string-encrypt 0.0.2

data/README

@@ -0,0 +1,16 @@
+The string_encryption gem was started with the intention of being
+compatible with the RSA and AES algorithms used in a javascript
+library on http://www.pidder.com/pidcrypt .  Usage and testing
+against the pidcrypt library hasn't been done yet, but is scheduled
+for the future.
+The intent of this library is to make encryption and decryption of a 
+string as straight forward as capitalizing or reversing is.
+
+To encrypt a string:  
+    encrypted_secret = "Super Secret Text".encrypt("Super Secret Password")
+To decrypt a string:
+    decrypted_secret = encrypted_secret.encrypt("Super Secret Password")
+
+
+
+Branden Giacoletto

data/bin/decrypt.rb

@@ -0,0 +1,75 @@
+#!/usr/bin/env ruby
+require 'string-encrypt'
+require 'optparse'
+
+options = {}
+if ARGV.length == 1
+	options["infile"] = options["outfile"] = ARGV[0]
+else
+	OptionParser.new do |opts|
+		opts.banner = "Usage: decrypt.rb -i input.file -o output.file"
+		opts.on("-i", "--infile INPUT", "File to be encrypted") do |input|
+			options["infile"] = input.gsub("\"","")
+		end
+	
+		opts.on("-o", "--outfile OUTPUT", "File after it\'s encrypted") do |output|
+			options["outfile"] = output.gsub("\"","")
+		end
+		opts.on("-p", "--password PASSWORD", "") do |pass|
+			options["password"] = pass
+		end
+		opts.on("-k","--key-file KEYFILE", "") do |keyfile|
+			options["key"] = keyfile
+		end
+		opts.on("-z", "--zip", "") do 
+			options["zip"] = true
+		end
+	end.parse!
+end
+password = ""
+
+if options["key"] != nil then
+	if options["password"] == nil then password_provided = false end
+	begin
+		options["password"] = rsa_key(options["key"], options["password"])
+	rescue
+		if options["infile"] != nil then
+			STDERR.print "What\'s the password?: "
+			password = STDIN.gets.chomp
+			options["password"] = rsa_key(options["key"],password)
+		else
+			STDERR.print "key file may be encrypted.  Enter the password either with\
+the -p option or read the file to be decrypted with the -i option"
+			# Considered reading the file to be decrypted in, but maybe getting a broken
+			# pipe error is more desirable
+			exit(1)
+		end
+	end
+end
+
+if options["infile"] == nil || options["infile"] == "-" then
+	file = ARGF
+	if options["password"] != nil then
+		password = options["password"]
+	end
+else
+	file = File.open(options["infile"],"rb")
+	if options["password"] != nil then
+		password = options["password"]
+	else
+		STDERR.print "What\'s the password?: "
+		password = STDIN.gets.chomp
+	end
+end
+string = file.read
+decrypted = string.decrypt(password,options["zip"])
+file.close
+if decrypted == nil then raise 'decryption failed!'; exit 3 end
+
+if options["outfile"] == nil || options["outfile"] == "-" then 
+	print decrypted
+	#puts "no file to output, wrote to screen"
+else
+	File.open(options["outfile"],"wb") {|f| f << decrypted }
+	#puts "opened file #{options["outfile"]} for output"
+end

data/bin/decrypt_all.rb

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+print "What\'s the password?: "
+password = gets
+files = Dir::entries('.').collect {|entry| if File.file? entry then entry else nil end }.compact
+
+files.each { |file| `decrypt -i "#{file}" -o "#{file}" -p "#{password}" -z` }

data/bin/encrypt.rb

@@ -0,0 +1,109 @@
+#!/usr/bin/env ruby
+#
+# encrypt.rb is a program for encrypting an individual file or piped input
+# using either a password or rsa key.  If the key is beyond the allowed size
+# for the contents being encrypted it is silently symmetrically encrypted 
+# with a random password and that random password is instead encrypted with
+# the rsa key
+#
+# USAGE:: encrypt.rb ([-i input/filename] [-o output/filename] [(-k key/filename) || -p password || -p "pass phrase"]) || filename_changed_in_place
+#
+# -i:: Input file name
+# -o:: Output file name
+# -k:: RSA public or private key to encrypt with
+# -p:: a password or pass phrase to encrypt with
+#
+# If no input is specified then input is taken from STDIN so a password or key
+# must be provided at the time of invocation with the -k or -p options 
+# If not then an empty string is used for the password (NOT ADVISABLE)
+#
+# If no output is specified then the output is directed to STDOUT.  if no
+# password or key is provided you will be prompted for a password.
+#
+# If the input and output file are the same you can optionally pass the 
+# filename as the only parameter and then you will be prompted for a password
+
+require 'string-encrypt'
+require 'optparse'
+
+options = {}
+if ARGV.length == 1 then
+	options["outfile"] = options["infile"] = ARGV[0]
+else
+OptionParser.new do |opts|
+	opts.banner = "Usage: encrypt.rb -i input.file -o output.file"
+	opts.on("-i", "--infile INPUT", "File to be encrypted") do |input|
+		options["infile"] = input.gsub("\"","")
+	end
+
+	opts.on("-o", "--outfile OUTPUT", "File after it\'s encrypted") do |output|
+		options["outfile"] = output.gsub("\"","")
+	end
+	opts.on("-p", "--password PASSWORD", "") do |password|
+		options["password"] = password
+	end
+	opts.on("-k", "--key-file KEYFILE", "") do |keyfile|
+		options["key"] = keyfile
+	end
+	opts.on("-z","--zip","") do
+		options["zip"] = true
+	end
+end.parse!
+end
+
+password = ""
+
+if options["key"] != nil then
+	if options["password"] == nil then password_provided = false end
+        begin
+                options["password"] = rsa_key(options["key"], options["password"])
+        rescue
+		if options["infile"] != nil then
+	                STDERR.print "What\'s the password?: "
+        	        password = STDIN.gets.chomp
+               		options["password"] = rsa_key(options["key"],password)
+		else
+			STDERR.puts "key file may be encrypted, provide the password with -p option\
+read the file with -i instead of through a pipe."
+			#raise "key file may be encrypted"
+			exit(1)
+		end
+        end
+end
+
+if options["infile"] == nil || options["infile"] == "-" then
+	f = ARGF
+	if options["password"] != nil then 
+		password = options["password"]
+	end
+	#puts "no file, reading from prompt"
+else
+	f = File.open(options["infile"],"rb") 
+	if options["password"] != nil then 
+		password = options["password"]
+	else
+		STDERR.print "What\'s the password?: "
+		password = STDIN.gets.chomp
+	end
+	#puts "opened file #{options["infile"]} for reading"
+	#puts.flush
+end
+	string = f.read
+f.close
+if string.length == 0 then raise 'can not encrypt nothing'; exit 2 end
+
+encrypted = string.encrypt(password,options["zip"])
+# if it fails once, try again
+if encrypted == nil then 
+	encrypted = string.encrypt(password,options["zip"]) 
+end
+# if it fails twice, quit with an error
+if encrypted == nil then raise 'Could not encrypt successfully'; exit 1 end
+
+if options["outfile"] == nil || options["outfile"] == "-" then 
+	print encrypted 
+	#puts "no file to output, wrote to screen"
+else
+	File.open(options["outfile"],"wb") {|f| f << encrypted }
+	#puts "opened file #{options["outfile"]} for output"
+end

data/bin/encrypt_all.rb

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+print "What\'s the password?: "
+password = gets
+files = Dir::entries('.').collect {|entry| if File.file? entry then entry else nil end }.compact
+
+files.each { |file| if file != "decrypt.rb" && file != "decrypt_all.rb" then `encrypt -i "#{file}" -o "#{file}" -p "#{password}" -z` end }

data/bin/journal.rb

@@ -0,0 +1,28 @@
+#!/usr/bin/env ruby
+#
+# journal.rb is a stand-alone program that
+# 1. decrypts the journal file using the private key that's been symetrically encrypted with a password.
+# 2. opens the decrypted journal file with vim
+# 3. then encrypts the edited file back with the public key
+
+if ARGV.length == 0 then
+	filename = "journal.txt"
+else
+	filename = ARGV[0]
+end
+if File.exists? filename then
+	system("decrypt -i rsa.priv -o tmp_priv.pem")
+	`decrypt -i #{filename} -o #{filename}.tmp -z -k tmp_priv.pem`
+	system "clear"
+	`rm tmp_priv.pem`
+	if File.exists? "#{filename}.tmp" then
+		`echo $(date) >> #{filename}.tmp`
+		system("vim #{filename}.tmp")
+		`encrypt -i #{filename}.tmp -o #{filename} -z -k rsa.pub`
+		`rm #{filename}.tmp`
+	else
+		puts "decryption failed"
+	end
+else
+	puts "file does not exists"
+end

data/lib/string-encrypt.rb

@@ -0,0 +1,189 @@
+#!/usr/bin/env ruby
+# == Synopsis
+# The encryption.rb library simplifies the creation and loading of RSA keys
+# along with encrypting/decrypting strings using the RSA keys or AES-256 password
+# with salt.  Encryption/Decryption is simplified by opening the String class with
+# a encrypt and decrypt method and one for rsa keys (encryptr/decryptr) which are
+# called automatically from the former methods if the password argument is an RSA
+# key.  To reduce the size of the resulting encrypted file it can optionally be
+# compressed before encryption using encryptz/decryptz methods.
+# == Usage
+# * encrypted_string = "string to encrypt with AES-256".encrypt("super secret password")
+# * key = rsa_key(1024);
+#   encrypted_string = "string to encrypt with rsa key".encryptr(key.public_key)
+#   or
+#   encrypted_string = "string to encrypt with rsa key".encrypt(key.public_key)
+# * encrypted_string = "string to compress then encrypt".encryptz("super secret password")
+# [Note] decryption is done with the corresponding decrypt/decryptr/decryptz methods.
+# [Note] if you encrypted with a public key like above, you decrypt with the private (master) key
+#        (either key or key.private_key).  If you encrypted with the private (master) key you can
+#        decrypt with either the private or the public key (preferably the public key, but it's your choice)
+# [Note] if the RSA key to use is in a file use: key = rsa_key("public_key_file.pub") or key = rsa_key("private_key_file.pub")
+#
+# == Author
+# Branden Giacoletto, Carbondata Digital Services
+#
+# == Copyright
+# Copyright (c) 2009 Carbondata Digital Services
+# Licensed under the same terms as Ruby
+
+require 'openssl'
+require 'zlib'
+require 'yaml'
+# require 'base64'
+
+# rsa key will either create a new RSA key if a bit size is supplied (multiples of 1024, 15 is supposed to be equivalent to AES-256) or
+# the filename of an already created key.
+# If a password is given then the rsa file will be decrypted.
+def rsa_key(bitsize_or_filename,password = nil)
+	if bitsize_or_filename.class.to_s == "String" && password == nil
+		return OpenSSL::PKey::RSA.new(File.read(bitsize_or_filename))
+	elsif bitsize_or_filename.class.to_s == "String" && password != nil
+		return OpenSSL::PKey::RSA.new(File.read(bitsize_or_filename).decrypt(password))
+	elsif bitsize_or_filename.class.to_s != "String" && password == nil then
+			return OpenSSL::PKey::RSA.new(bitsize_or_filename)
+	end
+end
+
+# Opens the String class providing encryption and zipping methods
+class String
+	@@magic = "Salted__"
+	@@salt_len = 8
+	# decrypts the string using either and string password or RSA key created with rsa_key()
+	# =====example 
+	# * <tt> "string to decrypt".decrypt("super secret password")</tt> # using a string for a password
+	# * <tt> "string to decrypt".decrypt(key.public_key)</tt> # using the public key
+	# * <tt> "string to decrypt".decrypt(key.private_key)</tt> # using the private key
+	# * <tt> "string to decrypt".decrypt(key)</tt> # using the private key unless specifically loaded the public key
+	#
+	# if true is passed for the second argument then the string is decompressed after it is decrypted
+	def decrypt(password = "", unzip_it = false)
+		if password.class.to_s == "OpenSSL::PKey::RSA" then
+			result = nil
+			begin
+				result = self.decryptr(password)
+			rescue
+				enc_password_size = self[0...6].to_i
+				enc_password = self[6...(enc_password_size + 6)]
+				message = self[(enc_password_size + 6)..-1]
+				random_pass = (enc_password).decryptr(password)
+				decrypted_data = message.decrypt(random_pass)
+				result = decrypted_data
+			end
+			if unzip_it == true then result = result.unzip end
+			return result
+		end
+		salt = ""
+		if !self.is_encrypted?
+			return nil # Salt is wrong
+		end
+		salt = self[(@@magic.length)...(@@salt_len+@@magic.length)]
+		c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
+		c.decrypt
+		c.pkcs5_keyivgen(password,salt,1)
+		result = nil
+		begin
+			result = (c.update(self[@@salt_len+@@magic.length..-1]) + c.final)
+			if unzip_it == true then result = result.unzip end
+		rescue
+			result = nil
+		end
+		return result
+	end
+
+	# encrypts the string using either and string password or RSA key created with rsa_key()
+	# =====example 
+	# * <tt> "string to encrypt".encrypt("super secret password")</tt> # using a string for a password
+	# * <tt> "string to encrypt".encrypt(key.public_key)</tt> # using the public key
+	# * <tt> "string to encrypt".encrypt(key.private_key)</tt> # using the private key
+	# * <tt> "string to encrypt".encrypt(key)</tt> # using the private key unless specifically loaded the public key
+	#
+	# if true is passed for the second argument then the string is compressed before it is encrypted
+	# =====note if an RSA key is provided for encryption but the string to be encrypted is too long, then a temporary, random AES-256 key is created to encrypt the string, then that password is encrypted with the RSA key
+	def encrypt(password = "", zipit = false)
+		if password.class.to_s == "OpenSSL::PKey::RSA" then
+			result = nil
+			begin
+				result = (if zipit then self.zip else self end).encryptr(password)
+			rescue
+				enc_password_size = 0
+				random_pass = OpenSSL::Random.random_bytes(117)
+				rand_enc_password = (random_pass.encryptr(password))
+				enc_password_size = rand_enc_password.length.to_s.ljust(6)
+				result = enc_password_size + rand_enc_password + (if zipit then self.zip else self end).encrypt(random_pass)
+			end
+			return result
+		end
+		c = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
+		salt = (0...(@@salt_len)).inject(""){ |carry,num| carry += rand(256).chr }
+		c.encrypt
+		c.pkcs5_keyivgen(password,salt,1)
+		result = nil
+		begin
+			result = @@magic + salt + c.update(if zipit then self.zip else self end) + c.final
+		rescue
+			result = nil
+		end
+		# make sure it can be successfully decrypted
+		if self.sha != result.decrypt(password,zipit).sha then result = nil end
+		return result
+	end
+
+	# encrypts the string specifically with a RSA key.  Is called from encrypt if a key is passed for the password
+	def encryptr(key)
+		if (key.to_s =~ /^-----BEGIN (RSA|DSA) PRIVATE KEY-----$/).nil?
+			return key.public_encrypt(self)
+		else
+			return key.private_encrypt(self)
+		end
+	end
+
+	# decrypts the string specifically with a RSA key.  Is called from decrypt if a key is passed for the password
+	def decryptr(key)
+		if (key.to_s =~ /^-----BEGIN (RSA|DSA) PRIVATE KEY-----$/).nil?
+			return key.public_decrypt(self)
+		else
+			begin
+				result = nil
+				result = key.private_decrypt(self)
+			rescue
+				result = key.public_decrypt(self)
+			end
+			return result
+		end
+	end
+
+	# Returns the sha1 hash of the string as a character string
+	def sha
+		return OpenSSL::Digest::Digest.new('sha1',self).to_s
+	end
+
+	# checks for the salt string as the magic string at the beginning of the string.  If present then it must be encrypted.
+	def is_encrypted?
+		if self[0...(@@magic.length)] == @@magic
+			return true
+		else
+			return false
+		end
+	end
+
+	# compresses the string using zlib
+	def zip
+		return Zlib::Deflate.deflate(self,Zlib::BEST_COMPRESSION)
+	end
+
+	# decompresses the string that was previously compressed with zip
+	def unzip
+		return Zlib::Inflate.inflate(self)	
+	end
+
+	# compresses and encrypts the string	
+	def encryptz(password="")
+		return self.zip.encrypt(password)
+	end
+
+	# uncompresses and decrypts the string
+	def decryptz(password="")
+		return self.decrypt(password).unzip
+	end
+end

metadata

@@ -0,0 +1,69 @@
+--- !ruby/object:Gem::Specification 
+name: string-encrypt
+version: !ruby/object:Gem::Version 
+  version: 0.0.2
+platform: ruby
+authors: 
+- Branden Giacoletto
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-05-12 00:00:00 -06:00
+default_executable: 
+dependencies: []
+
+description: 
+email: branden@rubyforge.com
+executables: 
+- journal.rb
+- encrypt.rb
+- encrypt_all.rb
+- decrypt.rb
+- decrypt_all.rb
+extensions: []
+
+extra_rdoc_files: 
+- bin/journal.rb
+- bin/encrypt.rb
+- bin/encrypt_all.rb
+- bin/decrypt.rb
+- bin/decrypt_all.rb
+- README
+- lib/string-encrypt.rb
+files: 
+- bin/journal.rb
+- bin/encrypt.rb
+- bin/encrypt_all.rb
+- bin/decrypt.rb
+- bin/decrypt_all.rb
+- lib/string-encrypt.rb
+- README
+has_rdoc: true
+homepage: http://string-encrypt.rubyforge.com
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: string-encrypt
+rubygems_version: 1.3.1
+signing_key: 
+specification_version: 2
+summary: String open classed with AES-256 and RSA encryption and zipping methods for easy, secure, encryption of strings
+test_files: []
+