ruby-pgp 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b432669b4f5ee44e8a38a98529188ac56c1805976c0165ffa3db9a2842eea353
+  data.tar.gz: d50a88d4fcb014eadc8c81e8cf05e98b3263224fd553d83bd0ff59e4aaacf4eb
+SHA512:
+  metadata.gz: 4c390a4d5fafe6dc931ef6386e3ff80d6ada3ba0ba5ec8aeab0399e293af6759d524e9959c7d2f7e7d9d79a70ba92e81b3a055785eca6add14dd59e9660fe387
+  data.tar.gz: 5804d452f534a60d66fa5d2fb9a1f89276798cde88799dd586ef2ad0b647118429e72b534c2680e96819a07b98416c3b52115e5bbc67ffd8291777e73bf1a2f7

data/.gitignore

@@ -0,0 +1,20 @@
+*.gem
+*.rbc
+.idea
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+# ignore some crap the tests generate
+some filename.txt

data/.rbenv-version

@@ -0,0 +1 @@
+ruby-2.6.5

data/.rspec

@@ -0,0 +1 @@
+--color --format documentation

data/.ruby-version

@@ -0,0 +1 @@
+ruby-2.6.5

data/.travis.yml

@@ -0,0 +1,14 @@
+language: minimal
+
+services:
+  - docker
+
+before_install:
+- docker pull camilin87/ruby-centos:6
+- docker pull camilin87/ruby-centos:7
+- docker pull camilin87/ruby-ubuntu:18.04
+
+script:
+- docker run --rm -it -v $PWD:/home/ -w /home/ camilin87/ruby-centos:6 /bin/bash /home/run_tests.sh
+- docker run --rm -it -v $PWD:/home/ -w /home/ camilin87/ruby-centos:7 /bin/bash /home/run_tests.sh
+- docker run --rm -it -v $PWD:/home/ -w /home/ camilin87/ruby-ubuntu:18.04 /bin/bash /home/run_tests.sh

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in ruby-pgp.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Scott Gonyea
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,82 @@
+# PGP [![Build Status](https://travis-ci.org/cshtdd/ruby-pgp.svg?branch=mri)](https://travis-ci.org/cshtdd/ruby-pgp)  
+
+This a [GnuPG](https://gnupg.org/) wrapper built with Ruby.  
+The gem api is modeled after [jruby-pgp](https://github.com/sgonyea/jruby-pgp) for compatibility reasons with a legacy application.  
+This gem is validated with multiple versions of gpg and multiple operating systems.  
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'ruby-pgp'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install ruby-pgp
+
+## Feature Support:
+
+The feature set is very bare, and restricted to the following operations:
+
+- Encrypt a file to a known list of Public Key(s).
+
+- Decrypt a file using a given set of Private Key(s).
+
+- Public and Private keys may be read in from disk or from memory.
+
+- Verify the signature of a file that you are decrypting. (thanks, @superchris)
+
+- Use password-protected Private Keys. (thanks, @superchris)
+
+- Sign a file from the file system. (thanks, @superchris)
+
+Currently, you **cannot** do the following (These are TODO items):
+
+- Verify any signatures of public / private keys.
+
+- Create new Private Keys / generate public keys from a given Private Key.
+
+- Sign a file that you are encrypting.
+
+- Obtain the name of the file that was encrypted. (Should be an easy feature to add.)
+
+- Obtain the "modificationTime" (timestamp) of the encrypted data / file.
+
+- Verify a public key based on information from a key server.
+
+## Notes
+
+This gem currently features everything I need and nothing I don't. Pull requests are very much welcome;
+feature requests will be considered.  
+
+## Usage
+
+For usage examples, see the below test files:
+
+    Encryption: spec/lib/pgp/encryptor_spec.rb
+    Decryption: spec/lib/pgp/decryptor_spec.rb
+
+## Contributors
+
+@superchris
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+## Testing:
+
+Just run:
+
+    $ rspec
+
+The [.travis.yml](.travis.yml) file describes our testing strategy for multiple OS.  
+We run the test suite against multiple OS versions with Ruby installed.   

data/Rakefile

@@ -0,0 +1,12 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new
+
+RSpec::Core::RakeTask.new(:rcov) do |task|
+  task.rcov = true
+end
+
+task :default => :spec
+
+task :build => :spec

data/bin/jrpgp

@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+
+if $LOAD_PATH.grep('ruby-pgp').none?
+  lib_dir = File.expand_path('../../lib', __FILE__)
+  $LOAD_PATH.unshift lib_dir
+end
+
+require 'pgp/cli/runner'
+require 'pathname'
+require 'optparse'
+
+PGP::CLI::Runner.go!(ARGV)

data/bin/rpgp

@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+
+if $LOAD_PATH.grep('ruby-pgp').none?
+  lib_dir = File.expand_path('../../lib', __FILE__)
+  $LOAD_PATH.unshift lib_dir
+end
+
+require 'pgp/cli/runner'
+require 'pathname'
+require 'optparse'
+
+PGP::CLI::Runner.go!(ARGV)

data/lib/pgp/cli/runner.rb

@@ -0,0 +1,78 @@
+require 'pgp/cli'
+
+module PGP
+  # Currently, this is pretty quick-and-dirty. I should expand options into accessor methods, I know.
+  class CLI
+    module Runner
+
+      def self.go!(args)
+        cli = parse_args!(args)
+        cli.run!
+      end
+
+      def self.parse_args!(args)
+        cli = PGP::CLI.new
+
+        cli.opt_parser = OptionParser.new do |opts|
+          opts.banner = "Usage: jrpgp [options] file [file2] [file3] [...]"
+
+          opts.on("-e", "--encrypt", "Perform Encryption") do
+            cli[:action] = :encrypt
+          end
+
+          opts.on("-d", "--decrypt", "Perform Decryption") do
+            cli[:action] = :decrypt
+          end
+
+          opts.on("-p", "--pub-key [file]", String, "The file containing Public Key(s) to encrypt to") do |fi|
+            PGP::CLI.ensure_file_exists!(fi)
+            cli[:public_keys] << fi
+          end
+
+          opts.on("-P", "--priv-key [file]", String, "The file containing Private Key(s) to use for decryption / signing") do |fi|
+            PGP::CLI.ensure_file_exists!(fi)
+            cli[:private_keys] << fi
+          end
+
+          opts.on("-i", "--in [file]", String, "The file to encrypt/decrypt") do |fi|
+            PGP::CLI.ensure_file_exists!(fi)
+            cli[:input_files] << fi
+          end
+
+          opts.on("-o", "--out [file]", String, "The file to output") do |fi|
+            cli[:output_files] << fi
+          end
+
+          opts.on("-O", "--out-dir [dir]", String, "The directory where output files should be written") do |dir|
+            PGP::CLI.ensure_dir_exists!(dir)
+            cli[:outdir] = Pathname(dir).expand_path
+          end
+
+          opts.separator ""
+
+          opts.on_tail("-h", "--help", "Show this message") do
+            puts opts
+            exit
+          end
+
+          # Another typical switch to print the version.
+          opts.on_tail("--version", "Show version") do
+            puts PGP::VERSION.join('.')
+            exit
+          end
+        end
+
+        cli.opt_parser.parse!(args)
+
+        args.each do |file|
+          PGP::CLI.ensure_file_exists!(file)
+          cli[:input_files] << file
+        end
+
+        cli
+      end
+
+    end
+  end
+end
+

data/lib/pgp/cli.rb

@@ -0,0 +1,160 @@
+require 'pgp'
+
+module PGP
+  # Currently, this is pretty quick-and-dirty. I should expand options into accessor methods, I know.
+  class CLI
+    autoload :Runner, 'pgp/cli/runner'
+
+    attr_accessor :options, :opt_parser
+
+    Encrypted_Extension_Regexp = /\.(pgp|gpg|asc)$/i
+
+    def self.ensure_file_exists!(file)
+      raise "The file #{file.inspect} does not appear to exist!" unless File.exist?(file)
+    end
+
+    def self.ensure_dir_exists!(dir)
+      raise "The directory #{dir.inspect} does not appear to exist!" unless File.directory?(dir)
+    end
+
+    def initialize
+      self.options = {
+        :public_keys  => [],
+        :private_keys => [],
+        :input_files  => [],
+        :output_files => [],
+        :outdir       => Pathname(Dir.pwd),
+        :same_dir     => false,
+        :action       => nil,
+        :signature    => false, # We do not currently support signing or verifying signatures
+      }
+    end
+
+    def [](arg)
+      options[arg]
+    end
+
+    def []=(arg, val)
+      options[arg] = val
+    end
+
+    def validate_options!
+      raise "Input file(s) must be specified!" if input_files.none?
+
+      case action
+      when :encrypt then validate_encrypt_options!
+      when :decrypt then validate_decrypt_options!
+      else
+        raise "Valid actions are encrypt or decrypt. Action specified: #{options[:action]}"
+      end
+
+    rescue RuntimeError => e
+      $stderr.puts opt_parser
+      raise e
+    end
+
+    def run!
+      validate_options!
+
+      case options[:action]
+      when :encrypt then encrypt!
+      when :decrypt then decrypt!
+      end
+    end
+
+    def encrypt!
+      cryptor = Encryptor.new
+
+      public_keys.each {|pub| cryptor.add_keys_from_file(pub) }
+
+      input_files.each_with_index do |infile, idx|
+        outfile = output_files[idx]
+        output  = cryptor.encrypt_file(infile)
+
+        File.open(outfile, "w") do |fi|
+          fi.write output
+        end
+      end
+    end
+
+    def decrypt!
+      cryptor = Decryptor.new
+
+      private_keys.each {|priv| cryptor.add_keys_from_file(priv) }
+
+      input_files.each_with_index do |infile, idx|
+        outfile = output_files[idx]
+        output  = cryptor.decrypt_file(infile)
+
+        File.open(outfile, "w") do |fi|
+          fi.write output
+        end
+      end
+    end
+
+    def action
+      options[:action] ||= begin
+        if input_files.grep(Encrypted_Extension_Regexp).any?
+          :decrypt
+        else
+          :encrypt
+        end
+      end
+    end
+
+    def public_keys
+      options[:public_keys]
+    end
+
+    def private_keys
+      options[:private_keys]
+    end
+
+    def input_files
+      options[:input_files]
+    end
+
+    def output_files
+      options[:output_files]
+    end
+
+    def outdir
+      options[:outdir]
+    end
+
+    def same_dir?
+      options[:same_dir]
+    end
+
+    protected
+    def set_outfile_dir(file)
+      return file if same_dir?
+      outdir + File.basename(file)
+    end
+
+    def validate_encrypt_options!
+      raise "Public Keys are required for encryption"     if options[:public_keys].none?
+      raise "Private Keys are required for signing files" if options[:signature] and options[:private_keys].none?
+
+      options[:input_files].each_with_index do |infile, idx|
+        next if options[:output_files][idx]
+        options[:output_files][idx] = set_outfile_dir("#{infile}.gpg")
+      end
+    end
+
+    def validate_decrypt_options!
+      raise "Private Keys are required for decryption"          if options[:private_keys].none?
+      raise "Public Keys are required for verifying signatures" if options[:signature] and options[:public_keys].none?
+
+      options[:input_files].each_with_index do |infile, idx|
+        next if options[:output_files][idx]
+
+        outfile = infile.gsub(Encrypted_Extension_Regexp, '')
+        outfile = "#{infile} - decrypted" if outfile == infile
+
+        options[:output_files][idx] = set_outfile_dir(outfile)
+      end
+    end
+
+  end
+end

data/lib/pgp/decryptor.rb

@@ -0,0 +1,16 @@
+module PGP
+  class Decryptor
+    include PGP::KeysImporter
+
+    attr_accessor :passphrase
+
+    def decrypt(encrypted_data)
+      result = GPG::Engine.new.decrypt(encrypted_data, self.passphrase)
+      result[1]
+    end
+
+    def decrypt_file(file_path)
+      decrypt File.read(file_path)
+    end
+  end
+end

data/lib/pgp/encryptor.rb

@@ -0,0 +1,33 @@
+module PGP
+  class Encryptor
+    attr_accessor :recipients
+
+    def initialize(key_string=nil)
+      self.recipients = []
+      add_keys(key_string) if key_string
+    end
+
+    def add_keys(key_string)
+      self.recipients += GPG::Engine.new.import_key(key_string)
+    end
+
+    def add_keys_from_file(filename)
+      add_keys(File.read(filename))
+    end
+
+    def encrypt(cleartext, filename=nil, mtime=nil)
+      result = GPG::Engine.new.encrypt(cleartext, recipients)
+
+      unless filename.nil?
+        File.write(filename, result[1])
+      end
+
+      result[1]
+    end
+
+    def encrypt_file(file_path)
+      encrypt(File.read(file_path))
+    end
+
+  end
+end

data/lib/pgp/gpg/engine.rb

@@ -0,0 +1,141 @@
+require 'tempfile'
+require 'tmpdir'
+
+module GPG
+  class Engine
+    include PGP::LogCapable
+
+    attr_accessor :runner
+
+    def initialize(runner = nil)
+      self.runner = runner || GPG::Runner.new
+    end
+
+    def import_key(key_contents)
+      log("Import Key")
+      validate_gpg_version
+      Tempfile.open do |f|
+        f.write(key_contents)
+        f.rewind
+
+        runner.import_key_from_file(f.path)
+      end
+    end
+
+    def verify_signature(signature_data)
+      log("Verify Signature")
+
+      validate_gpg_version
+
+      data = ''
+      result = false
+
+      GPG::TempPathHelper.create do |path1|
+        GPG::TempPathHelper.create do |path2|
+          File.write(path1, signature_data)
+          result = runner.verify_signature_file(path1, path2)
+
+          data = File.read(path2) if result
+        end
+      end
+
+      [result, data]
+    end
+
+    def decrypt(encrypted_data, passphrase=nil)
+      log("Decrypt")
+
+      validate_gpg_version
+
+      data = ''
+      result = false
+
+      GPG::TempPathHelper.create do |path1|
+        GPG::TempPathHelper.create do |path2|
+          File.write(path1, encrypted_data)
+          result = runner.decrypt_file(path1, path2, passphrase)
+
+          data = File.read(path2) if result
+        end
+      end
+
+      [result, data]
+    end
+
+    def encrypt(plaintext_data, recipients)
+      log("Encrypt")
+
+      raise 'Recipients cannot be empty' if recipients.empty?
+
+      validate_gpg_version
+
+      data = ''
+      result = false
+
+      GPG::TempPathHelper.create do |path1|
+        GPG::TempPathHelper.create do |path2|
+          File.write(path1, plaintext_data)
+          result = runner.encrypt_file(path1, path2, recipients)
+
+          data = File.read(path2) if result
+        end
+      end
+
+      [result, data]
+    end
+
+    def sign(plaintext_data, passphrase=nil)
+      log("Sign")
+
+      validate_gpg_version
+
+      data = ''
+      result = false
+
+      GPG::TempPathHelper.create do |path1|
+        GPG::TempPathHelper.create do |path2|
+          File.write(path1, plaintext_data)
+          result = runner.sign_file(path1, path2, passphrase)
+
+          data = File.read(path2) if result
+        end
+      end
+
+      [result, data]
+    end
+
+    def delete_all_keys
+      delete_all_private_keys
+      delete_all_public_keys
+    end
+
+    def delete_all_private_keys
+      log('Delete all private keys')
+      validate_gpg_version
+      runner.read_private_key_fingerprints.each do |k|
+        runner.delete_private_key k
+      end
+    end
+
+    def delete_all_public_keys
+      log('Delete all public keys')
+      validate_gpg_version
+      runner.read_public_key_fingerprints.each do |k|
+        runner.delete_public_key k
+      end
+    end
+
+    def read_recipients
+      validate_gpg_version
+      public_recipients = runner.read_public_key_recipients
+      private_recipients = runner.read_private_key_recipients
+      (public_recipients + private_recipients).uniq
+    end
+
+    protected
+
+    def validate_gpg_version
+      raise 'GPG Version is incorrect' unless runner.version_default.start_with?('2.')
+    end
+  end
+end