secret 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a56b7cd7533a64c852d89901ba1460a2b487d498
-  data.tar.gz: 2993017272c967c3b9e7249f6be3eff1a9bc3e22
+  metadata.gz: 41f92b03a262766c7d234c19c6a960de5a842c19
+  data.tar.gz: 6e32e9c816c5fc79e8a37409438e8874a66d79d9
 SHA512:
-  metadata.gz: f263a042a3fb1373b73a7548143b36fc1eb6147cbdbd5ce58e7f6aa34c22bfa40cb014d6934186b220ee08c305976b3b87df8ffb1721091c120243b363297fdd
-  data.tar.gz: a80eb4b104b6fde26085b253e9d6065aa145d9a6cf65d8a54041e98310f4dd69e7b29abd4a88b3f1b2fd9f0faab5ee5f7bc126d2d23b2a0cc9b850a3778e3b76
+  metadata.gz: 675d910898db33b3b877c5b18d0a6a510e41cef439c4ad9c2133e1965c112e02fad125c04537d784da9a944cc002596f85838c52a83ff50cdaa8a696a994d13c
+  data.tar.gz: 29a50491731fc543171b33a47296f3c49275469f8fce3ab3abc4a5847bbf8754e43b1e7eef996e6ea17fd97c1f3f6dbfdd0fba780298ffbc7987a30a1763944c

data/README.md

@@ -30,7 +30,7 @@ secret.some_key.stash "ThisIsSomeKey"
 puts secret.some_key.contents
 
 # Manually seek through the file
-secret.some_key.stream do |f|
+secret.some_key.stream 'r' do |f|
     f.seek 1, IO::SEEK_CUR
 end
 
@@ -44,6 +44,44 @@ secret.stash "certs/file.key", "Contents of this key file!"
 puts secret.contents "certs/file.key"
 ```
 
+## Encryption
+The secret gem supports basic AES encryption with a random [IV](http://en.wikipedia.org/wiki/Initialization_vector).
+Note that encryption / decryption is somewhat slow and is intended only for small strings and files.
+
+You should implement your own encryption mechanism for anything that is more comprehensive than basic passphrase encryption.
+
+```ruby
+secret = Secret.default
+file   = secret.file "my_file.txt"
+
+# Note here that unencrypted content touches the hard drive
+file.stash "This is some secret contents"
+
+if file.encrypted?
+  puts "Encrypting file contents..."
+  file.encrypt! "password"
+  puts file.contents
+
+  puts "Changing file passphrase..."
+  file.change_encryption_passphrase! "password", "password2"
+else
+  puts "Decrypted file contents..."
+  puts file.decrypted "password2"
+  
+  # Will still be an encrypted string
+  puts file.contents
+  
+  # Decrypt the file
+  puts "Decrypting file..."
+  file.decrypt!
+  puts file.contents
+end
+
+# If we immediately wish to stash some encrypted data
+file = secret.file "file2.txt"
+file.stash_encrypted "This is encrypted", "password"
+```
+
 ## How Secure is It?
 Ths is only *somewhat* secure and will provide protection against:
 

data/lib/secret.rb

@@ -1,4 +1,5 @@
 require "secret/version"
+require "secret/encryption"
 require "secret/file"
 require "secret/container"
 
@@ -8,7 +9,7 @@ module Secret
   CHMOD_MODE = 0700
   
   # The file extension for secret files
-  FILE_EXT = ".sfile"
+  FILE_EXT = ".sf"
   
   # Gets the default container
   # @return [Secret::Container] the default container
@@ -29,6 +30,8 @@ module Secret
   end
 
   class FileUnreadableError < Exception; end
+  
+  class FileEncryptedError < Exception; end
 
 
 end

data/lib/secret/encryption.rb

@@ -1,45 +1,90 @@
-require 'openssl'
+require 'aes'
 
 module Secret
+  
+  # Enables basic encryption support with AES.
+  #
+  # Note that encryption and decription are rather slow processes and are intended to be
+  # used with small strings / file sizes. Please use sparingly!
   module Encryption
 
 
 
-    def encrypt_basic(passphrase)
-      cipher = OpenSSL::Cipher.new('aes-256-cbc')
-      cipher.encrypt
-      key = passphrase
-      iv  = cipher.random_iv
+    # Gets the contents of the file in an encrypted format. This may quite possibly
+    # result in doubly-encrypted text if you're not careful. This process will take
+    # a few moments.
+    def encrypted(passphrase)
+      return contents if encrypted?
+      encrypt_string passphrase, contents
+    end
 
-      out = StringIO.new("", "wb") do |outf|
-        StringIO.new(contents, "rb") do |inf|
-          while inf.read(4096, buf)
-            outf << cipher.update(buf)
-          end
-          outf << cipher.final
-        end
-      end
+    
+    # Gets the decrypted version of this.
+    # @raise [OpenSSL::Cipher::CipherError] if the password was incorrect
+    def decrypted(passphrase)
+      return contents unless encrypted?
+      AES.decrypt contents, passphrase
+    end
+    
+    # Immediately decrypt the contents of this file.
+    # @raise [OpenSSL::Cipher::CipherError] if the password was incorrect
+    def decrypt!(passphrase)
+      raise ArgumentError, "The contents of this file are not encrypted" unless encrypted?
+      str = decrypted(passphrase)
+      remove_encrypted_indicator
+      stash str
+    end
 
-      return out.string
+    # Encrypt the contents of this file immediately
+    def encrypt!(passphrase)
+      stash_encrypted passphrase, contents
     end
+    
+    # Change the passphrase.
+    def change_encryption_passphrase!(old_passphrase, new_passphrase)
+      raise ArgumentError, "The contents of this file are not encrypted" unless encrypted?
+      original = decrypted old_passphrase
+      remove_encrypted_indicator
+      stash_encrypted original, new_passphrase
+    end
+    
+    # Stash the contents of this file with an encrypted password
+    def stash_encrypted(data, passphrase)
+      raise ArgumentError, "The contents of this file is already encrypted" if encrypted?
+      ::File.open(encrypted_meta_filename, 'w', container.chmod_mode) {|f| f.write "aes-default" }
+      str = encrypt_string passphrase, data
+      stash str
+      ::File.open(encrypted_meta_filename, 'w', container.chmod_mode) {|f| f.write "aes-default" }
+    end
+
 
     # Checks to see if the file is encrypted
     def encrypted?
       ::File.exist?(encrypted_meta_filename)
     end
 
-
-    def stash(content); raise "Not Implemented"; end
-
-    def contents; raise "Not Implemented"; end
+    # Ensure that the contents of this file are unencrypted
+    def ensure_unencrypted!
+      raise FileEncryptedError, "Contents of the file are encrypted" if encrypted?
+    end
 
 
+    def remove_encrypted_indicator
+      ::File.delete encrypted_meta_filename if encrypted?
+    end
 
     protected
+    
+    def encrypt_string(passphrase, string)
+      iv = AES.iv :base_64
+      return AES.encrypt string, passphrase, :iv => iv
+    end
 
     def encrypted_meta_filename
-      raise NotImplementedError, "Must implement dis!"
+      file_path + '.enc'
     end
+  
+    
 
   end
 end

data/lib/secret/file.rb

@@ -2,7 +2,7 @@ module Secret
 
   # Handles file operations. Uses Ruby's internal file locking mechanisms.
   class File
-    # include Secret::Encryption
+    include Secret::Encryption
 
     attr_reader :container, :identifier
 
@@ -108,6 +108,9 @@ module Secret
           # Rename tmp file to backup file now we know contents are sane
           ::File.rename(tmp_file_path, backup_file_path)
           
+          # Remove encryption indicator
+          remove_encrypted_indicator
+          
           # Truncate file contents to zero bytes
           f.truncate 0
           
@@ -153,6 +156,11 @@ module Secret
   
     end
 
+    # Delete the contents of this file, along with any other associated files.
+    def delete!
+      ::File.delete(file_path) if exist?
+      Dir[file_path + "*"].each {|f| ::File.delete f }
+    end
 
     private
 

data/lib/secret/version.rb

@@ -1,3 +1,3 @@
 module Secret
-  VERSION = "0.0.2"
+  VERSION = "0.0.3"
 end

data/secret.gemspec

@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
+  
+  spec.add_dependency 'aes'
 
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake"

data/test/tester.rb

@@ -7,9 +7,24 @@ require 'secret'
 Secret.configure_default 'secrets'
 container = Secret.default
 
-container.stash "key.crt", "The contents of this key!"
+file = container.file "key.crt"
+#file.delete!
+unless file.encrypted?
+  puts "Encrypting contents of file..."
+  file.stash_encrypted "This is some secret text!", "password"
+  puts "File contents: #{file.contents}"
+  
+  puts "Changing passphrase..."
+  file.change_encryption_passphrase! "password", "password2"
+  
+  # puts "This should result in an error..."
+  puts file.contents
+else
+  puts "Decrypting file contents..."
+  file.decrypt! "password2"
+  puts "Decrypted contents: " + file.contents
+end
 
-puts "Contents of key: '#{container.contents 'key.crt'}'"
 
 
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: secret
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Christopher Thornton
@@ -10,6 +10,20 @@ bindir: bin
 cert_chain: []
 date: 2013-05-14 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: aes
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement