rapid-vaults 1.1.2 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 928d90da27078d0b09c9a933e3054d8a3b26183dc5f0dc88e70fe84d2726c6cb
-  data.tar.gz: 1a4c48a2dbcba14708170f0209105a5523d6fd1286e7ee6ef5d6509c728fe96a
+  metadata.gz: eab7b432d2da9ded261c422b220051585469fdd3c93dad84b2e4b9c8b272f20a
+  data.tar.gz: ce1aa65551bea26216d87c1137cb076b75b501bac785380ae78dd3161b5b0d7a
 SHA512:
-  metadata.gz: 248e094660ee327365c43feebd24361ef99038b83b8b52ad8efde76fa1f6727b2f275c1ca0e5a5caae39cefa5fc4423c1aeee6616e4798e3fb461e9507af3047
-  data.tar.gz: 4b56a0496557448fb94d6e4c4ba5277448972a0c1518bac0a0c21e2cdfb5f6aecbefb9e9dc4289b3575c20c63874cb3dc227e300a643e406eab71e0563cc7130
+  metadata.gz: 59f7a29f22852e58074bd85823028b178f23117c7adb3ce491a18271263f4cf92cc8e201e8bd31949a3d0b106879802755d4bd393909a57b21f295b6123585b6
+  data.tar.gz: 6048157efbe27b351b50b102fc2dcc19604de178d6282b45098beb3d51669ff4b833ae06051a727c5768a7b933b04c3cb6850bb9644e5d6b236df95117a081ad

data/README.md

@@ -1,13 +1,15 @@
 # Rapid Vaults
 [![Build Status](https://travis-ci.org/mschuchard/rapid-vaults.svg?branch=master)](https://travis-ci.org/mschuchard/rapid-vaults)
+[![CircleCI](https://circleci.com/gh/mschuchard/rapid-vaults.svg?style=svg)](https://circleci.com/gh/mschuchard/rapid-vaults)
 
 - [Description](#description)
 - [Usage](#usage)
   - [CLI](#cli)
   - [API](#api)
+  - [gRPC](#grpc)
+  - [Docker](#docker)
   - [Ansible](#ansible)
   - [Puppet](#puppet)
-  - [Hiera](#hiera)
   - [Chef](#chef)
 - [Contributing](#contributing)
 
@@ -21,7 +23,7 @@ Ansible-Vault is very similar to Rapid Vaults. Both are streamlined and easy to
 
 ### Non-Comparative Software
 
-Rapid Vaults is not similar to tools like RbNaCl or Hashicorp's Vault. RbNaCl offers advanced encryption techniques by providing bindings to libsodium. Rapid Vaults relies upon AES-256-GCM (OpenSSL) or GPG's algorithms (RSA, SHA-512, etc.). Hashicorp's Vault is Enterprise level software with many powerful features and conveniences. Rapid Vaults is a lightweight and narrowly focused tool.
+Rapid Vaults is not similar to tools like RbNaCl or Hashicorp's Vault. RbNaCl offers advanced encryption techniques by providing bindings to libsodium. Rapid Vaults relies upon AES-256-GCM (OpenSSL) or GPG's algorithms (RSA, SHA-512, etc.). Hashicorp's Vault is Enterprise level software with many powerful features and conveniences. Rapid Vaults is a lightweight and narrowly focused tool. However, Rapid Vaults can be considered algorithmically very similar to Vault's Transit secret engine.
 
 ## Usage
 
@@ -50,11 +52,11 @@ usage: rapid-vaults [options] file
 
 #### Encrypt File with SSL
 
-`rapid-vaults -e -k cert.key -n nonce.txt -p secret -o /output/dir unencrypted.txt`
+`rapid-vaults -e -k key.txt -n nonce.txt -p secret -o /output/dir unencrypted.txt`
 
 #### Decrypt a File with SSL
 
-`rapid-vaults -d -k cert.key -n nonce.txt -t tag.txt -p secret -o /output/dir encrypted.txt`
+`rapid-vaults -d -k key.txt -n nonce.txt -t tag.txt -p secret -o /output/dir encrypted.txt`
 
 #### Generate Keys with GPG
 This is the only situation where a `--gpgparams` flag and argument is required or utilized. The file provided as the argument should look like the following:
@@ -112,7 +114,7 @@ require 'rapid-vaults'
 options = {}
 options[:action] = :encrypt
 options[:file] = '/path/to/data.txt'
-options[:key] = '/path/to/cert.key'
+options[:key] = '/path/to/key.txt'
 options[:nonce] = '/path/to/nonce.txt'
 options[:pw] = File.read('/path/to/password.txt') # optional
 encrypted_contents, tag = RapidVaults::API.main(options)
@@ -126,7 +128,7 @@ require 'rapid-vaults'
 options = {}
 options[:action] = :decrypt
 options[:file] = '/path/to/encrypted_data.txt'
-options[:key] = '/path/to/cert.key'
+options[:key] = '/path/to/key.txt'
 options[:nonce] = '/path/to/nonce.txt'
 options[:tag] = '/path/to/tag.txt'
 options[:pw] = File.read('/path/to/password.txt') # optional
@@ -192,6 +194,14 @@ options[:pw] = File.read('/path/to/password.txt')
 decrypted_contents = RapidVaults::API.main(options)
 ```
 
+### Docker
+
+A supported [Docker image](https://hub.docker.com/r/matthewschuchard/rapid-vaults) of Rapid-Vaults is now available from the public Docker Hub registry. Please consult the repository documentation for further usage information.
+
+### gRPC
+
+forthcoming
+
 ### Ansible
 
 forthcoming

data/lib/rapid-vaults/api.rb

@@ -1,17 +1,16 @@
-require_relative '../rapid-vaults'
+require_relative '../rapid_vaults'
 
 # provides an application programming interface to interact with rapid vaults
 class RapidVaults::API
   # lightweight api
   def self.main(settings)
-    # parse settings for api and run RapidVaults with specified settings
+    # parse pass-by-value settings for api and run RapidVaults with specified settings
     RapidVaults.new.main(parse(settings))
   end
 
-  # parse api options
+  # parse api options; this is mostly here for unit testing
   def self.parse(settings)
     # establish settings for api and denote using api
-    settings[:ui] = :api
-    settings
+    settings.merge({ ui: :api })
   end
 end

data/lib/rapid-vaults/bindings/puppet_gpg_decrypt.rb

@@ -1,5 +1,5 @@
 # mymodule/lib/puppet/functions/gpg_decrypt.rb
-Puppet::Functions.create_function(:'gpg_decrypt') do
+Puppet::Functions.create_function(:gpg_decrypt) do
   # Decrypts a file with GnuPG.
   # @param [String] file The file to decrypt.
   # @param [String] gpghome The path to the GnuPG home directory containing the credentials.

data/lib/rapid-vaults/bindings/puppet_gpg_encrypt.rb

@@ -1,5 +1,5 @@
 # mymodule/lib/puppet/functions/gpg_encrypt.rb
-Puppet::Functions.create_function(:'gpg_encrypt') do
+Puppet::Functions.create_function(:gpg_encrypt) do
   # Encrypts a file with GnuPG.
   # @param [String] file The file to encrypt.
   # @param [String] gpghome The path to the GnuPG home directory containing the credentials.

data/lib/rapid-vaults/bindings/puppet_ssl_decrypt.rb

@@ -1,5 +1,5 @@
 # mymodule/lib/puppet/functions/ssl_decrypt.rb
-Puppet::Functions.create_function(:'ssl_decrypt') do
+Puppet::Functions.create_function(:ssl_decrypt) do
   # Decrypts a file with OpenSSL.
   # @param [String] file The file to decrypt.
   # @param [String] key The key file to use for decryption.
@@ -25,10 +25,11 @@ Puppet::Functions.create_function(:'ssl_decrypt') do
       raise 'Rapid Vaults is required to be installed on the puppet master to use this custom function!'
     end
 
-    if password_file.nil?
-      RapidVaults::API.main(action: :decrypt, file: file, key: key, nonce: nonce, tag: tag)
-    else
-      RapidVaults::API.main(action: :encrypt, file: file, key: key, nonce: nonce, tag: tag, pw: File.read(password_file))
-    end
+    # initialize settings
+    settings = { action: :decrypt, file: file, key: key, nonce: nonce, tag: tag }
+    # update settings with password if input
+    settings[pw: File.read(password_file)] unless password_file.nil?
+
+    RapidVaults::API.main(settings)
   end
 end

data/lib/rapid-vaults/bindings/puppet_ssl_encrypt.rb

@@ -1,5 +1,5 @@
 # mymodule/lib/puppet/functions/ssl_encrypt.rb
-Puppet::Functions.create_function(:'ssl_encrypt') do
+Puppet::Functions.create_function(:ssl_encrypt) do
   # Encrypts a file with OpenSSL.
   # @param [String] file The file to encrypt.
   # @param [String] key The key file to use for encryption.
@@ -23,12 +23,14 @@ Puppet::Functions.create_function(:'ssl_encrypt') do
       raise 'Rapid Vaults is required to be installed on the puppet master to use this custom function!'
     end
 
-    hash = {}
-    if password_file.nil?
-      hash[:encrypted_contents], hash[:tag] = RapidVaults::API.main(action: :encrypt, file: file, key: key, nonce: nonce)
-    else
-      hash[:encrypted_contents], hash[:tag] = RapidVaults::API.main(action: :encrypt, file: file, key: key, nonce: nonce, pw: File.read(password_file))
-    end
-    hash
+    # initialize settings and return
+    settings = { action: :encrypt, file: file, key: key, nonce: nonce }
+    return_hash = {}
+    # update settings with password if input
+    settings[pw: File.read(password_file)] unless password_file.nil?
+
+    return_hash[:encrypted_contents], return_hash[:tag] = RapidVaults::API.main(settings)
+
+    return_hash
   end
 end

data/lib/rapid-vaults/cli.rb

@@ -1,4 +1,4 @@
-require_relative '../rapid-vaults'
+require_relative '../rapid_vaults'
 
 # provides a command line interface to interact with rapid vaults
 class RapidVaults::CLI
@@ -22,10 +22,8 @@ class RapidVaults::CLI
     # show help message if no args specified
     args = %w[-h] if args.empty?
 
-    # init settings
-    settings = {}
-    # specify cli being used
-    settings[:ui] = :cli
+    # init settings with cli setting
+    settings = { ui: :cli }
 
     opt_parser = OptionParser.new do |opts|
       # usage
@@ -33,7 +31,7 @@ class RapidVaults::CLI
 
       # base options
       opts.on('--version', 'Display the current version.') do
-        puts 'rapid-vaults 1.1.2'
+        puts 'rapid-vaults 1.2.0'
         exit 0
       end
 

data/lib/rapid-vaults/decrypt.rb

@@ -4,7 +4,10 @@ class Decrypt
   def self.openssl(settings)
     require 'openssl'
 
-    # check tag size
+    # validate key, nonce, encrypted, and tag
+    raise 'The key is not a valid 32 byte key.' unless settings[:key].bytesize == 32
+    raise 'The nonce is not a valid 12 byte nonce.' unless settings[:nonce].bytesize == 12
+    raise 'The encrypted data is not a valid multiple of 9 bytes.' unless (settings[:file].bytesize % 9).zero?
     raise 'Tag is not 16 bytes.' unless settings[:tag].bytesize == 16
 
     # setup the decryption parameters
@@ -15,11 +18,12 @@ class Decrypt
     decipher.auth_data = settings.key?(:pw) ? settings[:pw] : ''
 
     # output the decryption
-    if settings[:ui] == :cli
+    case settings[:ui]
+    when :cli
       # output to file
       File.write("#{settings[:outdir]}decrypted.txt", decipher.update(settings[:file]) + decipher.final)
       puts "Your decrypted.txt has been written out to #{settings[:outdir]}."
-    elsif settings[:ui] == :api
+    when :api
       # output to string
       decipher.update(settings[:file]) + decipher.final
     end
@@ -37,11 +41,12 @@ class Decrypt
     crypto = GPGME::Crypto.new(armor: true, pinentry_mode: GPGME::PINENTRY_MODE_LOOPBACK)
 
     # output the decryption
-    if settings[:ui] == :cli
+    case settings[:ui]
+    when :cli
       # output to file
       File.write("#{settings[:outdir]}decrypted.txt", crypto.decrypt(encrypted, password: settings[:pw]).read)
       puts "Your decrypted.txt has been written out to #{settings[:outdir]}."
-    elsif settings[:ui] == :api
+    when :api
       # output to string
       crypto.decrypt(encrypted, password: settings[:pw]).read
     end

data/lib/rapid-vaults/encrypt.rb

@@ -4,6 +4,10 @@ class Encrypt
   def self.openssl(settings)
     require 'openssl'
 
+    # validate key and nonce
+    raise 'The key is not a valid 32 byte key.' unless settings[:key].bytesize == 32
+    raise 'The nonce is not a valid 12 byte nonce.' unless settings[:nonce].bytesize == 12
+
     # setup the encryption parameters
     cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
     cipher.key = settings[:key]
@@ -11,13 +15,14 @@ class Encrypt
     cipher.auth_data = settings.key?(:pw) ? settings[:pw] : ''
 
     # output the encryption and associated tag
-    if settings[:ui] == :cli
+    case settings[:ui]
+    when :cli
       # output to file
       File.write("#{settings[:outdir]}encrypted.txt", cipher.update(settings[:file]) + cipher.final)
       File.write("#{settings[:outdir]}tag.txt", cipher.auth_tag)
       puts "Your encrypted.txt and associated tag.txt for this encryption have been generated in #{settings[:outdir]}."
-    elsif settings[:ui] == :api
-      # output to array
+    when :api
+      # return as array
       [cipher.update(settings[:file]) + cipher.final, cipher.auth_tag]
     end
   end
@@ -33,12 +38,13 @@ class Encrypt
     crypto = GPGME::Crypto.new(armor: true, pinentry_mode: GPGME::PINENTRY_MODE_LOOPBACK)
 
     # output the encryption and associated tag
-    if settings[:ui] == :cli
+    case settings[:ui]
+    when :cli
       # output to file
       File.write("#{settings[:outdir]}encrypted.txt", crypto.encrypt(settings[:file], symmetric: true, password: settings[:pw]).read)
-      puts "Your encrypted.txt for this encryption have been generated in #{settings[:outdir]}."
-    elsif settings[:ui] == :api
-      # output to string
+      puts "Your encrypted.txt for this encryption has been generated in #{settings[:outdir]}."
+    when :api
+      # return as string
       crypto.encrypt(settings[:file], symmetric: true, password: settings[:pw]).read
     end
   end

data/lib/rapid-vaults/generate.rb

@@ -7,13 +7,14 @@ class Generate
     # setup parameters
     cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
 
-    if settings[:ui] == :cli
+    case settings[:ui]
+    when :cli
       # output to file
       File.write("#{settings[:outdir]}key.txt", cipher.random_key)
       File.write("#{settings[:outdir]}nonce.txt", cipher.random_iv)
       puts "Your key.txt and nonce.txt have been generated in #{settings[:outdir]}."
-    elsif settings[:ui] == :api
-      # output to string
+    when :api
+      # return as array
       [cipher.random_key, cipher.random_iv]
     end
   end

data/lib/rapid-vaults/grpc.rb

@@ -0,0 +1,77 @@
+require_relative '../rapid_vaults'
+require_relative 'bindings/rapid_vaults_services_pb'
+
+# provides a grpc server
+class RapidVaults::GRPC < Rapidvaults::RapidVaults::Service
+  # start the server
+  def server(addr = '0.0.0.0:8080')
+    server = GRPC::RpcServer.new
+    server.add_http2_port(addr, :this_port_is_insecure)
+    server.handle(RapidVaults.new)
+    server.run_till_terminated
+  end
+
+  # grpc api for generate openssl
+  def ssl_generate(geninputs, _call)
+    settings = geninputs.to_hash
+    settings_process(settings)
+    Generate.openssl(settings)
+  end
+
+  # grpc api for generate gpg
+  def gpg_generate(geninputs, _call)
+    settings = geninputs.to_hash
+    settings_process(settings)
+    Generate.gpgme(settings)
+  end
+
+  # grpc api for encrypt ssl
+  def ssl_encrypt(unencrypted, _call)
+    settings = {}
+    settings[:file] = unencrypted.text
+    settings[:key] = unencrypted.key
+    settings[:nonce] = unencrypted.nonce
+    settings[:pw] = unencrypted.password
+    settings_process(settings)
+    Encrypt.openssl(settings)
+  end
+
+  # grpc api for encrypt gpg
+  def gpg_encrypt(unencrypted, _call)
+    settings = {}
+    settings[:file] = unencrypted.text
+    settings[:pw] = unencrypted.password
+    settings_process(settings)
+    Encrypt.gpgme(settings)
+  end
+
+  # grpc api for ssl decrypt
+  def ssl_decrypt(undecrypted, _call)
+    settings = {}
+    settings[:file] = undecrypted.text
+    settings[:key] = undecrypted.key
+    settings[:nonce] = undecrypted.nonce
+    settings[:tag] = undecrypted.tag
+    settings[:pw] = undecrypted.password
+    settings_process(settings)
+    Decrypt.openssl(settings)
+  end
+
+  # grpc api for gpg decrypt
+  def gpg_decrypt(undecrypted, _call)
+    settings = {}
+    settings[:file] = undecrypted.text
+    settings[:pw] = undecrypted.password
+    settings_process(settings)
+    Decrypt.gpgme(settings)
+  end
+
+  private
+
+  # helper method
+  def settings_process(settings)
+    settings[:ui] = :api
+    RapidVaults.process(settings)
+    settings
+  end
+end

data/lib/{rapid-vaults.rb → rapid_vaults.rb}

@@ -7,7 +7,7 @@ require_relative 'rapid-vaults/binding'
 class RapidVaults
   # main runner for software
   def main(settings)
-    # process settings
+    # process settings via pass-by-reference
     self.class.process(settings)
 
     # execute desired action and algorithm via dynamic call
@@ -50,7 +50,7 @@ class RapidVaults
     end
 
     # lambda for input processing
-    process_input = ->(input) { File.file?(settings[input]) ? settings[input] = File.read(settings[input]) : (raise "Input #{input} is not an existing file.") }
+    process_input = ->(input) { File.readable?(settings[input]) ? settings[input] = File.read(settings[input]) : (raise "Input file '#{settings[input]}' for argument '#{input}' is not an existing readable file.") }
 
     # check inputs and read in files
     raise 'Password must be a string.' if settings.key?(:pw) && !settings[:pw].is_a?(String)
@@ -66,14 +66,12 @@ class RapidVaults
     case settings[:action]
     when :generate
       raise 'GPG params file argument required for generation.' unless settings.key?(:gpgparams)
-      return
     when :decrypt, :encrypt
+      # check inputs and read in files
       raise 'File and password arguments required for encryption or decryption.' unless settings.key?(:file) && settings.key?(:pw)
+      raise 'Password must be a string.' unless settings[:pw].is_a?(String)
+      settings[:file] = File.readable?(settings[:file]) ? File.read(settings[:file]) : (raise "Input file '#{settings[:file]}' for argument 'file' is not an existing readable file.")
     else raise 'Action must be one of generate, encrypt, or decrypt.'
     end
-
-    # check inputs and read in files
-    raise 'Password must be a string.' unless settings[:pw].is_a?(String)
-    File.file?(settings[:file]) ? settings[:file] = File.read(settings[:file]) : (raise 'Input file is not an existing file.')
   end
 end

data/spec/rapid-vaults/decrypt_spec.rb

@@ -4,8 +4,14 @@ require_relative '../../lib/rapid-vaults/decrypt'
 
 describe Decrypt do
   context '.openssl' do
+    require 'openssl'
+    require 'securerandom'
+    cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
+    key = cipher.random_key
+    nonce = cipher.random_iv
+
     before(:all) do
-      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
+      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: key, nonce: nonce)
     end
 
     after(:all) do
@@ -13,22 +19,31 @@ describe Decrypt do
     end
 
     it 'outputs a decrypted file with the key, nonce, and tag from the cli' do
-      Decrypt.openssl(ui: :cli, file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: File.read('tag.txt'))
+      Decrypt.openssl(ui: :cli, file: File.read('encrypted.txt'), key: key, nonce: nonce, tag: File.read('tag.txt'))
       expect(File.file?('decrypted.txt')).to be true
       expect(File.read('decrypted.txt')).to eq("foo: bar\n")
     end
     it 'outputs decrypted content with the key, nonce, and tag from the api' do
-      decrypt = Decrypt.openssl(ui: :api, file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: File.read('tag.txt'))
+      decrypt = Decrypt.openssl(ui: :api, file: File.read('encrypted.txt'), key: key, nonce: nonce, tag: File.read('tag.txt'))
       expect(decrypt).to be_a(String)
       expect(decrypt).to eq("foo: bar\n")
     end
     it 'raises an error for an invalid tag size' do
-      expect { Decrypt.openssl(file: File.read('encrypted.txt'), key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', tag: "�a����e�O_H|�\n") }.to raise_error('Tag is not 16 bytes.')
+      expect { Decrypt.openssl(file: File.read('encrypted.txt'), key: key, nonce: nonce, tag: SecureRandom.random_bytes(24).strip) }.to raise_error('Tag is not 16 bytes.')
+    end
+    it 'raises an error for an invalid key size' do
+      expect { Decrypt.openssl(key: SecureRandom.random_bytes(64).strip) }.to raise_error('The key is not a valid 32 byte key.')
+    end
+    it 'raises an error for an invalid nonce size' do
+      expect { Decrypt.openssl(key: key, nonce: SecureRandom.random_bytes(24).strip) }.to raise_error('The nonce is not a valid 12 byte nonce.')
+    end
+    it 'raises an error for corrupted encrypted file content' do
+      expect { Decrypt.openssl(file: SecureRandom.random_bytes(16).strip, key: key, nonce: nonce) }.to raise_error('The encrypted data is not a valid multiple of 9 bytes.')
     end
   end
 
   # travis ci cannot support non-interactive gpg encryption
-  unless File.directory?('/home/travis')
+  unless ENV['TRAVIS'] == 'true'
     context '.gpgme' do
       before(:all) do
         Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')

data/spec/rapid-vaults/encrypt_spec.rb

@@ -3,31 +3,43 @@ require_relative '../../lib/rapid-vaults/encrypt'
 
 describe Encrypt do
   context '.openssl' do
+    require 'openssl'
+    require 'securerandom'
+    cipher = OpenSSL::Cipher.new('aes-256-gcm').encrypt
+    key = cipher.random_key
+    nonce = cipher.random_iv
+
     after(:all) do
       %w[tag.txt encrypted.txt].each { |file| File.delete(file) }
     end
 
     it 'outputs an encrypted file with the key and nonce from the cli' do
-      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
+      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: key, nonce: nonce)
       expect(File.file?('tag.txt')).to be true
       expect(File.file?('encrypted.txt')).to be true
     end
     it 'outputs an encrypted file with the key, nonce, and password from the cli' do
-      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M', pw: 'password')
+      Encrypt.openssl(ui: :cli, file: "foo: bar\n", key: key, nonce: nonce, pw: 'password')
       expect(File.file?('tag.txt')).to be true
       expect(File.file?('encrypted.txt')).to be true
     end
     it 'outputs an array of encrypted content and tag with the key and nonce from the api' do
-      encrypt = Encrypt.openssl(ui: :api, file: "foo: bar\n", key: '���b+����R�v�Í%("����=8o/���', nonce: 'Ëá!í^Uë^EÜ<83>oã^M')
+      encrypt = Encrypt.openssl(ui: :api, file: "foo: bar\n", key: key, nonce: nonce)
       expect(encrypt).to be_a(Array)
       expect(encrypt[0]).to be_a(String)
       expect(encrypt[1]).to be_a(String)
       expect(encrypt.length).to eq(2)
     end
+    it 'raises an error for an invalid key size' do
+      expect { Encrypt.openssl(key: SecureRandom.random_bytes(64).strip) }.to raise_error('The key is not a valid 32 byte key.')
+    end
+    it 'raises an error for an invalid nonce size' do
+      expect { Encrypt.openssl(key: key, nonce: SecureRandom.random_bytes(24).strip) }.to raise_error('The nonce is not a valid 12 byte nonce.')
+    end
   end
 
   # travis ci cannot support non-interactive gpg encryption
-  unless File.directory?('/home/travis')
+  unless ENV['TRAVIS'] == 'true'
     context '.gpgme' do
       it 'outputs an encrypted file with the key from the cli' do
         Encrypt.gpgme(ui: :cli, file: "foo: bar\n", key: '', pw: 'foo')

data/spec/rapid-vaults/generate_spec.rb

@@ -28,7 +28,7 @@ describe Generate do
       expect { Generate.gpgme(gpgparams: File.read("#{fixtures_dir}/gpgparams.txt")) }.to raise_error('Environment variable "GNUPGHOME" was not set.')
     end
     # travis ci cannot support non-interactive gpg
-    unless File.directory?('/home/travis')
+    unless ENV['TRAVIS'] == 'true'
       it 'generates the key files' do
         require 'fileutils'
 

data/spec/rapid-vaults/grpc_spec.rb

@@ -0,0 +1,42 @@
+require_relative '../../lib/rapid-vaults/grpc'
+
+# TODO: use RapidVaults::GRPC.server instead?
+stub = Rapidvaults::RapidVaults::Stub.new('localhost:0.0.0.0:8080', :this_channel_is_insecure)
+
+# need to create class with encode member method to pass in as dummy
+# ssl generate
+# outputs = stub.ssl_generate('string')
+=begin
+puts outputs.key
+puts outputs.nonce
+
+# gpg generate
+stub.gpg_generate
+
+# ssl encrypt
+# TODO: unencrypted should be an object
+unencrypted.text = ''
+unencrypted.key = ''
+unencrypted.nonce = ''
+outputs = stub.ssl_encrypt(unencrypted)
+puts outputs.text
+puts outputs.tag
+
+# gpg encrypt
+unencrypted.text = ''
+unencrypted.password = ''
+puts stub.gpg_encrypt(unencrypted).text
+
+# ssl decrypt
+# TODO: undecrypted should be an object
+undecrypted.text = ''
+undecrypted.key = ''
+undecrypted.nonce = ''
+undecrypted.tag = ''
+puts stub.ssl_decrypt(undecrypted).text
+
+# gpg decrypt
+undecrypted.text = ''
+undecrypted.password = ''
+puts stub.gpg_decrypt(undecrypted).text
+=end

data/spec/{rapid-vaults_spec.rb → rapid_vaults_spec.rb}

@@ -1,11 +1,17 @@
 require_relative 'spec_helper'
-require_relative '../lib/rapid-vaults'
+require_relative '../lib/rapid_vaults'
 
 describe RapidVaults do
   context '.process' do
     it 'raises an error for a non-string password with openssl' do
       expect { RapidVaults.process(action: :encrypt, file: 'a', key: 'b', nonce: 'c', pw: 1) }.to raise_error('Password must be a string.')
     end
+    it 'raises an error for a non-string password with gpgme' do
+      expect { RapidVaults.process(action: :encrypt, file: 'a', key: 'b', nonce: 'c', pw: 1) }.to raise_error('Password must be a string.')
+    end
+    it 'raises an error for a missing argument to generate with gpgme' do
+      expect { RapidVaults.process(algorithm: :gpgme, action: :generate) }.to raise_error('GPG params file argument required for generation.')
+    end
     it 'raises an error for a missing argument to encrypt with openssl' do
       expect { RapidVaults.process(action: :encrypt, file: 'a', key: 'b') }.to raise_error('File, key, and nonce arguments are required for encryption.')
     end
@@ -21,18 +27,18 @@ describe RapidVaults do
     it 'raises an error for a missing action with gpgme' do
       expect { RapidVaults.process(algorithm: :gpgme, file: 'a', key: 'b') }.to raise_error('Action must be one of generate, encrypt, or decrypt.')
     end
-    it 'raises an error for a missing argument to generate with gpgme' do
-      expect { RapidVaults.process(algorithm: :gpgme, action: :generate) }.to raise_error('GPG params file argument required for generation.')
+    it 'raises an error for a nonexistent input file with openssl' do
+      expect { RapidVaults.process(action: :encrypt, file: 'a', key: 'b', nonce: 'c', tag: 'd') }.to raise_error('Input file \'a\' for argument \'file\' is not an existing readable file.')
     end
-    it 'raises an error for a nonexistent input file' do
-      expect { RapidVaults.process(action: :encrypt, file: 'a', key: 'b', nonce: 'c', tag: 'd') }.to raise_error('Input file is not an existing file.')
+    it 'raises an error for a nonexistent input file with gpgme' do
+      expect { RapidVaults.process(algorithm: :gpgme, action: :encrypt, file: 'a', pw: 'password') }.to raise_error('Input file \'a\' for argument \'file\' is not an existing readable file.')
     end
     it 'reads in all input files correctly for openssl encryption' do
-      dummy = fixtures_dir + 'file.yaml'
+      dummy = "#{fixtures_dir}file.yaml"
       expect { RapidVaults.process(action: :encrypt, file: dummy, key: dummy, nonce: dummy, pw: 'password') }.not_to raise_exception
     end
     it 'reads in all input files correctly for gpgme decryption' do
-      dummy = fixtures_dir + 'file.yaml'
+      dummy = "#{fixtures_dir}file.yaml"
       expect { RapidVaults.process(algorithm: :gpgme, action: :decrypt, file: dummy, pw: 'password') }.not_to raise_exception
     end
   end

data/spec/spec_helper.rb

@@ -4,7 +4,7 @@ require 'rspec'
 module Variables
   extend RSpec::SharedContext
 
-  let(:fixtures_dir) { File.dirname(__FILE__) + '/fixtures/' }
+  let(:fixtures_dir) { "#{File.dirname(__FILE__)}/fixtures/" }
 end
 
 RSpec.configure do |config|

data/spec/system/system_spec.rb

@@ -7,13 +7,13 @@ describe RapidVaults do
     require 'fileutils'
 
     %w[key.txt nonce.txt tag.txt encrypted.txt decrypted.txt chef.rb puppet_gpg_decrypt.rb puppet_gpg_encrypt.rb puppet_ssl_decrypt.rb puppet_ssl_encrypt.rb].each { |file| File.delete(file) }
-    unless File.directory?('/home/travis')
-      %w[random_seed pubring.kbx trustdb.gpg pubring.kbx~ S.gpg-agent].each { |file| File.delete(file) }
+    unless ENV['TRAVIS'] == 'true' || ENV['CIRCLECI'] == 'true' || ENV['GITHUB_ACTIONS'] == 'true'
+      %w[random_seed pubring.kbx trustdb.gpg pubring.kbx~].each { |file| File.delete(file) }
       %w[openpgp-revocs.d private-keys-v1.d].each { |dir| FileUtils.rm_r(dir) }
     end
   end
 
-  context 'executed as a system from the CLI with settings and a file to be processed' do
+  context 'executed with openssl algorithm as a system from the CLI with settings and a file to be processed' do
     it 'generates key and nonce, encrypts a file, and then decrypts a file in order' do
       # generate and utilize files inside suitable directory
       Dir.chdir(fixtures_dir)
@@ -35,7 +35,7 @@ describe RapidVaults do
     end
   end
 
-  context 'executed as a system from the API with settings and a file to be processed' do
+  context 'executed with openssl algorithm as a system from the API with settings and a file to be processed' do
     it 'generates key and nonce, encrypts a file, and then decrypts a file in order' do
       # generate and utilize files inside suitable directory
       Dir.chdir(fixtures_dir)
@@ -59,9 +59,9 @@ describe RapidVaults do
     end
   end
 
-  # travis ci cannot support non-interactive gpg encryption
-  unless File.directory?('/home/travis')
-    context 'executed wtih gpg as a system from the CLI with settings and a file to be processed' do
+  # all three ci cannot support end-to-end gpg generate/encrypt/decrypt
+  unless ENV['TRAVIS'] == 'true' || ENV['CIRCLECI'] == 'true' || ENV['GITHUB_ACTIONS'] == 'true'
+    context 'executed wtih gpg algorithm as a system from the CLI with settings and a file to be processed' do
       it 'encrypts a file and then decrypts a file in order' do
         ENV['GNUPGHOME'] = fixtures_dir
 
@@ -86,7 +86,7 @@ describe RapidVaults do
       end
     end
 
-    context 'executed with gpg as a system from the API with settings and a file to be processed' do
+    context 'executed with gpg algorithm as a system from the API with settings and a file to be processed' do
       it 'encrypts a file and then decrypts a file in order' do
         ENV['GNUPGHOME'] = fixtures_dir
 
@@ -94,7 +94,7 @@ describe RapidVaults do
         Dir.chdir(fixtures_dir)
 
         # generate keys
-        RapidVaults::API.main(action: :generate, algorithm: :gpgme, gpgparams: File.read('gpgparams.txt'), ui: :cli)
+        RapidVaults::API.main(action: :generate, algorithm: :gpgme, gpgparams: File.read('gpgparams.txt'))
         %w[trustdb.gpg pubring.kbx pubring.kbx~].each { |file| expect(File.file?("#{fixtures_dir}/#{file}")).to be true }
         %w[openpgp-revocs.d private-keys-v1.d].each { |dir| expect(File.directory?("#{fixtures_dir}/#{dir}")).to be true }
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rapid-vaults
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.2.0
 platform: ruby
 authors:
 - Matt Schuchard
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-11-15 00:00:00.000000000 Z
+date: 2022-08-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gpgme
@@ -25,45 +25,61 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: grpc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '9'
-    - - "<"
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '13'
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: grpc-tools
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '9'
-    - - "<"
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '13'
+        version: '12.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
 - !ruby/object:Gem::Dependency
   name: reek
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '6.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -80,21 +96,41 @@ dependencies:
         version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.58'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.58'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.51'
+        version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.51'
+        version: '1.0'
 description: Ad-hoc encrypt and decrypt data behind multiple layers of protection
   via OpenSSL or GPG.
-email: 
+email:
 executables:
 - rapid-vaults
 extensions: []
@@ -102,7 +138,6 @@ extra_rdoc_files: []
 files:
 - README.md
 - bin/rapid-vaults
-- lib/rapid-vaults.rb
 - lib/rapid-vaults/api.rb
 - lib/rapid-vaults/binding.rb
 - lib/rapid-vaults/bindings/chef.rb
@@ -114,6 +149,8 @@ files:
 - lib/rapid-vaults/decrypt.rb
 - lib/rapid-vaults/encrypt.rb
 - lib/rapid-vaults/generate.rb
+- lib/rapid-vaults/grpc.rb
+- lib/rapid_vaults.rb
 - spec/fixtures/file.yaml
 - spec/fixtures/gpgparams.txt
 - spec/rapid-vaults/api_spec.rb
@@ -122,14 +159,15 @@ files:
 - spec/rapid-vaults/decrypt_spec.rb
 - spec/rapid-vaults/encrypt_spec.rb
 - spec/rapid-vaults/generate_spec.rb
-- spec/rapid-vaults_spec.rb
+- spec/rapid-vaults/grpc_spec.rb
+- spec/rapid_vaults_spec.rb
 - spec/spec_helper.rb
 - spec/system/system_spec.rb
 homepage: https://www.github.com/mschuchard/rapid-vaults
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -137,16 +175,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.1.0
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.3.5
+signing_key:
 specification_version: 4
 summary: Ad-hoc encrypt and decrypt data.
 test_files:
@@ -158,6 +195,7 @@ test_files:
 - spec/rapid-vaults/decrypt_spec.rb
 - spec/rapid-vaults/encrypt_spec.rb
 - spec/rapid-vaults/generate_spec.rb
-- spec/rapid-vaults_spec.rb
+- spec/rapid-vaults/grpc_spec.rb
+- spec/rapid_vaults_spec.rb
 - spec/spec_helper.rb
 - spec/system/system_spec.rb