sia 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ebc7889507ffd61937befed163603fd261be52713a58773f383c97ea97fc2fb3
+  data.tar.gz: 6f28ba64af933e94ab98e9a1971465f98175962b9c54e801e678aad516a6900e
+SHA512:
+  metadata.gz: 81982428ae81e1959808ca11aa9656b663f4f401e70b5950f9f9cfcb03a8fcb72c1e709e43f2cbcb57230abade888ce4110f0a6922189d58c426a147bc5c227c
+  data.tar.gz: 74ee62469206fce29bbb3489d7bf68adb03c2542b89d336407e8991f294d6500935fd07007bd03b00ad4bf08a30aea79231fd594f81c5fa72d7ecc26e9114d08

data/.circleci/config.yml

@@ -0,0 +1,57 @@
+# Ruby CircleCI 2.0 configuration file
+#
+# Check https://circleci.com/docs/2.0/language-ruby/ for more details
+#
+version: 2
+jobs:
+  build:
+    docker:
+      # specify the version you desire here
+       - image: circleci/ruby:2.5.1
+
+      # Specify service dependencies here if necessary
+      # CircleCI maintains a library of pre-built images
+      # documented at https://circleci.com/docs/2.0/circleci-images/
+      # - image: circleci/postgres:9.4
+
+    working_directory: ~/repo
+
+    steps:
+      - checkout
+
+      # Download and cache dependencies
+      - restore_cache:
+          keys:
+          - v1-dependencies-{{ checksum "Gemfile.lock" }}
+          # fallback to using the latest cache if no exact match is found
+          - v1-dependencies-
+
+      - run:
+          name: install dependencies
+          command: |
+            bundle install --jobs=4 --retry=3 --path vendor/bundle
+
+      - save_cache:
+          paths:
+            - ./vendor/bundle
+          key: v1-dependencies-{{ checksum "Gemfile.lock" }}
+
+      # run tests!
+      - run:
+          name: run tests
+          command: |
+            mkdir /tmp/test-results
+            TEST_FILES="$(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)"
+
+            bundle exec rspec --format progress \
+                            --format RspecJunitFormatter \
+                            --out /tmp/test-results/rspec.xml \
+                            --format progress \
+                            $TEST_FILES
+
+      # collect reports
+      - store_test_results:
+          path: /tmp/test-results
+      - store_artifacts:
+          path: /tmp/test-results
+          destination: test-results

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_config

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.5.1
+before_install: gem install bundler -v 1.16.1

data/.yardopts

@@ -0,0 +1,2 @@
+--markup markdown
+--no-private

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,75 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of
+experience, nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at jc.spencer92@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an
+incident. Further details of specific enforcement policies may be posted
+separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in sia.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,44 @@
+PATH
+  remote: .
+  specs:
+    sia (0.1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    coderay (1.1.2)
+    diff-lcs (1.3)
+    method_source (0.9.0)
+    pry (0.11.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    rake (10.5.0)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
+    rspec_junit_formatter (0.3.0)
+      rspec-core (>= 2, < 4, != 2.12.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  pry (~> 0.11)
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  rspec_junit_formatter (~> 0.3.0)
+  sia!
+
+BUNDLED WITH
+   1.16.1

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 Spencer Christiansen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,53 @@
+# Sia
+
+[![CircleCI](https://circleci.com/gh/spejamchr/sia.svg?style=shield)](
+https://circleci.com/gh/spejamchr/sia)
+[![GitHub](https://img.shields.io/badge/github-spejamchr/sia-blue.svg)](
+https://github.com/spejamchr/sia)
+[![Documentation](https://img.shields.io/badge/docs-rubydoc.org-blue.svg)](
+https://www.rubydoc.info/github/spejamchr/sia)
+
+Encrypt files by storing them in digital safes. Each safe has a name and a
+password and can store as many files as you want.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'sia'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install sia
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run
+`rake spec` to run the tests. You can also run `bin/console` for an interactive
+prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To
+release a new version, update the version number in `version.rb`, and then run
+`bundle exec rake release`, which will create a git tag for the version, push
+git commits and tags, and push the `.gem` file to
+[rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at
+https://github.com/spejamchr/sia.
+
+## License
+
+The gem is available as open source under the terms of the [MIT
+License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "sia"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+require "pry"
+Pry.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/sia.rb

@@ -0,0 +1,114 @@
+require 'yaml'
+require 'securerandom'
+require 'openssl'
+require 'base64'
+
+require 'sia/version'
+require 'sia/error'
+require 'sia/configurable'
+require 'sia/persisted_config'
+
+# Encrypt files with digital safes
+#
+module Sia
+
+  class << self
+
+    include Configurable
+
+    # Configure Sia, returning the final options
+    #
+    #     Sia.config(
+    #       root_dir: '/path/to/the/safes/',
+    #       index_name: 'my_index',
+    #       buffer_bytes: 2048,
+    #     )
+    #     # => {:root_dir=>"/path/to/the/safes/", :index_name=>"my_index", ...}
+    #
+    # Allows partial or piecemeal configuration.
+    #
+    #     Sia.options
+    #     # => {:root_dir=>"~/.sia_safes"", :index_name=>".sia_index", ...}
+    #
+    #     Sia.config(root_dir: '/new_dir')
+    #     # => {:root_dir=>"/new_dir", :index_name=>".sia_index", ...}
+    #
+    #     Sia.config(index_name: 'my_index')
+    #     # => {:root_dir=>"/new_dir", :index_name=>"my_index", ...}
+    #
+    # See {Sia::Configurable::DEFAULTS} for all available options.
+    #
+    # @see Configurable::DEFAULTS
+    #
+    # @param [Hash] opt
+    # @return [Hash]
+    #
+    def config(**opt)
+      @options.merge!(clean_options(opt))
+      options
+    end
+
+    # Persist the current Sia-wide options
+    #
+    # The next time Sia is loaded it will use the current config values.
+    # Consequently, all new safes will use the current configuration as
+    # defaults.
+    #
+    def persist!
+      PersistedConfig.new.persist(options)
+    end
+
+    # Reset the options to default and return the options
+    #
+    #     Sia.config(root_dir: '/hi', index_name: 'there')
+    #     # => {:root_dir=>'/hi', :index_name=>'there', ...}
+    #     Sia.set_default_options!
+    #     # => {:root_dir=>"~/.sia_safes", :index_name=>".sia_index", ...}
+    #
+    # With arguments, resets only the option(s) provided
+    #
+    #     Sia.config(root_dir: '/hi', index_name: 'there')
+    #     # => {:root_dir=>'/hi', :index_name=>'there', ...}
+    #     Sia.set_default_options!(:index_name)
+    #     # => {:root_dir=>'/hi', :index_name=>".sia_index", ...}
+    #
+    # Optionally takes a `:source` keyword argument that determines whether the
+    # default values should be taken from the gem or from the persisted config.
+    # Values should be either `:persisted` or `:gem`. Default is `:persisted`.
+    # If there is no persisted config the gem defaults are used.
+    #
+    # @note This change is not persisted.
+    #
+    # @param [Array<Symbol>] specifics Optionally reset only specific options
+    # @param [:persisted|:gem] source Load defaults from gem or persisted config
+    #
+    # @return [Hash] The new options
+    #
+    def set_default_options!(*specifics, source: :persisted)
+      specifics = DEFAULTS.keys if specifics.empty?
+      keepers = (@options || {}).slice(*DEFAULTS.keys - specifics)
+      @options = defaults(source).merge(keepers)
+      options
+    end
+
+    private
+
+    # Used by Sia::Configurable
+    #
+    # @param [:persisted|:gem] source Load defaults from gem or persisted config
+    #
+    def defaults(source=:persisted)
+      case source
+      when :persisted
+        PersistedConfig.new.options
+      when :gem
+        DEFAULTS
+      else
+        raise "Unrecognized source: #{source.inspect}, must be :source or :gem"
+      end
+    end
+  end # class << self
+end
+
+require 'sia/lock'
+require 'sia/safe'

data/lib/sia/configurable.rb

@@ -0,0 +1,175 @@
+# Sia-wide and Safe-specific configuration
+#
+# Any Sia-wide custom configuration is passed along to new safes.
+#
+#     Sia.options
+#     # => {:root_dir=>"~/.sia_safes", :index_name=>".sia_index", ...}
+#     Sia.config(root_dir: '/custom/dir')
+#     # => {:root_dir=>"/custom/dir", :index_name=>".sia_index", ...}
+#     Sia::Safe.new(name: 'test', password: 'secret').options
+#     # => {:root_dir=>"/custom/dir", :index_name=>".sia_index", ...}
+#
+# Safes can only be configured at creation. There is intentionally no API for
+# configuring safes that already exist.
+#
+#     safe = Sia::Safe.new(name: 'test', password: 'secret', index_name: 'hi')
+#     safe.options
+#     # => {:root_dir=>"/custom/dir", :index_name=>"hi", ...}
+#
+# Hmm... the `:root_dir` option is still set to our custom directory before, but
+# we don't want to use that anymore. We could manually reset it back to its
+# default, or we can just use {Sia.set_default_options!}.
+#
+#     Sia.set_default_options!(:root_dir)
+#     safe = Sia::Safe.new(name: 'test', password: 'secret', index_name: 'hi')
+#     safe.options
+#     # => {:root_dir=>"~/.sia_safes", :index_name=>"hi", ...}
+#
+module Sia::Configurable
+
+  # Configuration defaults for Sia as a whole and for individual safes
+  #
+  # `:root_dir` - The directory holding all the safes. Within this directory,
+  #     each safe will have its own directory
+  #
+  # `:index_name` - The name of the encrypted index file within the safe
+  #     directory. It hold information like which files are in the safe and when
+  #     they were last opened/closed.
+  #
+  # `:salt_name` - The name of the file within the safe directory that holds the
+  #     salt string.
+  #
+  # `:digest_iterations` - Changes how long computing the symmetric key from the
+  #     password will take. The longer the computation takes, the harder for
+  #     someone to break into the safe.
+  #
+  # `:buffer_bytes` - The buffer size to use when reading/writing files.
+  #
+  # `:in_place` - If true, closed files will be encrypted where they are with
+  #     a Sia file extension attached to the name. If false, closed files will
+  #     be moved to the safe dir and renamed to a url-safe hash.
+  #
+  # `:extension` - In-place safes will attach this extension to closed files.
+  #     Ignored unless `:in_place` is truthy. Can include the period or not (so
+  #     `'.thing'` and `'thing'` will both work the same).
+  #
+  # `:portable` - If true, all clear files must be children of the safe dir.
+  #     Useful if the safe will be shared.
+  #
+  DEFAULTS = {
+    root_dir: Pathname(Dir.home) / '.sia_safes',
+    index_name: '.sia_index',
+    salt_name: '.sia_salt',
+    digest_iterations: 200_000,
+    buffer_bytes: 512,
+    in_place: false,
+    extension: '.sia_closed',
+    portable: false,
+  }.freeze
+
+  # The configuration options
+  #
+  # @return [Hash]
+  #
+  def options
+    (@options ||= defaults).transform_values(&:dup)
+  end
+
+  private
+
+  def persisted_config
+    Sia::PERSISTED_CONFIG.exist? ?
+      (YAML.load(Sia::PERSISTED_CONFIG.read) || {}) : {}
+  end
+
+  def clean_options(opt)
+    opt = opt.dup
+    illegals = opt.keys - DEFAULTS.keys
+    unless illegals.empty?
+      raise Sia::Error::InvalidOptionError.new(illegals, DEFAULTS.keys)
+    end
+
+    tentatives = options.merge(opt)
+    if tentatives[:index_name] == tentatives[:salt_name]
+      raise Sia::Error::ConfigurationError,
+        ":index_name and :salt_name cannot be equal, but were both " +
+        tentatives[:salt_name].inspect
+    end
+
+    validation_for(opt) do
+      safe_path :root_dir
+      safe_filename :index_name, :salt_name, :extension
+
+      convert(:root_dir) { |v| Pathname(v).expand_path }
+      convert(:index_name, :salt_name) { |v| v.to_s }
+      convert(:digest_iterations, :buffer_bytes) { |v| v.to_i }
+      convert(:in_place, :portable) { |v| !!v }
+      convert(:extension) { |v| ".#{v.to_s.reverse.chomp('.').reverse}" }
+    end
+
+    opt
+  end
+
+  def validation_for(opt, &block)
+    Validator.new(opt).instance_eval(&block).done
+  end
+
+  # Validate the options
+  # @private
+  class Validator
+
+    SAFE_PATH_REGEX = /\A[A-Za-z0-9\._-]+\z/
+
+    def initialize(opt)
+      @opt = opt
+      @converted = []
+    end
+
+    def safe_path(*keys)
+      (keys & @opt.keys).each do |k|
+        if @opt[k].to_s.empty?
+          raise Sia::Error::ConfigurationError, "#{k.inspect} must not be empty"
+        end
+
+        slash = File::SEPARATOR
+        path = @opt[k].to_s.chomp(slash).reverse.chomp(slash).reverse
+        path.split(slash).all? { |s| portable_file(s) }
+      end
+    end
+
+    def safe_filename(*keys)
+      (keys & @opt.keys).each { |k| portable_file(@opt[k].to_s) }
+    end
+
+    def convert(*keys, &block)
+      @converted += keys
+      (keys & @opt.keys).each do |k|
+        @opt[k] = yield @opt[k]
+      rescue NoMethodError => nme
+        raise Sia::Error::ConfigurationError,
+          "#{k.inspect} was #{nme.args} and could not be converted using " +
+          "`#{nme.name.inspect}`"
+      end
+      self
+    end
+
+    def portable_file(string)
+      return if string =~ SAFE_PATH_REGEX
+      raise Sia::Error::ConfigurationError,
+        "Filenames must match the regex #{SAFE_PATH_REGEX.inspect}, " +
+        "but was #{string.inspect}"
+    end
+
+    # Make sure Sia converts each option exactly one time. Any time a new
+    # option is added, it needs to be converted.
+    def done
+      return if DEFAULTS.keys.sort == @converted.sort
+
+      bads = DEFAULTS.transform_values { 0 }.merge(
+        @converted.group_by(&:itself).transform_values(&:count)
+      ).select { |k, v| v != 1 }
+
+      raise "Options were not converted exactly once! #{bads}"
+    end
+  end # class Validator
+end # module Sia::Configurable

data/lib/sia/error.rb

@@ -0,0 +1,38 @@
+module Sia
+  # Sia-specific errors live here
+  #
+  # To catch any Sia error, just rescue `Sia::Error`.
+  #
+  #     begin
+  #       # Code stuffs
+  #     rescue Sia::Error
+  #       # Handle the exceptiom
+  #     end
+  #
+  class Error < StandardError
+
+    # Raised when creating a safe with the incorrect password
+    class PasswordError < Error; end
+
+    # Raised when attempting to set bad configuration
+    class ConfigurationError < Error; end
+
+    # Raised when trying to set invalid option(s)
+    class InvalidOptionError < ConfigurationError
+      def initialize(invalids, available)
+        msg = <<~MSG
+          Got invalid option(s):
+            #{invalids.map(&:inspect).join("\n  ")}
+          Available options:
+            #{available.map(&:inspect).join("\n  ")}
+        MSG
+
+        super(msg)
+      end
+    end
+
+    # Raised with portable safes when trying to close a file not in the safe_dir
+    class FileOutsideScopeError < Error; end
+
+  end
+end

data/lib/sia/lock.rb

@@ -0,0 +1,137 @@
+module Sia
+  # Every good safe needs a safe lock
+  #
+  # Used by Sia::Safe to do the heavy cryptographical lifting
+  #
+  # * Securely derives its symmetric key from a user's password using
+  #   OpenSSL::PKCS5
+  # * Uses an OpenSSL::Cipher for encryption
+  #
+  # Ex:
+  #
+  #     lock = Sia::Lock.new('pass', 'salt', 1_000, 1_000_000)
+  #     lock.encrypt_to_file('Hello World!', '/path/to/secure/file')
+  #     File.read('/path/to/secure/file')
+  #     # => "\u0016\x8A\x88/%\x90\xDF\u007F\xFC@\xCB\t\u001FTp`(\xBF\x8DR\x9E\x91\x8F\xC1FX\x8F7\xF6-+2"
+  #     lock.decrypt_from_file('/path/to/secure/file')
+  #     # => "Hello World!"
+  #
+  class Lock
+
+    # The digest to use. Safes use the length of the digest to make the salt.
+    DIGEST = OpenSSL::Digest::SHA256
+
+    # @param [String] password
+    # @param [String] salt
+    # @param [Integer] buffer_bytes The buffer size for reading/writing to file.
+    # @param [Integer] digest_iterations Increase this to increase hashing time.
+    # @return [Lock]
+    #
+    def initialize(password, salt, buffer_bytes, digest_iterations)
+      @buffer_bytes = buffer_bytes
+
+      # Don't let the symmetric_key accidentally show up in logs or in the
+      # console. Instead of storing it in an instance variable store it in a
+      # private method.
+      key = digest_password(password, salt, digest_iterations)
+      define_singleton_method(:symmetric_key) { key }
+      self.singleton_class.send(:private, :symmetric_key)
+    end
+
+    # Used for encrypting the index file from memory
+    #
+    # @param [Pathname] string The string to encrypt
+    # @param [Pathname] secure Absolute path to the secure file
+    #
+    def encrypt_to_file(string, secure)
+      secure.open('wb') { |s| basic_encrypt(StringIO.new(string), s) }
+    end
+
+    # Used for decrypting the index file into memory
+    #
+    # @param [Pathname] secure Absolute path to the secure file
+    # @return [String]
+    #
+    def decrypt_from_file(secure)
+      secure.open('rb') { |s| basic_decrypt(StringIO.new, s).string }
+    end
+
+    # Encrypt a clear file into a secure file, removing the clear file.
+    #
+    # This is better set up to handle large amounts of data than
+    # {#encrypt_to_file}, which has to hold the entire clear string in memory.
+    #
+    # @param [Pathname] clear Absolute path to the clear file.
+    # @param [Pathname] secure Absolute path to the secure file.
+    #
+    def encrypt(clear, secure)
+      clear.open('rb') { |c| secure.open('wb') { |s| basic_encrypt(c, s) } }
+      clear.delete
+    end
+
+    # Decrypt a secure file into a clear file, removing the secure file.
+    #
+    # This is better set up to handle large amounts of data than
+    # {#decrypt_from_file}, which has to hold the entire clear string in memory.
+    #
+    # @param [Pathname] clear Absolute path to the clear file.
+    # @param [Pathname] secure Absolute path to the secure file.
+    #
+    def decrypt(clear, secure)
+      clear.open('wb') { |c| secure.open('rb') { |s| basic_decrypt(c, s) } }
+      secure.delete
+    end
+
+    private
+
+    def new_cipher
+      OpenSSL::Cipher.new('AES-256-CBC')
+    end
+
+    # Get a password digest from the password
+    #
+    # @param [String] password The password to digest
+    # @return [String] The digested password, a binary string
+    #
+    def digest_password(password, salt, iter)
+      len = DIGEST.new.digest_length
+      OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iter, len, DIGEST.new)
+    end
+
+    def basic_encrypt(clear_io, secure_io)
+      cipher = new_cipher.encrypt
+      cipher.key = symmetric_key
+      iv = cipher.random_iv
+      cipher.iv  = iv
+
+      secure_io << iv
+      until clear_io.eof?
+        secure_io << cipher.update(clear_io.read(@buffer_bytes))
+      end
+      secure_io << cipher.final
+    end
+
+    def basic_decrypt(clear_io, secure_io)
+      decipher = new_cipher.decrypt
+      decipher.key = symmetric_key
+      first_block = true
+
+      until secure_io.eof?
+        if first_block
+          decipher.iv = secure_io.read(decipher.iv_len)
+          first_block = false
+        else
+          clear_io << decipher.update(secure_io.read(@buffer_bytes))
+        end
+      end
+
+      clear_io << decipher.final
+
+      clear_io
+
+    rescue OpenSSL::Cipher::CipherError
+      raise Sia::Error::PasswordError, 'Invalid password'
+    end
+
+  end # class Lock
+end # module Sia

data/lib/sia/persisted_config.rb

@@ -0,0 +1,75 @@
+module Sia
+  # Sia-wide and safe-specific persisted config
+  #
+  # Sia can read and write Sia-wide persisted config, but can't read or write
+  # any safe-specific config. Safes can read Sia-wide config, and can read and
+  # write their own config, but can't access other safes' configs.
+  #
+  class PersistedConfig
+
+    PATH = Pathname(Dir.home) / '.sia_config'
+
+    # Provide a name for safe-specific access. Call w/o args for Sia-wide access
+    #
+    # @param [#to_sym|nil] name The name of the safe to be given access.
+    #   Leave blank if Sia is to be given access.
+    #
+    def initialize(name=nil)
+      @access_key = name ? :"safe #{name}" : :sia
+    end
+
+    # Persist some options into the persisted entry
+    #
+    # An attempt is made to not over-write things on accident by merging the
+    # previously persisted options with Sia's defaults, and merging the provided
+    # options into the result. This way, providing partial updates to the
+    # options won't over-write all the other options, and if new options are
+    # added to the gem later they will be effortlessly merged into the persisted
+    # config without having to pass them explicitly.
+    #
+    # @param [Hash] opt The options to persist
+    #
+    def persist(opt)
+      opt = Configurable::DEFAULTS.merge(options).merge(opt)
+
+      whole_hash.merge!(@access_key => opt)
+
+      PATH.write(YAML.dump(whole_hash))
+    end
+
+    # Load the persisted options from the persisted entry
+    #
+    def options
+      entry = whole_hash.fetch(@access_key) do
+        @access_key == :sia ? {} : Sia.options
+      end
+
+      Configurable::DEFAULTS.merge(entry)
+    end
+
+    def exist?
+      whole_hash.has_key?(@access_key)
+    end
+
+    def delete
+      return unless exist?
+
+      whole_hash.delete(@access_key)
+
+      PATH.write(YAML.dump(whole_hash))
+    end
+
+    def refresh
+      @whole_hash = PATH.file? ? YAML.load(PATH.read) : {}
+      nil
+    end
+
+    private
+
+    # The entire persisted config hash, without access limitations
+    #
+    def whole_hash
+      @whole_hash || refresh || @whole_hash
+    end
+  end
+end

data/lib/sia/safe.rb

@@ -0,0 +1,293 @@
+module Sia
+  # Keep all the files safe
+  #
+  # Encrypt files and store them in a digital safe. Have one safe for
+  # everything, or use individual safes for each file to be encrypted.
+  #
+  # When creating a safe provide at least a name and a password, and the
+  # defaults will take care of the rest.
+  #
+  #     safe = Sia::Safe.new(name: 'test', password: 'secret')
+  #
+  # With a safe in hand, {close} an existing file to keep it safe. (Note, any
+  # type of file can be closed, not just `.txt` files.)
+  #
+  #     safe.close('~/secret.txt')
+  #
+  # The file will not longer be present at `/path/to/the/secret.txt`; instead,
+  # it will now be encrypted in the default Sia directory with a new name.
+  # Restore it by using {open}.
+  #
+  #     safe.open('~/secret.txt')
+  #
+  # Notice that {open} requires the path (relative or absolute) to the file as
+  # it existed before being encrypted, even though there's no file at that
+  # location anymore. To see all files available to open in the safe, take a
+  # peak in the {index}.
+  #
+  #     pp safe.index
+  #     {:files=>
+  #       {"/Users/spencer/secret.txt"=>
+  #         {:secure_file=>"0nxntvTLteCTZ8cmZdX848gGaYHRAOHqir-1RuJ-n-E",
+  #          :last_closed=>2018-04-29 19:58:24 -0600,
+  #          :safe=>true}}}
+  #
+  # The {fill} and {empty} methods are also helpful. {fill} will close all files
+  # that belong to the safe, and {empty} will open all the files.
+  #
+  #     safe.fill
+  #     safe.empty
+  #
+  # Finally, if the safe has outlived its usefulness, {delete} is there to help.
+  # {delete} will remove a safe as-is, without opening or closing any files.
+  # This means that **all currently closed files will be lost** when using
+  # {delete}.
+  #
+  #     safe.delete
+  #
+  # FYI, the safe directory for this example has the structure:
+  #
+  #     ~/
+  #     └── .sia_safes/
+  #         └── test/
+  #             ├── .sia_index
+  #             ├── .sia_salt
+  #             └── 0nxntvTLteCTZ8cmZdX848gGaYHRAOHqir-1RuJ-n-E
+  #
+  # The `.sia_safes/` directory holds all the safes, in this case the `test`
+  # safe. Its name and location can be customized using {Configurable}. The
+  # `test/` directory where the `test` safe lives. `.sia_index` is an encrypted
+  # file that stores information about the safe. Its name cam be customized:
+  # {Configurable}. The `.sia_salt` file stores the salt used to make a good
+  # symmetric key out of the password. Its name cam be customized:
+  # {Configurable}. The last file,
+  # `0nxntvTLteCTZ8cmZdX848gGaYHRAOHqir-1RuJ-n-E`, is the newly encrypted file.
+  # Its name is a `SHA256` digest of the full pathname of the clearfile (in this
+  # case, `"/Users/spencer/secret.txt"`) encoded in url-safe base 64 without
+  # padding (ie, not ending `'='`).
+  #
+  class Safe
+
+    include Sia::Configurable
+
+    attr_reader :name
+
+    # @param [#to_sym] name
+    # @param [#to_s] password
+    # @param [Hash] opt Configure new safes as shown in {Configurable}.
+    #   When instantiating existing safes, configuration here must match the
+    #   persisted config, or be absent.
+    # @return [Safe]
+    #
+    def initialize(name:, password:, **opt)
+      @name = name.to_sym
+      @persisted_config = PersistedConfig.new(@name)
+
+      options # Initialize the options with defaults
+      assign_options(opt)
+
+      @lock = Lock.new(
+        password.to_s,
+        salt,
+        options[:buffer_bytes],
+        options[:digest_iterations]
+      )
+
+      # Don't let initialization succeed if the password was invalid
+      index
+    end
+
+    # Persist the safe and its configuration
+    #
+    # This doesn't have any effect once a file has been closed in the safe.
+    #
+    def persist!
+      return if @persisted_config.exist?
+
+      safe_dir.mkpath unless safe_dir.directory?
+      salt_path.write(salt) unless salt_path.file?
+
+      @persisted_config.persist(options)
+
+      update_index(:files, files)
+    end
+
+    # The directory where this safe is stored
+    #
+    # @return [Pathname]
+    #
+    def safe_dir
+      options[:root_dir] / name.to_s
+    end
+
+    # The absolute path to the encrypted index file
+    #
+    # @return [Pathname]
+    #
+    def index_path
+      safe_dir / options[:index_name]
+    end
+
+    # Information about the files in the safe
+    #
+    # @return [Hash]
+    #
+    def index
+      return {} unless index_path.file?
+
+      YAML.load(@lock.decrypt_from_file(index_path))
+    rescue Psych::SyntaxError
+      # A Psych::SyntaxError was raised in my integration test once when an
+      # incorrect password was used. This raises the right error if that ever
+      # happens again.
+      raise Sia::Error::PasswordError, 'Invalid password'
+    end
+
+    # The absolute path to the file storing the salt
+    #
+    def salt_path
+      safe_dir / options[:salt_name]
+    end
+
+    # The salt in binary encoding
+    #
+    def salt
+      if salt_path.file?
+        salt_path.read
+      else
+        @salt ||= SecureRandom.bytes(Sia::Lock::DIGEST.new.digest_length)
+      end
+    end
+
+    # Secure a file in the safe
+    #
+    # @param [String] filename Relative or absolute path to file to secure.
+    #
+    def close(filename)
+      clearpath = clear_filepath(filename)
+      check_file_is_in_safe_dir(clearpath) if options[:portable]
+      persist!
+
+      @lock.encrypt(clearpath, secure_filepath(clearpath))
+
+      info = files.fetch(clearpath, {}).merge(
+        secure_file: secure_filepath(clearpath),
+        last_closed: Time.now,
+        safe: true
+      )
+      update_index(:files, files.merge(clearpath => info))
+    end
+
+    # Extract a file from the safe
+    #
+    # @param [String] filename Relative or absolute path to file to extract.
+    #   Note: For in-place safes, the closed path may be used. Otherwise, this
+    #   the path to the file as it existed before being closed.
+    #
+    def open(filename)
+      clearpath = clear_filepath(filename)
+      check_file_is_in_safe_dir(clearpath) if options[:portable]
+
+      @lock.decrypt(clearpath, secure_filepath(clearpath))
+
+      info = files.fetch(clearpath, {}).merge(
+        secure_file: secure_filepath(clearpath),
+        last_opened: Time.now,
+        safe: false
+      )
+      update_index(:files, files.merge(clearpath => info))
+    end
+
+    # Open all files in the safe
+    #
+    def empty
+      files.each { |filename, data| open(filename) if data[:safe]  }
+    end
+
+    # Close all files in the safe
+    #
+    def fill
+      files.each { |filename, data| close(filename) unless data[:safe]  }
+    end
+
+    # Delete the safe as-is, without opening or closing files
+    #
+    # All closed files are deleted. Open files are not deleted. The safe dir is
+    # deleted if there is nothing besides closed files, the {#index_path}, and
+    # the {#salt_path} in it.
+    #
+    def delete
+      return unless @persisted_config.exist?
+
+      files.each { |_, d| d[:secure_file].delete if d[:safe] }
+      index_path.delete
+      salt_path.delete
+      safe_dir.delete if safe_dir.empty?
+
+      @persisted_config.delete
+    end
+
+    private
+
+    # Used by Sia::Configurable
+    #
+    def defaults
+      @persisted_config.options.dup
+    end
+
+    def assign_options(opt)
+      if @persisted_config.exist?
+        news = options.merge(clean_options(opt))
+        unless options == news
+          differences = (news.to_a - options.to_a).map { |k, v|
+            ":#{k} changed from `#{options[k]}` to `#{news[k]}`"
+          }.join("\n  ")
+          raise Sia::Error::ConfigurationError,
+            "Cannot change safe configuration\n  #{differences}"
+        end
+      else
+        @options.merge!(clean_options(opt))
+      end
+      @options.freeze
+    end
+
+    def files
+      index.fetch(:files, {}).freeze
+    end
+
+    def update_index(k, v)
+      yaml = YAML.dump(index.merge(k => v))
+      @lock.encrypt_to_file(yaml, index_path)
+    end
+
+    # Generate a urlsafe filename for storage in the safe
+    def digest_filename(filename)
+      digest = Digest::SHA256.digest(filename.to_s)
+      filename = Base64.urlsafe_encode64(digest, padding: false)
+    end
+
+    def secure_filepath(filename)
+      if options[:in_place]
+        Pathname(filename.to_s + options[:extension])
+      else
+        safe_dir / digest_filename(filename)
+      end
+    end
+
+    def clear_filepath(filename)
+      filename = Pathname(filename).expand_path
+      return filename unless options[:in_place]
+
+      filename.extname == options[:extension] ? filename.sub_ext('') : filename
+    end
+
+    def check_file_is_in_safe_dir(filename)
+      filename.ascend { |f| return if f == safe_dir }
+
+      raise Sia::Error::FileOutsideScopeError, <<~MSG
+        Portable safes can only open or close files within the `safe_dir`
+          #{filename} is not a descendant of #{safe_dir}
+      MSG
+    end
+  end # class Safe
+end # module Sia

data/lib/sia/version.rb

@@ -0,0 +1,3 @@
+module Sia
+  VERSION = "0.1.0"
+end

data/sia.gemspec

@@ -0,0 +1,26 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "sia/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "sia"
+  spec.version       = Sia::VERSION
+  spec.authors       = ["Spencer Christiansen"]
+  spec.email         = ["jc.spencer92@gmail.com"]
+
+  spec.summary       = %q{Encrypt files with digital safes}
+  spec.homepage      = "https://github.com/spejamchr/sia/"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "pry", "~> 0.11"
+  spec.add_development_dependency "rspec_junit_formatter", "~> 0.3.0"
+end

metadata

@@ -0,0 +1,135 @@
+--- !ruby/object:Gem::Specification
+name: sia
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Spencer Christiansen
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-05-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.11'
+- !ruby/object:Gem::Dependency
+  name: rspec_junit_formatter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+description: 
+email:
+- jc.spencer92@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".circleci/config.yml"
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- ".yardopts"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/sia.rb
+- lib/sia/configurable.rb
+- lib/sia/error.rb
+- lib/sia/lock.rb
+- lib/sia/persisted_config.rb
+- lib/sia/safe.rb
+- lib/sia/version.rb
+- sia.gemspec
+homepage: https://github.com/spejamchr/sia/
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Encrypt files with digital safes
+test_files: []