trustworthy 0.1.0 → 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fc925ea8d2efecd58ea4c6a1e821c68a39d6934e
+  data.tar.gz: 40e0962287a78553690fce334db7721ad2775a53
+SHA512:
+  metadata.gz: 43f7de2e9c4b1b20f18d81e973f85e32e692e13dc5f7a614c7a075fdcb3688b5eba18b0696257f7fdfecf3d55af49a6968d124efa574585f11cd1f0dfeba6e72
+  data.tar.gz: 267b8564a9787c5966d5fc81221a3904f1418083b3d3e835eeb4288a5be4e35a9e60bff9fd9083fbb81dd54823a5caa742e91a11f02510e7e98565a6350f5f18

data/README.md

@@ -1,35 +1,67 @@
-## Trustworthy [![Build Status](https://secure.travis-ci.org/jtdowney/trustworthy.png?branch=master)](http://travis-ci.org/jtdowney/trustworthy)
+# Trustworthy [![Build Status](https://secure.travis-ci.org/jtdowney/trustworthy.png?branch=master)](http://travis-ci.org/jtdowney/trustworthy)
 
-Implements a special case (k = 2) of [Adi Shamir's](http://en.wikipedia.org/wiki/Adi_Shamir) [secret sharing algorithm](http://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing). This allows secret files to be encrypted on disk but loaded into a process on start if two of the keys are available.
+Implements a special case (k = 2) of [Adi Shamir's](http://en.wikipedia.org/wiki/Adi_Shamir) [secret sharing algorithm](http://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing). This allows secret files to be encrypted on disk and require two secret holders to decrypt it.
 
-### Uses
+## Usage
 
-#### Generate a new master key
+### Generate a new master key
 
-    trustworthy init -c trustworthy.yml
+    trustworthy init
 
-This will create a new master key and ask for two users to be added who can decrypt the master key. The information about users and secrets is stored in trustworthy.yml.
+This will create a new master key and ask for two users to be added who can decrypt the master key. The information about users and secrets is stored in trustworthy.yml. With all trustworthy commands you can also specify the configuration file to work with using `-c` or `--config`.
 
-#### Add an additional user to the master key
+    trustworthy init -c myconfig.yml
 
-    trustworthy add-user -c trustworthy.yml
+### Add an additional user key to the master key
 
-The master key will be loaded so that a new user can be added to trustworthy.yml.
+    trustworthy add-key
 
-#### Add a secret
+The master key will be loaded so that a new user key can be added to the configuration.
 
-    trustworthy add-secret -c trustworthy.yml -e ENCRYPTION_KEY -i encryption.key -o encryption.key.tw
+### Encrypt a file
 
-Secrets are the main purpose behind trustworthy. This will encrypt the file using the master key and will load it into the given environment variable when executed.
+    trustworthy encrypt -i foo.txt -o foo.txt.tw
 
-#### Run a program under trustworthy
+The master key will be loaded and then used to encrypt the file specified.
 
-    trustworthy exec -c trustworthy.yml rails console
+### Decrypt a file
 
-The master key will be loaded so all secrets can be decrypted and stored in the environment. After that the given program will be spawned and inherit the environment.
+    trustworthy decrypt -i foo.txt.tw -o foo.txt
 
-### Reference
+Decrypting works similar to encrypting, first the master key will be loaded and then used to decrypt the file.
 
-RSA Labs - [http://www.rsa.com/rsalabs/node.asp?id=2259](http://www.rsa.com/rsalabs/node.asp?id=2259)
-ssss - [http://point-at-infinity.org/ssss/](http://point-at-infinity.org/ssss/)
-Secret sharing on Wikipedia - [http://en.wikipedia.org/wiki/Secret_sharing](http://en.wikipedia.org/wiki/Secret_sharing)
+## Configuration format
+
+The configuration uses ruby's `YAML::Store` to provide a simple transactional data store. The salt is used in combination with the user password to derive a key using [scrypt](http://www.tarsnap.com/scrypt.html). That derived key encrypts the point for Shamir's algorithm.
+
+    ---
+    a-user:
+      salt: 400$8$28$4c7fc59a31a9f38a
+      encrypted_point: !binary |-
+        CWcT++kRSAw/0IAVRX6KKAfwbyWBX7ZUh4dZNxL8An413CvRL2tUhWlwsKVl
+        ZKyzmc6VjpKqS4ZpGoPPUCu6xrIo5LkLwXVIpDsBx7SCoK72uEsxd9x0GW5i
+        9Mf8r40KE3gUCudntBXlxduDrqWZgW1uFFCg+U3ACt28GzGftOGjYW6PCAZO
+        N35aHYpGHWhddWeFvbaXNrAPtLSiVWSNW35RU2qo+HS+uSYGO65r9viCXC8f
+        3yLZsPjtouDRyMEv5xOPVZKnvsf3Ju3EBH7Abyw/zezS2LvzrtmxHTN5yF92
+        xphq0imIR52Yj2/k6pdRz/X/8ZsdS+HEifvvRBM+oVKQ2PQh4MIFPJuE0CWA
+        iPnpqdvjYt0M7BsodX2K897A
+    another-user:
+      salt: 400$8$28$9dceab0f3414ab23
+      encrypted_point: !binary |-
+        7B1hXxwwXDU0vTLAPj6U9+WWT3o4i1r7prPOamgStDjvv7f0gZp0D3T56gZk
+        b+2Q4zwyhTM4p6DS0xdG3lfhnkQEYQ6tROnLbI1O7IvuOmFVsDNLej9ps7hJ
+        e1kdFiLaF3efRYtHs2GYdEVrRWWDFgfLDVFVoFbqDruRX1ltTVuaJvS9f7Qb
+        FPI8a2gJ0sl+1B5eBJeR1Chbdn3rHxK7SHq+J/SAJV7xKmkQa6B8g2V1D3xE
+        oB45Gmgm9o1s1/van72ckT91HPh55B8tHnjeZZwdHEp7Z8lyLrDxhbpQm7ql
+        ESpbM8BvdFCmzns5ZSku5Jgc78MwQ5YO1y/QXY+s9so7SDLI9yF18q4no81f
+        sNpbmdY+NolXChlDRZcZ9qJk
+
+## Reference
+
+* RSA Labs - [http://www.rsa.com/rsalabs/node.asp?id=2259](http://www.rsa.com/rsalabs/node.asp?id=2259)
+* ssss - [http://point-at-infinity.org/ssss/](http://point-at-infinity.org/ssss/)
+* Secret sharing on Wikipedia - [http://en.wikipedia.org/wiki/Secret_sharing](http://en.wikipedia.org/wiki/Secret_sharing)
+
+## License
+
+Trustworthy is released under the [MIT license](http://www.opensource.org/licenses/MIT).

data/bin/trustworthy

@@ -1,145 +1,7 @@
 #!/usr/bin/env ruby
 
 require 'rubygems'
-require 'commander/import'
 require 'trustworthy'
+require 'trustworthy/cli'
 
-program :version, Trustworthy::VERSION
-program :description, 'Trustworthy secret sharing'
-
-command 'init' do |c|
-  c.syntax = 'trustworthy init [options]'
-  c.summary = 'Create a new master key'
-  c.description = 'Used to generate a setup a new master key for trustworthy'
-  c.example 'create a new master key named foo', 'trustworthy init -c foo.yml'
-  c.option '-k', '--keys NUMBER', Integer, 'Initial number of keys to create (must be 2 or more, defaults to 2)'
-  c.option '-c', '--config FILE', String, 'Configuration file'
-  c.action do |args, options|
-    options.default :keys => 2
-
-    raise Commander::Runner::InvalidCommandError.new('Must provide a config file') unless options.config
-    raise Commander::Runner::InvalidCommandError.new('Cannot generate fewer than two sub-keys') if options.keys < 2
-
-    say "Creating a new master key with #{options.keys} sub-keys."
-
-    master_key = Trustworthy::MasterKey.create
-    settings = Trustworthy::Settings.new
-
-    options.keys.times do
-      add_user_key(settings, master_key)
-    end
-
-    settings.write(options.config)
-    say "Created #{options.config}"
-  end
-end
-
-command 'add-user' do |c|
-  c.syntax = 'trustworthy add-user [options]'
-  c.summary = 'Add a new user sub-key'
-  c.description = 'Load the master key and create a new user sub-key for it.'
-  c.example 'add a new user the master key', 'trustworthy add-key -c foo.yml'
-  c.option '-k', '--keys NUMBER', Integer, 'Number of keys to create'
-  c.option '-c', '--config FILE', String, 'Configuration file'
-  c.action do |args, options|
-    options.default :keys => 1
-
-    raise Commander::Runner::InvalidCommandError.new('Must provide a config file') unless options.config
-    raise Commander::Runner::InvalidCommandError.new('Cannot generate fewer than one key') if options.keys < 1
-
-    settings = Trustworthy::Settings.load(options.config)
-    master_key = load_master_key(settings)
-
-    options.keys.times do
-      add_user_key(settings, master_key)
-    end
-
-    settings.write(options.config)
-    say "Updated #{options.config} with #{options.keys} new key(s)"
-  end
-end
-
-command 'add-secret' do |c|
-  c.syntax = 'trustworthy add-secret [options]'
-  c.summary = 'Add a new secret'
-  c.description = 'Loads the master key and uses it to encrypt a new secret.'
-  c.example 'add a new secret with master key', 'trustworthy add-secret -c foo.yml -e ENCRYPTION_KEY -i encryption.key -o encryption.key.tw'
-  c.option '-e', '--environment ENVIRONMENT', 'Environment variable to store secret in when running exec'
-  c.option '-i', '--input FILE', 'File to be encrypted'
-  c.option '-o', '--output FILE', 'Encrypted output file'
-  c.option '-c', '--config FILE', String, 'Configuration file'
-  c.action do |args, options|
-    raise Commander::Runner::InvalidCommandError.new('Must provide a config file') unless options.config
-    raise Commander::Runner::InvalidCommandError.new('Must provide an environment variable') unless options.environment
-    raise Commander::Runner::InvalidCommandError.new('Must provide an input file') unless options.input
-    raise Commander::Runner::InvalidCommandError.new('Must provide an output file') unless options.output
-
-    settings = Trustworthy::Settings.load(options.config)
-    master_key = load_master_key(settings)
-
-    plaintext = File.read(options.input)
-    ciphertext = master_key.encrypt(plaintext)
-
-    File.open(options.output, 'w') do |file|
-      file.write(ciphertext)
-    end
-
-    settings.add_secret(options.environment, options.output)
-    settings.write(options.config)
-    say "Updated #{options.config} with the #{options.environment} secret"
-  end
-end
-
-command 'exec' do |c|
-  c.syntax = 'trustworthy exec -c [config file] program'
-  c.summary = 'Load secrets and run program'
-  c.description = 'Loads and decrypted all secrets with the master key and stores them in the environment before forking program'
-  c.example 'run rails console', 'trustworthy -c foo.yml rails console'
-  c.option '-c', '--config FILE', String, 'Configuration file'
-  c.action do |args, options|
-    raise Commander::Runner::InvalidCommandError.new('Must provide a config file') unless options.config
-
-    settings = Trustworthy::Settings.load(options.config)
-    master_key = load_master_key(settings)
-
-    environment = {}
-    settings.secrets.each do |key, encrypted_file|
-      ciphertext = File.read(encrypted_file)
-      environment[key] = master_key.decrypt(ciphertext)
-    end
-
-    pid = POSIX::Spawn.spawn(environment, *args)
-    Process.waitpid(pid)
-  end
-end
-
-def load_master_key(settings)
-  keys = []
-  2.times do
-    username = ask('Username: ')
-    password = password('Password: ', '')
-    keys << settings.unlock_key(username, password)
-    say "Unlocked key for #{username}."
-  end
-
-  Trustworthy::MasterKey.create_from_keys(*keys)
-end
-
-def add_user_key(settings, master_key)
-  key = master_key.create_key
-  username = ask('Username: ').to_s
-
-  password = nil
-  loop do
-    password = password('Password: ', '')
-    password_confirm = password('Password (again): ', '')
-    if password == password_confirm
-      break
-    else
-      say_error 'Password mismatch'
-    end
-  end
-
-  settings.add_key(key, username, password)
-  say "User #{username} added."
-end
+Trustworthy::CLI.new.run(ARGV)

data/lib/trustworthy/cli/add_key.rb

@@ -0,0 +1,22 @@
+module Trustworthy
+  class CLI
+    class AddKey
+      include Trustworthy::CLI::Command
+
+      def self.description
+        'Add a new user key for a master key'
+      end
+
+      def run(args)
+        options = parse_options('add-key', args)
+        info 'Adding a new key to master key'
+
+        Trustworthy::Settings.open(options[:config_file]) do |settings|
+          master_key = unlock_master_key(settings)
+          username = add_key(settings, master_key)
+          info "Added #{username} to #{options[:config_file]}"
+        end
+      end
+    end
+  end
+end

data/lib/trustworthy/cli/command.rb

@@ -0,0 +1,63 @@
+module Trustworthy
+  class CLI
+    module Command
+      include Trustworthy::CLI::Helpers
+
+      def default_options
+        { :config_file => 'trustworthy.yml' }
+      end
+
+      def parse_options(command, args)
+        options = default_options
+        @parser = OptionParser.new do |opts|
+          opts.banner = "#{Trustworthy::CLI.banner}\n\nUsage: trustworthy #{command} [options]\n"
+          opts.on('-c', '--config FILE', 'Configuration file to use (default: trustworthy.yml)') do |file|
+            options[:config_file] = file
+          end
+
+          opts.on_tail('-h', '--help', 'Show this message') do
+            puts opts
+            exit
+          end
+
+          if block_given?
+            yield opts, options
+          end
+        end
+        @parser.parse!(args)
+        options
+      end
+
+      def print_help
+        if @parser
+          puts @parser
+        end
+      end
+
+      def ask(prompt)
+        $terminal.ask(prompt).to_s
+      end
+
+      def ask_password(prompt)
+        $terminal.ask(prompt) { |q| q.echo = false }.to_s
+      end
+
+      def error(message)
+        say_color(message, :error)
+      end
+
+      def info(message)
+        say_color(message, :info)
+      end
+
+      def say(message)
+        $terminal.say(message)
+      end
+
+      def say_color(message, color)
+        colored_message = $terminal.color(message, color)
+        say(colored_message)
+      end
+    end
+  end
+end

data/lib/trustworthy/cli/decrypt.rb

@@ -0,0 +1,52 @@
+module Trustworthy
+  class CLI
+    class Decrypt
+      include Trustworthy::CLI::Command
+
+      def self.description
+        'Decrypt a file using the master key'
+      end
+
+      def parse_options(args)
+        super('encrypt', args) do |opts, options|
+          opts.on('-i', '--input FILE', 'File to decrypt') do |file|
+            options[:input_file] = file
+          end
+
+          opts.on('-o', '--output FILE', 'File to write decrypted contents to') do |file|
+            options[:output_file] = file
+          end
+        end
+      end
+
+      def run(args)
+        options = parse_options(args)
+
+        unless options.has_key?(:input_file)
+          error 'Must provide an input file'
+          print_help
+          return
+        end
+
+        unless options.has_key?(:output_file)
+          error 'Must provide an output file'
+          print_help
+          return
+        end
+
+        File.open(options[:input_file], 'rb') do |input_file|
+          ciphertext = input_file.read
+          Trustworthy::Settings.open(options[:config_file]) do |settings|
+            master_key = unlock_master_key(settings)
+            plaintext = master_key.decrypt(ciphertext)
+            File.open(options[:output_file], 'wb+') do |output_file|
+              output_file.write(plaintext)
+            end
+          end
+        end
+
+        info "Decrypted #{options[:input_file]} to #{options[:output_file]}"
+      end
+    end
+  end
+end

data/lib/trustworthy/cli/encrypt.rb

@@ -0,0 +1,52 @@
+module Trustworthy
+  class CLI
+    class Encrypt
+      include Trustworthy::CLI::Command
+
+      def self.description
+        'Encrypt a file using the master key'
+      end
+
+      def parse_options(args)
+        super('encrypt', args) do |opts, options|
+          opts.on('-i', '--input FILE', 'File to encrypt') do |file|
+            options[:input_file] = file
+          end
+
+          opts.on('-o', '--output FILE', 'File to write encrypted contents to') do |file|
+            options[:output_file] = file
+          end
+        end
+      end
+
+      def run(args)
+        options = parse_options(args)
+
+        unless options.has_key?(:input_file)
+          error 'Must provide an input file'
+          print_help
+          return
+        end
+
+        unless options.has_key?(:output_file)
+          error 'Must provide an output file'
+          print_help
+          return
+        end
+
+        File.open(options[:input_file], 'rb') do |input_file|
+          plaintext = input_file.read
+          Trustworthy::Settings.open(options[:config_file]) do |settings|
+            master_key = unlock_master_key(settings)
+            ciphertext = master_key.encrypt(plaintext)
+            File.open(options[:output_file], 'wb+') do |output_file|
+              output_file.write(ciphertext)
+            end
+          end
+        end
+
+        info "Encrypted #{options[:input_file]} to #{options[:output_file]}"
+      end
+    end
+  end
+end

data/lib/trustworthy/cli/helpers.rb

@@ -0,0 +1,64 @@
+module Trustworthy
+  class CLI
+    module Helpers
+      def add_key(settings, master_key)
+        key = master_key.create_key
+        username = ask('Username: ')
+
+        loop do
+          password = ask_password('Password: ')
+          password_confirm = ask_password('Password (again): ')
+          if password == password_confirm
+            settings.add_key(key, username, password)
+            break
+          else
+            error 'Passwords do not match.'
+          end
+        end
+
+        username
+      end
+
+      def unlock_master_key(settings)
+        usernames_in_use = []
+
+        username1, key1 = _unlock_key(settings, usernames_in_use)
+        usernames_in_use << username1
+
+        username2, key2 = _unlock_key(settings, usernames_in_use)
+
+        master_key = Trustworthy::MasterKey.create_from_keys(key1, key2)
+        info "Reconstructed master key"
+
+        master_key
+      end
+
+      def _unlock_key(settings, usernames_in_use)
+        username = nil
+        loop do
+          username = ask('Username: ')
+          if usernames_in_use.include?(username)
+            error "Key #{username} is already in use"
+          elsif settings.find_key(username).nil?
+            error "Key #{username} does not exist"
+          else
+            break
+          end
+        end
+
+        key = nil
+        begin
+          password = ask_password('Password: ')
+          key = settings.unlock_key(username, password)
+        rescue ArgumentError
+          error "Password incorrect for #{username}"
+          retry
+        end
+
+        info "Unlocked #{username}"
+
+        [username, key]
+      end
+    end
+  end
+end

data/lib/trustworthy/cli/init.rb

@@ -0,0 +1,50 @@
+module Trustworthy
+  class CLI
+    class Init
+      include Trustworthy::CLI::Command
+
+      def self.description
+        'Generate a new master key and user keys'
+      end
+
+      def default_options
+        { :keys => 2 }.merge(super)
+      end
+
+      def parse_options(args)
+        super('init', args) do |opts, options|
+          opts.on('-k', '--keys N', OptionParser::DecimalInteger, 'Number of keys to generate (default: 2, minimum: 2)') do |k|
+            options[:keys] = k
+          end
+        end
+      end
+
+      def run(args)
+        options = parse_options(args)
+
+        if options[:keys] < 2
+          error "Must generate at least two keys"
+          print_help
+          return
+        end
+
+        Trustworthy::Settings.open(options[:config_file]) do |settings|
+          unless settings.empty?
+            error "Config #{options[:config_file]} already exists"
+            return
+          end
+
+          info "Creating a new master key with #{options[:keys]} keys"
+
+          master_key = Trustworthy::MasterKey.create
+          options[:keys].times do
+            username = add_key(settings, master_key)
+            info "Key #{username} added"
+          end
+
+          info "Created #{options[:config_file]}"
+        end
+      end
+    end
+  end
+end

data/lib/trustworthy/cli.rb

@@ -0,0 +1,47 @@
+require 'highline/import'
+require 'optparse'
+
+require 'trustworthy/cli/helpers'
+require 'trustworthy/cli/command'
+require 'trustworthy/cli/add_key'
+require 'trustworthy/cli/init'
+require 'trustworthy/cli/decrypt'
+require 'trustworthy/cli/encrypt'
+
+HighLine.color_scheme = HighLine::SampleColorScheme.new
+
+module Trustworthy
+  class CLI
+    include Trustworthy::CLI::Helpers
+
+    Commands = {
+      'add-key' => Trustworthy::CLI::AddKey,
+      'init'    => Trustworthy::CLI::Init,
+      'decrypt' => Trustworthy::CLI::Decrypt,
+      'encrypt' => Trustworthy::CLI::Encrypt
+    }
+
+    def self.banner
+      "Trustworthy CLI v#{Trustworthy::VERSION}"
+    end
+
+    def run(args)
+      command = args.shift
+      if Commands.has_key?(command)
+        klass = Commands[command]
+        klass.new.run(args)
+      else
+        _print_help
+      end
+    end
+
+    def _print_help
+      say "#{Trustworthy::CLI.banner}\n\n"
+      say 'Commands:'
+      Commands.each do |name, klass|
+        say '  %-8s %s' % [name, klass.description]
+      end
+      say "\nSee 'trustworthy <command> --help' for more information on a specific command"
+    end
+  end
+end

data/lib/trustworthy/master_key.rb

@@ -1,5 +1,7 @@
 module Trustworthy
   class MasterKey
+    attr_reader :slope, :intercept
+
     def self.create
       slope = Trustworthy::Random.number
       intercept = Trustworthy::Random.number
@@ -17,32 +19,31 @@ module Trustworthy
       @intercept = intercept
     end
 
+    def ==(other)
+      @slope == other.slope && @intercept == other.intercept
+    end
+
     def create_key
       Trustworthy::Key.create(@slope, @intercept)
     end
 
     def encrypt(plaintext)
-      ciphertext = _crypto.encrypt(plaintext)
-      signature = _crypto.sign(ciphertext)
-      signature + ciphertext
+      nonce = Trustworthy::Cipher.generate_nonce
+      nonce + _cipher.encrypt(nonce, '', plaintext)
     end
 
     def decrypt(ciphertext)
       ciphertext.force_encoding('BINARY') if ciphertext.respond_to?(:force_encoding)
-      signature = ciphertext.slice(0..31)
-      ciphertext = ciphertext.slice(32..-1)
-      raise 'invalid signature' unless _crypto.valid_signature?(signature, ciphertext)
-      _crypto.decrypt(ciphertext)
+      nonce = ciphertext.slice(0, Trustworthy::Cipher.nonce_len)
+      ciphertext = ciphertext.slice(Trustworthy::Cipher.nonce_len..-1)
+      _cipher.decrypt(nonce, '', ciphertext)
     end
 
-    def _crypto
-      return @crypto if @crypto
-
+    def _cipher
       secret = @intercept.to_s('F')
       hkdf = HKDF.new(secret)
-      encryption_key = hkdf.next_bytes(32)
-      authentication_key = hkdf.next_bytes(32)
-      @crypto = Trustworthy::Crypto.new(encryption_key, authentication_key)
+      key = hkdf.next_bytes(Trustworthy::Cipher.key_len)
+      Trustworthy::Cipher.new(key)
     end
   end
 end