trustworthy 0.4.1 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 08cc3a4ad29b0f6caea442ccf809cdce29a71b04
-  data.tar.gz: bf86ad500db5e2ea4ea2ae1b031d822ee2fa698e
+  metadata.gz: 3d5a9bbf0d74ba49411469bfe883a73ffb5062f7
+  data.tar.gz: 1310654f1209695a8d5a55fa6fb93a8ac154085a
 SHA512:
-  metadata.gz: d781ec9d120ad5b3c08d3b213dcaacfe8816a084ecd5e9e495bfb078646f6a49351757fcefbe0bbfb761c3d2e7358b59ea05d79c0c227bb3a9432b2ca2a84b05
-  data.tar.gz: ad1a7a96f6552454c40ef6a8b4f4b1c0c4b8127bd7912320e0d354e0a0d9484e0835ffc4360a7ce56ae0b4bbee5e6ce99056d49f75053334b3aec14d5543b2f6
+  metadata.gz: 53d3ef8231eeba640b3a6de17fc7483cab5bbe787cba4a4b6560d2eede988c0918cd8966d0d319192660e4d25ed0dca9af63f0a630e6b0d54572db21fa82caa2
+  data.tar.gz: 11b1cba0bae7bd711ddf38a8427cf87d7fd2104d99540070b348c7504a3defa7307f7ff0d2db02cae2f57142ac505568efd4fb5b3ea1b4f9cd17d2b6a5edfd79

data/README.md

@@ -1,4 +1,4 @@
-# Trustworthy [![Build Status](https://secure.travis-ci.org/jtdowney/trustworthy.png?branch=master)](http://travis-ci.org/jtdowney/trustworthy)
+# Trustworthy [![Build Status](https://secure.travis-ci.org/jtdowney/trustworthy.svg?branch=master)](http://travis-ci.org/jtdowney/trustworthy)
 
 Implements a special case (k = 2) of [Adi Shamir's](http://en.wikipedia.org/wiki/Adi_Shamir) [secret sharing algorithm](http://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing). This allows secret files to be encrypted on disk and require two secret holders to decrypt it.
 

data/lib/trustworthy.rb

@@ -1,6 +1,7 @@
 require 'aead'
 require 'base64'
 require 'bigdecimal'
+require 'date'
 require 'highline'
 require 'hkdf'
 require 'scrypt'
@@ -17,4 +18,9 @@ require 'trustworthy/version'
 module Trustworthy
   CipherAlgorithm = 'AES-256-CBC-HMAC-SHA-256'
   Cipher = AEAD::Cipher.new(CipherAlgorithm)
+  SCryptParams = {
+    :max_time => 5,
+    :max_memfrac => 0.75,
+    :max_mem => 16 * 1024 * 1024,
+  }
 end

data/lib/trustworthy/cli.rb

@@ -7,6 +7,7 @@ require 'trustworthy/cli/add_key'
 require 'trustworthy/cli/init'
 require 'trustworthy/cli/decrypt'
 require 'trustworthy/cli/encrypt'
+require 'trustworthy/cli/passwd'
 require 'trustworthy/prompt'
 
 module Trustworthy
@@ -17,7 +18,8 @@ module Trustworthy
       'add-key' => Trustworthy::CLI::AddKey,
       'init'    => Trustworthy::CLI::Init,
       'decrypt' => Trustworthy::CLI::Decrypt,
-      'encrypt' => Trustworthy::CLI::Encrypt
+      'encrypt' => Trustworthy::CLI::Encrypt,
+      'passwd'  => Trustworthy::CLI::Passwd,
     }
 
     def self.banner

data/lib/trustworthy/cli/passwd.rb

@@ -0,0 +1,20 @@
+module Trustworthy
+  class CLI
+    class Passwd
+      include Trustworthy::CLI::Command
+
+      def self.description
+        'Change a keys password'
+      end
+
+      def run(args)
+        options = parse_options('passwd', args)
+
+        prompt = Trustworthy::Prompt.new(options[:config_file], $terminal)
+        username = prompt.change_user_password
+
+        say("Changed password for #{username}")
+      end
+    end
+  end
+end

data/lib/trustworthy/prompt.rb

@@ -34,6 +34,25 @@ module Trustworthy
       end
     end
 
+    def change_user_password
+      Trustworthy::Settings.open(@config_file) do |settings|
+        username, key = _unlock_key(settings, [])
+
+        loop do
+          password = _ask_password('Password: ')
+          password_confirm = _ask_password('Password (again): ')
+          if password == password_confirm
+            settings.add_key(key, username, password)
+            break
+          else
+            _error('Passwords do not match.')
+          end
+        end
+
+        username
+      end
+    end
+
     def unlock_master_key
       usernames_in_use = []
       Trustworthy::Settings.open(@config_file) do |settings|

data/lib/trustworthy/random.rb

@@ -15,7 +15,7 @@ module Trustworthy
     end
 
     def self._source
-      '/dev/random'
+      '/dev/urandom'
     end
   end
 end

data/lib/trustworthy/settings.rb

@@ -14,9 +14,9 @@ module Trustworthy
     end
 
     def add_key(key, username, password)
-      salt = SCrypt::Engine.generate_salt
+      salt = SCrypt::Engine.generate_salt(Trustworthy::SCryptParams)
       encrypted_point = _encrypt(key.to_s, salt, password)
-      @store[username] = {'salt' => salt, 'encrypted_point' => encrypted_point}
+      @store[username] = {'salt' => salt, 'encrypted_point' => encrypted_point, 'timestamp' => DateTime.now.iso8601}
     end
 
     def empty?

data/lib/trustworthy/version.rb

@@ -1,3 +1,3 @@
 module Trustworthy
-  VERSION = '0.4.1'
+  VERSION = '0.5.0'
 end

data/spec/spec_helper.rb

@@ -1,21 +1,9 @@
 require 'trustworthy'
 require 'trustworthy/cli'
-require 'construct'
+require 'test_construct'
+require 'timecop'
 require 'highline/simulate'
 
-module Trustworthy
-  module Random
-    def self._source
-      '/dev/urandom'
-    end
-  end
-end
-
-RSpec.configure do |config|
-  config.order = 'random'
-  config.include Construct::Helpers
-end
-
 module TestValues
   SettingsFile = 'trustworthy.yml'
   InitializationVector = ['39164ec082fb8b7336d3c5500af99dcb'].pack('H*')
@@ -34,6 +22,14 @@ ORZOwIL7i3M208VQCvmdyw==--o39ZYHOC+HotoUiBqeHqvSOWXUbXwaZRsMkwzQ
 EOF
 end
 
+RSpec.configure do |config|
+  config.order = 'random'
+  config.include TestConstruct::Helpers
+  config.before(:each) do
+    allow(SCrypt::Engine).to receive(:generate_salt).and_return(TestValues::Salt)
+  end
+end
+
 def create_config(filename)
   Trustworthy::Settings.open(filename) do |settings|
     settings.add_key(TestValues::MasterKey.create_key, 'user1', 'password1')

data/spec/trustworthy/cli/add_key_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 
 describe Trustworthy::CLI::AddKey do
   before(:each) do
-    $terminal.stub(:say)
+    allow($terminal).to receive(:say)
   end
 
   around(:each) do |example|

data/spec/trustworthy/cli/decrypt_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 
 describe Trustworthy::CLI::Decrypt do
   before(:each) do
-    $terminal.stub(:say)
+    allow($terminal).to receive(:say)
   end
 
   around(:each) do |example|

data/spec/trustworthy/cli/encrypt_spec.rb

@@ -2,8 +2,8 @@ require 'spec_helper'
 
 describe Trustworthy::CLI::Encrypt do
   before(:each) do
-    $terminal.stub(:say)
-    AEAD::Cipher::AES_256_CBC_HMAC_SHA_256.stub(:generate_nonce).and_return(TestValues::InitializationVector)
+    allow($terminal).to receive(:say)
+    allow(AEAD::Cipher::AES_256_CBC_HMAC_SHA_256).to receive(:generate_nonce).and_return(TestValues::InitializationVector)
   end
 
   around(:each) do |example|

data/spec/trustworthy/cli/init_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 
 describe Trustworthy::CLI::Init do
   before(:each) do
-    $terminal.stub(:say)
+    allow($terminal).to receive(:say)
   end
 
   around(:each) do |example|

data/spec/trustworthy/key_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 describe Trustworthy::Key do
   describe 'self.create' do
     it 'should create a key along the slope and intercept' do
-      Trustworthy::Random.stub(:number).and_return(BigDecimal.new('10'))
+      allow(Trustworthy::Random).to receive(:number).and_return(BigDecimal.new('10'))
       key = Trustworthy::Key.create(6, 24)
       expect(key.y).to eq(84)
     end

data/spec/trustworthy/master_key_spec.rb

@@ -30,7 +30,8 @@ describe Trustworthy::MasterKey do
 
   describe 'self.create' do
     it 'should generate a random slope and intercept' do
-      Trustworthy::Random.stub(:number).and_return(BigDecimal.new('10'))
+      allow(Trustworthy::Random).to receive(:number).and_return(BigDecimal.new('10'))
+
       master_key = Trustworthy::MasterKey.create
       key = master_key.create_key
       expect(key.x).to eq(10)
@@ -40,7 +41,7 @@ describe Trustworthy::MasterKey do
 
   describe 'self.create_from_keys' do
     it 'should calculate the slope and intercept given two keys' do
-      Trustworthy::Random.stub(:number).and_return(BigDecimal.new('10'))
+      allow(Trustworthy::Random).to receive(:number).and_return(BigDecimal.new('10'))
 
       key1 = Trustworthy::Key.new(BigDecimal.new('2'), BigDecimal.new('30'))
       key2 = Trustworthy::Key.new(BigDecimal.new('5'), BigDecimal.new('60'))
@@ -63,7 +64,8 @@ describe Trustworthy::MasterKey do
 
   describe 'encrypt' do
     it 'should encrypt and sign the data using the intercept' do
-      AEAD::Cipher::AES_256_CBC_HMAC_SHA_256.stub(:generate_nonce).and_return(TestValues::InitializationVector)
+      allow(AEAD::Cipher::AES_256_CBC_HMAC_SHA_256).to receive(:generate_nonce).and_return(TestValues::InitializationVector)
+
       master_key = Trustworthy::MasterKey.new(BigDecimal.new('6'), BigDecimal.new('24'))
       ciphertext = master_key.encrypt(TestValues::Plaintext)
       expect(ciphertext).to eq(TestValues::Ciphertext)

data/spec/trustworthy/prompt_spec.rb

@@ -4,7 +4,7 @@ describe Trustworthy::Prompt do
   let(:test_key) { Trustworthy::Key.new(BigDecimal.new('1'), BigDecimal.new('2')) }
 
   before(:each) do
-    $terminal.stub(:say)
+    allow($terminal).to receive(:say)
   end
 
   around(:each) do |example|
@@ -99,7 +99,7 @@ describe Trustworthy::Prompt do
       end
     end
 
-    it 'should required an existing user for the first key' do
+    it 'should require an existing user for the first key' do
       HighLine::Simulate.with(
         'missing',
         'user1',
@@ -113,7 +113,7 @@ describe Trustworthy::Prompt do
       end
     end
 
-    it 'should required an existing user for the second key' do
+    it 'should require an existing user for the second key' do
       HighLine::Simulate.with(
         'user1',
         'password1',
@@ -155,4 +155,54 @@ describe Trustworthy::Prompt do
       end
     end
   end
+
+  describe 'change_user_password' do
+    it 'should prompt for the existing password and then a new password' do
+      old_settings = YAML.load_file(TestValues::SettingsFile)
+      HighLine::Simulate.with(
+        'user1',
+        'password1',
+        'password2',
+        'password2',
+      ) do
+        prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
+        prompt.change_user_password
+      end
+
+      new_settings = YAML.load_file(TestValues::SettingsFile)
+      expect(old_settings['user1']['encrypted_point']).to_not eq(new_settings['user1']['encrypted_point'])
+    end
+
+    it 'should prompt for the correct password' do
+      HighLine::Simulate.with(
+        'user1',
+        'bad_password',
+        'password1',
+        'password2',
+        'password2',
+      ) do
+        prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
+        expect(prompt).to receive(:_error).with('Password incorrect for user1')
+        prompt.change_user_password
+      end
+    end
+
+    it 'should prompt for the existing password and then a new password' do
+      old_settings = YAML.load_file(TestValues::SettingsFile)
+      HighLine::Simulate.with(
+        'user1',
+        'password1',
+        'password2',
+        'password3',
+        'password2',
+        'password2',
+      ) do
+        prompt = Trustworthy::Prompt.new(TestValues::SettingsFile, $terminal)
+        prompt.change_user_password
+      end
+
+      new_settings = YAML.load_file(TestValues::SettingsFile)
+      expect(old_settings['user1']['encrypted_point']).to_not eq(new_settings['user1']['encrypted_point'])
+    end
+  end
 end

data/spec/trustworthy/settings_spec.rb

@@ -2,8 +2,7 @@ require 'spec_helper'
 
 describe Trustworthy::Settings do
   before(:each) do
-    SCrypt::Engine.stub(:generate_salt).and_return(TestValues::Salt)
-    AEAD::Cipher::AES_256_CBC_HMAC_SHA_256.stub(:generate_nonce).and_return(TestValues::InitializationVector)
+    allow(AEAD::Cipher::AES_256_CBC_HMAC_SHA_256).to receive(:generate_nonce).and_return(TestValues::InitializationVector)
   end
 
   around(:each) do |example|
@@ -15,15 +14,19 @@ describe Trustworthy::Settings do
 
   describe 'self.open' do
     it 'should read and write the key information to a file' do
-      Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
-        key = Trustworthy::Key.new(BigDecimal.new('2'), BigDecimal.new('3'))
-        settings.add_key(key, 'user', 'password1')
-      end
+      Timecop.freeze(DateTime.new(2017, 10, 19, 9, 0, 0, 0)) do
+        Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
+          key = Trustworthy::Key.new(BigDecimal.new('2'), BigDecimal.new('3'))
+          settings.add_key(key, 'user', 'password1')
+        end
 
-      Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
-        found_key = settings.find_key('user')
-        expect(found_key['salt']).to eq(TestValues::Salt)
-        expect(found_key['encrypted_point']).to eq(TestValues::EncryptedPoint)
+        Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
+          found_key = settings.find_key('user')
+          timestamp = DateTime.parse(found_key['timestamp'])
+          expect(found_key['salt']).to eq(TestValues::Salt)
+          expect(found_key['encrypted_point']).to eq(TestValues::EncryptedPoint)
+          expect(timestamp).to eq(DateTime.new(2017, 10, 19, 9, 0, 0, 0))
+        end
       end
     end
 
@@ -40,7 +43,7 @@ describe Trustworthy::Settings do
           settings.add_key(key, 'missing', 'password')
           raise 'boom'
         end
-      end.to raise_error
+      end.to raise_error(RuntimeError)
 
       Trustworthy::Settings.open(TestValues::SettingsFile) do |settings|
         missing_key = settings.find_key('missing')

metadata

@@ -1,113 +1,127 @@
 --- !ruby/object:Gem::Specification
 name: trustworthy
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.0
 platform: ruby
 authors:
 - John Downey
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-17 00:00:00.000000000 Z
+date: 2017-10-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aead
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.8'
 - !ruby/object:Gem::Dependency
   name: highline
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: hkdf
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: scrypt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: test-construct
+  name: test_construct
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 2.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 2.0.1
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.1
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.14.1
+        version: 3.7.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.14.1
+        version: 3.7.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 10.1.0
+        version: 12.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 10.1.0
+        version: 12.1.0
 description: Implements a special case (k = 2) of Adi Shamir's secret sharing algorithm.
   This allows secret files to be encrypted on disk and require two secret holders
   to decrypt it.
@@ -118,20 +132,24 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- LICENSE
+- README.md
+- bin/trustworthy
+- lib/trustworthy.rb
+- lib/trustworthy/cli.rb
 - lib/trustworthy/cli/add_key.rb
 - lib/trustworthy/cli/command.rb
 - lib/trustworthy/cli/crypt.rb
 - lib/trustworthy/cli/decrypt.rb
 - lib/trustworthy/cli/encrypt.rb
 - lib/trustworthy/cli/init.rb
-- lib/trustworthy/cli.rb
+- lib/trustworthy/cli/passwd.rb
 - lib/trustworthy/key.rb
 - lib/trustworthy/master_key.rb
 - lib/trustworthy/prompt.rb
 - lib/trustworthy/random.rb
 - lib/trustworthy/settings.rb
 - lib/trustworthy/version.rb
-- lib/trustworthy.rb
 - spec/spec_helper.rb
 - spec/trustworthy/cli/add_key_spec.rb
 - spec/trustworthy/cli/decrypt_spec.rb
@@ -142,9 +160,6 @@ files:
 - spec/trustworthy/prompt_spec.rb
 - spec/trustworthy/random_spec.rb
 - spec/trustworthy/settings_spec.rb
-- bin/trustworthy
-- README.md
-- LICENSE
 homepage: http://github.com/jtdowney/trustworthy
 licenses:
 - MIT
@@ -155,17 +170,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 2.6.13
 signing_key: 
 specification_version: 4
 summary: Encrypt and decrypt files with multiple key holders