strongboxio 0.1.0

data/lib/strongboxio.rb

@@ -0,0 +1,207 @@
+require 'openssl'  # for decryption
+require 'zlib'     # for decompression
+require 'base64'   # for decoding
+require 'rubygems' if defined?RUBY_VERSION && RUBY_VERSION =~ /^1.8/ # for requiring gem dependency in Ruby 1.8
+require 'nokogiri' # for xml parsing
+
+class Strongboxio
+
+  VERSION = '0.1.0'
+
+  STRONGBOX_VERSION = 3
+  VERSION_LENGTH = 1
+  SALT_LENGTH = 64
+  IV_LENGTH = 16
+  KEY_LENGTH = 32
+  RANDOM_VALUE_LENGTH = 64
+  CIPHER = 'AES-256-CBC'
+  PAYLOAD_SCHEMA_VERSION = '2.4'
+  UNIX_EPOCH_IN_100NS_INTERVALS = 621355968000000000 # .NET time format: number of 100-nanosecond intervals since .NET epoch: January 1, 0001 at 00:00:00.000 (midnight)
+
+  def self.resembles_base64?(string)
+    string.length % 4 == 0 && string =~ /^[A-Za-z0-9+\/=]+\Z/
+  end
+
+  def self.decrypt(sbox_filename, password)
+    # open the xml file
+    f = File.open(sbox_filename)
+    data = Nokogiri::XML(f)
+    f.close
+
+    # extract the Data node
+    data = data.xpath('//Data').text
+    base64_error_msg = 'expected Base64 encoded byte string from the StrongBox.Payload.Data element of the xml of a Strongbox file'
+    raise "#{base64_error_msg}, but got nothing" if data.length == 0
+    raise "#{base64_error_msg}, but it does not resemble Base64" unless self.resembles_base64?(data)
+
+    data = Base64.decode64(data)
+
+    #version = data.getbyte(0)   # ruby 1.9
+    version = data.bytes.to_a[0] # ruby 1.8 friendly
+    raise "expected version number #{STRONGBOX_VERSION}, but got #{version}" unless version == STRONGBOX_VERSION
+
+    salt = data.slice(1, SALT_LENGTH)
+    raise "expected salt length #{SALT_LENGTH}, but got #{salt.length}" unless salt.length == SALT_LENGTH
+
+    iv = data.bytes.to_a.slice((1+64), IV_LENGTH).pack('C*')
+    raise "expected iv length #{IV_LENGTH}, but got #{iv.length}" unless iv.length == IV_LENGTH
+
+    key = Digest::SHA256.digest(salt + password)
+    raise "expected key length #{KEY_LENGTH}, but got #{key.length}" unless key.length == KEY_LENGTH
+
+    # prepare for decryption
+    d = OpenSSL::Cipher.new(CIPHER)
+    d.decrypt
+    d.key = key
+    d.iv  = iv
+
+    # decrypt the portion beyond the header
+    begin
+      data = '' << d.update(data.slice((VERSION_LENGTH+SALT_LENGTH+IV_LENGTH)..-1)) << d.final
+    rescue => e
+      raise "Error decrypting. You probably entered the password incorrectly. Specific error: #{e}"
+    end
+
+    # decompress the portion beyond the random value
+    #z = Zlib::Inflate.new
+    #z = Zlib::Inflate.new(-Zlib::BEST_COMPRESSION) # works for Strongbox
+    z = Zlib::Inflate.new(-Zlib::MAX_WBITS) # works for Strongbox!
+    #z = Zlib::Inflate.new(Zlib::MAX_WBITS) # works for roundtrip
+    data = z.inflate(data.slice(RANDOM_VALUE_LENGTH..-1))
+    z.finish
+    z.close
+
+    data
+  end
+
+  def self.render(decrypted_sbox, continue_despite_unexpected_payload_schema_version=false)
+    data = Nokogiri::XML(decrypted_sbox)
+
+    payload_schema_version = data.xpath('//Payload').xpath('SchemaVersion').text
+    unless payload_schema_version == PAYLOAD_SCHEMA_VERSION
+      raise "expected schema version #{PAYLOAD_SCHEMA_VERSION}, but got #{payload_schema_version}" unless continue_despite_unexpected_payload_schema_version
+    end
+
+    mt = data.xpath('//Payload').xpath('PayloadInfo').xpath('MT').text
+    puts mt
+
+    data.xpath('//PayloadData').each { |payload_data|
+      payload_data.xpath('//SBE').each { |entity|
+        puts
+        name = entity.xpath('N').text
+        puts "#{name}" if name.length > 0
+        description = entity.xpath('D').text
+        puts "#{description}" if description.length > 0
+        tags = entity.xpath('T').text
+        puts "#{tags}" if tags.length > 0
+        ce = entity.xpath('CE')
+        ce.xpath('TFE').each { |tfe|
+          name = tfe.xpath('N').text
+          puts "#{name}:" if name.length > 0
+          content = tfe.xpath('C').text
+          puts "#{content}" if content.length > 0
+        }
+      }
+    }
+  end
+
+  def assemble(decrypted_sbox, continue_despite_unexpected_payload_schema_version=false)
+    data = Nokogiri::XML(decrypted_sbox)
+
+    payload_schema_version = data.xpath('//Payload').xpath('SchemaVersion').text
+    unless payload_schema_version == PAYLOAD_SCHEMA_VERSION
+      raise "expected schema version #{PAYLOAD_SCHEMA_VERSION}, but got #{payload_schema_version}" unless continue_despite_unexpected_payload_schema_version
+    end
+
+    sbox = {}
+
+    mt = data.xpath('//Payload').xpath('PayloadInfo').xpath('MT').text
+    sbox['MT'] = mt
+
+    data.xpath('//PayloadData').each { |payload_data|
+
+      sbox['PayloadData'] = []
+
+      payload_data.xpath('//SBE').each_with_index { |strongbox_entity, sbe_index|
+
+        sbox['PayloadData'][sbe_index] = {}
+
+        sbe_mt = strongbox_entity.attr('MT') # ModifiedTimestamp.Ticks
+        sbox['PayloadData'][sbe_index]['MT'] = sbe_mt if sbe_mt.length > 0
+
+        sbe_ct = strongbox_entity.attr('CT') # CreatedTimestamp.Ticks
+        sbox['PayloadData'][sbe_index]['CT'] = sbe_ct if sbe_ct.length > 0
+
+        sbe_ac = strongbox_entity.attr('AC') # accessCount
+        sbox['PayloadData'][sbe_index]['AC'] = sbe_ac if sbe_ac.length > 0
+
+        sbe_name = strongbox_entity.xpath('N').text
+        sbox['PayloadData'][sbe_index]['N'] = sbe_name if sbe_name.length > 0
+
+        sbe_description = strongbox_entity.xpath('D').text
+        sbox['PayloadData'][sbe_index]['D'] = sbe_description if sbe_description.length > 0
+
+        sbe_tags = strongbox_entity.xpath('T').text
+        sbox['PayloadData'][sbe_index]['T'] = sbe_tags if sbe_tags.length > 0
+
+        child_entity = strongbox_entity.xpath('CE')
+        if child_entity.length > 0
+          sbox['PayloadData'][sbe_index]['CE'] = []
+
+          child_entity.xpath('TFE').each_with_index { |text_field_entity, ce_index|
+
+            sbox['PayloadData'][sbe_index]['CE'][ce_index] = {}
+
+            tfe_name = text_field_entity.xpath('N').text
+            sbox['PayloadData'][sbe_index]['CE'][ce_index]['N'] = tfe_name if tfe_name.length > 0
+
+            tfe_content = text_field_entity.xpath('C').text
+            sbox['PayloadData'][sbe_index]['CE'][ce_index]['C'] = tfe_content if tfe_content.length > 0
+          }
+        end
+      }
+    }
+
+    sbox
+  end
+
+  def render(verbose=false)
+    puts sbox['MT']
+
+    sbox['PayloadData'].each { |payload_data|
+      puts
+      puts payload_data['N'] unless payload_data['N'].nil?
+      puts payload_data['D'] unless payload_data['D'].nil?
+      puts payload_data['T'] unless payload_data['T'].nil?
+      payload_data['CE'].each { |strongbox_entity|
+        puts strongbox_entity['N'] + ': ' unless strongbox_entity['N'].nil?
+        puts strongbox_entity['C']        unless strongbox_entity['C'].nil?
+      }
+      puts "Access Count: #{payload_data['AC']}" if !payload_data['AC'].nil? && verbose
+      puts "#{convert_time_from_dot_net_epoch(payload_data['MT'].to_i)} (modify time)" if !payload_data['MT'].nil? && verbose
+      puts "#{convert_time_from_dot_net_epoch(payload_data['CT'].to_i)} (create time)" if !payload_data['CT'].nil? && verbose
+    }
+  end
+
+  #attr_accessor :decrypted_sbox
+  attr_accessor :sbox
+
+  # create an instance of Strongbox
+  def initialize(decrypted_sbox, continue_despite_unexpected_payload_schema_version=false)
+    super()
+    #self.decrypted_sbox = decrypted_sbox
+    self.sbox = assemble(decrypted_sbox, continue_despite_unexpected_payload_schema_version)
+  end
+
+private
+
+  def convert_time_from_dot_net_epoch(t)
+    Time.at((t-UNIX_EPOCH_IN_100NS_INTERVALS)*1e-7).utc.getlocal
+  end
+end
+
+#class String
+#  def resembles_base64?
+#    self.length % 4 == 0 && self =~ /^[A-Za-z0-9+\/=]+\Z/
+#  end
+#end

data/test/2fe22f4d-bd41-476a-8159-c6e0b6487f7d.sbox

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<StrongBox>
+  <SchemaVersion>2.1</SchemaVersion>
+  <Metadata>
+    <SchemaVersion>2.2</SchemaVersion>
+    <SBOXID>2fe22f4d-bd41-476a-8159-c6e0b6487f7d</SBOXID>
+    <SID>1aefeb7f-87fb-4c12-9587-78f2354c3a70</SID>
+    <CreateDate>129985312023925270</CreateDate>
+    <ModifiedDate>129985323759179228</ModifiedDate>
+    <Name>strongbox gem test</Name>
+    <Description>Strongbox Ruby gem test box</Description>
+    <PassphaseHint />
+    <LocalModifiedDate>129985312023925280</LocalModifiedDate>
+    <PayloadIdentity>sQgzfRSQEkCJo25tVi47Q</PayloadIdentity>
+    <PayloadSize>1217</PayloadSize>
+    <PayloadType />
+    <PayloadItemCount>4</PayloadItemCount>
+    <PayloadBaseRevisionTag>129985312024788056-129985312024788056</PayloadBaseRevisionTag>
+  </Metadata>
+  <Payload>
+    <SchemaVersion>2.1</SchemaVersion>
+    <Data>AxHLk57HTQaFzAHatF+lFg++t44Dfwr78cKGHzQB1+eWbKL9HVTZK9T/omI7P9az8gvJA//5CkYGz6HcQS7Sg/U5PTNqU4u2EZhkdaRUK6KooHux/u9HBF27RXy/8shiJbS6FN7EPew/8zzuZRe00WzOcoKELmHvbeTgZG0Te2Mtox+PfZMYEvRPjbA2eI70KwzlzSuoHbmyECKo36x9RTAHTeQTEXMfkcMU6D0ONsbMmNoJkC3TqIX5bcYLQ1FxQpwvB/AbtfyCLPk9Zxhmm0ihEsBfcPqxU9kaVkCBOfOyxFyvueEdFgEs1PxYJ571huJpyprCcQKcarr3yvMIzkn3rJKO6s9F0gR8PqdrBBO3PxKeZO6sJnpEq0WIuSYaY2wFGXr0UvK/Hid3hUHwVEjfbiVVJmXFmRHmEnJD7Q2EctX5Ju20ESYSXy3f3r/W3RTaR8ZwLVPiyroV2EjOZrhI0pMhXLZaOhszVA4alC7djphKRZkh1zg39pnMaPNYACW0rlAnFz5zk74Uez64xiWI352i89jfjj5R16blBlxq8FjJJVSlUxJJNJwnlbG744AXxd1ygI56koztmbwY1VbAOmr4FiX9JtVLq6a6gVKv3sy3eKlxKXd41jhOTNIKnu0Nh36TxXs64Q2BdozKnQvCN9BYelawWPQOp3viQ95LlruiQQEnzzmcGuZw33ny1QfxVFuz/Gd+i50eg++urf/woprI74OtXANWWhN6chSP29Gz8y76/zYZoYAerZxAVPuh+elW9Xw3fjCwHk33/tkOvVcKQb/LCcFZdaawh6gdYfRJTRetQYKIWdKn7QuYhZLKYXMcJ1BBrDnJx0QKCN8kwNggzRlfYtgzz07t1BQXL+5F9m18KQfXbGR4HpI3INwWMFA61mFKRMih0cORjbVwfISJIZfRp/oe1Ut8r4+cZbTwdmPEnUrMiOSQLk0gUk7DknnCfEPKLjOFz+DAwhqSfosNKUkV1AB+GDzI2JfR5P3SMLh77/CLN1Adx/tXH46A2K6D5JXPVGUR9mhMD9hCH6v34dRNkfBSD0EN2VHMAkVAWrDm4UiKf3uO6k51Q7IZ0vcp+QSZdcV98rhAVgpx79S3MPd8+riamxuZFHe/5Ao1p4JW1FajPxbZnh4LhQNdN8vTSuywOaefN7Mph4X3WEJ5cOYcJm5MdYQDx9t1DSdY1l+tuDHW+8LWpqicVN0JWNADPFCyQwoAQMzX1ax3zq8zXofI+MaJOxaxiEu/pJDPce07fmf/W6Xxcw8Uugm4bZE7pxcTRrrhXZ4WYBmHyxRfNtGZyw8K385S8wRW93FPUnwHRDUyDoRN+w9FwAxWPmywM2Z8RyfyN6frQ0j4roB9YD2Yt1YuY6/yoUDiDxsLdaBYEfre+A26VlkC3zUy/M64yPe6J/CO1hBDVkwxJ8hmkiw2QtHROIz80hDvprecVWjzwLNT+ddT+oXf5nEFREZP8IMxzDNdrRcydQjpJHViWvn4fLxhF72KcTLKM0yfokpbsGnC3X63dcHFHG0KTiTcfnBNqqdi9WyhD12Jm62bAfgJVV+GFJHXSHdTGCa1REmqfuKeSIVBCxaCPSNG1M/WbEdAfJNjGj980ZQ=</Data>
+  </Payload>
+</StrongBox>

data/test/test_helper.rb

@@ -0,0 +1,3 @@
+require 'test/unit'
+require 'strongboxio'
+

data/test/test_strongboxio.rb

@@ -0,0 +1,28 @@
+# encoding: utf-8
+require 'test_helper'
+
+class StrongboxioTest < Test::Unit::TestCase
+
+  FILENAME = 'test/2fe22f4d-bd41-476a-8159-c6e0b6487f7d.sbox'
+  PASSWORD = 'pWY4ic9q'
+
+  def test_decrypt_from_file
+    expect='<Payload><SchemaVersion>2.4</SchemaVersion><PayloadInfo><SchemaVersion>1.0</SchemaVersion><IP>PyOQP3GmNEA3T5BjBOiPg,DU4Qm4btjyejD1TYGoUjQ,nC9jzQ4Tv3RsrfxHzghe4A,YlVFCZO1FqBT91H0M3XmQA,WIVON6o61vebxLKJhXKQ,sQgzfRSQEkCJo25tVi47Q</IP><MT>2012-11-27T23:29:23.18873Z</MT><SD>xJ2VL0VourNV3a7cOJkinAMkVVEJJahV17MlbE5x8w</SD></PayloadInfo><PayloadData><T /><CE><SBE ID="7ijIF8xabBZjKsEKpUFnag" II="4" MT="634896555753103810" CT="634896555753102130" AC="0"><N>VanCity bank info</N><D>credit card, debit card, online banking</D><T>Credit, Debit, Card, Online, Banking</T><CE><TFE ID="K87JOu1lge4X7SSKE9elDQ" II="4" MT="634896555753103820"><N>credit card number</N><C>1234 5678 9012 3456</C></TFE><TFE ID="PTsGYmJb7f1B8nIquZfAMQ" II="4" MT="634896555753104130"><N>credit card expiration</N><C>11/2012</C></TFE><TFE ID="sfRgujycbbKIad58FkC1vg" II="4" MT="634896555753104380"><N>credit card verification value</N><C>123</C></TFE><TFE ID="bK7Vba0t2oupLiRGjEkt5Q" II="4" MT="634896555753104690"><N>debit card PIN</N><C>1234</C></TFE><TFE ID="2j9hKQJqCvbrVpmfRqJVA" II="4" MT="634896555753104970"><N>online banking password</N><C>qwerty</C></TFE></CE></SBE><SBE ID="L35bmTNw34lQnA70hmEVmg" II="3" MT="634896550747551430" CT="634896550747549900" AC="0"><N>fake Gmail account</N><D>used for Stackoverflow</D><T>Fake Gmail Stackoverflow</T><CE><TFE ID="Zmjyh5cMoj5s1AuH18EJA" II="3" MT="634896550747551440"><N>username</N><C>ima_fake@gmail.com</C></TFE><TFE ID="bOudR7nlwP40bo6V23jw" II="3" MT="634896550747551750"><N>password</N><C>password1</C></TFE><TFE ID="klbjFvsyyDEs956gkduKg" II="3" MT="634896550747552080"><N>gender</N><C>other</C></TFE><TFE ID="ckdoh9oM478UliFoeg" II="3" MT="634896550747552370"><N>backup</N><C>bart_simpson@gmail.com</C></TFE></CE></SBE><SBE ID="SwH6NoXPhg7qXLOUlDQyQ" II="2" MT="634896545666557670" CT="634896545666556630" AC="0"><N>just a name</N><D></D><T /><CE><TFE ID="u9LEZ2H2jQlzqc7a5vD2iA" II="2" MT="634896545666557680"><N /><C /></TFE></CE></SBE><SBE ID="ZoPVBFNFdOlRLT0FLO9BVQ" II="5" MT="634896557631887530" CT="634896545082402010" AC="0"><N>test item name</N><D>test item description</D><T>Test, Item, Tag1, Tag2, Tag3</T><CE><TFE ID="NyRRL7tmBMr0VrDoyzfwg" II="1" MT="634896545082426060"><N>test field name</N><C>test secure text</C></TFE></CE></SBE></CE></PayloadData></Payload>'
+
+    assert_equal expect,
+      Strongboxio.decrypt(FILENAME, PASSWORD)
+  end
+
+  def test_strongboxio_instantiation
+    # #<Strongboxio:0x1011b2e28 @sbox={"PayloadData"=>[{"CE"=>[{"C"=>"1234 5678 9012 3456", "N"=>"credit card number"}, {"C"=>"11/2012", "N"=>"credit card expiration"}, {"C"=>"123", "N"=>"credit card verification value"}, {"C"=>"1234", "N"=>"debit card PIN"}, {"C"=>"qwerty", "N"=>"online banking password"}], "AC"=>"0", "N"=>"VanCity bank info", "D"=>"credit card, debit card, online banking", "CT"=>"634896555753102130", "MT"=>"634896555753103810", "T"=>"Credit, Debit, Card, Online, Banking"}, {"CE"=>[{"C"=>"ima_fake@gmail.com", "N"=>"username"}, {"C"=>"password1", "N"=>"password"}, {"C"=>"other", "N"=>"gender"}, {"C"=>"bart_simpson@gmail.com", "N"=>"backup"}], "AC"=>"0", "N"=>"fake Gmail account", "D"=>"used for Stackoverflow", "CT"=>"634896550747549900", "MT"=>"634896550747551430", "T"=>"Fake Gmail Stackoverflow"}, {"CE"=>[{}], "AC"=>"0", "N"=>"just a name", "CT"=>"634896545666556630", "MT"=>"634896545666557670"}, {"CE"=>[{"C"=>"test secure text", "N"=>"test field name"}], "AC"=>"0", "N"=>"test item name", "D"=>"test item description", "CT"=>"634896545082402010", "MT"=>"634896557631887530", "T"=>"Test, Item, Tag1, Tag2, Tag3"}], "MT"=>"2012-11-27T23:29:23.18873Z"}>
+
+    d = Strongboxio.decrypt(FILENAME, PASSWORD)
+    sbox = Strongboxio.new(d)
+    assert_equal 'Strongboxio',
+      sbox.class.to_s
+    assert_equal '2012-11-27T23:29:23.18873Z',
+      sbox.sbox['MT']
+  end
+
+end
+

metadata

@@ -0,0 +1,53 @@
+--- !ruby/object:Gem::Specification
+name: strongboxio
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Alex Batko
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-11-29 00:00:00.000000000Z
+dependencies: []
+description: Decrypt and read www.Strongbox.io files.
+email:
+- alexbatko@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/strongboxio.rb
+- test/2fe22f4d-bd41-476a-8159-c6e0b6487f7d.sbox
+- test/test_helper.rb
+- test/test_strongboxio.rb
+homepage: https://github.com/abatko/strongboxio
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: Decrypt and read www.Strongbox.io files
+test_files:
+- test/2fe22f4d-bd41-476a-8159-c6e0b6487f7d.sbox
+- test/test_helper.rb
+- test/test_strongboxio.rb