ssbx 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 0cda81615e31774e4279c4454b0a5b1c9d77bc331568acc612471f7f56dbc586
+  data.tar.gz: e5d8453d32656c2018cbc83208701952b9a96b9e3d058689dd2948d295a0f426
+SHA512:
+  metadata.gz: 496d3f33a15db8e5ad3080a2651ffb1b25f40d631add12a58ae4365196dffb9936bb71d03ea3e462757b35a17a9e4e11031b4cfb7f15914981879fd78d0e77e6
+  data.tar.gz: bf54c85290eeb62e4ab9e4bb3e230a783fbe168ac76756dbbdfdc2f61a8b6277c67cab970ffb67c19ef66875c63987cea54c7225ccba5ea3894ec4abecbb5475

data/.gitignore

@@ -0,0 +1,8 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.gitlab-ci.yml

@@ -0,0 +1,4 @@
+image: ruby:2.2
+job:
+  script:
+  - rake test

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:gitlab) {|repo_name| "https://gitlab.com/basking2/#{repo_name}" }
+
+# Specify your gem's dependencies in ssbx.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,20 @@
+PATH
+  remote: .
+  specs:
+    ssbx (0.1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    rake (10.5.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 2.0)
+  rake (~> 10.0)
+  ssbx!
+
+BUNDLED WITH
+   2.0.1

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Sam Baskinger
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,39 @@
+# Ssbx
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'ssbx'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install ssbx
+
+## Usage
+
+Edit `~/.ssbx.yaml` to contain...
+
+```yaml
+user: You
+pass: A secret password
+```
+
+Then use `ssbx` to view or edit that file.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,15 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+require 'rdoc/task'
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+end
+
+RDoc::Task.new do |rdoc|
+  rdoc.main = "README.rdoc"
+  rdoc.rdoc_files.include("README.rdoc", "lib/**/*.rb")
+end
+
+task :default => :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "ssbx"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/ssbx

@@ -0,0 +1,121 @@
+#!/usr/bin/env ruby
+
+require "ssbx"
+require 'optparse'
+require 'yaml'
+require 'pp'
+
+CONFIG = {
+    'file' => 'ssbx.enc',
+    'user' => 'anonymous',
+    'pass' => 'password',
+}
+
+default_config = File.join(ENV['HOME'], '.ssbx.yaml')
+if File.file? default_config
+    c = YAML::load(File.read(default_config))
+    CONFIG.merge!(c)
+end
+
+CONFIG['delete_users'] = []
+CONFIG['add_users'] = []
+
+OptionParser.new do |opts|
+    opts.on('-v', '--verbose', "Verbose.") do 
+        CONFIG['verbose'] = true
+    end
+
+    opts.on('-l', '--list', "List users.") do
+        CONFIG['list'] = true
+    end
+
+    opts.on('-d', '--delete=user', String, "Delete user. May be used multiple times.") do |u|
+        CONFIG['delete_users'] << u
+    end
+
+    opts.on('-a', '--add=user:pass', String, "Add user. May be used multiple times.") do |u|
+        CONFIG['add_users'] << u.split(':')
+    end
+
+    opts.on('-f', '--file=file', String, "File to operate on.") do |f|
+        CONFIG['file'] = f
+    end
+
+    opts.on('-u', '--user=user', String, 'The user to edit this file.') do |u|
+        CONFIG['user'] = u
+    end
+
+    opts.on('--set=file', String, "Set the contents of this encrypted file to the given file.") do |f|
+        CONFIG['set'] = f
+    end
+
+    opts.on('-o', '--out=file', String, "Read and print the file contents to here. - is stdout.") do |f|
+        CONFIG['out'] = f
+    end
+end.parse! ARGV
+
+if CONFIG['verbose']
+    require 'pp'
+    pp CONFIG
+end
+
+CONFIG['delete_users'].each do |u|
+    f = Ssbx::File.new
+    File.open(CONFIG['file'], 'r') { |io| f.read(io) }
+    bx = Ssbx::Box.new(f)
+    bx.remove_user(u)
+    File.open(CONFIG['file'], 'wb') { |io| f.write(io) }
+end
+
+if CONFIG['add_users']
+    f = Ssbx::File.new
+    bx = Ssbx::Box.new(f)
+    data = File.open(CONFIG['file'], 'rb') do |io|
+        bx.read(io, CONFIG['user'], CONFIG['pass'])
+    end
+
+    CONFIG['add_users'].each do |u|
+        u, p = u[0], u[1] || u[0]
+        
+        File.open(CONFIG['file'], 'wb') do |io| 
+            bx.write(io, u, p, data)
+        end 
+    end
+end
+
+if CONFIG['set']
+    f = Ssbx::File.new
+    bx = Ssbx::Box.new(f)
+    data = File.read(CONFIG['set'])
+    File.open(CONFIG['file'], 'wb') do |io|
+        bx.write(io, CONFIG['user'], CONFIG['pass'], data)
+    end
+end
+
+if CONFIG['out']
+    f = Ssbx::File.new
+    bx = Ssbx::Box.new(f)
+    data = File.open(CONFIG['file'], 'rb') do |io|
+        bx.read(io, CONFIG['user'], CONFIG['pass'])
+    end
+
+    if CONFIG['out'] == '-'
+        STDOUT.write(data)
+    else 
+        File.open(CONFIG['out'], 'wb') do |io|
+            io.write(data)
+        end
+    end
+end
+
+if CONFIG['list']
+    f = Ssbx::File.new
+    bx = Ssbx::Box.new(f)
+    File.open(CONFIG['file'], 'rb') do |io|
+        f.read(io)
+    end
+
+    bx.list.each do |u|
+        puts u
+    end
+end

data/lib/ssbx/box.rb

@@ -0,0 +1,112 @@
+require 'ssbx/file'
+
+require 'openssl'
+
+module Ssbx
+
+    # This is the encryption logic.
+    # This uses File to read and write data, but the actual encryption logic is in here.
+    class Box
+
+        # Create a new box.
+        def initialize(file)
+            if file.is_a? IO
+                @file = File.new
+                @file.read(file)
+            elsif file.is_a? Ssbx::File
+                @file = file
+            else
+                raise Exception.new("Unsupported input type #{file.class}. Try Ssbx::File or IO.")
+            end
+        end
+
+        # Write the data given the userid and password.
+        # If the user is not in the file, they are added.
+        def write(outstream, userid, password, data)
+            userrecord = @file.keys.select { |k| k[0] == userid }
+
+            # Find or get our user record.
+            if userrecord.length == 0 
+                privkey = OpenSSL::PKey::RSA.new(2048)
+
+                userrecord = [ userid ]
+                userrecord << privkey.to_pem(OpenSSL::Cipher::AES.new('128-CBC'), password)
+                userrecord << privkey.public_key.to_pem
+                userrecord << '' # Private Key
+                userrecord << '' # Initialization Vector.
+
+                @file.keys << userrecord
+            else
+                userrecord = userrecord[0]
+
+                privkey = OpenSSL::PKey::RSA.new(2048)
+
+                # Rotate user record entries.
+                userrecord[1] = privkey.to_pem(OpenSSL::Cipher::AES.new('128-CBC'), password)
+                userrecord[2] = privkey.public_key.to_pem
+                userrecord[3] = '' # Private Key
+                userrecord[4] = '' # Initialization Vector.
+            end
+
+            # Make semetric cipher.
+            cipher = OpenSSL::Cipher.new('AES-256-CBC')
+            cipher.encrypt
+
+            key = cipher.random_key
+            iv = cipher.random_iv
+
+            # Encrypt data with key.
+            ciphertext = cipher.update(data)
+            ciphertext += cipher.final
+            @file.data = ciphertext
+
+            # Now update all key records with the new key and iv.
+            @file.keys.each do |key_rec|
+                # k[0 id, 1 priv, 2 pub, 3 key, 4 iv]
+                k = OpenSSL::PKey::RSA.new(key_rec[2])
+                key_rec[3] = k.public_encrypt(key)
+                key_rec[4] = iv
+            end
+
+            @file.write(outstream)
+        end
+
+        # Decrypt the data user the given user ID and password.
+        def read(instream, userid, password)
+            @file.read(instream)
+            userrecord = @file.keys.select { |k| k[0] == userid }
+
+            # Find or get our user record.
+            if userrecord.length == 0 
+                raise Exception.new("User #{userid} not found in the file.")
+            else
+                userrecord = userrecord[0]
+            end
+
+            privkey = OpenSSL::PKey::RSA.new(userrecord[1], password)
+
+            cipher = OpenSSL::Cipher.new('AES-256-CBC')
+            cipher.decrypt
+
+            cipher.key = privkey.private_decrypt(userrecord[3])
+            cipher.iv = userrecord[4]
+
+            data = cipher.update(@file.data)
+            data += cipher.final
+
+            data
+        end
+
+        # Remove a user from the memory representation of this file.
+        # You must do a valid write of the file to force credential rotation and remove the user
+        # from the file on disk.
+        def remove_user(user)
+            @file.keys.reject! { |k| k[0] == user }
+        end
+
+        def list
+            @file.keys.map { |r| r[0] }
+        end
+
+    end
+end

data/lib/ssbx/file.rb

@@ -0,0 +1,58 @@
+module Ssbx
+
+    # How data gets to disk and back.
+    class File
+        # Key tuples.
+        #
+        # This is an array of arrays.
+        # The inner-arrays are key-tuples.
+        # They consist of an id represented as a string,
+        # a public key, an ecrypted private key, and the 
+        # decryption key for the data ecrypted with the public key.
+        #
+        # This means you need to decrypt the private key to decrypt the data key.
+        attr_accessor :keys
+
+        # The file data.
+        attr_accessor :data
+
+        def initialize
+            @keys = []
+            @data = ''
+        end
+
+        def write(out)
+            # How many key records.
+            out.write([@keys.length].pack('N'))
+            @keys.each do |key_rec|
+                # Write the key record columns.
+                out.write([key_rec.length].pack('N'))
+
+                key_rec.each do |col|
+                    out.write([col.length].pack('N'))
+                    out.write(col)
+                end
+            end
+
+            out.write([@data.length].pack('N'))
+            out.write(@data)
+        end
+
+        def read(istream)            
+            @keys = []
+            # Read the key record length...
+            istream.read(4).unpack('N')[0].times do
+                @keys << []
+                # Read the key record length...
+                istream.read(4).unpack('N')[0].times do
+                    col_len = istream.read(4).unpack('N')[0]
+                    @keys[-1] << istream.read(col_len)
+                end
+            end
+
+            sz = istream.read(4).unpack('N')[0]
+            @data = istream.read(sz)
+        end
+
+    end
+end

data/lib/ssbx/version.rb

@@ -0,0 +1,3 @@
+module Ssbx
+  VERSION = "0.1.0"
+end

data/lib/ssbx.rb

@@ -0,0 +1,9 @@
+require "ssbx/version"
+require "ssbx/file"
+require "ssbx/box"
+
+module Ssbx
+  class Error < StandardError; end
+
+  
+end

data/ssbx.gemspec

@@ -0,0 +1,41 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "ssbx/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "ssbx"
+  spec.version       = Ssbx::VERSION
+  spec.authors       = ["Sam"]
+  spec.email         = ["sam.baskinger@gmail.com"]
+
+  spec.summary       = %q{Shared encrypted file.}
+  spec.description   = %q{Shared encrypted file.}
+  spec.homepage      = "https://gitlab.com/basking2/ssbx"
+  spec.license       = "MIT"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata["allowed_push_host"] = "https://rubygems.org"
+
+    spec.metadata["homepage_uri"] = spec.homepage
+    spec.metadata["source_code_uri"] = "https://gitlab.com/basking2/ssbx"
+    # spec.metadata["changelog_uri"] = "https://gitlab.com/basking2/ssbx"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against " \
+      "public gem pushes."
+  end
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

metadata

@@ -0,0 +1,91 @@
+--- !ruby/object:Gem::Specification
+name: ssbx
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Sam
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2019-02-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Shared encrypted file.
+email:
+- sam.baskinger@gmail.com
+executables:
+- ssbx
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".gitlab-ci.yml"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- exe/ssbx
+- lib/ssbx.rb
+- lib/ssbx/box.rb
+- lib/ssbx/file.rb
+- lib/ssbx/version.rb
+- ssbx.gemspec
+homepage: https://gitlab.com/basking2/ssbx
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://gitlab.com/basking2/ssbx
+  source_code_uri: https://gitlab.com/basking2/ssbx
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Shared encrypted file.
+test_files: []