trustworthy 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3d5a9bbf0d74ba49411469bfe883a73ffb5062f7
-  data.tar.gz: 1310654f1209695a8d5a55fa6fb93a8ac154085a
+  metadata.gz: 2e1a1390b6d8e5000c0878ac62d61b3681f49c01
+  data.tar.gz: 145879b2c660ca53e418a7f7601274afbf5a0c5b
 SHA512:
-  metadata.gz: 53d3ef8231eeba640b3a6de17fc7483cab5bbe787cba4a4b6560d2eede988c0918cd8966d0d319192660e4d25ed0dca9af63f0a630e6b0d54572db21fa82caa2
-  data.tar.gz: 11b1cba0bae7bd711ddf38a8427cf87d7fd2104d99540070b348c7504a3defa7307f7ff0d2db02cae2f57142ac505568efd4fb5b3ea1b4f9cd17d2b6a5edfd79
+  metadata.gz: a40f4302c2b41ed837799d9fa330a7ceb22ec0d2cbb200608b36d7fde321d568091cb33c1b47795f6b3fa9410f37dd9ca9537977c851acc69ac817bc1e1f31fe
+  data.tar.gz: 1b2b475e1480479be4ff8bef09b7993cc181b04fac342e68e8732fe712beac7ae3be8138b4393dd220b1f99de4c2608271333076e1aa206dd8d9c7f104e35e2a

data/lib/trustworthy.rb

@@ -16,11 +16,11 @@ require 'trustworthy/settings'
 require 'trustworthy/version'
 
 module Trustworthy
-  CipherAlgorithm = 'AES-256-CBC-HMAC-SHA-256'
+  CipherAlgorithm = 'AES-256-CBC-HMAC-SHA-256'.freeze
   Cipher = AEAD::Cipher.new(CipherAlgorithm)
   SCryptParams = {
-    :max_time => 5,
-    :max_memfrac => 0.75,
-    :max_mem => 16 * 1024 * 1024,
-  }
+    max_time: 5,
+    max_memfrac: 0.75,
+    max_mem: 16 * 1024 * 1024
+  }.freeze
 end

data/lib/trustworthy/cli.rb

@@ -19,8 +19,8 @@ module Trustworthy
       'init'    => Trustworthy::CLI::Init,
       'decrypt' => Trustworthy::CLI::Decrypt,
       'encrypt' => Trustworthy::CLI::Encrypt,
-      'passwd'  => Trustworthy::CLI::Passwd,
-    }
+      'passwd'  => Trustworthy::CLI::Passwd
+    }.freeze
 
     def self.banner
       "Trustworthy CLI v#{Trustworthy::VERSION}"
@@ -28,7 +28,7 @@ module Trustworthy
 
     def run(args)
       command = args.shift
-      if Commands.has_key?(command)
+      if Commands.key?(command)
         klass = Commands[command]
         klass.new.run(args)
       else
@@ -40,7 +40,7 @@ module Trustworthy
       say("#{Trustworthy::CLI.banner}\n\n")
       say('Commands:')
       Commands.each do |name, klass|
-        say('  %-8s %s' % [name, klass.description])
+        say(format('  %-8s %s', name, klass.description))
       end
       say("\nSee 'trustworthy <command> --help' for more information on a specific command")
     end

data/lib/trustworthy/cli/command.rb

@@ -2,7 +2,7 @@ module Trustworthy
   class CLI
     module Command
       def default_options
-        { :config_file => 'trustworthy.yml' }
+        {config_file: 'trustworthy.yml'}
       end
 
       def parse_options(command, args)
@@ -27,9 +27,7 @@ module Trustworthy
       end
 
       def print_help
-        if @parser
-          puts @parser
-        end
+        puts @parser if @parser
       end
 
       def say(message)

data/lib/trustworthy/cli/crypt.rb

@@ -6,9 +6,9 @@ module Trustworthy
       end
 
       def parse_options(args)
-        options = super(_command, args) do |opts, options|
+        options = super(_command, args) do |opts, inner_options|
           opts.on('-o', '--output FILE', "File to write #{_command}ed contents to") do |file|
-            options[:output_file] = file
+            inner_options[:output_file] = file
           end
         end
         options[:input_file] = args.shift

data/lib/trustworthy/cli/decrypt.rb

@@ -10,7 +10,7 @@ module Trustworthy
 
       def parse_options(args)
         options = super(args)
-        if options[:input_file].to_s.end_with?('.tw') && !options.has_key?(:output_file)
+        if options[:input_file].to_s.end_with?('.tw') && !options.key?(:output_file)
           options[:output_file] = File.basename(options[:input_file], '.tw')
         end
         options
@@ -34,10 +34,10 @@ module Trustworthy
       end
 
       def _strip_ciphertext(ciphertext)
-        ciphertext.
-          gsub(/-+(BEGIN|END) TRUSTWORTHY ENCRYPTED FILE-+/, '').
-          gsub(/^Version: .*$/, '').
-          gsub("\n", '')
+        ciphertext
+          .gsub(/-+(BEGIN|END) TRUSTWORTHY ENCRYPTED FILE-+/, '')
+          .gsub(/^Version: .*$/, '')
+          .delete("\n")
       end
     end
   end

data/lib/trustworthy/cli/encrypt.rb

@@ -10,7 +10,7 @@ module Trustworthy
 
       def parse_options(args)
         options = super(args)
-        unless options.has_key?(:output_file)
+        unless options.key?(:output_file)
           options[:output_file] = "#{options[:input_file]}.tw"
         end
         options

data/lib/trustworthy/cli/init.rb

@@ -8,7 +8,7 @@ module Trustworthy
       end
 
       def default_options
-        { :keys => 2 }.merge(super)
+        {keys: 2}.merge(super)
       end
 
       def parse_options(args)
@@ -19,6 +19,7 @@ module Trustworthy
         end
       end
 
+      # rubocop:disable Metrics/AbcSize
       def run(args)
         options = parse_options(args)
 
@@ -30,7 +31,7 @@ module Trustworthy
         Trustworthy::Settings.open(options[:config_file]) do |settings|
           unless settings.empty?
             say("Config #{options[:config_file]} already exists")
-            return
+            return # rubocop:disable Lint/NonLocalExitFromIterator
           end
         end
 

data/lib/trustworthy/key.rb

@@ -9,7 +9,7 @@ module Trustworthy
     end
 
     def self.create_from_string(str)
-      x, y = str.split(',').map { |n| BigDecimal.new(n) }
+      x, y = str.split(',').map { |n| BigDecimal(n) }
       Trustworthy::Key.new(x, y)
     end
 

data/lib/trustworthy/master_key.rb

@@ -32,7 +32,7 @@ module Trustworthy
       ciphertext = _cipher.encrypt(nonce, '', plaintext)
 
       [nonce, ciphertext].map do |field|
-        Base64.encode64(field).gsub("\n", '')
+        Base64.strict_encode64(field)
       end.join('--')
     end
 

data/lib/trustworthy/prompt.rb

@@ -12,15 +12,12 @@ module Trustworthy
         username = nil
         loop do
           username = _ask('Username: ')
-          if settings.has_key?(username)
-            _error("Key #{username} is already in use")
-          else
-            break
-          end
+          break unless settings.key?(username)
+          _error("Key #{username} is already in use")
         end
 
         loop do
-          password = _ask_password('Password: ')
+          password = _ask_password_with_strength_requirements('Password: ')
           password_confirm = _ask_password('Password (again): ')
           if password == password_confirm
             settings.add_key(key, username, password)
@@ -39,7 +36,7 @@ module Trustworthy
         username, key = _unlock_key(settings, [])
 
         loop do
-          password = _ask_password('Password: ')
+          password = _ask_password_with_strength_requirements('Password: ')
           password_confirm = _ask_password('Password (again): ')
           if password == password_confirm
             settings.add_key(key, username, password)
@@ -61,7 +58,7 @@ module Trustworthy
         username1, key1 = _unlock_key(settings, usernames_in_use)
         usernames_in_use << username1
 
-        username2, key2 = _unlock_key(settings, usernames_in_use)
+        _, key2 = _unlock_key(settings, usernames_in_use)
 
         master_key = Trustworthy::MasterKey.create_from_keys(key1, key2)
         _say('Reconstructed master key')
@@ -70,7 +67,7 @@ module Trustworthy
       end
     end
 
-    def _unlock_key(settings, usernames_in_use)
+    def _unlock_key(settings, usernames_in_use) # rubocop:disable Metrics/MethodLength
       username = nil
       loop do
         username = _ask('Username: ')
@@ -105,10 +102,26 @@ module Trustworthy
       @terminal.ask(question) { |q| q.echo = false }.to_s
     end
 
+    def _ask_password_with_strength_requirements(question)
+      loop do
+        password = @terminal.ask(question) { |q| q.echo = false }.to_s
+        return password if _strong_password?(password)
+        _error('Password is too weak')
+      end
+    end
+
     def _say(message)
       @terminal.say(message)
     end
 
+    def _strong_password?(password)
+      return false unless password =~ /.{8,}/
+      return false unless password =~ /[0-9]/
+      return false unless password =~ /[A-Za-z]/
+      return false unless password =~ /\W/
+      true
+    end
+
     def _error(message)
       colored_message = @terminal.color(message, :error)
       _say(colored_message)

data/lib/trustworthy/random.rb

@@ -3,7 +3,7 @@ module Trustworthy
     def self.number(size = 32)
       raw_bytes = bytes(size)
       number = raw_bytes.unpack('H*').first.hex
-      BigDecimal.new(number.to_s)
+      BigDecimal(number.to_s)
     end
 
     def self.bytes(size = 32)

data/lib/trustworthy/settings.rb

@@ -27,7 +27,7 @@ module Trustworthy
       @store[username]
     end
 
-    def has_key?(username)
+    def key?(username)
       @store.root?(username)
     end
 
@@ -62,7 +62,7 @@ module Trustworthy
       nonce = Trustworthy::Cipher.generate_nonce
       ciphertext = cipher.encrypt(nonce, '', plaintext)
       [nonce, ciphertext].map do |field|
-        Base64.encode64(field).gsub("\n", '')
+        Base64.strict_encode64(field)
       end.join('--')
     end
   end

data/lib/trustworthy/version.rb

@@ -1,3 +1,3 @@
 module Trustworthy
-  VERSION = '0.5.0'
+  VERSION = '0.6.0'.freeze
 end

data/spec/spec_helper.rb

@@ -5,23 +5,27 @@ require 'timecop'
 require 'highline/simulate'
 
 module TestValues
-  SettingsFile = 'trustworthy.yml'
+  SettingsFile = 'trustworthy.yml'.freeze
   InitializationVector = ['39164ec082fb8b7336d3c5500af99dcb'].pack('H*')
-  Plaintext = 'the chair is against the wall'
-  Ciphertext = 'ORZOwIL7i3M208VQCvmdyw==--b16sXYF6ZbisfF7YBpHbNpBOHOYToQV9gHs3En2SeksKmhuVHvV2/Jqe3KDvW4PiuuhQqLO3m/7d/4ktGUHUOQ=='
-  Salt = '400$8$1b$3e31f076a3226825'
-  MasterKey = Trustworthy::MasterKey.new(BigDecimal.new('1'), BigDecimal.new('5'))
-  EncryptedPoint = 'ORZOwIL7i3M208VQCvmdyw==--F9LmBJbtVT36tLBcVoqpJgy45TkwkRyOcYvJfriN70AOXKweTuPRUGCSDCXRNGKF'
-  EncryptedFile = <<-EOF
+  Plaintext = 'the chair is against the wall'.freeze
+  Ciphertext = 'ORZOwIL7i3M208VQCvmdyw==--b16sXYF6ZbisfF7YBpHbNpBOHOYToQV9gHs3En2SeksKmhuVHvV2/Jqe3KDvW4PiuuhQqLO3m/7d/4ktGUHUOQ=='.freeze
+  Salt = '400$8$1b$3e31f076a3226825'.freeze
+  MasterKey = Trustworthy::MasterKey.new(BigDecimal('1'), BigDecimal('5'))
+  EncryptedPoint = 'ORZOwIL7i3M208VQCvmdyw==--F9LmBJbtVT36tLBcVoqpJgy45TkwkRyOcYvJfriN70AOXKweTuPRUGCSDCXRNGKF'.freeze
+  # rubocop:disable Layout/IndentHeredoc
+  EncryptedFile = <<-FILE.freeze
 -----BEGIN TRUSTWORTHY ENCRYPTED FILE-----
 Version: Trustworthy/#{Trustworthy::VERSION}
 
 ORZOwIL7i3M208VQCvmdyw==--o39ZYHOC+HotoUiBqeHqvSOWXUbXwaZRsMkwzQ
 7nVtk1jWftqroCoi6QITaiqQlTZywpN7DLqsAWeSKRhXipjA==
 -----END TRUSTWORTHY ENCRYPTED FILE-----
-EOF
+FILE
+  # rubocop:enable Layout/IndentHeredoc
 end
 
+SCrypt::Engine::DEFAULTS[:cost] = '400$8$1b$'
+
 RSpec.configure do |config|
   config.order = 'random'
   config.include TestConstruct::Helpers
@@ -32,7 +36,7 @@ end
 
 def create_config(filename)
   Trustworthy::Settings.open(filename) do |settings|
-    settings.add_key(TestValues::MasterKey.create_key, 'user1', 'password1')
-    settings.add_key(TestValues::MasterKey.create_key, 'user2', 'password2')
+    settings.add_key(TestValues::MasterKey.create_key, 'user1', 'P@ssw0rd1')
+    settings.add_key(TestValues::MasterKey.create_key, 'user2', 'P@ssw0rd2')
   end
 end

data/spec/trustworthy/cli/add_key_spec.rb

@@ -17,12 +17,12 @@ describe Trustworthy::CLI::AddKey do
     it 'should add a new user' do
       HighLine::Simulate.with(
         'user1',
-        'password1',
+        'P@ssw0rd1',
         'user2',
-        'password2',
+        'P@ssw0rd2',
         'user3',
-        'password3',
-        'password3'
+        'P@ssw0rd3',
+        'P@ssw0rd3'
       ) do
         Trustworthy::CLI::AddKey.new.run([])
       end

data/spec/trustworthy/cli/decrypt_spec.rb

@@ -20,9 +20,9 @@ describe Trustworthy::CLI::Decrypt do
     it 'should unlock the master key and decrypt the file' do
       HighLine::Simulate.with(
         'user1',
-        'password1',
+        'P@ssw0rd1',
         'user2',
-        'password2'
+        'P@ssw0rd2'
       ) do
         Trustworthy::CLI::Decrypt.new.run(['input.txt.tw'])
       end
@@ -35,37 +35,23 @@ describe Trustworthy::CLI::Decrypt do
     end
 
     it 'should require an input file' do
-      HighLine::Simulate.with(
-        'user1',
-        'password1',
-        'user2',
-        'password2'
-      ) do
-        decrypt = Trustworthy::CLI::Decrypt.new
-        expect(decrypt).to receive(:print_help)
-        decrypt.run([])
-      end
+      decrypt = Trustworthy::CLI::Decrypt.new
+      expect(decrypt).to receive(:print_help)
+      decrypt.run([])
     end
 
     it 'should require an output file if input does not end in .tw' do
-      HighLine::Simulate.with(
-        'user1',
-        'password1',
-        'user2',
-        'password2'
-      ) do
-        decrypt = Trustworthy::CLI::Decrypt.new
-        expect(decrypt).to receive(:print_help)
-        decrypt.run(['input.txt'])
-      end
+      decrypt = Trustworthy::CLI::Decrypt.new
+      expect(decrypt).to receive(:print_help)
+      decrypt.run(['input.txt'])
     end
 
     it 'should take an optional output file' do
       HighLine::Simulate.with(
         'user1',
-        'password1',
+        'P@ssw0rd1',
         'user2',
-        'password2'
+        'P@ssw0rd2'
       ) do
         Trustworthy::CLI::Decrypt.new.run(['input.txt.tw', '-o', 'output.txt'])
       end

data/spec/trustworthy/cli/encrypt_spec.rb

@@ -21,9 +21,9 @@ describe Trustworthy::CLI::Encrypt do
     it 'should unlock the master key and encrypt the file' do
       HighLine::Simulate.with(
         'user1',
-        'password1',
+        'P@ssw0rd1',
         'user2',
-        'password2'
+        'P@ssw0rd2'
       ) do
         Trustworthy::CLI::Encrypt.new.run(['input.txt'])
       end
@@ -36,24 +36,17 @@ describe Trustworthy::CLI::Encrypt do
     end
 
     it 'should require an input file' do
-      HighLine::Simulate.with(
-        'user1',
-        'password1',
-        'user2',
-        'password2'
-      ) do
-        encrypt = Trustworthy::CLI::Encrypt.new
-        expect(encrypt).to receive(:print_help)
-        encrypt.run([])
-      end
+      encrypt = Trustworthy::CLI::Encrypt.new
+      expect(encrypt).to receive(:print_help)
+      encrypt.run([])
     end
 
     it 'should allow a named output file' do
       HighLine::Simulate.with(
         'user1',
-        'password1',
+        'P@ssw0rd1',
         'user2',
-        'password2'
+        'P@ssw0rd2'
       ) do
         Trustworthy::CLI::Encrypt.new.run(['input.txt', '-o', 'output.txt'])
       end

data/spec/trustworthy/cli/init_spec.rb

@@ -22,11 +22,11 @@ describe Trustworthy::CLI::Init do
     it 'should write a settings file' do
       HighLine::Simulate.with(
         'user1',
-        'password1',
-        'password1',
+        'P@ssw0rd1',
+        'P@ssw0rd1',
         'user2',
-        'password2',
-        'password2'
+        'P@ssw0rd2',
+        'P@ssw0rd2'
       ) do
         Trustworthy::CLI::Init.new.run([])
       end
@@ -43,11 +43,11 @@ describe Trustworthy::CLI::Init do
         construct.file(filename)
         HighLine::Simulate.with(
           'user1',
-          'password1',
-          'password1',
+          'P@ssw0rd1',
+          'P@ssw0rd1',
           'user2',
-          'password2',
-          'password2'
+          'P@ssw0rd2',
+          'P@ssw0rd2'
         ) do
           Trustworthy::CLI::Init.new.run(['-c', filename])
         end
@@ -62,14 +62,14 @@ describe Trustworthy::CLI::Init do
     it 'should generate the specified number of keys' do
       HighLine::Simulate.with(
         'user1',
-        'password1',
-        'password1',
+        'P@ssw0rd1',
+        'P@ssw0rd1',
         'user2',
-        'password2',
-        'password2',
+        'P@ssw0rd2',
+        'P@ssw0rd2',
         'user3',
-        'password3',
-        'password3'
+        'P@ssw0rd3',
+        'P@ssw0rd3'
       ) do
         Trustworthy::CLI::Init.new.run(['-k', '3'])
       end

data/spec/trustworthy/key_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 describe Trustworthy::Key do
   describe 'self.create' do
     it 'should create a key along the slope and intercept' do
-      allow(Trustworthy::Random).to receive(:number).and_return(BigDecimal.new('10'))
+      allow(Trustworthy::Random).to receive(:number).and_return(BigDecimal('10'))
       key = Trustworthy::Key.create(6, 24)
       expect(key.y).to eq(84)
     end
@@ -12,15 +12,15 @@ describe Trustworthy::Key do
   describe 'self.create_from_string' do
     it 'should create a key from the string representation' do
       key = Trustworthy::Key.create_from_string('4.0,5.0')
-      expect(key.x).to eq(BigDecimal.new('4.0'))
-      expect(key.y).to eq(BigDecimal.new('5.0'))
+      expect(key.x).to eq(BigDecimal('4.0'))
+      expect(key.y).to eq(BigDecimal('5.0'))
     end
   end
 
   describe 'to_s' do
     it 'should return a set of points' do
-      x = BigDecimal.new('4')
-      y = BigDecimal.new('5')
+      x = BigDecimal('4')
+      y = BigDecimal('5')
       key = Trustworthy::Key.new(x, y)
       expect(key.to_s).to eq('4.0,5.0')
     end

data/spec/trustworthy/master_key_spec.rb

@@ -30,7 +30,7 @@ describe Trustworthy::MasterKey do
 
   describe 'self.create' do
     it 'should generate a random slope and intercept' do
-      allow(Trustworthy::Random).to receive(:number).and_return(BigDecimal.new('10'))
+      allow(Trustworthy::Random).to receive(:number).and_return(BigDecimal('10'))
 
       master_key = Trustworthy::MasterKey.create
       key = master_key.create_key
@@ -41,10 +41,10 @@ describe Trustworthy::MasterKey do
 
   describe 'self.create_from_keys' do
     it 'should calculate the slope and intercept given two keys' do
-      allow(Trustworthy::Random).to receive(:number).and_return(BigDecimal.new('10'))
+      allow(Trustworthy::Random).to receive(:number).and_return(BigDecimal('10'))
 
-      key1 = Trustworthy::Key.new(BigDecimal.new('2'), BigDecimal.new('30'))
-      key2 = Trustworthy::Key.new(BigDecimal.new('5'), BigDecimal.new('60'))
+      key1 = Trustworthy::Key.new(BigDecimal('2'), BigDecimal('30'))
+      key2 = Trustworthy::Key.new(BigDecimal('5'), BigDecimal('60'))
 
       master_key = Trustworthy::MasterKey.create_from_keys(key1, key2)
       new_key = master_key.create_key
@@ -55,7 +55,7 @@ describe Trustworthy::MasterKey do
 
   describe 'create_key' do
     it 'should define a new key' do
-      master_key = Trustworthy::MasterKey.new(BigDecimal.new('6'), BigDecimal.new('24'))
+      master_key = Trustworthy::MasterKey.new(BigDecimal('6'), BigDecimal('24'))
       key = master_key.create_key
       expect(key.x).to_not eq(0)
       expect(key.y).to_not eq(0)
@@ -66,7 +66,7 @@ describe Trustworthy::MasterKey do
     it 'should encrypt and sign the data using the intercept' do
       allow(AEAD::Cipher::AES_256_CBC_HMAC_SHA_256).to receive(:generate_nonce).and_return(TestValues::InitializationVector)
 
-      master_key = Trustworthy::MasterKey.new(BigDecimal.new('6'), BigDecimal.new('24'))
+      master_key = Trustworthy::MasterKey.new(BigDecimal('6'), BigDecimal('24'))
       ciphertext = master_key.encrypt(TestValues::Plaintext)
       expect(ciphertext).to eq(TestValues::Ciphertext)
     end
@@ -74,17 +74,16 @@ describe Trustworthy::MasterKey do
 
   describe 'decrypt' do
     it 'should decrypt and verify the data using the intercept' do
-      master_key = Trustworthy::MasterKey.new(BigDecimal.new('6'), BigDecimal.new('24'))
+      master_key = Trustworthy::MasterKey.new(BigDecimal('6'), BigDecimal('24'))
       plaintext = master_key.decrypt(TestValues::Ciphertext)
       expect(plaintext).to eq(TestValues::Plaintext)
     end
 
     it 'should raise an invalid signature error if signatures do not match' do
-      master_key = Trustworthy::MasterKey.new(BigDecimal.new('6'), BigDecimal.new('24'))
+      master_key = Trustworthy::MasterKey.new(BigDecimal('6'), BigDecimal('24'))
       ciphertext = TestValues::Ciphertext.dup
       ciphertext[0] = ciphertext[0].next
       expect { master_key.decrypt(ciphertext) }.to raise_error(ArgumentError, 'ciphertext failed authentication step')
     end
   end
 end
-

data/spec/trustworthy/prompt_spec.rb

@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Trustworthy::Prompt do
-  let(:test_key) { Trustworthy::Key.new(BigDecimal.new('1'), BigDecimal.new('2')) }
+  let(:test_key) { Trustworthy::Key.new(BigDecimal('1'), BigDecimal('2')) }
 
   before(:each) do
     allow($terminal).to receive(:say)
@@ -19,8 +19,8 @@ describe Trustworthy::Prompt do
     it 'should prompt for two user keys' do
       HighLine::Simulate.with(
         'user3',
-        'password',
-        'password'
+        'P@ssw0rd',
+        'P@ssw0rd'
       ) do
         prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
         username = prompt.add_user_key(test_key)
@@ -31,10 +31,10 @@ describe Trustworthy::Prompt do
     it 'should confirm passwords' do
       HighLine::Simulate.with(
         'user3',
-        'password1',
-        'password2',
-        'password1',
-        'password1'
+        'P@ssw0rd1',
+        'P@ssw0rd1',
+        'P@ssw0rd2',
+        'P@ssw0rd2'
       ) do
         prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
         username = prompt.add_user_key(test_key)
@@ -48,8 +48,8 @@ describe Trustworthy::Prompt do
       HighLine::Simulate.with(
         'user1',
         'user3',
-        'password',
-        'password'
+        'P@ssw0rd',
+        'P@ssw0rd'
       ) do
         prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
         expect(prompt).to receive(:_error).with('Key user1 is already in use')
@@ -57,15 +57,30 @@ describe Trustworthy::Prompt do
         expect(username).to eq('user3')
       end
     end
+
+    it 'should enforce strong passwords' do
+      create_config(TestValues::SettingsFile)
+
+      HighLine::Simulate.with(
+        'user3',
+        'password',
+        'P@ssw0rd',
+        'P@ssw0rd'
+      ) do
+        prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
+        expect(prompt).to receive(:_error).with('Password is too weak')
+        prompt.add_user_key(test_key)
+      end
+    end
   end
 
   describe 'unlock_master_key' do
     it 'should prompt for two user keys' do
       HighLine::Simulate.with(
         'user1',
-        'password1',
+        'P@ssw0rd1',
         'user2',
-        'password2'
+        'P@ssw0rd2'
       ) do
         prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
         master_key = prompt.unlock_master_key
@@ -88,10 +103,10 @@ describe Trustworthy::Prompt do
     it 'should require two distinct keys to unlock' do
       HighLine::Simulate.with(
         'user1',
-        'password1',
+        'P@ssw0rd1',
         'user1',
         'user2',
-        'password2'
+        'P@ssw0rd2'
       ) do
         prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
         expect(prompt).to receive(:_error).with('Key user1 is already in use')
@@ -103,9 +118,9 @@ describe Trustworthy::Prompt do
       HighLine::Simulate.with(
         'missing',
         'user1',
-        'password1',
+        'P@ssw0rd1',
         'user2',
-        'password2'
+        'P@ssw0rd2'
       ) do
         prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
         expect(prompt).to receive(:_error).with('Key missing does not exist')
@@ -116,10 +131,10 @@ describe Trustworthy::Prompt do
     it 'should require an existing user for the second key' do
       HighLine::Simulate.with(
         'user1',
-        'password1',
+        'P@ssw0rd1',
         'missing',
         'user2',
-        'password2'
+        'P@ssw0rd2'
       ) do
         prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
         expect(prompt).to receive(:_error).with('Key missing does not exist')
@@ -131,9 +146,9 @@ describe Trustworthy::Prompt do
       HighLine::Simulate.with(
         'user1',
         'bad_password',
-        'password1',
+        'P@ssw0rd1',
         'user2',
-        'password2'
+        'P@ssw0rd2'
       ) do
         prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
         expect(prompt).to receive(:_error).with('Password incorrect for user1')
@@ -144,10 +159,10 @@ describe Trustworthy::Prompt do
     it 'should prompt for the correct password for the second key' do
       HighLine::Simulate.with(
         'user1',
-        'password1',
+        'P@ssw0rd1',
         'user2',
         'bad_password',
-        'password2'
+        'P@ssw0rd2'
       ) do
         prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
         expect(prompt).to receive(:_error).with('Password incorrect for user2')
@@ -161,9 +176,9 @@ describe Trustworthy::Prompt do
       old_settings = YAML.load_file(TestValues::SettingsFile)
       HighLine::Simulate.with(
         'user1',
-        'password1',
-        'password2',
-        'password2',
+        'P@ssw0rd1',
+        'P@ssw0rd2',
+        'P@ssw0rd2'
       ) do
         prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
         prompt.change_user_password
@@ -177,9 +192,9 @@ describe Trustworthy::Prompt do
       HighLine::Simulate.with(
         'user1',
         'bad_password',
-        'password1',
-        'password2',
-        'password2',
+        'P@ssw0rd1',
+        'P@ssw0rd2',
+        'P@ssw0rd2'
       ) do
         prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
         expect(prompt).to receive(:_error).with('Password incorrect for user1')
@@ -191,11 +206,11 @@ describe Trustworthy::Prompt do
       old_settings = YAML.load_file(TestValues::SettingsFile)
       HighLine::Simulate.with(
         'user1',
-        'password1',
-        'password2',
-        'password3',
-        'password2',
-        'password2',
+        'P@ssw0rd1',
+        'P@ssw0rd2',
+        'P@ssw0rd3',
+        'P@ssw0rd2',
+        'P@ssw0rd2'
       ) do
         prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
         prompt.change_user_password

data/spec/trustworthy/random_spec.rb

@@ -9,7 +9,7 @@ describe Trustworthy::Random do
 
     it 'should return a number up to a given byte size' do
       random = Trustworthy::Random.number(2)
-      expect(random).to be <= 2 ** 16
+      expect(random).to be <= 2**16
     end
   end
 

data/spec/trustworthy/settings_spec.rb

@@ -16,7 +16,7 @@ describe Trustworthy::Settings do
     it 'should read and write the key information to a file' do
       Timecop.freeze(DateTime.new(2017, 10, 19, 9, 0, 0, 0)) do
         Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
-          key = Trustworthy::Key.new(BigDecimal.new('2'), BigDecimal.new('3'))
+          key = Trustworthy::Key.new(BigDecimal('2'), BigDecimal('3'))
           settings.add_key(key, 'user', 'password1')
         end
 
@@ -32,13 +32,13 @@ describe Trustworthy::Settings do
 
     it 'should preserve the contents if an exception is raised' do
       Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
-        key = Trustworthy::Key.new(BigDecimal.new('2'), BigDecimal.new('3'))
+        key = Trustworthy::Key.new(BigDecimal('2'), BigDecimal('3'))
         settings.add_key(key, 'user', 'password1')
       end
 
       expect do
         Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
-          key = Trustworthy::Key.new(BigDecimal.new('2'), BigDecimal.new('3'))
+          key = Trustworthy::Key.new(BigDecimal('2'), BigDecimal('3'))
           settings.add_key(key, 'user', 'password2')
           settings.add_key(key, 'missing', 'password')
           raise 'boom'
@@ -57,9 +57,9 @@ describe Trustworthy::Settings do
   end
 
   describe 'add_key' do
-    it 'should encrypt the key with the password' do |settings|
+    it 'should encrypt the key with the password' do
       Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
-        key = Trustworthy::Key.new(BigDecimal.new('2'), BigDecimal.new('3'))
+        key = Trustworthy::Key.new(BigDecimal('2'), BigDecimal('3'))
         settings.add_key(key, 'user', 'password1')
         found_key = settings.find_key('user')
         expect(found_key['salt']).to eq(TestValues::Salt)
@@ -71,15 +71,15 @@ describe Trustworthy::Settings do
   describe 'has_key?' do
     it 'should be true if the key exists' do
       Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
-        key = Trustworthy::Key.new(BigDecimal.new('2'), BigDecimal.new('3'))
+        key = Trustworthy::Key.new(BigDecimal('2'), BigDecimal('3'))
         settings.add_key(key, 'user', 'password1')
-        expect(settings).to have_key('user')
+        expect(settings.key?('user')).to be_truthy
       end
     end
 
     it 'should be false if the key does exists' do
       Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
-        expect(settings).to_not have_key('missing')
+        expect(settings.key?('missing')).to_not be_truthy
       end
     end
   end
@@ -93,7 +93,7 @@ describe Trustworthy::Settings do
 
     it 'should not be recoverable with one user key' do
       Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
-        key = Trustworthy::Key.new(BigDecimal.new('2'), BigDecimal.new('3'))
+        key = Trustworthy::Key.new(BigDecimal('2'), BigDecimal('3'))
         settings.add_key(key, 'user', 'password')
         expect(settings).to_not be_recoverable
       end
@@ -101,8 +101,8 @@ describe Trustworthy::Settings do
 
     it 'should be recoverable with two or more user keys' do
       Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
-        key1 = Trustworthy::Key.new(BigDecimal.new('2'), BigDecimal.new('3'))
-        key2 = Trustworthy::Key.new(BigDecimal.new('3'), BigDecimal.new('4'))
+        key1 = Trustworthy::Key.new(BigDecimal('2'), BigDecimal('3'))
+        key2 = Trustworthy::Key.new(BigDecimal('3'), BigDecimal('4'))
         settings.add_key(key1, 'user1', 'password')
         settings.add_key(key2, 'user2', 'password')
         expect(settings).to be_recoverable
@@ -113,11 +113,11 @@ describe Trustworthy::Settings do
   describe 'unlock_key' do
     it 'should decrypt the key with the password' do
       Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
-        key = Trustworthy::Key.new(BigDecimal.new('2'), BigDecimal.new('3'))
+        key = Trustworthy::Key.new(BigDecimal('2'), BigDecimal('3'))
         settings.add_key(key, 'user', 'password1')
         unlocked_key = settings.unlock_key('user', 'password1')
-        expect(unlocked_key.x).to eq(BigDecimal.new('2'))
-        expect(unlocked_key.y).to eq(BigDecimal.new('3'))
+        expect(unlocked_key.x).to eq(BigDecimal('2'))
+        expect(unlocked_key.y).to eq(BigDecimal('3'))
       end
     end
   end

metadata

@@ -1,130 +1,144 @@
 --- !ruby/object:Gem::Specification
 name: trustworthy
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - John Downey
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-10-19 00:00:00.000000000 Z
+date: 2018-04-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aead
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.8'
 - !ruby/object:Gem::Dependency
   name: highline
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.7'
 - !ruby/object:Gem::Dependency
   name: hkdf
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: scrypt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: test_construct
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.0.1
+        version: 12.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.0.1
+        version: 12.1.0
 - !ruby/object:Gem::Dependency
-  name: timecop
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.9.1
+        version: 3.7.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.9.1
+        version: 3.7.0
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.7.0
+        version: 0.50.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.7.0
+        version: 0.50.0
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: test_construct
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 12.1.0
+        version: 2.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 12.1.0
-description: Implements a special case (k = 2) of Adi Shamir's secret sharing algorithm.
-  This allows secret files to be encrypted on disk and require two secret holders
-  to decrypt it.
+        version: 2.0.1
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+description: |-
+  Implements a special case (k = 2) of Adi Shamir's secret sharing algorithm.
+                     This allows secret files to be encrypted on disk and require two secret holders to decrypt it.
 email:
 - jdowney@gmail.com
 executables:
@@ -170,28 +184,28 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 2.6.14
 signing_key: 
 specification_version: 4
 summary: Encrypt and decrypt files with multiple key holders
 test_files:
-- spec/spec_helper.rb
-- spec/trustworthy/cli/add_key_spec.rb
+- spec/trustworthy/master_key_spec.rb
+- spec/trustworthy/prompt_spec.rb
+- spec/trustworthy/cli/init_spec.rb
 - spec/trustworthy/cli/decrypt_spec.rb
+- spec/trustworthy/cli/add_key_spec.rb
 - spec/trustworthy/cli/encrypt_spec.rb
-- spec/trustworthy/cli/init_spec.rb
 - spec/trustworthy/key_spec.rb
-- spec/trustworthy/master_key_spec.rb
-- spec/trustworthy/prompt_spec.rb
-- spec/trustworthy/random_spec.rb
 - spec/trustworthy/settings_spec.rb
+- spec/trustworthy/random_spec.rb
+- spec/spec_helper.rb