trustworthy 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0bb4a8a2dc975dae29a9fdc798baa2f38fc3368b
-  data.tar.gz: 87d2308517917931f4b5ebfe6e51d9b992d3e387
+  metadata.gz: 5fef54ec026c8c04c1e46553eb5c7250a88dac46
+  data.tar.gz: 29a151ecda817fdaaa0bbee90d0e60c8315d8957
 SHA512:
-  metadata.gz: 99ccfc9b7e5df3ac5277a0e9a75b92963b8c5a98f9264eb5693a63bd0ec69ec7772099382b5d446aa2cc7a4476ff7e2d50fe1070ef598535fa2dd394e60ea6b3
-  data.tar.gz: e0afdedd53d39762b7c2c577224831e50315b1ffaff7e8971169fc9ce71bd1d0875a7b696e562be0588f1829c474a63d7654d8ec3d8694b8693f2663b4c8c0cb
+  metadata.gz: 0a9ee151b5b02ce3e0fa9be24fc9fa9d55a6315fad8b06f60aeea00d0a38626a9bdc100179a1220f0c32b7c4b67e42a299cbe43daaa48c283363062662d7661f
+  data.tar.gz: 487e84bea07c419cd6d7cac975d1e82bdb4800a0a5a50d15ffc92c7373761f00acf2917e034b62358538878b81882c36cc1fd1f04dd7ed2080416716999115fa

data/README.md

@@ -36,32 +36,14 @@ The configuration uses ruby's `YAML::Store` to provide a simple transactional da
 
     ---
     a-user:
-      salt: 400$8$28$4c7fc59a31a9f38a
-      encrypted_point: !binary |-
-        CWcT++kRSAw/0IAVRX6KKAfwbyWBX7ZUh4dZNxL8An413CvRL2tUhWlwsKVl
-        ZKyzmc6VjpKqS4ZpGoPPUCu6xrIo5LkLwXVIpDsBx7SCoK72uEsxd9x0GW5i
-        9Mf8r40KE3gUCudntBXlxduDrqWZgW1uFFCg+U3ACt28GzGftOGjYW6PCAZO
-        N35aHYpGHWhddWeFvbaXNrAPtLSiVWSNW35RU2qo+HS+uSYGO65r9viCXC8f
-        3yLZsPjtouDRyMEv5xOPVZKnvsf3Ju3EBH7Abyw/zezS2LvzrtmxHTN5yF92
-        xphq0imIR52Yj2/k6pdRz/X/8ZsdS+HEifvvRBM+oVKQ2PQh4MIFPJuE0CWA
-        iPnpqdvjYt0M7BsodX2K897A
+      salt: 400$8$23$38f426136db22836
+      encrypted_point: dzVzPvuzKsTJ7coFLki8tQ==--vGto+f9sQhRuPb+47rUI4oSZ7gaPGKiQtBIwB//wTcvuJOm9gyrLrjH74RKKJlkScBvYuMfnhQyn9T1bIw9obsBs4YsF8VxCsDPG26Ci82n9qOENod2pP4xVzmC4VWCnbi7Y4jS+Rgsq6xp3L2zG6Ci0GWO1bSQO8hFzaMpBiCirqMAGHf0m6Yzqu6h5NFtygcyNyxAY8YxX1oxa6Bj5UwefDKplVGTI0ZbQn9vtdwKFuwXZsv11g5+zLvvq54Z2UZ/AZu/scnhXopL5IZkiclTtX8LUi9Dob3Xpqtf6WXymudvVMG0JaxkUqqRCyWtLSFE3sNdwv+877cS8PglTIKxXIZTIh7FzdEgkLSStGnw=
     another-user:
-      salt: 400$8$28$9dceab0f3414ab23
-      encrypted_point: !binary |-
-        7B1hXxwwXDU0vTLAPj6U9+WWT3o4i1r7prPOamgStDjvv7f0gZp0D3T56gZk
-        b+2Q4zwyhTM4p6DS0xdG3lfhnkQEYQ6tROnLbI1O7IvuOmFVsDNLej9ps7hJ
-        e1kdFiLaF3efRYtHs2GYdEVrRWWDFgfLDVFVoFbqDruRX1ltTVuaJvS9f7Qb
-        FPI8a2gJ0sl+1B5eBJeR1Chbdn3rHxK7SHq+J/SAJV7xKmkQa6B8g2V1D3xE
-        oB45Gmgm9o1s1/van72ckT91HPh55B8tHnjeZZwdHEp7Z8lyLrDxhbpQm7ql
-        ESpbM8BvdFCmzns5ZSku5Jgc78MwQ5YO1y/QXY+s9so7SDLI9yF18q4no81f
-        sNpbmdY+NolXChlDRZcZ9qJk
+      salt: 400$8$23$df3b3153ee94da81
+      encrypted_point: Shx/GRuOYz+Ts/5f5z1yDw==--1ulNtnX6Zi3z0t12TiCItE5H5dhZZONKcgt6yq1g2prJWd1q5c9ArL10BtK/9lSPoXMsyO8rURKZ3pCM4hzW043B1ksJQtyg6O71ilnSvP+4Yty8oH0SW67cGSgfkfUc0UkfcE2Osfy/YVkP/HH47qTLNTg406uJ2uWjb6OkW8sjD+mq3hp8tehyy20tEBhqyM0UOSCpvhb+EgFfYFDeG+8Gj+r4lfcdqJJvzcy5U17tpYknQm/WbnmIkvgZRFGH/NIthJdPnK43SsdPbVcSHdkw71urJ3pBmgCmyTFcdmpiSl/t1rG09f2KT63YDF+4YUSn1fuIFZXbrLez59svHbKnQ8YHvt9pCXiQHelk8Sk=
 
 ## Reference
 
 * RSA Labs - [http://www.rsa.com/rsalabs/node.asp?id=2259](http://www.rsa.com/rsalabs/node.asp?id=2259)
 * ssss - [http://point-at-infinity.org/ssss/](http://point-at-infinity.org/ssss/)
 * Secret sharing on Wikipedia - [http://en.wikipedia.org/wiki/Secret_sharing](http://en.wikipedia.org/wiki/Secret_sharing)
-
-## License
-
-Trustworthy is released under the [MIT license](http://www.opensource.org/licenses/MIT).

data/lib/trustworthy/cli/add_key.rb

@@ -10,14 +10,14 @@ module Trustworthy
       def run(args)
         options = parse_options('add-key', args)
 
-        $terminal.say('Adding a new key to master key')
+        say('Adding a new key to master key')
 
         prompt = Trustworthy::Prompt.new(options[:config_file], $terminal)
         master_key = prompt.unlock_master_key
         key = master_key.create_key
         username = prompt.add_user_key(key)
 
-        $terminal.say("Added #{username}")
+        say("Added #{username}")
       end
     end
   end

data/lib/trustworthy/cli/command.rb

@@ -32,30 +32,9 @@ module Trustworthy
         end
       end
 
-      def ask(prompt)
-        $terminal.ask(prompt).to_s
-      end
-
-      def ask_password(prompt)
-        $terminal.ask(prompt) { |q| q.echo = false }.to_s
-      end
-
-      def error(message)
-        say_color(message, :error)
-      end
-
-      def info(message)
-        say_color(message, :info)
-      end
-
       def say(message)
         $terminal.say(message)
       end
-
-      def say_color(message, color)
-        colored_message = $terminal.color(message, color)
-        say(colored_message)
-      end
     end
   end
 end

data/lib/trustworthy/cli/decrypt.rb

@@ -28,8 +28,11 @@ module Trustworthy
         end
 
         prompt = Trustworthy::Prompt.new(options[:config_file], $terminal)
-        File.open(options[:input_file], 'rb') do |input_file|
-          ciphertext = input_file.read
+        File.open(options[:input_file], 'r') do |input_file|
+          wrapped_ciphertext = input_file.read
+          ciphertext = wrapped_ciphertext.gsub(/-+(BEGIN|END) TRUSTWORTHY ENCRYPTED FILE-+/, '')
+          ciphertext = ciphertext.gsub(/^Version: .*$/, '')
+          ciphertext = ciphertext.gsub("\n", '')
 
           master_key = prompt.unlock_master_key
           plaintext = master_key.decrypt(ciphertext)
@@ -38,7 +41,7 @@ module Trustworthy
           end
         end
 
-        info "Decrypted #{options[:input_file]} to #{options[:output_file]}"
+        say("Decrypted #{options[:input_file]} to #{options[:output_file]}")
       end
     end
   end

data/lib/trustworthy/cli/encrypt.rb

@@ -32,12 +32,21 @@ module Trustworthy
           plaintext = input_file.read
           master_key = prompt.unlock_master_key
           ciphertext = master_key.encrypt(plaintext)
-          File.open(options[:output_file], 'wb+') do |output_file|
-            output_file.write(ciphertext)
+          File.open(options[:output_file], 'w+') do |output_file|
+            wrapped_ciphertext = ciphertext.scan(/.{1,64}/).join("\n")
+            output_file.write('-----BEGIN TRUSTWORTHY ENCRYPTED FILE-----')
+            output_file.write("\n")
+            output_file.write("Version: Trustworthy/#{Trustworthy::VERSION}")
+            output_file.write("\n")
+            output_file.write("\n")
+            output_file.write(wrapped_ciphertext)
+            output_file.write("\n")
+            output_file.write('-----END TRUSTWORTHY ENCRYPTED FILE-----')
+            output_file.write("\n")
           end
         end
 
-        $terminal.say("Encrypted #{options[:input_file]} to #{options[:output_file]}")
+        say("Encrypted #{options[:input_file]} to #{options[:output_file]}")
       end
     end
   end

data/lib/trustworthy/cli/init.rb

@@ -29,12 +29,12 @@ module Trustworthy
 
         Trustworthy::Settings.open(options[:config_file]) do |settings|
           unless settings.empty?
-            $terminal.say("Config #{options[:config_file]} already exists")
+            say("Config #{options[:config_file]} already exists")
             return
           end
         end
 
-        $terminal.say("Creating a new master key with #{options[:keys]} keys")
+        say("Creating a new master key with #{options[:keys]} keys")
 
         master_key = Trustworthy::MasterKey.create
         prompt = Trustworthy::Prompt.new(options[:config_file], $terminal)
@@ -44,7 +44,7 @@ module Trustworthy
           $terminal.say("Key #{username} added")
         end
 
-        $terminal.say("Created #{options[:config_file]}")
+        say("Created #{options[:config_file]}")
       end
     end
   end

data/lib/trustworthy/cli.rb

@@ -12,6 +12,8 @@ HighLine.color_scheme = HighLine::SampleColorScheme.new
 
 module Trustworthy
   class CLI
+    include Trustworthy::CLI::Command
+
     Commands = {
       'add-key' => Trustworthy::CLI::AddKey,
       'init'    => Trustworthy::CLI::Init,
@@ -34,12 +36,12 @@ module Trustworthy
     end
 
     def _print_help
-      $terminal.say("#{Trustworthy::CLI.banner}\n\n")
-      $terminal.say('Commands:')
+      say("#{Trustworthy::CLI.banner}\n\n")
+      say('Commands:')
       Commands.each do |name, klass|
-        $terminal.say('  %-8s %s' % [name, klass.description])
+        say('  %-8s %s' % [name, klass.description])
       end
-      $terminal.say("\nSee 'trustworthy <command> --help' for more information on a specific command")
+      say("\nSee 'trustworthy <command> --help' for more information on a specific command")
     end
   end
 end

data/lib/trustworthy/key.rb

@@ -3,7 +3,7 @@ module Trustworthy
     attr_reader :x, :y
 
     def self.create(slope, intercept)
-      x = Random.number
+      x = Trustworthy::Random.number
       y = slope * x + intercept
       new(x, y)
     end

data/lib/trustworthy/master_key.rb

@@ -29,13 +29,18 @@ module Trustworthy
 
     def encrypt(plaintext)
       nonce = Trustworthy::Cipher.generate_nonce
-      nonce + _cipher.encrypt(nonce, '', plaintext)
+      ciphertext = _cipher.encrypt(nonce, '', plaintext)
+
+      [nonce, ciphertext].map do |field|
+        Base64.encode64(field).gsub("\n", '')
+      end.join('--')
     end
 
     def decrypt(ciphertext)
-      ciphertext.force_encoding('BINARY') if ciphertext.respond_to?(:force_encoding)
-      nonce = ciphertext.slice(0, Trustworthy::Cipher.nonce_len)
-      ciphertext = ciphertext.slice(Trustworthy::Cipher.nonce_len..-1)
+      nonce, ciphertext = ciphertext.split('--').map do |field|
+        Base64.decode64(field)
+      end
+
       _cipher.decrypt(nonce, '', ciphertext)
     end
 

data/lib/trustworthy/settings.rb

@@ -2,6 +2,10 @@ module Trustworthy
   class Settings
     def self.open(filename)
       store = YAML::Store.new(filename)
+      if store.respond_to?(:ultra_safe=)
+        store.ultra_safe = true
+      end
+
       store.transaction do
         yield Trustworthy::Settings.new(store)
       end
@@ -19,9 +23,13 @@ module Trustworthy
       plaintext = "#{key.x.to_s('F')},#{key.y.to_s('F')}"
       ciphertext = cipher.encrypt(nonce, '', plaintext)
 
+      encrypted_point = [nonce, ciphertext].map do |field|
+        Base64.encode64(field).gsub("\n", '')
+      end.join('--')
+
       @store[username] = {
         'salt' => salt,
-        'encrypted_point' => nonce + ciphertext,
+        'encrypted_point' => encrypted_point
       }
     end
 
@@ -45,9 +53,10 @@ module Trustworthy
       key = find_key(username)
       salt = key['salt']
       ciphertext = key['encrypted_point']
-      ciphertext.force_encoding('BINARY') if ciphertext.respond_to?(:force_encoding)
-      nonce = ciphertext.slice(0, Trustworthy::Cipher.nonce_len)
-      ciphertext = ciphertext.slice(Trustworthy::Cipher.nonce_len..-1)
+
+      nonce, ciphertext = ciphertext.split('--').map do |field|
+        Base64.decode64(field)
+      end
 
       cipher = _cipher_from_password(salt, password)
       plaintext = cipher.decrypt(nonce, '', ciphertext)
@@ -57,7 +66,7 @@ module Trustworthy
 
     def _cipher_from_password(salt, password)
       cost, salt = salt.rpartition('$')
-      key = SCrypt::Engine.scrypt(password, salt, cost, 64)
+      key = SCrypt::Engine.scrypt(password, salt, cost, Trustworthy::Cipher.key_len)
       Trustworthy::Cipher.new(key)
     end
   end

data/lib/trustworthy/version.rb

@@ -1,3 +1,3 @@
 module Trustworthy
-  VERSION = '0.3.0'
+  VERSION = '0.3.1'
 end

data/lib/trustworthy.rb

@@ -1,4 +1,5 @@
 require 'aead'
+require 'base64'
 require 'bigdecimal'
 require 'highline'
 require 'hkdf'

data/spec/spec_helper.rb

@@ -15,11 +15,18 @@ module TestValues
   SettingsFile = 'trustworthy.yml'
   InitializationVector = ['39164ec082fb8b7336d3c5500af99dcb'].pack('H*')
   Plaintext = 'the chair is against the wall'
-  Ciphertext = ['39164ec082fb8b7336d3c5500af99dcb6f5eac5d817a65b8ac7c5ed80691db36904e1ce613a1057d807b37127d927a4b0a9a1b951ef576fc9a9edca0ef5b83e2bae850a8b3b79bfeddff892d1941d439'].pack('H*')
+  Ciphertext = 'ORZOwIL7i3M208VQCvmdyw==--b16sXYF6ZbisfF7YBpHbNpBOHOYToQV9gHs3En2SeksKmhuVHvV2/Jqe3KDvW4PiuuhQqLO3m/7d/4ktGUHUOQ=='
   Salt = '400$8$1b$3e31f076a3226825'
   MasterKey = Trustworthy::MasterKey.new(BigDecimal.new('1'), BigDecimal.new('5'))
-  EncryptedPoint = ['39164ec082fb8b7336d3c5500af99dcb17d2e60496ed553dfab4b05c568aa9260cb8e53930911c8e718bc97eb88def400e5cac1e4ee3d15060920c25d1346285'].pack('H*')
-  EncryptedFile = ['39164ec082fb8b7336d3c5500af99dcba37f59607382f87a2da14881a9e1eabd23965d46d7c1a651b0c930cd0ee756d9358d67edaaba02a22e902136a2a90953672c2937b0cbaac0167922918578a98c'].pack('H*')
+  EncryptedPoint = 'ORZOwIL7i3M208VQCvmdyw==--F9LmBJbtVT36tLBcVoqpJgy45TkwkRyOcYvJfriN70AOXKweTuPRUGCSDCXRNGKF'
+  EncryptedFile = <<-EOF
+-----BEGIN TRUSTWORTHY ENCRYPTED FILE-----
+Version: Trustworthy/#{Trustworthy::VERSION}
+
+ORZOwIL7i3M208VQCvmdyw==--o39ZYHOC+HotoUiBqeHqvSOWXUbXwaZRsMkwzQ
+7nVtk1jWftqroCoi6QITaiqQlTZywpN7DLqsAWeSKRhXipjA==
+-----END TRUSTWORTHY ENCRYPTED FILE-----
+EOF
 end
 
 def create_config(filename)

data/spec/trustworthy/cli/decrypt_spec.rb

@@ -26,10 +26,8 @@ describe Trustworthy::CLI::Decrypt do
         Trustworthy::CLI::Decrypt.new.run(['-i', 'input.txt', '-o', 'output.txt'])
       end
 
-      File.open('output.txt', 'rb') do |file|
-        ciphertext = file.read
-        ciphertext.should == TestValues::Plaintext
-      end
+      plaintext = File.read('output.txt')
+      plaintext.should == TestValues::Plaintext
     end
 
     it 'should require an input file' do

data/spec/trustworthy/cli/encrypt_spec.rb

@@ -27,10 +27,8 @@ describe Trustworthy::CLI::Encrypt do
         Trustworthy::CLI::Encrypt.new.run(['-i', 'input.txt', '-o', 'output.txt'])
       end
 
-      File.open('output.txt', 'rb') do |file|
-        ciphertext = file.read
-        ciphertext.should == TestValues::EncryptedFile
-      end
+      ciphertext = File.read('output.txt')
+      ciphertext.should == TestValues::EncryptedFile
     end
 
     it 'should require an input file' do

data/spec/trustworthy/master_key_spec.rb

@@ -79,7 +79,8 @@ describe Trustworthy::MasterKey do
 
     it 'should raise an invalid signature error if signatures do not match' do
       master_key = Trustworthy::MasterKey.new(BigDecimal.new('6'), BigDecimal.new('24'))
-      ciphertext = TestValues::Ciphertext.next
+      ciphertext = TestValues::Ciphertext.dup
+      ciphertext[0] = ciphertext[0].next
       expect { master_key.decrypt(ciphertext) }.to raise_error(ArgumentError, 'ciphertext failed authentication step')
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: trustworthy
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - John Downey
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-03-31 00:00:00.000000000 Z
+date: 2013-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aead
@@ -163,7 +163,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.1
+rubygems_version: 2.0.3
 signing_key: 
 specification_version: 4
 summary: Encrypt and decrypt files with multiple key holders