safedb 0.01.0003 → 0.02.0001

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2a5b5879d5892ffaec119567912fbb9415c00b6696f251509822fed70905695f
4
- data.tar.gz: eebaae89c1cba2b0c46e9ebecf2f8ed880b397d6167b766b58abe0a92be7e570
3
+ metadata.gz: 249ae50778019c51f108a0eedda627efe260e772f0c3df3ef13150467f6ab543
4
+ data.tar.gz: 62de4f70b68c6d6427853953b3eee251fe4851c4c78b4f97b6e1f3914ff0b2bc
5
5
  SHA512:
6
- metadata.gz: 499040f9560c074a611d3ce783925d3283ca8a69a3a2e775e6101278a7f5ab714e8ccc8acc60fedc5d3743c54aa9a24079e9e9e5b88636a7e9bc40575891fecb
7
- data.tar.gz: 1050a6d27d1847ce0147ca3a9192b9b3888735002ff1a8710ffc7d81aea0d66d839b25d82d6b9b36071806cde7a548263f24cae8e86a79733e6a1f089ea3f408
6
+ metadata.gz: ebbec720f16984d66a3a54d1f93a25f40840d1642b2eb104ca949c55ef9c3ea9c81a0cc6c4f0e0b5570d91d3c3bee83f3c131045c1f0893c34eccb1c1dcb2dca
7
+ data.tar.gz: 43e402a02672edc3b33c9935af9eeff2631ca1abc6cc619a2bd679b01c6884b69a6124a601214802d0bf786e291344fb9a7449dc5f310f96e15421a51c7e6c40
data/README.md CHANGED
@@ -100,12 +100,13 @@ safe is **simple**, intuitive and highly secure. <b><em>It never accesses the cl
100
100
  safe | Install and Configure
101
101
  -----------
102
102
 
103
- ## install safe
103
+ ## install safe on ubuntu 18.04
104
104
 
105
- $ gem install safedb
106
- $ export SAFE_TTY_TOKEN=`safe token` # setup a shell session variable
107
- $ safe init joe@abc /home/joe/credentials # initialize a secrets domain
108
- $ safe login joe@abc # login to the new domain
105
+ $ sudo apt-get install ruby-full # for OpenSSL we need full ruby
106
+ $ sudo gem install safedb # install the safe ruby gem
107
+ $ export SAFE_TTY_TOKEN=`safe token` # setup a shell session variable
108
+ $ safe init joe@abc ~/safedb.creds # initialize a safe book in folder
109
+ $ safe login joe@abc # login with the created password
109
110
 
110
111
  You initialize then login to a **domain** like **joe@abc**. In the init command we specify where the encrypted material will be stored. Best use a USB key or phone to use your secrets on any drive or computer.
111
112
 
@@ -115,27 +116,26 @@ More information will be provided on installing and using safe via a gem install
115
116
 
116
117
  ## Create Alias for Export Safe Terminal Token
117
118
 
118
- It's tiresome to manually create the **SAFE_TTY_TOKEN environment variable** that is required by safe.
119
+ It is tiresome To type <tt>export SAFE_TTY_TOKEN=`safe token`</tt> every time you use the safe. A solution is to create a smaller alias command like <tt>safetty</tt> which will run when we open up a shell.
119
120
 
120
- So create an **alias safetty (export token)** command like this noting the escaped <b>back-ticks</b> surrounding the <b>safe token</b> call.
121
+ ```bash
122
+ echo "alias safetty='export SAFE_TTY_TOKEN=\`safe token\`'" >> ~/.bash_aliases
123
+ ```
124
+
125
+ Note the **escaped back-ticks** surrounding <tt>safe token</tt>. It is easy to mistake them for apostrophes.
121
126
 
122
- $ echo "alias safetty='export SAFE_TTY_TOKEN=\`safe token\`'" >> ~/.bash_aliases
123
127
  $ cat ~/.bash_aliases # Check the alias has been added to ~/.bash_aliases
124
128
  $ source ~/.bash_aliases # Use source to avoid grabbing a new shell this time
125
129
 
126
- Now before using safe simply call safetty.
127
-
128
- $ safetty # safe terminal token
129
- $ printenv | grep SAFE_TTY_TOKEN # check it was created
130
- $ safe login joe@abc # login to a book
131
- $ safe view # chapters and verses
130
+ ## safe book login command
132
131
 
133
- There are other ways to initialize the shell token including
132
+ Now that we have created the <tt>safetty</tt> alias we can login with one line like this.
134
133
 
135
- - via a Docker run ENV parameter
136
- - inside a Vagrantfile (vagrant up)
134
+ ```bash
135
+ safetty; safe login joe@abc
136
+ ```
137
137
 
138
- Do not add it to the bash profile script because safe uses the parent process id and bash profile will in effect use safe's grandparent's process id.
138
+ Advanced users should avoid adding the export command to <tt>~/.bash_profile</tt>.
139
139
 
140
140
 
141
141
  ## Remove Token | Environment Variable
@@ -481,6 +481,18 @@ applications and systems.
481
481
 
482
482
  ### Configure Makeup of Password | Printable Characters
483
483
 
484
+ Run the below command and note the large character set from which secrets and passwords are generated.
485
+ The larger the character set the **exponentially** more difficult to brute force crack a password. That said, many websites and services impose restrictions on the characters set, usually in an attempt to prevent sql injection and cross-site-scripting attacks.
486
+
487
+ <tt>safedb</tt> allows you to specify the character set at the book, chapter, verse, line and also at the command line level.
488
+
489
+ ```
490
+ head /dev/urandom | tr -dc A-Za-z0-9?@=$~%/+^.,][\{\}\<\>\&\(\)_\- | head -c 258 ; echo
491
+ ```
492
+
493
+ For easy configuration, just specify --flaky, --weak, --solid, --strong and --herculean.
494
+
495
+
484
496
  Some systems reject certain characters. Lloyds Bank for example will only accept alpha-numerics.
485
497
 
486
498
  In these cases we need to configure the set of characters that sources the actual sequence of password characters.
data/lib/interprete.rb CHANGED
@@ -48,6 +48,37 @@ class Interprete < Thor
48
48
  # the --script flag.
49
49
  class_option :script, :type => :boolean
50
50
 
51
+ # Any use case can modify its behaviour if this <tt>--to-dir</tt> class
52
+ # option is present. For example the file write (eject) use case can place
53
+ # files in the directory specified by this switch.
54
+ class_option :to_dir, :aliases => '-t'
55
+
56
+
57
+
58
+ # Printout the version of this safedb.net command line interface.
59
+ desc "version", "prints the safedb.net command line interface version"
60
+
61
+ # If <tt>safe --version</tt> is issued this line accepts it and converts
62
+ # it so that the version method is called.
63
+ map %w[-v --version] => :version
64
+
65
+ # Printout the version of this safedb.net command line interface.
66
+ # The version should be extracted whether the user types in
67
+ #
68
+ # - either <tt>safe --version</tt>
69
+ # - or <tt>safe version</tt>
70
+ def version
71
+ log.info(x) { "[usecase] ~> print the version of this safedb.net personal database." }
72
+
73
+ puts ""
74
+ puts "safedb gem version => v#{SafeDb::VERSION}"
75
+ puts "time and date now => #{SafeDb::KeyNow.human_readable()}"
76
+ puts "safedb @github.com => https://github.com/devops4me/safedb.net"
77
+ puts "safe @rubygems.org => https://rubygems.org/gems/safedb"
78
+ puts ""
79
+
80
+ end
81
+
51
82
 
52
83
 
53
84
  # Description of the init configuration call.
@@ -55,8 +86,8 @@ class Interprete < Thor
55
86
 
56
87
  # If confident that command history cannot be exploited to gain the
57
88
  # human password or if the agent running safe is itself a script,
58
- # the <tt>with</tt> option can be used to convey the password.
59
- option :with
89
+ # the <tt>password</tt> option can be used to convey the password.
90
+ option :password, :aliases => '-p'
60
91
 
61
92
  # Initialize the credentials manager, collect the human password and
62
93
  # manufacture the strong asymmetric public / private keypair.
@@ -66,9 +97,9 @@ class Interprete < Thor
66
97
  def init( domain_name, base_path = nil )
67
98
  log.info(x) { "initialize the safe book on this device." }
68
99
  init_uc = SafeDb::Init.new
69
- init_uc.master_p4ss = options[:with] if options[:with]
100
+ init_uc.password = options[ :password ] if options[ :password ]
70
101
  init_uc.domain_name = domain_name
71
- init_uc.base_path = base_path unless base_path.nil?
102
+ init_uc.base_path = File.expand_path( base_path ) unless base_path.nil?
72
103
  init_uc.flow_of_events
73
104
  end
74
105
 
@@ -79,8 +110,8 @@ class Interprete < Thor
79
110
 
80
111
  # If confident that command history cannot be exploited to gain the
81
112
  # human password or if the agent running safe is itself a script,
82
- # the <tt>with</tt> option can be used to convey the password.
83
- option :with
113
+ # the <tt>password</tt> option can be used to convey the password.
114
+ option :password, :aliases => '-p'
84
115
 
85
116
  # Login in order to securely interact with your data.
86
117
  # @param domain_name [String] the domain the software operates under
@@ -88,7 +119,7 @@ class Interprete < Thor
88
119
  log.info(x) { "[usecase] ~> login to the book before interacting with it." }
89
120
  login_uc = SafeDb::Login.new
90
121
  login_uc.domain_name = domain_name unless domain_name.nil?
91
- login_uc.master_p4ss = options[:with] if options[:with]
122
+ login_uc.password = options[ :password ] if options[ :password ]
92
123
  login_uc.flow_of_events
93
124
  end
94
125
 
@@ -233,6 +264,7 @@ class Interprete < Thor
233
264
  log.info(x) { "[usecase] ~> eject file at chapter/verse against specified key." }
234
265
  eject_uc = SafeDb::Eject.new
235
266
  eject_uc.file_key = file_key
267
+ eject_uc.to_dir = options[:to_dir] if options[:to_dir]
236
268
  eject_uc.flow_of_events
237
269
  end
238
270
 
@@ -316,6 +316,15 @@ module SafeDb
316
316
  end
317
317
 
318
318
 
319
+ # Fetch the human readable time stamp.
320
+ #
321
+ # @return [String]
322
+ # the human readable timestamp
323
+ def self.human_readable
324
+ return "#{Time.now.ctime} #{yyjjj_hhmm_sst}"
325
+ end
326
+
327
+
319
328
  # Fetch the double barreled time stamp that is an amalgam of
320
329
  # the human readable time now and a machine time representation
321
330
  # from the moment this class was initialized.
@@ -85,11 +85,8 @@ module OpenSession
85
85
  # @param gem_filepath [String] path to callling gem (use <tt>__FILE</tt>)
86
86
  def self.now gem_filepath
87
87
 
88
-
89
- ############ require_relative "../cryptools/keygen"
90
88
  require_relative "../usecase/cmd"
91
89
 
92
-
93
90
  gem_basepath = File.expand_path "..", gem_filepath
94
91
 
95
92
  log.info(x) { "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" }
@@ -11,7 +11,7 @@ module SafeDb
11
11
  # No keyname will eject every file in the opened chapter and verse.
12
12
  class Eject < UseCase
13
13
 
14
- attr_writer :file_key
14
+ attr_writer :file_key, :to_dir
15
15
 
16
16
  # Files are always ejected into the present working directory and any
17
17
  # about to be clobbered files are backed up with a timestamp.
@@ -29,23 +29,31 @@ module SafeDb
29
29
 
30
30
  base64_content = chapter_data[ verse_id ][ "#{FILE_KEY_PREFIX}#{@file_key}" ][ FILE_CONTENT_KEY ]
31
31
  simple_filename = chapter_data[ verse_id ][ "#{FILE_KEY_PREFIX}#{@file_key}" ][ FILE_NAME_KEY ]
32
- file_full_path = File.join( Dir.pwd, simple_filename )
32
+
33
+ # Do a mkdir_p if @to_dir has some valid non-whitespace text
34
+ # If so check that we have permissions to write to the specified folder
35
+ destination_dir = Dir.pwd if @to_dir.nil?
36
+ destination_dir = @to_dir unless @to_dir.nil?
37
+
38
+ file_full_path = File.join( destination_dir, simple_filename )
33
39
  backup_filename = KeyNow.yyjjj_hhmm_sst() + "-" + simple_filename
34
- backup_file_path = File.join( Dir.pwd, backup_filename )
40
+ backup_file_path = File.join( destination_dir, backup_filename )
35
41
  will_clobber = File.file?( file_full_path )
36
42
 
37
- File.write( backup_file_path, File.read( file_full_path ) ) if will_clobber
38
- ::File.write( file_full_path, Base64.urlsafe_decode64( base64_content ) )
39
-
40
- puts ""
41
- puts "File successfully ejected from safe into current directory."
42
43
  puts ""
43
44
  puts "Clobbered File = #{backup_filename}" if will_clobber
44
- puts "Current Directory = #{Dir.pwd}"
45
+ puts "Prescribed Directory = #{@to_dir}" unless @to_dir.nil?
46
+ puts "Present Directory = #{Dir.pwd}" if @to_dir.nil?
45
47
  puts "Ejected Filename = #{simple_filename}"
46
- puts "Chapter and Verse = #{master_db[ENV_PATH]}:#{verse_id}"
48
+ puts "The Full Filepath = #{file_full_path}"
49
+ puts "Chapter and Verse = #{master_db[ENV_PATH]}::#{verse_id}"
47
50
  puts "Ejected File Key = #{@file_key}"
48
51
  puts ""
52
+ puts "File successfully ejected from the safe."
53
+ puts ""
54
+
55
+ File.write( backup_file_path, File.read( file_full_path ) ) if will_clobber
56
+ ::File.write( file_full_path, Base64.urlsafe_decode64( base64_content ) )
49
57
 
50
58
  end
51
59
 
data/lib/usecase/init.rb CHANGED
@@ -24,7 +24,7 @@ module SafeDb
24
24
  #
25
25
  class Init < UseCase
26
26
 
27
- attr_writer :master_p4ss, :domain_name, :base_path
27
+ attr_writer :password, :domain_name, :base_path
28
28
 
29
29
 
30
30
  # The init use case prepares the <b>safe</b> so that you can <b>open</b> an envelope,
@@ -42,7 +42,9 @@ module SafeDb
42
42
  return
43
43
  end
44
44
 
45
- domain_password = KeyPass.password_from_shell( true )
45
+ domain_password = KeyPass.password_from_shell( true ) if @password.nil?
46
+ domain_password = @password unless @password.nil?
47
+
46
48
  KeyApi.setup_domain_keys( @domain_name, domain_password, create_header() )
47
49
  print_domain_initialized
48
50
 
data/lib/usecase/login.rb CHANGED
@@ -17,7 +17,7 @@ module SafeDb
17
17
  # - you can deliver the password in multiple ways
18
18
  class Login < UseCase
19
19
 
20
- attr_writer :master_p4ss, :domain_name
20
+ attr_writer :password, :domain_name
21
21
 
22
22
 
23
23
  def execute
@@ -36,7 +36,8 @@ module SafeDb
36
36
  ############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
37
37
  ############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
38
38
 
39
- domain_secret = KeyPass.password_from_shell( false )
39
+ domain_secret = KeyPass.password_from_shell( false ) if @password.nil?
40
+ domain_secret = @password unless @password.nil?
40
41
 
41
42
  ############## Use [[ KeyApi.valid_password? ]] and give error if not valid
42
43
  ############## Use [[ KeyApi.valid_password? ]] and give error if not valid
data/lib/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SafeDb
2
- VERSION = "0.01.0003"
2
+ VERSION = "0.02.0001"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: safedb
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.01.0003
4
+ version: 0.02.0001
5
5
  platform: ruby
6
6
  authors:
7
7
  - Apollo Akora
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-02-12 00:00:00.000000000 Z
11
+ date: 2019-02-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: inifile