secrets-cipher-base64 1.2.1

data/lib/secrets/cipher_handler.rb

@@ -0,0 +1,45 @@
+require 'base64'
+require_relative 'configuration'
+
+module Secrets
+  #
+  # +CipherHandler+ contains cipher-related utilities necessary to create
+  # ciphers, and seed them with the salt or iV vector,
+  #
+  module CipherHandler
+
+    CREATE_CIPHER = ->(name) { ::OpenSSL::Cipher.new(name) }
+
+    CipherStruct = Struct.new(:cipher, :iv, :salt)
+
+    def create_cipher(direction:,
+                      cipher_name:,
+                      iv: nil,
+                      salt: nil)
+
+      cipher = new_cipher(cipher_name)
+      cipher.send(direction)
+      iv        ||= cipher.random_iv
+      cipher.iv = iv
+      CipherStruct.new(cipher, iv, salt)
+    end
+
+    def new_cipher(cipher_name)
+      CREATE_CIPHER.call(cipher_name)
+    end
+
+    def update_cipher(cipher, value)
+      data = cipher.update(value)
+      data << cipher.final
+      data
+    end
+
+    module ClassMethods
+      def create_private_key
+        key = CREATE_CIPHER.call(Secrets::Configuration.property(:private_key_cipher)).random_key
+        ::Base64.urlsafe_encode64(key)
+      end
+    end
+  end
+end
+

data/lib/secrets/configuration.rb

@@ -0,0 +1,23 @@
+module Secrets
+  # Application configuration Singleton class.
+  # It's values are requested by the library upon encryption or
+  # decryption, or any other operation.
+
+  class Configuration
+    class << self
+      attr_accessor :config
+
+      def configure
+        self.config ||= Configuration.new
+        yield config if block_given?
+      end
+
+      def property(name)
+        self.config.send(name)
+      end
+    end
+
+    attr_accessor :data_cipher, :password_cipher, :private_key_cipher
+    attr_accessor :compression_enabled, :compression_level
+  end
+end

data/lib/secrets/data.rb

@@ -0,0 +1,23 @@
+require_relative 'errors'
+require 'base64'
+require 'zlib'
+
+require_relative 'data/wrapper_struct'
+require_relative 'data/encoder'
+require_relative 'data/decoder'
+
+module Secrets
+  # This module is responsible for taking arbitrary data of any format, and safely compressing
+  # the result of `Marshal.dump(data)` using Zlib, and then doing `#urlsafe_encode64` encoding
+  # to convert it to a string,
+  module Data
+    def encode(data, compress = true)
+      Encoder.new(data, compress).data_encoded
+    end
+
+    def decode(data_encoded, compress = nil)
+      Decoder.new(data_encoded, compress).data
+    end
+  end
+end
+

data/lib/secrets/data/decoder.rb

@@ -0,0 +1,24 @@
+require_relative '../errors'
+require 'base64'
+require 'zlib'
+module Secrets
+  module Data
+    class Decoder
+      attr_accessor :data, :data_encoded, :data
+
+      def initialize(data_encoded, compress)
+        self.data_encoded = data_encoded
+        self.data         = Base64.urlsafe_decode64(data_encoded)
+
+        if compress.nil? || compress # auto-guess
+          self.data = begin
+            Zlib::Inflate.inflate(data)
+          rescue Zlib::Error => e
+            data
+          end
+        end
+        self.data = Marshal.load(data)
+      end
+    end
+  end
+end

data/lib/secrets/data/encoder.rb

@@ -0,0 +1,24 @@
+require 'base64'
+require 'zlib'
+
+require 'secrets/errors'
+require 'secrets/configuration'
+
+module Secrets
+  module Data
+    class Encoder
+      attr_accessor :data, :data_encoded
+
+      def initialize(data, compress)
+        self.data         = data
+        self.data_encoded = Marshal.dump(data)
+        self.data_encoded = Zlib::Deflate.deflate(data_encoded, compression_level) if compress
+        self.data_encoded = Base64.urlsafe_encode64(data_encoded)
+      end
+
+      def compression_level
+        Secrets::Configuration.config.compression_level
+      end
+    end
+  end
+end

data/lib/secrets/data/wrapper_struct.rb

@@ -0,0 +1,43 @@
+require_relative '../errors'
+module Secrets
+  module Data
+    class WrapperStruct < Struct.new(
+      :encrypted_data,        # [Blob] Binary encrypted data (possibly compressed)
+      :iv,                    # [String] IV used to encrypt the data
+      :cipher_name,           # [String] Name of the cipher used
+      :salt,                  # [Integer] For password-encrypted data this is the salt
+      :version,               # [Integer] Version of the cipher used
+      :compress               # [Boolean] indicates if compression should be applied
+      )
+
+      VERSION = 1
+
+      attr_accessor :compressed
+
+      def initialize(
+        encrypted_data:, # [Blob] Binary encrypted data (possibly compressed)
+        iv:, # [String] IV used to encrypt the data
+        cipher_name:, # [String] Name of the cipher used
+        salt: nil, # [Integer] For password-encrypted data this is the salt
+        version: VERSION, # [Integer] Version of the cipher used
+        compress: Secrets::Configuration.config.compression_enabled
+      )
+        super(encrypted_data, iv, cipher_name, salt, version, compress)
+      end
+
+      def config
+        Secrets::Configuration.config
+      end
+
+      def serialize
+        Marshal.dump(self)
+      end
+
+      def self.deserialize(data)
+        Marshal.load(data)
+      end
+    end
+  end
+end
+
+

data/lib/secrets/errors.rb

@@ -0,0 +1,27 @@
+module Secrets
+  module Errors
+    # Exceptions superclass for this library.
+    class Secrets::Errors::Error < StandardError; end
+
+    # No secret has been provided for encryption or decryption
+    class NoPrivateKeyFound < Secrets::Errors::Error; end
+    class PasswordsDontMatch < Secrets::Errors::Error; end
+    class PasswordTooShort < Secrets::Errors::Error; end
+    class DataEncodingVersionMismatch< Secrets::Errors::Error; end
+    class EditorExitedAbnormally < Secrets::Errors::Error; end
+    class InvalidEncodingPrivateKey < Secrets::Errors::Error; end
+    class InvalidPasswordPrivateKey < Secrets::Errors::Error; end
+    class FileNotFound < Secrets::Errors::Error; end
+    class ExternalCommandError < Secrets::Errors::Error; end
+
+    # Method was called on an abstract class. Override such methods in
+    # subclasses, and use subclasses for instantiation of objects.
+    class AbstractMethodCalled < ArgumentError
+      def initialize(method, message = nil)
+        super("Abstract method call, on #{method}" + (message || ''))
+      end
+    end
+  end
+end
+
+

data/lib/secrets/extensions/class_methods.rb

@@ -0,0 +1,12 @@
+require 'base64'
+require 'secrets/cipher_handler'
+
+module Secrets
+  module Extensions
+    module ClassMethods
+      def self.extended(klass)
+        klass.extend Secrets::CipherHandler::ClassMethods
+      end
+    end
+  end
+end

data/lib/secrets/extensions/instance_methods.rb

@@ -0,0 +1,110 @@
+require 'secrets'
+require 'secrets/data'
+require 'secrets/cipher_handler'
+require 'openssl'
+module Secrets
+  module Extensions
+    # This is the module that is really included in your class
+    # when you include +Secrets+.
+    #
+    # The module provides easy access to the encryption configuration
+    # via the +#encryption_config+ method, as well as two key
+    # methods: +#encr+ and +#decr+.
+    #
+    # Methods +#encr_password+ and +#decr_password+ provide a good
+    # example of how this module can be extended to provide more uses
+    # of various ciphers, by calling into the private +_encr+ and +_decr+
+    # methods.f
+    module InstanceMethods
+      include Secrets::Data
+      include Secrets::CipherHandler
+
+      def encryption_config
+        Secrets::Configuration.config
+      end
+
+      # Expects key to be a base64 encoded key
+      def encr(data, key, iv = nil)
+        _encr(data, encryption_config.data_cipher, iv) do |cipher_struct|
+          cipher_struct.cipher.key = decode_key(key)
+        end
+      end
+
+      # Expects key to be a base64 encoded key
+      def decr(encrypted_data, key, iv = nil)
+        _decr(encrypted_data, encryption_config.data_cipher, iv) do |cipher_struct|
+          cipher_struct.cipher.key = decode_key(key)
+        end
+      end
+
+      def encr_password(data, password, iv = nil)
+        _encr(data, encryption_config.password_cipher, iv) do |cipher_struct|
+          key, salt                = _key_from_password(cipher_struct.cipher, password)
+          cipher_struct.cipher.key = key
+          cipher_struct.salt       = salt
+        end
+      end
+
+      def decr_password(encrypted_data, password, iv = nil)
+        _decr(encrypted_data, encryption_config.password_cipher, iv) do |cipher_struct|
+          key,                     = _key_from_password(cipher_struct.cipher, password, cipher_struct.salt)
+          cipher_struct.cipher.key = key
+        end
+      end
+
+      private
+
+      def decode_key(encoded_key)
+        Base64.urlsafe_decode64(encoded_key)
+      end
+
+      def _key_from_password(cipher, password, salt = nil)
+        key_len = cipher.key_len
+        salt    ||= OpenSSL::Random.random_bytes 16
+        iter    = 20000
+        digest  = OpenSSL::Digest::SHA256.new
+        key     = OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iter, key_len, digest)
+        return key, salt
+      end
+
+      # Expects key to be a base64 encoded key data
+      def _encr(data, cipher_name, iv = nil, &block)
+        data, compression_enabled = encode_incoming_data(data)
+        cipher_struct             = create_cipher(direction:   :encrypt,
+                                                  cipher_name: cipher_name,
+                                                  iv:          iv)
+
+        yield cipher_struct if block_given?
+
+        encrypted_data = update_cipher(cipher_struct.cipher, data)
+        wrapper_struct = WrapperStruct.new(
+          encrypted_data: encrypted_data,
+          iv:             cipher_struct.iv,
+          cipher_name:    cipher_struct.cipher.name,
+          salt:           cipher_struct.salt,
+          compress:       !compression_enabled)
+        encode(wrapper_struct, false)
+      end
+
+      # Expects key to be a base64 encoded key data
+      def _decr(encoded_data, cipher_name, iv = nil, &block)
+        wrapper_struct = decode(encoded_data)
+        cipher_struct  = create_cipher(cipher_name: cipher_name,
+                                       iv:          wrapper_struct.iv,
+                                       direction:   :decrypt,
+                                       salt:        wrapper_struct.salt)
+        yield cipher_struct if block_given?
+        decode(update_cipher(cipher_struct.cipher, wrapper_struct.encrypted_data))
+      end
+
+
+      def encode_incoming_data(data)
+        compression_enabled = !data.respond_to?(:size) || (data.size > 100 && encryption_config.compression_enabled)
+        data                = encode(data, compression_enabled)
+        [data, compression_enabled]
+      end
+
+    end
+  end
+end
+

data/lib/secrets/version.rb

@@ -0,0 +1,3 @@
+module Secrets
+  VERSION = '1.2.1'
+end

data/secrets-cipher-base64.gemspec

@@ -0,0 +1,33 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'secrets/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'secrets-cipher-base64'
+  spec.version       = Secrets::VERSION
+  spec.authors       = ['Konstantin Gredeskoul']
+  spec.email         = %w(kigster@gmail.com)
+
+  spec.summary       = %q{Simple tool to encrypt/decrypt data using symmetric aes-256-cbc encryption with a private key and an IV vector}
+  spec.description   = %q{Store sensitive data safely as encrypted strings or entire files, using symmetric aes-256-cbc encryption/decryption with a secret key and an IV vector, and YAML-friendly base64-encoded encrypted result.}
+  spec.homepage      = 'https://github.com/kigster/secrets-cipher-base64'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'require_dir', '~> 0.1'
+  spec.add_dependency 'colored2', '~> 2.0'
+  spec.add_dependency 'slop', '~> 4.3'
+  spec.add_dependency 'activesupport'
+  spec.add_dependency 'highline', '~> 1.7'
+  spec.add_dependency 'clipboard', '~> 1.1'
+
+  spec.add_development_dependency 'codeclimate-test-reporter'
+  spec.add_development_dependency 'bundler', '~> 1.12'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'yard', '~> 0.9'
+end

metadata

@@ -0,0 +1,243 @@
+--- !ruby/object:Gem::Specification
+name: secrets-cipher-base64
+version: !ruby/object:Gem::Version
+  version: 1.2.1
+platform: ruby
+authors:
+- Konstantin Gredeskoul
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-08-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: require_dir
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: colored2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: slop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.3'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: clipboard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+description: Store sensitive data safely as encrypted strings or entire files, using
+  symmetric aes-256-cbc encryption/decryption with a secret key and an IV vector,
+  and YAML-friendly base64-encoded encrypted result.
+email:
+- kigster@gmail.com
+executables:
+- keychain
+- secrets
+extensions: []
+extra_rdoc_files: []
+files:
+- ".codeclimate.yml"
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- Gemfile
+- LICENSE
+- MANAGING-KEYS.md
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- exe/keychain
+- exe/secrets
+- lib/secrets.rb
+- lib/secrets/app.rb
+- lib/secrets/app/cli.rb
+- lib/secrets/app/commands.rb
+- lib/secrets/app/commands/command.rb
+- lib/secrets/app/commands/delete_keychain_key.rb
+- lib/secrets/app/commands/encrypt_decrypt.rb
+- lib/secrets/app/commands/generate_key.rb
+- lib/secrets/app/commands/open_editor.rb
+- lib/secrets/app/commands/show_examples.rb
+- lib/secrets/app/commands/show_help.rb
+- lib/secrets/app/commands/show_version.rb
+- lib/secrets/app/keychain.rb
+- lib/secrets/app/outputs/to_file.rb
+- lib/secrets/app/outputs/to_stdout.rb
+- lib/secrets/app/password_handler.rb
+- lib/secrets/cipher_handler.rb
+- lib/secrets/configuration.rb
+- lib/secrets/data.rb
+- lib/secrets/data/decoder.rb
+- lib/secrets/data/encoder.rb
+- lib/secrets/data/wrapper_struct.rb
+- lib/secrets/errors.rb
+- lib/secrets/extensions/class_methods.rb
+- lib/secrets/extensions/instance_methods.rb
+- lib/secrets/version.rb
+- secrets-cipher-base64.gemspec
+homepage: https://github.com/kigster/secrets-cipher-base64
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Simple tool to encrypt/decrypt data using symmetric aes-256-cbc encryption
+  with a private key and an IV vector
+test_files: []