@@ -21,4 +21,22 @@ class Encrypt
|
|
21
21
|
[cipher.update(settings[:file]) + cipher.final, cipher.auth_tag]
|
22
22
|
end
|
23
23
|
end
|
24
|
+
|
25
|
+
# encrypts a string with gpgme
|
26
|
+
def self.gpgme(settings)
|
27
|
+
require 'gpgme'
|
28
|
+
|
29
|
+
# setup the encryption parameters
|
30
|
+
crypto = GPGME::Crypto.new(armor: true, pinentry_mode: GPGME::PINENTRY_MODE_LOOPBACK)
|
31
|
+
|
32
|
+
# output the encryption and associated tag
|
33
|
+
if settings[:ui] == :cli
|
34
|
+
# output to file
|
35
|
+
File.write('encrypted.txt', crypto.encrypt(settings[:file], symmetric: true, password: settings[:pw]).read)
|
36
|
+
puts 'Your encrypted.txt for this encryption have been generated in your current directory.'
|
37
|
+
elsif settings[:ui] == :api
|
38
|
+
# output to string
|
39
|
+
crypto.encrypt(settings[:file], symmetric: true, password: settings[:pw]).read
|
40
|
+
end
|
41
|
+
end
|
24
42
|
end
|
@@ -1,11 +1,12 @@
|
|
1
|
-
require 'openssl'
|
2
|
-
require_relative '../rapid-vaults'
|
3
|
-
|
4
1
|
# generates files necessary for encryption and decryption
|
5
2
|
class Generate
|
6
3
|
# generates a key and nonce
|
7
|
-
def self.
|
4
|
+
def self.openssl(settings)
|
5
|
+
require 'openssl'
|
6
|
+
|
7
|
+
# setup parameters
|
8
8
|
cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
|
9
|
+
|
9
10
|
if settings[:ui] == :cli
|
10
11
|
# output to file
|
11
12
|
File.write('key.txt', cipher.random_key)
|
@@ -16,4 +17,16 @@ class Generate
|
|
16
17
|
[cipher.random_key, cipher.random_iv]
|
17
18
|
end
|
18
19
|
end
|
20
|
+
|
21
|
+
# generates a private and public key
|
22
|
+
def self.gpgme(settings)
|
23
|
+
require 'gpgme'
|
24
|
+
|
25
|
+
# ensure we have a place to store these output files
|
26
|
+
raise 'Environment variable GNUPGHOME was not set.' unless ENV['GNUPGHOME']
|
27
|
+
|
28
|
+
# create gpg keys
|
29
|
+
GPGME::Ctx.new.generate_key(settings[:gpgparams], nil, nil)
|
30
|
+
puts "Your GPG keys have been generated in #{ENV['GNUPGHOME']}." if settings[:ui] == :cli
|
31
|
+
end
|
19
32
|
end
|
data/lib/rapid-vaults.rb
CHANGED
@@ -4,48 +4,52 @@ require_relative 'rapid-vaults/generate'
|
|
4
4
|
|
5
5
|
# interfaces from cli/api, validates settings, and then distributes actions to appropriate classes
|
6
6
|
class RapidVaults
|
7
|
-
# initialize settings hash
|
8
|
-
@settings = {}
|
9
|
-
|
10
|
-
# allow cli and api read/write access to settings with self since this is singleton
|
11
|
-
class << self
|
12
|
-
attr_accessor :settings
|
13
|
-
end
|
14
|
-
|
15
7
|
# main runner for software
|
16
|
-
def main
|
17
|
-
# short circuit if we are generating
|
18
|
-
return Generate.main(self.class.settings) if self.class.settings[:action] == :generate
|
19
|
-
|
8
|
+
def main(settings)
|
20
9
|
# process settings
|
21
|
-
self.class.process
|
10
|
+
self.class.process(settings)
|
22
11
|
|
23
|
-
# execute desired action via dynamic call
|
24
|
-
# public_send("#{
|
25
|
-
case
|
26
|
-
when :
|
27
|
-
when :
|
12
|
+
# execute desired action and algorithm via dynamic call
|
13
|
+
# public_send("#{settings[:action].capitalize}.#{settings[:algorithm]}".to_sym)
|
14
|
+
case settings[:action]
|
15
|
+
when :generate then Generate.public_send(settings[:algorithm], settings)
|
16
|
+
when :encrypt then Encrypt.public_send(settings[:algorithm], settings)
|
17
|
+
when :decrypt then Decrypt.public_send(settings[:algorithm], settings)
|
28
18
|
end
|
29
19
|
end
|
30
20
|
|
31
21
|
# method for processing the settings and inputs
|
32
|
-
def self.process
|
22
|
+
def self.process(settings)
|
33
23
|
# check for problems with arguments
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
24
|
+
if settings[:algorithm] == :gpgme
|
25
|
+
case settings[:action]
|
26
|
+
when :generate
|
27
|
+
raise 'GPG params file argument required for generation.' unless settings.key?(:gpgparams)
|
28
|
+
return
|
29
|
+
when :decrypt, :encrypt
|
30
|
+
raise 'File and password arguments required for encryption or decryption.' unless settings.key?(:file) && settings.key?(:pw)
|
31
|
+
else raise 'Action must be one of generate, encrypt, or decrypt.'
|
32
|
+
end
|
39
33
|
else
|
40
|
-
|
34
|
+
case settings[:action]
|
35
|
+
when :generate then return
|
36
|
+
when :encrypt
|
37
|
+
raise 'File, key, and nonce arguments are required for encryption.' unless settings.key?(:file) && settings.key?(:key) && settings.key?(:nonce)
|
38
|
+
when :decrypt
|
39
|
+
raise 'File, key, nonce, and tag arguments are required for decryption.' unless settings.key?(:file) && settings.key?(:key) && settings.key?(:nonce) && settings.key?(:tag)
|
40
|
+
else raise 'Action must be one of generate, encrypt, or decrypt.'
|
41
|
+
end
|
41
42
|
end
|
42
43
|
|
43
44
|
# check for problems with inputs and read in files
|
44
|
-
raise 'Password must be a string.' if
|
45
|
-
File.file?(
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
File.file?(
|
45
|
+
raise 'Password must be a string.' if settings.key?(:pw) && !settings[:pw].is_a?(String)
|
46
|
+
File.file?(settings[:file]) ? settings[:file] = File.read(settings[:file]) : (raise 'Input file is not an existing file.')
|
47
|
+
# gnugp only uses password and file
|
48
|
+
return if settings[:algorithm] == :gpgme
|
49
|
+
File.file?(settings[:key]) ? settings[:key] = File.read(settings[:key]) : (raise 'Input key is not an existing file.')
|
50
|
+
File.file?(settings[:nonce]) ? settings[:nonce] = File.read(settings[:nonce]) : (raise 'Input nonce is not an existing file.')
|
51
|
+
# only decrypt needs a tag input
|
52
|
+
return unless settings[:action] == :decrypt
|
53
|
+
File.file?(settings[:tag]) ? settings[:tag] = File.read(settings[:tag]) : (raise 'Input tag is not an existing file.')
|
50
54
|
end
|
51
55
|
end
|
@@ -4,13 +4,16 @@ require_relative '../../lib/rapid-vaults/api'
|
|
4
4
|
describe RapidVaults::API do
|
5
5
|
context '.parse' do
|
6
6
|
it 'correctly parses the settings for encrypt' do
|
7
|
-
expect(RapidVaults::API.parse(action: :encrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', pw: 'secret')).to eq(ui: :api, action: :encrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', pw: 'secret')
|
7
|
+
expect(RapidVaults::API.parse(action: :encrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', pw: 'secret')).to eq(algorithm: :openssl, ui: :api, action: :encrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', pw: 'secret')
|
8
8
|
end
|
9
9
|
it 'correctly parses the settings for decrypt' do
|
10
|
-
expect(RapidVaults::API.parse(action: :decrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', pw: 'secret')).to eq(ui: :api, action: :decrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', pw: 'secret')
|
10
|
+
expect(RapidVaults::API.parse(action: :decrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', pw: 'secret')).to eq(algorithm: :openssl, ui: :api, action: :decrypt, file: 'file.txt', key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', pw: 'secret')
|
11
11
|
end
|
12
|
-
it 'correctly parses the settings for
|
13
|
-
expect(RapidVaults::API.parse(action: :generate)).to eq(ui: :api, action: :generate)
|
12
|
+
it 'correctly parses the settings for generate' do
|
13
|
+
expect(RapidVaults::API.parse(action: :generate)).to eq(algorithm: :openssl, ui: :api, action: :generate)
|
14
|
+
end
|
15
|
+
it 'correctly overrides the algorithm setting' do
|
16
|
+
expect(RapidVaults::API.parse(algorithm: :gpgme)).to eq(algorithm: :gpgme, ui: :api)
|
14
17
|
end
|
15
18
|
end
|
16
19
|
end
|
@@ -3,18 +3,20 @@ require_relative '../../lib/rapid-vaults/cli'
|
|
3
3
|
|
4
4
|
describe RapidVaults::CLI do
|
5
5
|
context '.parse' do
|
6
|
+
it 'correctly parses the arguments for gpg' do
|
7
|
+
expect(RapidVaults::CLI.parse(%w[--gpg])).to eq(algorithm: :gpgme, ui: :cli)
|
8
|
+
end
|
6
9
|
it 'correctly parses the user arguments for encrypt' do
|
7
|
-
RapidVaults::CLI.parse(%w[-e -k key.txt -n nonce.txt -p secret file.txt])
|
8
|
-
expect(RapidVaults.instance_variable_get(:@settings)).to eq(ui: :cli, action: :encrypt, key: 'key.txt', nonce: 'nonce.txt', pw: 'secret')
|
10
|
+
expect(RapidVaults::CLI.parse(%w[-e -k key.txt -n nonce.txt -p secret file.txt])).to eq(algorithm: :openssl, ui: :cli, action: :encrypt, key: 'key.txt', nonce: 'nonce.txt', pw: 'secret')
|
9
11
|
end
|
10
12
|
it 'correctly parses the arguments for decrypt' do
|
11
|
-
RapidVaults::CLI.parse(%w[-d -k key.txt -n nonce.txt -t tag.txt -p secret file.txt])
|
12
|
-
|
13
|
+
expect(RapidVaults::CLI.parse(%w[-d -k key.txt -n nonce.txt -t tag.txt -p secret file.txt])).to eq(algorithm: :openssl, ui: :cli, action: :decrypt, key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', pw: 'secret')
|
14
|
+
end
|
15
|
+
it 'correctly parses the arguments for openssl generate' do
|
16
|
+
expect(RapidVaults::CLI.parse(%w[-g])).to eq(algorithm: :openssl, ui: :cli, action: :generate)
|
13
17
|
end
|
14
|
-
it 'correctly parses the arguments for generate' do
|
15
|
-
RapidVaults.
|
16
|
-
RapidVaults::CLI.parse(%w[-g])
|
17
|
-
expect(RapidVaults.instance_variable_get(:@settings)).to eq(ui: :cli, action: :generate)
|
18
|
+
it 'correctly parses the arguments for gpg generate' do
|
19
|
+
expect(RapidVaults::CLI.parse(%W[--gpg -g --gpgparams #{fixtures_dir}/file.yaml])).to eq(algorithm: :gpgme, ui: :cli, action: :generate, gpgparams: "foo: bar\n")
|
18
20
|
end
|
19
21
|
end
|
20
22
|
end
|
@@ -3,27 +3,47 @@ require_relative '../../lib/rapid-vaults/encrypt'
|
|
3
3
|
require_relative '../../lib/rapid-vaults/decrypt'
|
4
4
|
|
5
5
|
describe Decrypt do
|
6
|
-
before(:all) do
|
7
|
-
Encrypt.main(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
|
8
|
-
end
|
9
|
-
|
10
6
|
after(:all) do
|
11
7
|
%w[tag.txt encrypted.txt decrypted.txt].each { |file| File.delete(file) }
|
12
8
|
end
|
13
9
|
|
14
|
-
context '.
|
10
|
+
context '.openssl' do
|
11
|
+
before(:all) do
|
12
|
+
Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
|
13
|
+
end
|
14
|
+
|
15
15
|
it 'outputs a decrypted file with the key, nonce, and tag from the cli' do
|
16
|
-
Decrypt.
|
16
|
+
Decrypt.openssl(ui: :cli, file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: File.read('tag.txt'))
|
17
17
|
expect(File.file?('decrypted.txt')).to be true
|
18
18
|
expect(File.read('decrypted.txt')).to eq("foo: bar\n")
|
19
19
|
end
|
20
20
|
it 'outputs decrypted content with the key, nonce, and tag from the api' do
|
21
|
-
decrypt = Decrypt.
|
21
|
+
decrypt = Decrypt.openssl(ui: :api, file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: File.read('tag.txt'))
|
22
22
|
expect(decrypt).to be_a(String)
|
23
23
|
expect(decrypt).to eq("foo: bar\n")
|
24
24
|
end
|
25
25
|
it 'raises an error for an invalid tag size' do
|
26
|
-
expect { Decrypt.
|
26
|
+
expect { Decrypt.openssl(file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: "�a����e�O_H|�\n") }.to raise_error('Tag is not 16 bytes.')
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
# travis ci cannot support non-interactive gpg encryption
|
31
|
+
unless File.directory?('/home/travis')
|
32
|
+
context '.gpgme' do
|
33
|
+
before(:all) do
|
34
|
+
Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'outputs a decrypted file with the key from the cli' do
|
38
|
+
Decrypt.gpgme(ui: :cli, file: File.read('encrypted.txt'), key: '', pw: 'foo')
|
39
|
+
expect(File.file?('decrypted.txt')).to be true
|
40
|
+
expect(File.read('decrypted.txt')).to eq("foo: bar\n")
|
41
|
+
end
|
42
|
+
it 'outputs decrypted content with the key from the api' do
|
43
|
+
decrypt = Decrypt.gpgme(ui: :api, file: File.read('encrypted.txt'), key: '', pw: 'foo')
|
44
|
+
expect(decrypt).to be_a(String)
|
45
|
+
expect(decrypt).to eq("foo: bar\n")
|
46
|
+
end
|
27
47
|
end
|
28
48
|
end
|
29
49
|
end
|
@@ -6,23 +6,37 @@ describe Encrypt do
|
|
6
6
|
%w[tag.txt encrypted.txt].each { |file| File.delete(file) }
|
7
7
|
end
|
8
8
|
|
9
|
-
context '.
|
9
|
+
context '.openssl' do
|
10
10
|
it 'outputs an encrypted file with the key and nonce from the cli' do
|
11
|
-
Encrypt.
|
11
|
+
Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
|
12
12
|
expect(File.file?('tag.txt')).to be true
|
13
13
|
expect(File.file?('encrypted.txt')).to be true
|
14
14
|
end
|
15
15
|
it 'outputs an encrypted file with the key, nonce, and password from the cli' do
|
16
|
-
Encrypt.
|
16
|
+
Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', pw: 'password')
|
17
17
|
expect(File.file?('tag.txt')).to be true
|
18
18
|
expect(File.file?('encrypted.txt')).to be true
|
19
19
|
end
|
20
20
|
it 'outputs an array of encrypted content and tag with the key and nonce from the api' do
|
21
|
-
encrypt = Encrypt.
|
21
|
+
encrypt = Encrypt.openssl(ui: :api, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
|
22
22
|
expect(encrypt).to be_a(Array)
|
23
23
|
expect(encrypt[0]).to be_a(String)
|
24
24
|
expect(encrypt[1]).to be_a(String)
|
25
25
|
expect(encrypt.length).to eq(2)
|
26
26
|
end
|
27
27
|
end
|
28
|
+
|
29
|
+
# travis ci cannot support non-interactive gpg encryption
|
30
|
+
unless File.directory?('/home/travis')
|
31
|
+
context '.gpgme' do
|
32
|
+
it 'outputs an encrypted file with the key from the cli' do
|
33
|
+
Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')
|
34
|
+
expect(File.file?('encrypted.txt')).to be true
|
35
|
+
end
|
36
|
+
it 'outputs a string of encrypted content with the key from the api' do
|
37
|
+
encrypt = Encrypt.gpgme(ui: :api, file: "foo: bar\n", key: '', pw: 'foo')
|
38
|
+
expect(encrypt).to be_a(String)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
28
42
|
end
|
@@ -1,25 +1,50 @@
|
|
1
1
|
require_relative '../spec_helper'
|
2
2
|
require_relative '../../lib/rapid-vaults/generate'
|
3
3
|
|
4
|
-
describe
|
5
|
-
|
6
|
-
|
7
|
-
|
4
|
+
describe Generate do
|
5
|
+
context '.openssl' do
|
6
|
+
after(:all) do
|
7
|
+
%w[key.txt nonce.txt].each { |file| File.delete(file) }
|
8
|
+
end
|
8
9
|
|
9
|
-
context '.generate' do
|
10
10
|
it 'generates the key and nonce files from the cli' do
|
11
|
-
Generate.
|
11
|
+
Generate.openssl(ui: :cli)
|
12
12
|
expect(File.file?('key.txt')).to be true
|
13
13
|
expect(File.file?('nonce.txt')).to be true
|
14
14
|
expect(File.read('key.txt')).to be_a(String)
|
15
15
|
expect(File.read('nonce.txt')).to be_a(String)
|
16
16
|
end
|
17
17
|
it 'outputs an array with the key and nonce from the api' do
|
18
|
-
generate = Generate.
|
18
|
+
generate = Generate.openssl(ui: :api)
|
19
19
|
expect(generate).to be_a(Array)
|
20
20
|
expect(generate[0]).to be_a(String)
|
21
21
|
expect(generate[1]).to be_a(String)
|
22
22
|
expect(generate.length).to eq(2)
|
23
23
|
end
|
24
24
|
end
|
25
|
+
|
26
|
+
context '.gpgme' do
|
27
|
+
it 'raises an error for a missing GNUPGHOME variable' do
|
28
|
+
expect { Generate.gpgme(gpgparams: File.read("#{fixtures_dir}/gpgparams.txt")) }.to raise_error('Environment variable GNUPGHOME was not set.')
|
29
|
+
end
|
30
|
+
# travis ci cannot support non-interactive gpg
|
31
|
+
unless File.directory?('/home/travis')
|
32
|
+
it 'generates the key files' do
|
33
|
+
require 'fileutils'
|
34
|
+
|
35
|
+
ENV['GNUPGHOME'] = fixtures_dir
|
36
|
+
|
37
|
+
Generate.gpgme(gpgparams: File.read("#{fixtures_dir}/gpgparams.txt"))
|
38
|
+
%w[trustdb.gpg pubring.kbx pubring.kbx~].each do |file|
|
39
|
+
expect(File.file?("#{fixtures_dir}/#{file}")).to be true
|
40
|
+
File.delete("#{fixtures_dir}/#{file}")
|
41
|
+
end
|
42
|
+
%w[openpgp-revocs.d private-keys-v1.d].each do |dir|
|
43
|
+
expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true
|
44
|
+
FileUtils.rm_r("#{fixtures_dir}/#{dir}")
|
45
|
+
end
|
46
|
+
%w[S.gpg-agent random_seed].each { |file| File.delete("#{fixtures_dir}/#{file}") if File.exist?(file) }
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
25
50
|
end
|
data/spec/rapid-vaults_spec.rb
CHANGED
@@ -2,31 +2,34 @@ require_relative 'spec_helper'
|
|
2
2
|
require_relative '../lib/rapid-vaults'
|
3
3
|
|
4
4
|
describe RapidVaults do
|
5
|
-
# let(:rapidvaults) { RapidVaults.new('fixtures/foo.yml', 'fixtures/key.txt', 'fixtures/nonce.txt', 'fixtures/tag.txt') }
|
6
|
-
|
7
5
|
context '.process' do
|
8
|
-
it 'raises an error for a non-string password' do
|
9
|
-
RapidVaults.
|
10
|
-
|
6
|
+
it 'raises an error for a non-string password with openssl' do
|
7
|
+
expect { RapidVaults.process(algorithm: :openssl, action: :encrypt, file: 'a', key: 'b', nonce: 'c', pw: 1) }.to raise_error('Password must be a string.')
|
8
|
+
end
|
9
|
+
it 'raises an error for a missing argument to encrypt with openssl' do
|
10
|
+
expect { RapidVaults.process(algorithm: :openssl, action: :encrypt, file: 'a', key: 'b') }.to raise_error('File, key, and nonce arguments are required for encryption.')
|
11
|
+
end
|
12
|
+
it 'raises an error for a missing argument to decrypt with openssl' do
|
13
|
+
expect { RapidVaults.process(algorithm: :openssl, action: :decrypt, file: 'a', key: 'b', nonce: 'c') }.to raise_error('File, key, nonce, and tag arguments are required for decryption.')
|
14
|
+
end
|
15
|
+
it 'raises an error for a missing argument to decrypt with gpgme' do
|
16
|
+
expect { RapidVaults.process(algorithm: :gpgme, action: :decrypt, file: 'a') }.to raise_error('File and password arguments required for encryption or decryption.')
|
11
17
|
end
|
12
|
-
it 'raises an error for a missing
|
13
|
-
RapidVaults.
|
14
|
-
expect { RapidVaults.process }.to raise_error('File, key, and nonce arguments are required for encryption.')
|
18
|
+
it 'raises an error for a missing action with openssl' do
|
19
|
+
expect { RapidVaults.process(algorithm: :openssl, file: 'a', key: 'b', nonce: 'c', tag: 'd') }.to raise_error('Action must be one of generate, encrypt, or decrypt.')
|
15
20
|
end
|
16
|
-
it 'raises an error for a missing
|
17
|
-
RapidVaults.
|
18
|
-
expect { RapidVaults.process }.to raise_error('File, key, nonce, and tag arguments are required for decryption.')
|
21
|
+
it 'raises an error for a missing action with gpgme' do
|
22
|
+
expect { RapidVaults.process(algorithm: :gpgme, file: 'a', key: 'b') }.to raise_error('Action must be one of generate, encrypt, or decrypt.')
|
19
23
|
end
|
20
|
-
it 'raises an error for a missing
|
21
|
-
RapidVaults.
|
22
|
-
expect { RapidVaults.process }.to raise_error('Action must be one of generate, encrypt, or decrypt.')
|
24
|
+
it 'raises an error for a missing argument to generate with gpgme' do
|
25
|
+
expect { RapidVaults.process(algorithm: :gpgme, action: :generate) }.to raise_error('GPG params file argument required for generation.')
|
23
26
|
end
|
24
27
|
it 'raises an error for a nonexistent input file' do
|
25
|
-
RapidVaults.
|
26
|
-
expect { RapidVaults.process }.to raise_error('Input file is not an existing file.')
|
28
|
+
expect { RapidVaults.process(algorithm: :openssl, action: :encrypt, file: 'a', key: 'b', nonce: 'c', tag: 'd') }.to raise_error('Input file is not an existing file.')
|
27
29
|
end
|
28
30
|
it 'reads in all input files correctly for decryption' do
|
29
|
-
|
31
|
+
dummy = fixtures_dir + 'file.yaml'
|
32
|
+
expect { RapidVaults.process(algorithm: :openssl, action: :encrypt, file: dummy, key: dummy, nonce: dummy, pw: 'password') }.not_to raise_exception
|
30
33
|
end
|
31
34
|
end
|
32
35
|
end
|
data/spec/system/system_spec.rb
CHANGED
@@ -4,7 +4,13 @@ require_relative '../../lib/rapid-vaults/api'
|
|
4
4
|
|
5
5
|
describe RapidVaults do
|
6
6
|
after(:all) do
|
7
|
+
require 'fileutils'
|
8
|
+
|
7
9
|
%w[key.txt nonce.txt tag.txt encrypted.txt decrypted.txt].each { |file| File.delete(file) }
|
10
|
+
unless File.directory?('/home/travis')
|
11
|
+
%w[S.gpg-agent random_seed pubring.kbx trustdb.gpg pubring.kbx~].each { |file| File.delete(file) }
|
12
|
+
%w[openpgp-revocs.d private-keys-v1.d].each { |dir| FileUtils.rm_r(dir) }
|
13
|
+
end
|
8
14
|
end
|
9
15
|
|
10
16
|
context 'executed as a system from the CLI with settings and a file to be processed' do
|
@@ -40,15 +46,68 @@ describe RapidVaults do
|
|
40
46
|
expect(File.file?('nonce.txt')).to be true
|
41
47
|
|
42
48
|
# generate encrypted file
|
43
|
-
encrypt, tag = RapidVaults::API.main(action: :encrypt, file: 'file.yaml', key: 'key.txt', nonce: 'nonce.txt',
|
49
|
+
encrypt, tag = RapidVaults::API.main(action: :encrypt, file: 'file.yaml', key: 'key.txt', nonce: 'nonce.txt', pw: 'foo')
|
44
50
|
expect(encrypt).to be_a(String)
|
45
51
|
expect(tag).to be_a(String)
|
46
52
|
|
47
53
|
# generate decrypted file
|
48
54
|
File.write('encrypted.txt', encrypt)
|
49
55
|
File.write('tag.txt', tag)
|
50
|
-
decrypt = RapidVaults::API.main(action: :decrypt, file: 'encrypted.txt', key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt',
|
56
|
+
decrypt = RapidVaults::API.main(action: :decrypt, file: 'encrypted.txt', key: 'key.txt', nonce: 'nonce.txt', tag: 'tag.txt', pw: 'foo')
|
57
|
+
expect(decrypt).to be_a(String)
|
51
58
|
expect(decrypt).to eq("foo: bar\n")
|
52
59
|
end
|
53
60
|
end
|
61
|
+
|
62
|
+
# travis ci cannot support non-interactive gpg encryption
|
63
|
+
unless File.directory?('/home/travis')
|
64
|
+
context 'executed wtih gpg as a system from the CLI with settings and a file to be processed' do
|
65
|
+
it 'encrypts a file and then decrypts a file in order' do
|
66
|
+
ENV['GNUPGHOME'] = fixtures_dir
|
67
|
+
|
68
|
+
# generate and utilize files inside suitable directory
|
69
|
+
Dir.chdir(fixtures_dir)
|
70
|
+
|
71
|
+
puts fixtures_dir
|
72
|
+
|
73
|
+
# generate keys
|
74
|
+
RapidVaults::CLI.main(%w[-g --gpg --gpgparams gpgparams.txt])
|
75
|
+
%w[trustdb.gpg pubring.kbx pubring.kbx~].each { |file| expect(File.file?("#{fixtures_dir}/#{file}")).to be true }
|
76
|
+
%w[openpgp-revocs.d private-keys-v1.d].each { |dir| expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true }
|
77
|
+
|
78
|
+
# generate encrypted file
|
79
|
+
RapidVaults::CLI.main(%w[--gpg -e -p foo file.yaml])
|
80
|
+
expect(File.file?('encrypted.txt')).to be true
|
81
|
+
|
82
|
+
# generate decrypted file
|
83
|
+
RapidVaults::CLI.main(%w[--gpg -d -p foo encrypted.txt])
|
84
|
+
expect(File.file?('decrypted.txt')).to be true
|
85
|
+
expect(File.read('decrypted.txt')).to eq("foo: bar\n")
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
context 'executed with gpg as a system from the API with settings and a file to be processed' do
|
90
|
+
it 'encrypts a file and then decrypts a file in order' do
|
91
|
+
ENV['GNUPGHOME'] = fixtures_dir
|
92
|
+
|
93
|
+
# generate and utilize files inside suitable directory
|
94
|
+
Dir.chdir(fixtures_dir)
|
95
|
+
|
96
|
+
# generate keys
|
97
|
+
RapidVaults::API.main(action: :generate, algorithm: :gpgme, gpgparams: File.read('gpgparams.txt'), ui: :cli)
|
98
|
+
%w[trustdb.gpg pubring.kbx pubring.kbx~].each { |file| expect(File.file?("#{fixtures_dir}/#{file}")).to be true }
|
99
|
+
%w[openpgp-revocs.d private-keys-v1.d].each { |dir| expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true }
|
100
|
+
|
101
|
+
# generate encrypted file
|
102
|
+
encrypt = RapidVaults::API.main(algorithm: :gpgme, action: :encrypt, file: 'file.yaml', pw: 'password')
|
103
|
+
expect(encrypt).to be_a(String)
|
104
|
+
|
105
|
+
# generate decrypted file
|
106
|
+
File.write('encrypted.txt', encrypt)
|
107
|
+
decrypt = RapidVaults::API.main(algorithm: :gpgme, action: :decrypt, file: 'encrypted.txt', pw: 'password')
|
108
|
+
expect(decrypt).to be_a(String)
|
109
|
+
expect(decrypt).to eq("foo: bar\n")
|
110
|
+
end
|
111
|
+
end
|
112
|
+
end
|
54
113
|
end
|
metadata
CHANGED
@@ -1,15 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rapid-vaults
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Matt Schuchard
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-05-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: gpgme
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 2.0.0
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 2.0.0
|
13
27
|
- !ruby/object:Gem::Dependency
|
14
28
|
name: rake
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -64,14 +78,14 @@ dependencies:
|
|
64
78
|
requirements:
|
65
79
|
- - "~>"
|
66
80
|
- !ruby/object:Gem::Version
|
67
|
-
version: '0'
|
81
|
+
version: '0.51'
|
68
82
|
type: :development
|
69
83
|
prerelease: false
|
70
84
|
version_requirements: !ruby/object:Gem::Requirement
|
71
85
|
requirements:
|
72
86
|
- - "~>"
|
73
87
|
- !ruby/object:Gem::Version
|
74
|
-
version: '0'
|
88
|
+
version: '0.51'
|
75
89
|
description: Ad-hoc encrypt and decrypt data behind multiple layers of protection
|
76
90
|
via OpenSSL or GPG.
|
77
91
|
email:
|
@@ -89,6 +103,7 @@ files:
|
|
89
103
|
- lib/rapid-vaults/encrypt.rb
|
90
104
|
- lib/rapid-vaults/generate.rb
|
91
105
|
- spec/fixtures/file.yaml
|
106
|
+
- spec/fixtures/gpgparams.txt
|
92
107
|
- spec/rapid-vaults/api_spec.rb
|
93
108
|
- spec/rapid-vaults/cli_spec.rb
|
94
109
|
- spec/rapid-vaults/decrypt_spec.rb
|
@@ -123,6 +138,7 @@ specification_version: 4
|
|
123
138
|
summary: Ad-hoc encrypt and decrypt data.
|
124
139
|
test_files:
|
125
140
|
- spec/fixtures/file.yaml
|
141
|
+
- spec/fixtures/gpgparams.txt
|
126
142
|
- spec/rapid-vaults/api_spec.rb
|
127
143
|
- spec/rapid-vaults/cli_spec.rb
|
128
144
|
- spec/rapid-vaults/decrypt_spec.rb
|