sshkeyproof 0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. data/CHANGELOG +2 -0
  2. data/Manifest +6 -0
  3. data/README.md +24 -0
  4. data/Rakefile +9 -0
  5. data/lib/sshkeyauth.rb +38 -0
  6. data/sshkeyproof.gemspec +33 -0
  7. data/test/test_all.rb +36 -0
  8. metadata +77 -0
data/CHANGELOG ADDED
@@ -0,0 +1,2 @@
1
+ v0.1. first version
2
+
data/Manifest ADDED
@@ -0,0 +1,6 @@
1
+ CHANGELOG
2
+ Manifest
3
+ README.md
4
+ Rakefile
5
+ lib/sshkeyauth.rb
6
+ test/test_all.rb
data/README.md ADDED
@@ -0,0 +1,24 @@
1
+
2
+ h3. gem install 'sshkeyproof'
3
+
4
+ If you have a user's public key, you can verify they are who they say they are (ie. they hold the correspending private key):
5
+
6
+
7
+ h3. Client
8
+
9
+ The client takes their private key (defaults to ~/.ssh/id_rsa) and encrypts a random string as proof of work.
10
+
11
+ request = Sshkeyproof::Client.new key_file: "./id_rsa"
12
+
13
+
14
+ h3. Server
15
+
16
+ The server takes the request string and verifies it
17
+
18
+ s = Sshkeyproof::Server.new request
19
+
20
+ s.fingerprint # => public key SHA1 fingerprint
21
+
22
+ s.correct?(public_key) # => true
23
+
24
+
data/Rakefile ADDED
@@ -0,0 +1,9 @@
1
+ require 'echoe'
2
+
3
+ Echoe.new('sshkeyproof') do |p|
4
+ p.author = "Andrew Snow"
5
+ p.email = 'andrew@modulus.org'
6
+ p.summary = 'Ruby gem to prove client has the other half of a keypair'
7
+ p.url = 'https://github.com/andys/sshkeyproof'
8
+ p.runtime_dependencies = ['sshkey']
9
+ end
data/lib/sshkeyauth.rb ADDED
@@ -0,0 +1,38 @@
1
+
2
+ require 'openssl'
3
+ require 'sshkey'
4
+
5
+ module Sshkeyproof
6
+ class Client
7
+ def initialize(params={})
8
+ key_file = params[:key_file] || '~/.ssh/id_rsa'
9
+ ssh_key = params[:ssh_key] || File.read(key_file)
10
+ openssl_key = params[:openssl_key] || OpenSSL::PKey::RSA.new(ssh_key)
11
+ @privkey = openssl_key if openssl_key.private?
12
+ @pubkey = @privkey && @privkey.public_key || openssl_key
13
+ end
14
+
15
+ def random
16
+ @random ||= OpenSSL::Random.random_bytes(10).unpack('H*').first
17
+ end
18
+
19
+ def request
20
+ ciphertext = @privkey.private_encrypt(random).unpack('H*').first
21
+ "#{SSHKey.sha1_fingerprint(@pubkey.to_s)}|#{random.unpack('H*').first}|#{ciphertext}"
22
+ end
23
+
24
+ end
25
+
26
+ class Server
27
+ attr_reader :fingerprint
28
+ def initialize(request_string)
29
+ (@fingerprint,@random,@ciphertext) = request_string.to_s.split("|")
30
+ end
31
+
32
+ def correct?(key)
33
+ openssl_key = String===key ? OpenSSL::PKey::RSA.new(key) : key
34
+ @fingerprint && @random && @ciphertext && openssl_key.public_key.public_decrypt([@ciphertext].pack('H*')) == [@random].pack('H*') rescue nil
35
+ end
36
+ end
37
+
38
+ end
data/sshkeyproof.gemspec ADDED
@@ -0,0 +1,33 @@
1
+ # -*- encoding: utf-8 -*-
2
+
3
+ Gem::Specification.new do |s|
4
+ s.name = "sshkeyproof"
5
+ s.version = "0.1"
6
+
7
+ s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
8
+ s.authors = ["Andrew Snow"]
9
+ s.date = "2013-01-24"
10
+ s.description = "Ruby gem to prove client has the other half of a keypair"
11
+ s.email = "andrew@modulus.org"
12
+ s.extra_rdoc_files = ["CHANGELOG", "README.md", "lib/sshkeyauth.rb"]
13
+ s.files = ["CHANGELOG", "Manifest", "README.md", "Rakefile", "lib/sshkeyauth.rb", "test/test_all.rb", "sshkeyproof.gemspec"]
14
+ s.homepage = "https://github.com/andys/sshkeyproof"
15
+ s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Sshkeyproof", "--main", "README.md"]
16
+ s.require_paths = ["lib"]
17
+ s.rubyforge_project = "sshkeyproof"
18
+ s.rubygems_version = "1.8.24"
19
+ s.summary = "Ruby gem to prove client has the other half of a keypair"
20
+ s.test_files = ["test/test_all.rb"]
21
+
22
+ if s.respond_to? :specification_version then
23
+ s.specification_version = 3
24
+
25
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
26
+ s.add_runtime_dependency(%q<sshkey>, [">= 0"])
27
+ else
28
+ s.add_dependency(%q<sshkey>, [">= 0"])
29
+ end
30
+ else
31
+ s.add_dependency(%q<sshkey>, [">= 0"])
32
+ end
33
+ end
data/test/test_all.rb ADDED
@@ -0,0 +1,36 @@
1
+ require "#{File.dirname(__FILE__)}/../lib/sshkeyproof"
2
+ require 'test/unit'
3
+
4
+ class TestSshkeyproof < Test::Unit::TestCase
5
+ def setup
6
+ @ssh_key = SSHKey.generate(type:"RSA", bits:1024, comment:"foo@bar.com")
7
+ @client = Sshkeyproof::Client.new ssh_key: @ssh_key.private_key
8
+ @request = @client.request
9
+ end
10
+
11
+ def test_success
12
+ server = Sshkeyproof::Server.new @request
13
+ assert_equal true, server.correct?(@ssh_key.public_key)
14
+ end
15
+
16
+ def test_bad_ciphertext
17
+ badrequest = @request.dup
18
+
19
+ #fiddle the cipher text
20
+ badrequest[-3] = '0'
21
+ badrequest[-2] = '0'
22
+ badrequest[-1] = '0'
23
+
24
+ server = Sshkeyproof::Server.new badrequest
25
+ assert_equal nil, server.correct?(@ssh_key.public_key)
26
+ end
27
+
28
+ def test_wrong_key
29
+ ssh_key2 = SSHKey.generate(type:"RSA", bits:1024, comment:"foo@bar.com")
30
+ client2 = Sshkeyproof::Client.new ssh_key: ssh_key2.private_key
31
+ request2 = client2.request
32
+
33
+ server = Sshkeyproof::Server.new request2
34
+ assert_equal nil, server.correct?(@ssh_key.public_key)
35
+ end
36
+ end
metadata ADDED
@@ -0,0 +1,77 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: sshkeyproof
3
+ version: !ruby/object:Gem::Version
4
+ prerelease:
5
+ version: '0.1'
6
+ platform: ruby
7
+ authors:
8
+ - Andrew Snow
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2013-01-24 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ! '>='
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ none: false
21
+ version_requirements: !ruby/object:Gem::Requirement
22
+ requirements:
23
+ - - ! '>='
24
+ - !ruby/object:Gem::Version
25
+ version: '0'
26
+ none: false
27
+ name: sshkey
28
+ prerelease: false
29
+ type: :runtime
30
+ description: Ruby gem to prove client has the other half of a keypair
31
+ email: andrew@modulus.org
32
+ executables: []
33
+ extensions: []
34
+ extra_rdoc_files:
35
+ - CHANGELOG
36
+ - README.md
37
+ - lib/sshkeyauth.rb
38
+ files:
39
+ - CHANGELOG
40
+ - Manifest
41
+ - README.md
42
+ - Rakefile
43
+ - lib/sshkeyauth.rb
44
+ - test/test_all.rb
45
+ - sshkeyproof.gemspec
46
+ homepage: https://github.com/andys/sshkeyproof
47
+ licenses: []
48
+ post_install_message:
49
+ rdoc_options:
50
+ - --line-numbers
51
+ - --inline-source
52
+ - --title
53
+ - Sshkeyproof
54
+ - --main
55
+ - README.md
56
+ require_paths:
57
+ - lib
58
+ required_ruby_version: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - ! '>='
61
+ - !ruby/object:Gem::Version
62
+ version: '0'
63
+ none: false
64
+ required_rubygems_version: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ! '>='
67
+ - !ruby/object:Gem::Version
68
+ version: '1.2'
69
+ none: false
70
+ requirements: []
71
+ rubyforge_project: sshkeyproof
72
+ rubygems_version: 1.8.24
73
+ signing_key:
74
+ specification_version: 3
75
+ summary: Ruby gem to prove client has the other half of a keypair
76
+ test_files:
77
+ - test/test_all.rb