seekrit 0.2.1

data/bin/seekrit

@@ -0,0 +1,53 @@
+#! /usr/bin/ruby1.8
+require 'seekrit/store'
+require 'seekrit/interactor'
+require 'highline/import'
+require 'fileutils'
+
+DATAFILE = ENV['HOME'] + '/.config/seekrit/secrets'
+
+def interactor(&blk)
+  err = nil
+  FileUtils.mkdir_p(File.dirname(DATAFILE))
+  File.open(DATAFILE, "a+") do |file|
+    3.times do
+      begin
+        password = ask('Enter password: '){ |q| q.echo = false }
+        store = Seekrit::Store.new(password, file)
+        yield Seekrit::Interactor.new(store)
+        return
+      rescue Seekrit::DecryptionError => err
+      end
+    end
+    puts err.message
+    exit 1
+  end
+end
+
+command = ARGV.shift
+names = ARGV
+case command
+when 'show', 's'
+  interactor{ |i| i.show names }
+when 'edit', 'e'
+  interactor{ |i| i.edit names }
+when 'list', 'l'
+  interactor{ |i| i.list names }
+when 'delete'
+  interactor{ |i| i.delete names }
+when 'rename'
+  interactor{ |i| i.rename names.shift, names.shift }
+when 'export'
+  interactor{ |i| i.export names.shift }
+when 'import'
+  interactor{ |i| i.import names.shift }
+else
+  puts "Unknown command '#{command}'", '' if command
+puts <<END
+list                      List all entries.
+show name(s)              Show matching entries.
+edit name(s)              Create or modify entries.
+delete name(s)            Delete entries.
+rename old_name new_name  Rename entry.
+END
+end

data/lib/seekrit/interactor.rb

@@ -0,0 +1,106 @@
+require 'tempfile'
+
+module Seekrit
+  class Interactor
+    EDITOR = ENV['EDITOR'] || 'vi'
+    RANDOM_SOURCE = '/dev/urandom'
+
+    attr_reader :store
+
+    def initialize(store)
+      @store = store
+    end
+
+    def show(names)
+      names.each do |name|
+        data = store[name]
+        puts(name, data, '')
+      end
+    end
+
+    def edit(names)
+      names.each do |name|
+        comment = "\# #{name}\n"
+        data = comment + (store[name] || '')
+        external_editor(data) do |data|
+          data.sub!(/\A#{Regexp.escape(comment)}/, '')
+          store[name] = data
+          store.save
+        end
+      end
+    end
+
+    def delete(names)
+      names.each do |name|
+        store.delete(name)
+      end
+      store.save
+    end
+
+    def list(patterns)
+      if patterns.empty?
+        regexp = /.*/
+      else
+        regexp = /#{ patterns.map{ |p| Regexp.escape(p) }.join('|') }/
+      end
+      store.keys.sort_by{ |a| a.upcase }.each do |name|
+        puts name if name =~ regexp
+      end
+    end
+
+    def rename(old_name, new_name)
+      store.rename(old_name, new_name)
+      store.save
+    end
+
+    def export(filename)
+      File.open(filename, 'w') do |io|
+        store.export io
+      end
+    end
+
+    def import(filename)
+      File.open(filename, 'r') do |io|
+        store.import io
+        store.save
+      end
+    end
+
+  private
+
+    def shred(filename, cycles=1)
+      data_length = File.stat(filename).size
+      File.open(filename, 'wb') do |io|
+        cycles.times do
+          io.rewind
+          io << random_bytes(data_length)
+          io.flush
+        end
+      end
+    end
+
+    def random_bytes(num_bytes)
+      File.open(RANDOM_SOURCE){ |io| io.read(num_bytes) }
+    end
+
+    def puts(*args)
+      $stderr.puts(*args)
+    end
+
+    def external_editor(data, &blk)
+      tempfile = Tempfile.new('seekrit')
+      tempfile << data
+      tempfile.close
+      mtime = File.stat(tempfile.path).mtime
+      system( EDITOR + ' ' + tempfile.path )
+      if File.stat(tempfile.path).mtime == mtime
+        puts('No modifications.')
+      else
+        yield File.read(tempfile.path)
+      end
+      shred(tempfile.path)
+    end
+
+  end
+end
+

data/lib/seekrit/store.rb

@@ -0,0 +1,124 @@
+require 'digest/sha2'
+require 'openssl'
+require 'yaml'
+
+module Seekrit
+  class DecryptionError < RuntimeError
+  end
+  
+  class Store
+    CIPHER = 'aes-256-cbc'
+    
+    attr_reader :secrets
+
+    def initialize(password, file, cipher=CIPHER)
+      @password = password
+      @cipher   = cipher
+      @file     = file
+      @secrets  = load_data(file)
+    end
+
+    def keys
+      secrets.keys
+    end
+
+    def [](name)
+      secrets[name]
+    end
+
+    def []=(name, value)
+      secrets[name] = value
+    end
+    
+    def delete(name)
+      secrets.delete(name)
+    end
+
+    def rename(oldname, newname)
+      self[newname] = self[oldname]
+      delete(oldname)
+    end
+
+    def save
+      @file.rewind
+      secrets.sort_by{ |k,_| k }.each do |name, value|
+        @file << escape(name) << "\t" << hexdump(encrypt(value)) << "\n"
+      end
+    end
+
+    def export(io)
+      secrets.sort_by{ |k,_| k }.each do |name, value|
+        io << escape(name) << "\t" << escape(value) << "\n"
+      end
+    end
+
+    def import(io)
+      secrets.clear
+      while line = io.gets
+        name, data = line.chomp.split(/\t/, 2).map{ |a| unescape(a) }
+        self[name] = data
+      end
+    end
+
+  private
+
+    def crypt_key
+      Digest::SHA256.digest(@password)
+    end
+
+    def escape(value)
+      value.
+        gsub(/\\/, "\\\\\\\\").
+        gsub(/\t/, "\\\\t").
+        gsub(/\n/, "\\\\n")
+    end
+
+    def unescape(value)
+      value.
+        gsub(/\\n/, "\n").
+        gsub(/\\t/, "\t").
+        gsub(/\\\\/, "\\\\")
+    end
+
+    def load_data(file)
+      data = {}
+      while line = file.gets
+        a, b = line.split(/\t/, 2)
+        data[unescape(a)] = decrypt(hexload(b))
+      end
+      data
+    end
+
+    def hexdump(binary)
+      binary.unpack('C*').map{ |a| "%02x" % a }.join
+    end
+
+    def hexload(hex)
+      hex.scan(/../).map{ |a| a.to_i(16) }.pack('C*')
+    end
+
+    def encrypt(data)
+      cipher = OpenSSL::Cipher::Cipher.new(@cipher)
+      cipher.encrypt
+      cipher.key = crypt_key
+      cipher.iv = iv = cipher.random_iv
+      ciphertext = cipher.update(data)
+      ciphertext << cipher.final
+      return iv + ciphertext
+    end
+
+    def decrypt(data)
+      cipher = OpenSSL::Cipher::Cipher.new(@cipher)
+      iv = data[0, cipher.iv_len]
+      ciphertext = data[cipher.iv_len..-1]
+      cipher.decrypt
+      cipher.key = crypt_key
+      cipher.iv = iv
+      plaintext = cipher.update(ciphertext)
+      plaintext << cipher.final
+      return plaintext
+    rescue => err
+      raise DecryptionError, err.message
+    end
+  end
+end

metadata

@@ -0,0 +1,83 @@
+--- !ruby/object:Gem::Specification 
+name: seekrit
+version: !ruby/object:Gem::Version 
+  hash: 21
+  prerelease: false
+  segments: 
+  - 0
+  - 2
+  - 1
+  version: 0.2.1
+platform: ruby
+authors: 
+- Paul Battley
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-01-16 00:00:00 +00:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: highline
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id001
+description: A password safe
+email: 
+- pbattley@gmail.com
+executables: 
+- seekrit
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- bin/seekrit
+- lib/seekrit/store.rb
+- lib/seekrit/interactor.rb
+has_rdoc: true
+homepage: http://github.com/threedaymonk/seekrit
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Password safe
+test_files: []
+