sekret 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ad0d96047fe97b5ec72912cf378904b8a469335a27e43e89b1581ce89e1b1c54
+  data.tar.gz: 6227fc843e7e64144e7317b4d0722942569f9b2fff3f4c488fd0add2d896cca8
+SHA512:
+  metadata.gz: faf6946b2a53332e95ccf529e4ec4f7a838c33edbba16218ea66ab437f762a1647ae0c0d7f6f89b3f5909604d0016fd43bdc0a4164f0493be981d2897bd86b67
+  data.tar.gz: 4cd9b9230f599cc15b3a5811cb42b1661632251031dfec629e501975c5a1bed6b7d419a2186ef069495e478e2ec8e5e0d5f1fb8b0914e9ae7e3cd3c161203377

data/README.md

@@ -0,0 +1,30 @@
+# Sekret
+
+
+### Getting Setup
+
+There are a few config options.
+
+```ruby
+Sekret.configure do |config|
+  config.mac_sekret = 'Super Sekret'
+  config.public_key = File.read('path to public pem')
+  config.private_key = File.read('path to private pem')
+end
+```
+
+### Encrypt Data
+
+```ruby
+Sekret.encrypt('This is my secret message')
+
+# => 'abc.123'
+```
+
+### Decrypt Data
+
+```ruby
+Sekret.decrypt('abc.123')
+
+# => 'This is my secret message'
+```

data/Rakefile

@@ -0,0 +1,19 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'yard'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec
+
+namespace :docs do
+  desc 'Generate docs'
+  task :generate do
+    YARD::CLI::Yardoc.run
+  end
+
+  desc 'Get docs stats'
+  task :stats do
+    YARD::CLI::Stats.run('--list-undoc')
+  end
+end

data/lib/sekret.rb

@@ -0,0 +1,30 @@
+require 'sekret/configuration'
+require 'sekret/decryptor'
+require 'sekret/encryptor'
+require 'sekret/errors'
+require 'sekret/key_generator'
+require 'sekret/version'
+
+##
+# Used for encrypting/decrypting data
+module Sekret
+  ##
+  # Encrypt the passed payload
+  #
+  # @param payload [String] The plaintext to encrypt
+  #
+  # @return [String] The encrypted payload
+  def self.encrypt(payload)
+    Sekret::Encryptor.new(Sekret.config.private_key, payload).call
+  end
+
+  ##
+  # Decrypt the passed payload
+  #
+  # @param message [String] the encrypted message to decrypt
+  #
+  # @return [String] The un-encrypted payload
+  def self.decrypt(message)
+    Sekret::Decryptor.new(Sekret.config.public_key, message).call
+  end
+end

data/lib/sekret/body_encryption.rb

@@ -0,0 +1,87 @@
+require 'openssl'
+
+require_relative 'checksum'
+require_relative 'configuration'
+require_relative 'errors'
+
+module Sekret
+  ##
+  # Performs the AES encryption on the message body
+  #
+  # @author Maddie Schipper
+  # @since 1.0.0
+  #
+  # @private
+  class BodyEncryption
+    ##
+    # The algorithm used for encryption/decryption
+    ALGORITHM = 'AES-256-CBC'.freeze
+
+    class << self
+      ##
+      # The result of the encryption
+      #
+      # @attr key [String] The random key used for encryption
+      # @attr iv [String] The random iv used for encryption
+      # @attr checksum [String] The HMAC-SHA256 of the encrypted body
+      # @attr body [String] The encrypted body
+      Result = Struct.new(:key, :iv, :checksum, :body)
+
+      ##
+      # Encrypt a payload using a random key and iv
+      #
+      # @param plaintext [String] The payload to encrypt
+      #
+      # @return [Result]
+      def encrypt(plaintext)
+        key = OpenSSL::Cipher.new(ALGORITHM).random_key
+        iv = OpenSSL::Cipher.new(ALGORITHM).random_iv
+        aes = OpenSSL::Cipher.new(ALGORITHM)
+        aes.encrypt
+        aes.key = key
+        aes.iv = iv
+        cipher = aes.update(plaintext)
+        cipher << aes.final
+        digest = generate_digest(cipher)
+        Result.new(key, iv, digest, cipher)
+      end
+
+      ##
+      # Decrypt the payload
+      #
+      # @param header [Header] The header that contains the key, iv, & checksum
+      # @param encrypted [String] The encrypted content
+      #
+      # @return [String] The un-encrypted message
+      def decrypt(header, encrypted)
+        validate_checksum!(header.authenticity, encrypted)
+        aes = OpenSSL::Cipher.new(ALGORITHM)
+        aes.decrypt
+        aes.key = header.key
+        aes.iv = header.iv
+        plaintext = aes.update(encrypted)
+        plaintext << aes.final
+        plaintext
+      end
+
+      private
+
+      def generate_digest(body)
+        return nil if Sekret.config.mac_secret.nil?
+        Checksum.hmac_sha256(Sekret.config.mac_secret, body)
+      end
+
+      def validate_checksum!(checksum, body)
+        return if checksum.nil?
+        if Sekret.config.mac_secret.nil?
+          raise Sekret::Errors::MissingMacSecretError,
+                'The encrypted message contains an authenticity. But Sekret doesn\'t have a mac_secret'
+        end
+        digest = Checksum.hmac_sha256(Sekret.config.mac_secret, body)
+        if digest != checksum
+          raise Sekret::Errors::MissmatchedMacError, 'The message authenticity doesn\'t match.'
+        end
+      end
+    end
+  end
+end

data/lib/sekret/checksum.rb

@@ -0,0 +1,25 @@
+require 'openssl'
+
+module Sekret
+  ##
+  # Checksum raw data
+  #
+  # @author Maddie Schipper
+  # @since 1.0.0
+  #
+  # @private
+  class Checksum
+    class << self
+      ##
+      # Create a HMAC-SHA256 of a playload
+      #
+      # @param key [String] The key for the hash
+      # @param payload [String] The payload to hash
+      #
+      # @return [String] The HMAC-SHA256
+      def hmac_sha256(key, payload)
+        OpenSSL::HMAC.hexdigest('SHA256', key, payload)
+      end
+    end
+  end
+end

data/lib/sekret/cli.rb

@@ -0,0 +1,17 @@
+require_relative 'cli/runner'
+
+module Sekret
+  ##
+  # CLI Interface for Sekret
+  #
+  # @private
+  module CLI
+    ##
+    # Run the CLI
+    #
+    # @param args [Array<String>] An array of arguments
+    def self.run(args)
+      Sekret::CLI::Runner.new(args).call
+    end
+  end
+end

data/lib/sekret/cli/help.txt.erb

@@ -0,0 +1,10 @@
+Sekret Help
+
+Sekret Version: <%= Sekret::VERSION %>
+
+Commands:
+
+generate-keys  Create a new set of public & private keys
+               Will be printed to stdout
+version        Print the version number
+help           Print this message

data/lib/sekret/cli/runner.rb

@@ -0,0 +1,69 @@
+require 'erb'
+require 'pathname'
+
+module Sekret
+  module CLI
+    ##
+    # The class that handle the CLI
+    #
+    # @author Maddie Schipper
+    # @since 1.0.0
+    #
+    # @private
+    class Runner
+      ##
+      # The arguments left after parsing options
+      #
+      # @return [Array<String>]
+      attr_reader :args
+
+      ##
+      # Create a new runner instance
+      #
+      # @param args [Array<String>] The CLI arguments
+      def initialize(args)
+        @args = args
+      end
+
+      ##
+      # Perform the CLI call
+      def call
+        command = args.shift
+        case command
+        when 'generate-keys'
+          perform_generate_keys
+        when 'help'
+          print_help
+        when 'version'
+          print_version
+        else
+          raise "Unknown Command #{command}. Try `sekret help`"
+        end
+      end
+
+      private
+
+      def perform_generate_keys
+        keys = Sekret::KeyGenerator.generate_rsa_keys
+        puts <<~EOF
+          Generated new keys:
+           Private Key
+           #{keys.private_key}
+           Public Key
+           #{keys.public_key}
+        EOF
+      end
+
+      def print_help
+        path = ::Pathname.new(__dir__).join('help.txt.erb')
+        content = File.read(path)
+        template = ERB.new(content)
+        STDOUT.puts(template.result)
+      end
+
+      def print_version
+        STDOUT.puts(Sekret::VERSION)
+      end
+    end
+  end
+end

data/lib/sekret/configuration.rb

@@ -0,0 +1,31 @@
+module Sekret
+  ##
+  # The configuration object
+  #
+  # @attr mac_secret [String] A random secret that will be used to generate the encryption checksum.
+  # @attr private_key [String] A RSA private key in pem format.
+  # @attr public_key [String] A RSA public key in pem format.
+  Configuration = Struct.new(:mac_secret, :private_key, :public_key)
+
+  ##
+  # The config lock
+  CONFIG_MUTEX = Mutex.new
+
+  ##
+  # Retuns a new config
+  #
+  # @return [Configuration]
+  #
+  # @private
+  def self.config
+    CONFIG_MUTEX.synchronize do
+      @config ||= Configuration.new(nil, nil, nil)
+    end
+  end
+
+  ##
+  # Configuration
+  def self.configure
+    yield config
+  end
+end

data/lib/sekret/decryptor.rb

@@ -0,0 +1,64 @@
+require 'openssl'
+
+require_relative 'encoder'
+require_relative 'body_encryption'
+require_relative 'errors'
+
+module Sekret
+  ##
+  # Handles decrypting a message
+  #
+  # @author Maddie Schipper
+  # @since 1.0.0
+  class Decryptor
+    ##
+    # An intermediate representation of the decrypted message
+    #
+    # @attr header [String] The encrypted header from the message
+    # @attr body [String] The encrypted body of the message
+    Payload = Struct.new(:header, :body)
+
+    ##
+    # Create a new instance of Decryptor
+    #
+    # @param public_key [String] The RSA public key used for decrypting the message. (Must be in pem format)
+    # @param payload [String] The message payload
+    def initialize(public_key, payload)
+      @key = OpenSSL::PKey::RSA.new(public_key)
+      @raw_payload = payload
+    end
+
+    ##
+    # Perform the decryption
+    #
+    # @return [String]
+    def call
+      payload = create_payload
+      header = decrypt_raw_header(payload.header)
+      case header.version
+      when 1
+        Sekret::BodyEncryption.decrypt(header, payload.body)
+      else
+        raise Sekret::Errors::UnsupportedVersionError, "Can't decrypt body with version: #{header.version}"
+      end
+    end
+
+    private
+
+    def create_payload
+      parts = @raw_payload.split('.')
+      if parts.count != 2
+        raise Sekret::Errors::InvalidPayloadError, "Expected a header and a body. Found #{parts.count} parts."
+      end
+      Payload.new(
+        Sekret::Encoder.decode(parts[0]),
+        Sekret::Encoder.decode(parts[1])
+      )
+    end
+
+    def decrypt_raw_header(raw)
+      raw_header = @key.public_decrypt(raw)
+      Sekret::Header.from_decrypted(JSON.parse(raw_header))
+    end
+  end
+end

data/lib/sekret/encoder.rb

@@ -0,0 +1,36 @@
+require 'base64'
+
+module Sekret
+  ##
+  # Encode data objects into URL safe base64
+  #
+  # @author Maddie Schipper
+  # @since 1.0.0
+  #
+  # @private
+  class Encoder
+    class << self
+      ##
+      # Encode the value into URL safe base64
+      #
+      # @param value [String] the data to encode
+      #
+      # @return [String] A URL safe base64 encoded string
+      def encode(value)
+        Base64.urlsafe_encode64(value)
+      end
+
+      ##
+      # Decode the URL safe base64 string into it's raw data
+      #
+      # @param value [String] URL safe base64 string
+      #
+      # @return [String] A decoded data string
+      def decode(value)
+        ##
+        # Decode the URL safe base64 into it's raw format
+        Base64.urlsafe_decode64(value)
+      end
+    end
+  end
+end

data/lib/sekret/encryptor.rb

@@ -0,0 +1,57 @@
+require_relative 'body_encryption'
+require_relative 'encoder'
+require_relative 'header'
+
+module Sekret
+  ##
+  # Encrypt a message
+  #
+  # @author Maddie Schipper
+  # @since 1.0.0
+  class Encryptor
+    ##
+    # The version of the encryption format
+    VERSON = 1
+
+    ##
+    # Create a new instance of Encryptor
+    #
+    # @param private_key [String] The RSA private key used for encrypting the message. (Must be in pem format)
+    # @param payload [String] The message payload
+    #
+    # @return [Encryptor]
+    def initialize(private_key, payload)
+      @key = OpenSSL::PKey::RSA.new(private_key)
+      @payload = payload
+    end
+
+    ##
+    # Perform the encryption
+    #
+    # @return [String]
+    def call
+      result = Sekret::BodyEncryption.encrypt(@payload)
+      header = create_header(result)
+      [
+        Sekret::Encoder.encode(encrypt_header(header)),
+        Sekret::Encoder.encode(result.body)
+      ].join('.')
+    end
+
+    private
+
+    def create_header(result)
+      Sekret::Header.new(
+        result.checksum,
+        result.key,
+        result.iv,
+        VERSON,
+        Sekret::BodyEncryption::ALGORITHM
+      )
+    end
+
+    def encrypt_header(header)
+      @key.private_encrypt(header.to_s)
+    end
+  end
+end

data/lib/sekret/errors.rb

@@ -0,0 +1,40 @@
+module Sekret
+  ##
+  # Custom errors raised by Sekret
+  module Errors
+    ##
+    # The base Error
+    #
+    # @author Maddie Schipper
+    # @since 1.0.0
+    class BaseError < StandardError; end
+
+    ##
+    # Error raised when a `mac_secret` isn't available for creating the message authenticity
+    #
+    # @author Maddie Schipper
+    # @since 1.0.0
+    class MissingMacSecretError < BaseError; end
+
+    ##
+    # Error raised if the encryption checksum doesn't match
+    #
+    # @author Maddie Schipper
+    # @since 1.0.0
+    class MissmatchedMacError < BaseError; end
+
+    ##
+    # Error raised if the payload to be decrypted is invalid
+    #
+    # @author Maddie Schipper
+    # @since 1.0.0
+    class InvalidPayloadError < BaseError; end
+
+    ##
+    # Error raised if the message header has an unsupported version
+    #
+    # @author Maddie Schipper
+    # @since 1.0.0
+    class UnsupportedVersionError < BaseError; end
+  end
+end

data/lib/sekret/header.rb

@@ -0,0 +1,95 @@
+require 'json'
+
+require_relative 'encoder'
+
+module Sekret
+  ##
+  # A Payload header
+  #
+  # @note You should never directly create a Header
+  #
+  # @author Maddie Schipper
+  # @since 1.0.0
+  #
+  # @private
+  class Header
+    ##
+    # The authenticity token for the header
+    # @return [String]
+    attr_reader :authenticity
+
+    ##
+    # The key used to encrypt the body
+    # @return [String]
+    attr_reader :key
+
+    ##
+    # The initialization vector used to encrypt the body
+    # @return [String]
+    attr_reader :iv
+
+    ##
+    # The encryption version for the body
+    # @return [Integer]
+    attr_reader :version
+
+    ##
+    # The encryption algorithm used to encrypt the body
+    # @return [String]
+    attr_reader :algorithm
+
+    ##
+    # Create a new header
+    #
+    # @note You should never directly create a Payload
+    #
+    # @param authenticity (see #authenticity)
+    # @param key (see #key)
+    # @param eiv (see #iv)
+    # @param version (see #version)
+    # @param algorithm (see #algorithm)
+    def initialize(authenticity, key, eiv, version, algorithm)
+      @authenticity = authenticity
+      @key = key
+      @iv = eiv
+      @version = version
+      @algorithm = algorithm
+    end
+
+    ##
+    # @private
+    #
+    # Create a header from a decrypted hash
+    def self.from_decrypted(hash)
+      new(
+        hash['aut'],
+        Encoder.decode(hash['key']),
+        Encoder.decode(hash['eiv']),
+        hash['ver'],
+        hash['alg']
+      )
+    end
+
+    ##
+    # Convert the header into it's hash format
+    #
+    # @return [Hash]
+    def to_h
+      {
+        aut: authenticity,
+        key: Encoder.encode(key),
+        eiv: Encoder.encode(iv),
+        ver: version,
+        alg: algorithm
+      }
+    end
+
+    ##
+    # Convert the header into it's string format
+    #
+    # @return [String]
+    def to_s
+      JSON.dump(to_h)
+    end
+  end
+end

data/lib/sekret/key_generator.rb

@@ -0,0 +1,36 @@
+require 'openssl'
+
+module Sekret
+  ##
+  # Create new keys for encryption
+  #
+  # @author Maddie Schipper
+  # @since 1.0.0
+  class KeyGenerator
+    ##
+    # A new key object
+    #
+    # @attr public_key [String] Public key in pem format.
+    # @attr private_key [String] Private key in pem format.
+    Key = Struct.new(:public_key, :private_key)
+
+    class << self
+      ##
+      # Generate a new RSA public/private key pair
+      #
+      # @param size [Integer] size of the RSA key to generate
+      #   (defaults to 2048)
+      #
+      # @return [Key] the new public & private keys.
+      #
+      # @note The returned key is read-only
+      def generate_rsa_keys(size = 2048)
+        rsa_key = OpenSSL::PKey::RSA.new(size)
+        Key.new(
+          rsa_key.public_key.to_pem,
+          rsa_key.to_pem
+        ).freeze
+      end
+    end
+  end
+end

data/lib/sekret/version.rb

@@ -0,0 +1,5 @@
+module Sekret
+  ##
+  # The current version of Sekret
+  VERSION = '1.0.0'.freeze
+end

metadata

@@ -0,0 +1,145 @@
+--- !ruby/object:Gem::Specification
+name: sekret
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Maddie Schipper
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-10-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.1
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.16.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.16.1
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.16
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.16
+description: Create/Decode semetric encryption
+email:
+- me@maddiesch.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- Rakefile
+- lib/sekret.rb
+- lib/sekret/body_encryption.rb
+- lib/sekret/checksum.rb
+- lib/sekret/cli.rb
+- lib/sekret/cli/help.txt.erb
+- lib/sekret/cli/runner.rb
+- lib/sekret/configuration.rb
+- lib/sekret/decryptor.rb
+- lib/sekret/encoder.rb
+- lib/sekret/encryptor.rb
+- lib/sekret/errors.rb
+- lib/sekret/header.rb
+- lib/sekret/key_generator.rb
+- lib/sekret/version.rb
+homepage: https://github.com/maddiesch/sekret
+licenses: []
+metadata:
+  allowed_push_host: https://rubygems.org
+  yard.run: yri
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Semetric Encryption
+test_files: []