tss 0.4.2 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 66cc2d0e14e513c4d37219532ddb7fcbefe4da87
-  data.tar.gz: 5e2498426afb7fbd733b666771876a491f2f9d14
+  metadata.gz: 3597bdbe0559f746e7f6b44c9e15b493cf48d92e
+  data.tar.gz: b049be29b2c0f1a1360e3114133f0524ad361562
 SHA512:
-  metadata.gz: 43f7ab59473f94feeb3fd3ac710680b082059da04fda2ca0361be4dcc57c1c30a3e872700e0d742f254942dbb7c604d12c1fe6f5021f44ae791d74f8aa5a7560
-  data.tar.gz: c42ec3ed1b0a047ee608d7f34ab26279f550af83c90f80ee28e838d97674518631109e6aae15b284413b5d7fd332370c8ccd1b2377eb087aec7250e1890fbb29
+  metadata.gz: 37dc3d8473236a57165d3e12c2accd5e66b9dd769ad80c6e401f73e261227ac3b3db93749f3188878a77b65512fc3d011384f4e07f37f177e13490a41ab5bd28
+  data.tar.gz: 3a6842d643b9ccb6121bcef80d15453ae26a5ea3fd8db926d9d1a0384008e7089dd5ed232ecc2bc4df74b18c5fc6e2b460a4b9fca85f1421ad27a3c046d555d3

data/.rubocop.yml

@@ -743,7 +743,7 @@ Style/LineEndConcatenation:
                  line end.
   Enabled: false
 
-Style/MethodCallParentheses:
+Style/MethodCallWithoutArgsParentheses:
   Description: 'Do not use parentheses for method calls with no arguments.'
   StyleGuide: 'https://github.com/bbatsov/ruby-style-guide#no-args-no-parens'
   Enabled: false

data/.ruby-version

@@ -1 +1 @@
-2.3.1
+2.4.0

data/.travis.yml

@@ -2,5 +2,6 @@ language: ruby
 rvm:
   - 2.2.5
   - 2.3.1
+  - 2.4.0
   - jruby-9.1.5.0
 before_install: gem install bundler -v 1.13.2

data/CHANGELOG.md

@@ -1,5 +1,13 @@
 # CHANGELOG
 
+## v0.5.0 (1/28/2017)
+
+* Breaking refactor to use automatic PKCS#7 padding on secrets w/ 16 byte block size.
+* Update Copyright year
+* Ruby 2.4.0 testing
+* Update version of sysrandom gem
+* Fixed minitest spec warning
+
 ## v0.4.2 (10/12/2016)
 
 * Sign the gem with a new cert that expires in 10 years.

data/README.md

@@ -74,29 +74,29 @@ secret unicode characters ½ ♥ 💩
 
 ```ruby
 $ bundle exec bin/console
-[1] pry(main)> require 'tss'
+> require 'tss'
 => false
-[2] pry(main)> shares = TSS.split(secret: 'my deep dark secret')
-=> ["tss~v1~72e84cd688bf24fc~3~NzJlODRjZDY4OGJmMjRmYwIDADQBVLUhLlOvz_VWjEge2gH7PtqTsnSCpbfmMSFX98XUp0BmQAeeOTGDL0GVeGATWjbBZvOm",
- "tss~v1~72e84cd688bf24fc~3~NzJlODRjZDY4OGJmMjRmYwIDADQCmlZ_CZSBPk6m2-0WMEmcdzCsB8lH1oDalELd9VhlFPqby08kjm9tZBtONqXucgcnuFlQ",
- "tss~v1~72e84cd688bf24fc~3~NzJlODRjZDY4OGJmMjRmYwIDADQDo5p-Q6JLgZuUNtdjyjsCKphawUx8bNhW0FYjdk7V_4RRnZpzsCzi00hLb4igNYYraY5Z",
- "tss~v1~72e84cd688bf24fc~3~NzJlODRjZDY4OGJmMjRmYwIDADQEuqHxd94BQK1V-db70VLZxdIULyVIOGDrE7w7K3SVnk0UaEMf9xJFaYpKrXical7nR9PT",
- "tss~v1~72e84cd688bf24fc~3~NzJlODRjZDY4OGJmMjRmYwIDADQFg23wPejL_3hnFOyOKyBHmHri6aBzgjhnV6jFqGIldTPePpZIyVHK3tlP9FXSLd_rlgTa"]
-[3] pry(main)> secret = TSS.combine(shares: shares)
+> shares = TSS.split(secret: 'my deep dark secret')
+=> ["tss~v1~506168fade769236~3~NTA2MTY4ZmFkZTc2OTIzNgIDAEEBIM39jPGXFz4zKCObWgp2zQmCuUx92-VUf48FWQFqnLF3bw6VtVjYK7JRfESZIREdzhWcQuTQVuGKazxWRK27Tg==",
+ "tss~v1~506168fade769236~3~NTA2MTY4ZmFkZTc2OTIzNgIDAEEC1E8YyDhp5NeZvF6vHeUT6HoiU0AgoF69jyjNRbtcIi1YoymJTau1rJP-3nQXOofaB2LgnAhJpbB8vrID9WTKgQ==",
+ "tss~v1~506168fade769236~3~NTA2MTY4ZmFkZTc2OTIzNgIDAEEDmfvFIKybg8nO9Q9fZ5wARgHFngFQdrbk_arFEbc7s5HedTjzkoZYLlV8xnywt4AVAHAO0nSLY3C7iJPifH5VYA==",
+ "tss~v1~506168fade769236~3~NTA2MTY4ZmFkZTc2OTIzNgIDAEEEiBoCoHycMNTS5yQEU8_Sc7eVlIZOJP1-ka_7MPTlC1p2DyNdGvQxy3pBFZyH8WXAY9ICBxiZRDCJisFrebviAg==",
+ "tss~v1~506168fade769236~3~NTA2MTY4ZmFkZTc2OTIzNgIDAEEFxa7fSOhuV8qFrnX0KbbB3cxyWcc-8hUn4y3zZPiCmubw2TInxdncSbzDDZQgfGIPZMDsSWRbgvBOvOCK8KF94w=="]
+> secret = TSS.combine(shares: shares)
 => {:hash=>"f1b91fef6a7535a974d3644c3eac16d2c907720c981290214d5d1db7cdb724af",
  :hash_alg=>"SHA256",
- :identifier=>"72e84cd688bf24fc",
- :process_time=>0.58,
+ :identifier=>"506168fade769236",
+ :process_time=>0.94,
  :secret=>"my deep dark secret",
  :threshold=>3}
-[4] pry(main)> puts secret[:secret]
+> puts secret[:secret]
 my deep dark secret
 => nil
 ```
 
 ## Is it any good?
 
-While this implementation has not had a formal security review, the cryptographic
+While this implementation has not yet had a formal security review, the cryptographic
 underpinnings were carefully specified in an IETF draft document authored by a
 noted cryptographer. I have reached out to individuals respected in the field
 for their work in implementing cryptographic solutions to help review this code.
@@ -128,13 +128,14 @@ nothing to slow down an attacker if they have access to enough shares.
 
 * If you send keys by email, or some other insecure channel, then your email
 provider, or any entity with access to their data, now also has the keys to
-your data. They just need to collect enough keys to meet the threshold.
+your data. They just need to collect enough keys to meet the threshold. Sending
+enough shares to recreate a secret through any single provider offers no
+more security than sending the key itself.
 
 * Use public key cryptography to encrypt secret shares with the public key of
 each individual recipient. This can protect the share data from unwanted use while
-in transit or at rest. Excellent choices might be
-[RbNaCl](https://github.com/cryptosphere/rbnacl)
-or [TweetNaCl.js](https://github.com/dchest/tweetnacl-js).
+in transit or at rest. OpenPGP would be one such tool for encrypting shares to
+send safely.
 
 * Put careful thought into how you want to distribute shares. It often makes
 sense to give individuals more than one share.
@@ -144,15 +145,10 @@ sense to give individuals more than one share.
 There is pretty extensive inline documentation. You can view the latest
 auto-generated docs at [http://www.rubydoc.info/gems/tss](http://www.rubydoc.info/gems/tss)
 
-## Supported Platforms
+## Supported Ruby Versions
 
-TSS is continuously integration tested on the following Ruby VMs:
-
-* MRI 2.2.5
-* MRI 2.3.1
-* jruby-9.0.5.0
-
-It may work on others as well.
+TSS is continuously integration tested on a number of Ruby versions. See the file
+`.travis.yml` in the root of this repository for the currently tested versions.
 
 ## Installation
 
@@ -261,12 +257,14 @@ cautioned that storing the secret on a filesystem may expose you to certain
 attacks since it can be hard to fully erase files once written.
 
 ```text
+$ cat /tmp/secret.txt
+my secret
 $ tss split -I /tmp/secret.txt
-tss~v1~3f784d9d04dff796~3~M2Y3ODRkOWQwNGRmZjc5NgIDACsBvAVAo1dH3QrsYl0S30j2VVTu6dZLRe9EEk6zLtPTwZNYk-t1e4SAA41D
-tss~v1~3f784d9d04dff796~3~M2Y3ODRkOWQwNGRmZjc5NgIDACsCMfy6YlI-CQrd-l93Xtw8YqOWSP5ToolKTaZyO2fPYzceaaVmB30ycdVr
-tss~v1~3f784d9d04dff796~3~M2Y3ODRkOWQwNGRmZjc5NgIDACsD4IDasmAapmVFkuYPMvuavCtXiJgPZsaBHglGm4FU_U2rGZzfapRk-ZNN
-tss~v1~3f784d9d04dff796~3~M2Y3ODRkOWQwNGRmZjc5NgIDACsEbId8z1yNfEkDcezJpstkYenGLhJCMRglx2c0arPDS-YuXyiiNQQ-jYlq
-tss~v1~3f784d9d04dff796~3~M2Y3ODRkOWQwNGRmZjc5NgIDACsFvfscH26p0yabGVWxyuzCv2EH7nQe9VfulMgAylVY1ZybLxEbWO1oBc9M
+tss~v1~8b66eb89ee25a46c~3~OGI2NmViODllZTI1YTQ2YwIDACsBqgQvwFhKboLMAmYwF5_CvaUwM8pmqUipbMRzakdbP53WJa-E6tf2nl2M
+tss~v1~8b66eb89ee25a46c~3~OGI2NmViODllZTI1YTQ2YwIDACsCk1EU-HwvC6pjvQ5wDas221Qs4A7TtJNpi-Su8hxOqrsCSQ8t11aiQUpm
+tss~v1~8b66eb89ee25a46c~3~OGI2NmViODllZTI1YTQ2YwIDACsDVCwbS0EGF03btYwqqVuk7S0z-nSinHtPpsFaFm5dys85j3JlK-yCVNyP
+tss~v1~8b66eb89ee25a46c~3~OGI2NmViODllZTI1YTQ2YwIDACsEPUzgi8CDn4ix1dLQTQDj2yTdeeQcZAvGuMyQ_H7EepN6WO_KB1DuqTxm
+tss~v1~8b66eb89ee25a46c~3~OGI2NmViODllZTI1YTQ2YwIDACsF-jHvOP2qg28J3VCK6fBx7V3CY55tTOPglelkGAzXGudBnpKC--rOvKqP
 ```
 
 **Example : `interactive`**
@@ -282,11 +280,11 @@ Enter your secret, enter a dot (.) on a line by itself to finish :
 secret >  the vault password is:
 secret >  V0ulT!
 secret >  .
-tss~v1~546604c0b5e9138b~3~NTQ2NjA0YzBiNWU5MTM4YgIDAD8BK-9qlyxRFFQypFLwzM_tLWOv-NRziwnc6blqFP8eh8wLro4qiQwBKfI0KuuvM0u1C6th1vxsyW8vyolXQ-4=
-tss~v1~546604c0b5e9138b~3~NTQ2NjA0YzBiNWU5MTM4YgIDAD8CEjeK01kAwE1wb7-wvLLlHoe6FGzhl7Hg9TCz_Npw7u0b31OpijFIKdxELfbnhvius7vGqn6KqQKqq69s4Co=
-tss~v1~546604c0b5e9138b~3~NTQ2NjA0YzBiNWU5MTM4YgIDAD8DTbCFZAMwoXU2650hAw5_XJZxzNHhJrJqLPy1vARk8APzWkgP7K79AtbVn1C49HpBSP2OL-BLumaZZWbU7YI=
-tss~v1~546604c0b5e9138b~3~NTQ2NjA0YzBiNWU5MTM4YgIDAD8E9eVJ83Knw3Fq1e9VaFSKdPKUAugyBqXzCsqov6etQIfEYe8Vt-ZVu3Ax7L1MWBNt-AQLN7YtczAG4QZ_7wI=
-tss~v1~546604c0b5e9138b~3~NTQ2NjA0YzBiNWU5MTM4YgIDAD8FqmJGRCiXokksUc3E1-gQNuNf2lUyt6Z50wau_3m5Xmks5PSz0XngkHqgXhsTKpGCA0JDsijsYFQ1L8_H4qo=
+tss~v1~1f8532a9d185efc4~3~MWY4NTMyYTlkMTg1ZWZjNAIDAD8BJkMvkHUGPQk1HQr_jVj9JkhavJVkdeFDEtRAf8O6vjksCjMMjiyuUL0bOD7vDnmdrzHK8QVymXU5vnjAREs=
+tss~v1~1f8532a9d185efc4~3~MWY4NTMyYTlkMTg1ZWZjNAIDAD8CJpiKCEtSfmugr_gbvEIBs2M2sZfHxuZsBuPpB35OGeyWmGZCyJCNu0W2z3abkV1Q8uTPvT75YYRpw6BcdvQ=
+tss~v1~1f8532a9d185efc4~3~MWY4NTMyYTlkMTg1ZWZjNAIDAD8DdLPAuEg1Ng7hkoKFQmmL-lkILWvQiQ15JELFLJz-PvdZucDCqS-X6QAIbwWE3u2XrTgsH1kmIvpMeZhzfPk=
+tss~v1~1f8532a9d185efc4~3~MWY4NTMyYTlkMTg1ZWZjNAIDAD8EJT1XJ-DeOXuE3JD6VpZk79945_peSk1ij1Mk5ql-l2jkv85yGBbyH0VIBmJp2WsEMmESZqTsQ9kKB-0Ljq8=
+tss~v1~1f8532a9d185efc4~3~MWY4NTMyYTlkMTg1ZWZjNAIDAD8FdxYdl-O5cR7F4epkqL3upuVGewZJBaZ3rfIIzUvOsHMrnmjyeanoTQD2phF2ltvDbb3xxMMzAKcvvdUkhKI=
 ```
 
 ### CLI Share Combining
@@ -339,29 +337,29 @@ a secret
 ```text
 $ cat /tmp/shares.txt
 # THRESHOLD SECRET SHARING SHARES
-# 2016-04-19T23:57:17Z
+# 2017-01-29T02:01:00Z
 # https://github.com/grempe/tss-rb
 
 
-tss~v1~ae2983e30e0471fe~3~YWUyOTgzZTMwZTA0NzFmZQIDACoBRjAH7wA0ncxJr3GliBqKxedf3bGaQH6AscuLqxtrKxxtxuC7A7a5Sqk=
-tss~v1~ae2983e30e0471fe~3~YWUyOTgzZTMwZTA0NzFmZQIDACoClWVu75w-XHhoUgkbV5XaJ11stZCB5Z8HTArpv4QsIYDBpNO9DHQTbQ4=
-tss~v1~ae2983e30e0471fe~3~YWUyOTgzZTMwZTA0NzFmZQIDACoDsnUaZf94pMArKZL7jmavzk9Qa6ZAvOB8e8nEAt0nyS6ga0XBucQOyGc=
-tss~v1~ae2983e30e0471fe~3~YWUyOTgzZTMwZTA0NzFmZQIDACoETCWwSGLHcutzGCLb1yOkH7i6MF7j2b0wr0ZsUh6LuBmx6FkN2MbTkTc=
-tss~v1~ae2983e30e0471fe~3~YWUyOTgzZTMwZTA0NzFmZQIDACoFazXEwgGBilMwY7k7DtDR9qqG7mgigMJLmIVB70eAULfQJ89xbXbONF4=
+tss~v1~b9f7f87bc83fd89b~3~YjlmN2Y4N2JjODNmZDg5YgIDACoBbga2N__A9QOleLhC5R5b7stJ26iMPNpQ95YpmK-tWIrd-CYcrXGmcys=
+tss~v1~b9f7f87bc83fd89b~3~YjlmN2Y4N2JjODNmZDg5YgIDACoCGXsZkLOG7uDOVN1Zn46pqftX4noA8LfXugg14KBfSggYP9fw4Ce10YA=
+tss~v1~b9f7f87bc83fd89b~3~YjlmN2Y4N2JjODNmZDg5YgIDACoDFl3cwi80fpdh-I9eK3kNa8V9OlXX1Wx8y5a6bk2S0TDJzocr-1C3TWs=
+tss~v1~b9f7f87bc83fd89b~3~YjlmN2Y4N2JjODNmZDg5YgIDACoEEspmyzmbnrSr7v41FFlHVTqQ6dx4aho8q5T1CBHQbNimdCv3gVXS50I=
+tss~v1~b9f7f87bc83fd89b~3~YjlmN2Y4N2JjODNmZDg5YgIDACoFHeyjmaUpDsMEQqwyoK7jlwS6MfOvT8GX2gp6hvwd9-B3hXssmiLQe6k=
 
 $ tss combine
 Enter shares, one per line, and a dot (.) on a line by itself to finish :
-share>  tss~v1~ae2983e30e0471fe~3~YWUyOTgzZTMwZTA0NzFmZQIDACoBRjAH7wA0ncxJr3GliBqKxedf3bGaQH6AscuLqxtrKxxtxuC7A7a5Sqk=
-share>  tss~v1~ae2983e30e0471fe~3~YWUyOTgzZTMwZTA0NzFmZQIDACoClWVu75w-XHhoUgkbV5XaJ11stZCB5Z8HTArpv4QsIYDBpNO9DHQTbQ4=
-share>  tss~v1~ae2983e30e0471fe~3~YWUyOTgzZTMwZTA0NzFmZQIDACoDsnUaZf94pMArKZL7jmavzk9Qa6ZAvOB8e8nEAt0nyS6ga0XBucQOyGc=
+share>  tss~v1~b9f7f87bc83fd89b~3~YjlmN2Y4N2JjODNmZDg5YgIDACoBbga2N__A9QOleLhC5R5b7stJ26iMPNpQ95YpmK-tWIrd-CYcrXGmcys=
+share>  tss~v1~b9f7f87bc83fd89b~3~YjlmN2Y4N2JjODNmZDg5YgIDACoCGXsZkLOG7uDOVN1Zn46pqftX4noA8LfXugg14KBfSggYP9fw4Ce10YA=
+share>  tss~v1~b9f7f87bc83fd89b~3~YjlmN2Y4N2JjODNmZDg5YgIDACoDFl3cwi80fpdh-I9eK3kNa8V9OlXX1Wx8y5a6bk2S0TDJzocr-1C3TWs=
 share>  .
 
 RECOVERED SECRET METADATA
 *************************
 hash : d4ea4551e9ff2cf56303875b1901fb8608a6164260c3b20c0976c7b606a4efc0
 hash_alg : SHA256
-identifier : ae2983e30e0471fe
-process_time : 0.7ms
+identifier : b9f7f87bc83fd89b
+process_time : 1.22ms
 threshold : 3
 secret :
 a secret
@@ -373,11 +371,11 @@ The basic usage is as follows using the arguments described below.
 
 ```ruby
 shares = TSS.split(secret: secret,
-              threshold: threshold,
-              num_shares: num_shares,
-              identifier: identifier,
-              hash_alg: hash_alg,
-              pad_blocksize: pad_blocksize)
+                   threshold: threshold,
+                   num_shares: num_shares,
+                   identifier: identifier,
+                   hash_alg: hash_alg,
+                   padding: true)
 ```
 
 ### Arguments
@@ -385,7 +383,7 @@ shares = TSS.split(secret: secret,
 All arguments are passed as keys in a single Hash.
 
 The `secret` (required) value must be provided as a String with either
-a `UTF-8` or `US-ASCII` encoding. The Byte length must be `<= 65,534`. You can
+a `UTF-8` or `US-ASCII` encoding. The Byte length must be `<= 65,486`. You can
 test this beforehand with `'my string secret'.bytes.to_a.length`. Keep in mind
 that this length also includes padding and the verification hash so your
 secret may need to be shorter depending on the settings you choose.
@@ -426,44 +424,17 @@ The `HUMAN` format can be easily shared in a tweet, email, or even a URL. The
 easier to visually compare shares and see if they have matching identifiers and
 if you have enough shares to reach the threshold.
 
-The `pad_blocksize` arg takes an Integer between 0..255 inclusive. Your secret
-**MUST NOT** *begin* with this character (which was chosen to make less likely).
-The padding character used is `"\u001F"` `Unit Separator, decimal 31`.
-
-Padding is applied to the nearest multiple of the number of bytes specified.
-`pad_blocksize` defaults to no padding (0). For example:
-
-```ruby
-padding_blocksize: 8
-(padded with zeros for illustration purposes)
-
-# a single char, padded up to 8
-'a'         -> "0000000a"
-
-# 8 chars, no padding needed to get to 8
-'aaaaaaaa'  -> "aaaaaaaa"
-
-# 9 chars, bumps blocksize up to 16 and pads
-'aaaaaaaaa' -> "0000000aaaaaaaaa"
-```
+The `padding` arg accepts a Boolean to indicate whether to apply PKCS#7
+padding to the secret string. This is applied and removed automatically
+by default and padding defaults to a block size of 16 bytes. You probably
+never need to use this option to turn it off unless you are trying to
+trade shares with the Python implementation.
 
 Since TSS share data is essentially the same size as the original secret
-(with a known size header), padding smaller secrets may help mask the size
-of the secret itself from an attacker. Padding is not part of the RTSS spec
-so other TSS clients won't strip off the padding and may fail when recombining
-shares. If you need this level of interoperability you should probably skip
-the `pad_blocksize` padding and just pad the secret yourself prior to splitting
-it. You need to pad using a character other than `"\u001F"`.
-
-If you want to do padding this way, there is a utility method you can use
-to do that. This is the same method used internally.
-
-```ruby
-# Util.left_pad(byte_multiple, input_string, pad_char = "\u001F")
-
-> Util.left_pad(16, 'abc', "0")
-=> "0000000000000abc"
-```
+(with a known size header), the padding applied to smaller secrets may help
+mask the exact size of the secret itself from an attacker. Padding is not part of
+the RTSS spec so other TSS clients won't strip off the padding and may fail
+when recombining shares.
 
 ### Example Usage
 
@@ -475,20 +446,20 @@ identifier = SecureRandom.hex(8)
 hash_alg   = 'SHA256'
 format     = 'HUMAN'
 
-s = TSS.split(secret: secret, threshold: threshold, num_shares: num_shares, identifier: identifier, hash_alg: 'SHA256', pad_blocksize: 16, format: format)
+s = TSS.split(secret: secret, threshold: threshold, num_shares: num_shares, identifier: identifier, hash_alg: 'SHA256', format: format)
 
-=> ["tss~v1~9fdfe2516240737e~3~OWZkZmUyNTE2MjQwNzM3ZQIDADEBe1METAFZDbpq7yHIFRvxr1PjBOLRnHzDyzDGrnDvYp90jMKPLWwo3eiWiuafRaYJ",
- "tss~v1~9fdfe2516240737e~3~OWZkZmUyNTE2MjQwNzM3ZQIDADECOeQaLXYx99N2SDKutj0_smSonMdMMzeJc_CWPRT8nppHkdsUc7hW6cSw_RDcaKMF",
- "tss~v1~9fdfe2516240737e~3~OWZkZmUyNTE2MjQwNzM3ZQIDADEDXagBfmgOlQY8xXIUg0SvZ-yYgORZzeWiyjRBmsDMLwG7bLmmswSAOllamqGZ-_fb",
- "tss~v1~9fdfe2516240737e~3~OWZkZmUyNTE2MjQwNzM3ZQIDADEExmXZHYJsLzipmqYryl5SDlhJzdZxLh_2y5bM_tOOmdm9rpws3izJqHrzmCHQi5mn",
- "tss~v1~9fdfe2516240737e~3~OWZkZmUyNTE2MjQwNzM3ZQIDADEFoinCTpxTTe3jF-aR_yfC29B50fVk0M3dclIbWQe-KEJBU_6eHpAfe-cZ_5CVGM15"]
+=> ["tss~v1~79923b087dab7fa2~3~Nzk5MjNiMDg3ZGFiN2ZhMgIDADEB2qA6IYq8yOGlPAl0B4MgRsVazZMWGLwRNgGMPKutOYbB0gjkVHNqbNYl-0l1f98W",
+ "tss~v1~79923b087dab7fa2~3~Nzk5MjNiMDg3ZGFiN2ZhMgIDADECvjwdUHc8MzqvIllR2Rj9TnnlN_2eRUzH6MUsd8ncua4jpXQ3FgM1hUmLHmrgHq0u",
+ "tss~v1~79923b087dab7fa2~3~Nzk5MjNiMDg3ZGFiN2ZhMgIDADEDAvNIUZ_hiftofyog257YDWds4q9MP14-rDCxQsauUyxqBtzur6Ch5-rSCHRPt4Dv",
+ "tss~v1~79923b087dab7fa2~3~Nzk5MjNiMDg3ZGFiN2ZhMgIDADEEF7zGEx0GSC6YLgVD6xcQispDCO_JTUSDFbsbpalopakh0FmTfmO-JJKGQSlJb1il",
+ "tss~v1~79923b087dab7fa2~3~Nzk5MjNiMDg3ZGFiN2ZhMgIDADEFq3OTEvXb8u9fc3Yy6ZE1ydTK3b0bN1Z6UU6GkKYaTytoc_FKx8AqRjHfVzfmxnVk"]
 
- secret = TSS.combine(shares: s)
+secret = TSS.combine(shares: s)
 
- => {:hash=>"dbd318c1c462aee872f41109a4dfd3048871a03dedd0fe0e757ced57dad6f2d7",
+=> {:hash=>"dbd318c1c462aee872f41109a4dfd3048871a03dedd0fe0e757ced57dad6f2d7",
  :hash_alg=>"SHA256",
- :identifier=>"9fdfe2516240737e",
- :process_time=>0.77,
+ :identifier=>"79923b087dab7fa2",
+ :process_time=>0.92,
  :secret=>"foo bar baz",
  :threshold=>3}
  ```
@@ -558,7 +529,7 @@ many combinations (`2.88 * 10^75`) as there are Atoms in the Universe (`10^80`).
 If the combine operation does not result in a secret being successfully
 extracted, then a `TSS::Error` exception will be raised.
 
-A great short read on this is
+A great short read on big numbers is
 [On the (Small) Number of Atoms in the Universe](http://norvig.com/atoms.html)
 
 ### Exception Handling
@@ -702,7 +673,7 @@ contributors are expected to adhere to the
 
 ### Copyright
 
-(c) 2016 Glenn Rempe <[glenn@rempe.us](mailto:glenn@rempe.us)> ([https://www.rempe.us/](https://www.rempe.us/))
+(c) 2016-2017 Glenn Rempe <[glenn@rempe.us](mailto:glenn@rempe.us)> ([https://www.rempe.us/](https://www.rempe.us/))
 
 ### License
 

data/lib/custom_contracts.rb

@@ -18,13 +18,12 @@ module Contracts
   class SecretArg
     def self.valid? val
       val.is_a?(String) &&
-      val.length.between?(1,65502) &&
-      ['UTF-8', 'US-ASCII'].include?(val.encoding.name) &&
-      val.slice(0) != "\u001F"
+      val.length.between?(1,TSS::MAX_UNPADDED_SECRET_SIZE) &&
+      ['UTF-8', 'US-ASCII'].include?(val.encoding.name)
     end
 
     def self.to_s
-      'must be a UTF-8 or US-ASCII String between 1 and 65,502 characters in length and must not begin with the padding char \u001F'
+      "must be a UTF-8 or US-ASCII String between 1 and #{TSS::MAX_UNPADDED_SECRET_SIZE} characters in length"
     end
   end
 

data/lib/tss/cli_combine.rb

@@ -6,6 +6,7 @@ module TSS
 
     method_option :input_file, :aliases => '-I', :banner => 'input_file', :type => :string, :desc => 'A filename to read shares from'
     method_option :output_file, :aliases => '-O', :banner => 'output_file', :type => :string, :desc => 'A filename to write the recovered secret to'
+    method_option :padding, :type => :boolean, :default => true, :desc => 'Whether PKCS#7 padding is expected in the secret and should be removed'
 
     desc 'combine', 'Enter shares to recover a split secret'
 
@@ -35,6 +36,12 @@ module TSS
       on the output file should provide a digest matching that of the secret
       when it was originally split.
 
+      padding/no-padding :
+      Whether or not PKCS#7 padding should be removed from secret data. By
+      default padding is applied to shared secrets when created. Turning this
+      off may be helpful if you need to combine shares created with a third-party
+      library.
+
       Example w/ options:
 
       $ tss combine -I shares.txt -O secret.txt
@@ -104,7 +111,7 @@ module TSS
       end
 
       begin
-        sec = TSS.combine(shares: shares)
+        sec = TSS.combine(shares: shares, padding: options[:padding])
 
         say('')
         say('RECOVERED SECRET METADATA')

data/lib/tss/cli_split.rb

@@ -9,7 +9,7 @@ module TSS
     method_option :identifier, :aliases => '-i', :banner => 'identifier', :type => :string, :desc => 'A unique identifier string, 0-16 Bytes, [a-zA-Z0-9.-_]'
     method_option :hash_alg, :aliases => '-h', :banner => 'hash_alg', :type => :string, :desc => 'A hash type for verification, NONE, SHA1, SHA256'
     method_option :format, :aliases => '-f', :banner => 'format', :type => :string, :default => 'HUMAN', :desc => 'Share output format, BINARY or HUMAN'
-    method_option :pad_blocksize, :aliases => '-p', :banner => 'pad_blocksize', :type => :numeric, :desc => 'Block size # secrets will be left-padded to, 0-255'
+    method_option :padding, :type => :boolean, :default => true, :desc => 'Whether to apply PKCS#7 padding to the secret'
     method_option :input_file, :aliases => '-I', :banner => 'input_file', :type => :string, :desc => 'A filename to read the secret from'
     method_option :output_file, :aliases => '-O', :banner => 'output_file', :type => :string, :desc => 'A filename to write the shares to'
 
@@ -20,8 +20,8 @@ module TSS
       a SECRET provided. A secret to be split can be provided using one of three
       different input methods; STDIN, a path to a file, or when prompted
       for it interactively. In all cases the secret should be UTF-8 or
-      US-ASCII encoded text and be no larger than 65,535 Bytes (including header
-      and hash verification bytes).
+      US-ASCII encoded text and be no larger than #{TSS::MAX_UNPADDED_SECRET_SIZE}
+      bytes.
 
       Optional Params:
 
@@ -41,8 +41,8 @@ module TSS
       hash_alg :
       One of NONE, SHA1, SHA256. The algorithm to use for a one-way hash of the secret that will be split along with the secret.
 
-      pad_blocksize :
-      An Integer, 0-255, that represents a multiple to which the secret will be padded. For example if pad_blocksize is set to 8, the secret 'abc' would be left-padded to '00000abc' (the padding char is not zero, that is just for illustration).
+      padding/no-padding :
+      Whether to apply PKCS#7 padding to secret. By default padding is applied. Turning this off may be helpful if you need to interoperate with a third party library.
 
       format :
       Whether to output the shares as a binary octet string (RTSS), or as more human friendly URL safe Base 64 encoded text with some metadata.
@@ -55,18 +55,19 @@ module TSS
 
       Example w/ options:
 
-      $ tss split -t 3 -n 6 -i abc123 -h SHA256 -p 8 -f HUMAN
+      $ tss split -t 3 -n 6 -i abc123 -h SHA256 -f HUMAN
 
       Enter your secret:
 
       secret >  my secret
 
-      tss~v1~abc123~3~YWJjMTIzAAAAAAAAAAAAAAIDADEBQ-AQG3PuU4oT4qHOh2oJmu-vQwGE6O5hsGRBNtdAYauTIi7VoIdi5imWSrswDdRy
-      tss~v1~abc123~3~YWJjMTIzAAAAAAAAAAAAAAIDADECM0OK5TSamH3nubH3FJ2EGZ4Yux4eQC-mvcYY85oOe6ae3kpvVXjuRUDU1m6sX20X
-      tss~v1~abc123~3~YWJjMTIzAAAAAAAAAAAAAAIDADEDb7yF4Vhr1JqNe2Nc8IXo98hmKAxsqC3c_Mn3r3t60NxQMC22ate51StDOM-BImch
-      tss~v1~abc123~3~YWJjMTIzAAAAAAAAAAAAAAIDADEEIXU0FajldnRtEQMLK-ZYMO2MRa0NmkBFfNAOx7olbgXLkVbP9txXMDsdokblVwke
-      tss~v1~abc123~3~YWJjMTIzAAAAAAAAAAAAAAIDADEFfYo7EcQUOpMH09Ggz_403rvy1r9_ckI_Pd_hm1tRxX8FfzEWyXMAoFCKTOfIKgMo
-      tss~v1~abc123~3~YWJjMTIzAAAAAAAAAAAAAAIDADEGDSmh74Ng8WTziMGZXAm5XcpFLqDl2oP4MH24XhYf33IIg1WsPIyMAznI0DJUeLpN
+      tss~v1~abc123~3~YWJjMTIzAAAAAAAAAAAAAAIDADEB113xpF37jGHm5QGhXKD8mgK2897MIQkSWri6ksNnAODn0efXznuBsSUnhlDIqQFU
+      tss~v1~abc123~3~YWJjMTIzAAAAAAAAAAAAAAIDADEC4tZegQrC3z6-02er3FZaWMadtlvxPb1EI_FNjG0dFrcdEDj4V7Cmcw___SesJHHP
+      tss~v1~abc123~3~YWJjMTIzAAAAAAAAAAAAAAIDADEDWPKPVjJaITosPGAMhvCgxCBB9uptl2h5UPngnw71V7Z9T-pnxiLKIfgUbRqyBrv-
+      tss~v1~abc123~3~YWJjMTIzAAAAAAAAAAAAAAIDADEExY3ti8ckAIQC02OKCrpEVVnUmyg3NXO9oG3PNw3PlgbbKdFRi9gBCNN_tjkhT3An
+      tss~v1~abc123~3~YWJjMTIzAAAAAAAAAAAAAAIDADEFf6k8XP-8_oCQPGQtUBy-yb8I25mrn6aA02ViJG4n1we7dgPOGkptWiSUJgQ_bboW
+      tss~v1~abc123~3~YWJjMTIzAAAAAAAAAAAAAAIDADEGSiKTeaiFrd_ICgIn0OoYC3sjnhyWgxLWqiyVOsBdwVBBt9zhg4FKmA5MXXNb4MqN
+
     LONGDESC
 
     # rubocop:disable CyclomaticComplexity
@@ -124,8 +125,8 @@ module TSS
       args[:num_shares]    = options[:num_shares]    if options[:num_shares]
       args[:identifier]    = options[:identifier]    if options[:identifier]
       args[:hash_alg]      = options[:hash_alg]      if options[:hash_alg]
-      args[:pad_blocksize] = options[:pad_blocksize] if options[:pad_blocksize]
       args[:format]        = options[:format]        if options[:format]
+      args[:padding]       = options[:padding]
 
       begin
         log("Calling : TSS.split(#{args.inspect})")

data/lib/tss/combiner.rb

@@ -12,14 +12,15 @@ module TSS
 
     C = Contracts
 
-    attr_reader :shares, :select_by
+    attr_reader :shares, :select_by, :padding
 
-    Contract ({ :shares => C::ArrayOfShares, :select_by => C::Maybe[C::SelectByArg] }) => C::Any
+    Contract ({ :shares => C::ArrayOfShares, :select_by => C::Maybe[C::SelectByArg], :padding => C::Maybe[C::Bool] }) => C::Any
     def initialize(opts = {})
       # clone the incoming shares so the object passed to this
       # function doesn't get modified.
       @shares = opts.fetch(:shares).clone
       @select_by = opts.fetch(:select_by, 'FIRST')
+      @padding = opts.fetch(:padding, true)
     end
 
     # Warning, you probably don't want to use this directly. Instead
@@ -150,8 +151,6 @@ module TSS
         secret << Util.lagrange_interpolation(u, v)
       end
 
-      strip_left_pad(secret)
-
       hash_alg = Hasher.key_from_code(hash_id)
 
       # Run the hash digest checks if the shares were created with a digest
@@ -161,6 +160,10 @@ module TSS
         orig_hash_bytes = secret.pop(Hasher.bytesize(hash_alg))
         orig_hash_hex = Util.bytes_to_hex(orig_hash_bytes)
 
+        # Remove PKCS#7 padding from the secret now that the hash
+        # has been extracted from the data
+        secret = Util.unpad(secret) if padding
+
         # RTSS : verify that the recombined secret computes the same hash
         # digest now as when it was originally created.
         new_hash_bytes = Hasher.byte_array(hash_alg, Util.bytes_to_utf8(secret))
@@ -169,6 +172,8 @@ module TSS
         unless Util.secure_compare(orig_hash_hex, new_hash_hex)
           raise TSS::InvalidSecretHashError, 'invalid shares, hash of secret does not equal embedded hash'
         end
+      else
+        secret = Util.unpad(secret) if padding
       end
 
       if secret.present?
@@ -178,16 +183,6 @@ module TSS
       end
     end
 
-    # Strip off leading padding chars ("\u001F", decimal 31)
-    #
-    # @param secret the secret to be stripped
-    # @return returns the secret, stripped of the leading padding char
-    # @raise [ParamContractError] if secret appears invalid
-    Contract C::ArrayOf[C::Num] => C::Maybe[Array]
-    def strip_left_pad(secret)
-      secret.shift while secret.first == 31
-    end
-
     # Do all of the shares match the pattern expected of human style shares?
     #
     # @param shares the shares to be evaluated

data/lib/tss/splitter.rb

@@ -9,9 +9,9 @@ module TSS
 
     C = Contracts
 
-    attr_reader :secret, :threshold, :num_shares, :identifier, :hash_alg, :format, :pad_blocksize
+    attr_reader :secret, :threshold, :num_shares, :identifier, :hash_alg, :format, :padding
 
-    Contract ({ :secret => C::SecretArg, :threshold => C::Maybe[C::ThresholdArg], :num_shares => C::Maybe[C::NumSharesArg], :identifier => C::Maybe[C::IdentifierArg], :hash_alg => C::Maybe[C::HashAlgArg], :format => C::Maybe[C::FormatArg], :pad_blocksize => C::Maybe[C::PadBlocksizeArg] }) => C::Any
+    Contract ({ :secret => C::SecretArg, :threshold => C::Maybe[C::ThresholdArg], :num_shares => C::Maybe[C::NumSharesArg], :identifier => C::Maybe[C::IdentifierArg], :hash_alg => C::Maybe[C::HashAlgArg], :format => C::Maybe[C::FormatArg], :padding => C::Maybe[C::Bool] }) => C::Any
     def initialize(opts = {})
       @secret = opts.fetch(:secret)
       @threshold = opts.fetch(:threshold, 3)
@@ -19,7 +19,7 @@ module TSS
       @identifier = opts.fetch(:identifier, SecureRandom.hex(8))
       @hash_alg = opts.fetch(:hash_alg, 'SHA256')
       @format = opts.fetch(:format, 'HUMAN')
-      @pad_blocksize = opts.fetch(:pad_blocksize, 0)
+      @padding = opts.fetch(:padding, true)
     end
 
     SHARE_HEADER_STRUCT = BinaryStruct.new([
@@ -61,15 +61,19 @@ module TSS
     def split
       num_shares_not_less_than_threshold!(threshold, num_shares)
 
-      # RTSS : Combine the secret with a hash digest before splitting. On recombine
-      # the two will be separated again and the hash used to validate the
-      # correct secret was returned. secret || hash(secret). You can also
-      # optionally pad the secret first.
-      padded_secret = Util.left_pad(pad_blocksize, secret)
-      hashed_secret = Hasher.byte_array(hash_alg, secret)
-      secret_bytes = Util.utf8_to_bytes(padded_secret) + hashed_secret
+      # Append needed PKCS#7 padding to the string
+      secret_padded = padding ? Util.pad(secret) : secret
 
-      secret_bytes_is_smaller_than_max_size!(secret_bytes)
+      # Calculate the cryptographic hash of the secret string
+      secret_hash = Hasher.byte_array(hash_alg, secret)
+
+      # RTSS : Combine the secret with a hash digest before splitting. When
+      # recombine the two will be separated again and the hash will be used
+      # to validate the correct secret was returned.
+      # secret || padding || hash(secret)
+      secret_pad_hash_bytes = Util.utf8_to_bytes(secret_padded) + secret_hash
+
+      secret_bytes_is_smaller_than_max_size!(secret_pad_hash_bytes)
 
       # For each share, a distinct Share Index is generated. Each Share
       # Index is an octet other than the all-zero octet. All of the Share
@@ -101,7 +105,7 @@ module TSS
       # of M octets; A[0] is equal to the first octet of the secret, B[0] is
       # equal to the second octet of the secret, and so on.
       #
-      secret_bytes.each do |byte|
+      secret_pad_hash_bytes.each do |byte|
         # Unpack random Byte String into Byte Array of 8 bit unsigned Integers
         r = SecureRandom.random_bytes(threshold - 1).unpack('C*')
 
@@ -148,8 +152,8 @@ module TSS
     # @raise [ParamContractError, TSS::ArgumentError] if invalid
     Contract C::ArrayOf[C::Int] => C::Bool
     def secret_bytes_is_smaller_than_max_size!(secret_bytes)
-      if secret_bytes.size >= 65_535
-        raise TSS::ArgumentError, 'invalid secret, combined padded secret and hash are too large'
+      if secret_bytes.size > TSS::MAX_SECRET_SIZE
+        raise TSS::ArgumentError, 'invalid secret, combined padded and hashed secret is too large'
       else
         return true
       end

data/lib/tss/tss.rb

@@ -16,6 +16,16 @@ module TSS
   include Contracts::Core
   C = Contracts
 
+  # Defined in TSS spec, two less than 2^16
+  MAX_SECRET_SIZE = 64_534
+
+  # Max size minus up to 16 bytes PKCS#7 padding
+  # and 32 bytes of cryptographic hash
+  MAX_UNPADDED_SECRET_SIZE = MAX_SECRET_SIZE - 48
+
+  # When applying PKCS#7 padding, what block size in bytes should be used
+  PADDING_BLOCK_SIZE_BYTES = 16
+
   # An unexpected error has occurred.
   class Error < StandardError; end
 
@@ -59,23 +69,11 @@ module TSS
   #   who are recombining the shares to verify if they have in fact recovered
   #   the correct secret.
   # @option opts [String] :format ('BINARY') the format of the String share output, 'BINARY' or 'HUMAN'
-  # @option opts [Integer] :pad_blocksize (0) An integer representing the nearest multiple of Bytes
-  #   to left pad the secret to. Defaults to not adding any padding (0). Padding
-  #   is done with the "\u001F" character (decimal 31 in a Byte Array).
-  #
-  #   Since TSS share data (minus the header) is essentially the same size as the
-  #   original secret, padding smaller secrets may help mask the size of the
-  #   contents from an attacker. Padding is not part of the RTSS spec so other
-  #   TSS clients won't strip off the padding and may not validate correctly.
-  #
-  #   If you need this interoperability you should probably pad the secret
-  #   yourself prior to splitting it and leave the default zero-length pad in
-  #   place. You would also need to manually remove the padding you added after
-  #   the share is recombined, or instruct recipients to ignore it.
+  # @option opts [Boolean] :padding Whether to apply PKCS#7 padding to secret
   #
   # @return an Array of formatted String shares
   # @raise [ParamContractError, TSS::ArgumentError] if the options Types or Values are invalid
-  Contract ({ :secret => C::SecretArg, :threshold => C::Maybe[C::ThresholdArg], :num_shares => C::Maybe[C::NumSharesArg], :identifier => C::Maybe[C::IdentifierArg], :hash_alg => C::Maybe[C::HashAlgArg], :format => C::Maybe[C::FormatArg], :pad_blocksize => C::Maybe[C::PadBlocksizeArg] }) => C::ArrayOfShares
+  Contract ({ :secret => C::SecretArg, :threshold => C::Maybe[C::ThresholdArg], :num_shares => C::Maybe[C::NumSharesArg], :identifier => C::Maybe[C::IdentifierArg], :hash_alg => C::Maybe[C::HashAlgArg], :format => C::Maybe[C::FormatArg], :padding => C::Maybe[C::Bool] }) => C::ArrayOfShares
   def self.split(opts)
     TSS::Splitter.new(opts).split
   end
@@ -86,6 +84,7 @@ module TSS
   #
   # @param [Hash] opts the options to create a message with.
   # @option opts [Array<String>] :shares an Array of String shares to try to recombine into a secret
+  # @option opts [Boolean] :padding Whether PKCS#7 padding is expected in the secret and should be removed
   # @option opts [String] :select_by ('FIRST') the method to use for selecting
   #   shares from the Array if more then threshold shares are provided. Can be
   #   upper case 'FIRST', 'SAMPLE', or 'COMBINATIONS'.
@@ -122,7 +121,7 @@ module TSS
   # @raise [TSS::NoSecretError] if the secret cannot be re-created from the shares provided
   # @raise [TSS::InvalidSecretHashError] if the embedded hash of the secret does not match the hash of the recreated secret
   # @raise [ParamContractError, TSS::ArgumentError] if the options Types or Values are invalid
-  Contract ({ :shares => C::ArrayOfShares, :select_by => C::Maybe[C::SelectByArg] }) => ({ :hash => C::Maybe[String], :hash_alg => C::HashAlgArg, :identifier => C::IdentifierArg, :process_time => C::Num, :secret => C::SecretArg, :threshold => C::ThresholdArg})
+  Contract ({ :shares => C::ArrayOfShares, :padding => C::Maybe[C::Bool], :select_by => C::Maybe[C::SelectByArg] }) => ({ :hash => C::Maybe[String], :hash_alg => C::HashAlgArg, :identifier => C::IdentifierArg, :process_time => C::Num, :secret => C::SecretArg, :threshold => C::ThresholdArg })
   def self.combine(opts)
     TSS::Combiner.new(opts).combine
   end

data/lib/tss/util.rb

@@ -271,18 +271,40 @@ module TSS
       bytes_to_hex(utf8_to_bytes(str))
     end
 
-    # Left pad a String with pad_char in multiples of byte_multiple
+    # Pad a String with PKCS#7 (RFC5652)
+    # See : https://tools.ietf.org/html/rfc5652#section-6.3
     #
-    # @param byte_multiple pad in blocks of this size
-    # @param input_string the String to pad
-    # @param pad_char the String to pad with
-    # @return a padded String
-    Contract C::Int, String, String => String
-    def self.left_pad(byte_multiple, input_string, pad_char = "\u001F")
-      return input_string if byte_multiple == 0
-      pad_length = byte_multiple - (input_string.length % byte_multiple)
-      return input_string if pad_length == byte_multiple
-      (pad_char * pad_length) + input_string
+    # @param str the String or Array of bytes to pad
+    # @param k pad blocksize (0-255), default 16
+    # @return a PKCS#7 padded String or Array of bytes
+    Contract C::Or[Array, String], C::PadBlocksizeArg => C::Or[Array, String]
+    def self.pad(str, k = TSS::PADDING_BLOCK_SIZE_BYTES)
+      return str if k.zero?
+      str_bytes = str.is_a?(Array) ? str : TSS::Util.utf8_to_bytes(str)
+      l = str_bytes.length
+      val = k - (l % k)
+      pad_bytes = [val] * val
+      padded_str_bytes = str_bytes + pad_bytes
+      str.is_a?(Array) ? padded_str_bytes : TSS::Util.bytes_to_utf8(padded_str_bytes)
+    end
+
+    # Remove padding from a String previously padded with PKCS#7 (RFC5652)
+    #
+    # @param str the String to remove padding from
+    # @param k pad blocksize (0-255)
+    # @return an unpadded String or Array of bytes
+    Contract C::Or[Array, String], C::PadBlocksizeArg => C::Or[Array, String]
+    def self.unpad(str, k = TSS::PADDING_BLOCK_SIZE_BYTES)
+      return str if k.zero?
+      str_bytes = str.is_a?(Array) ? str : TSS::Util.utf8_to_bytes(str)
+      val = str_bytes.last
+      raise 'Input is not padded or padding is corrupt' if val > k
+      # Verify that the proper number of PKCS#7 padding bytes are present
+      # and match the last byte value in both value and number of bytes present.
+      raise 'Padding bytes are invalid' unless str_bytes.last(val).all? {|b| b == val}
+      l = str_bytes.length - val
+      unpadded_str_bytes = str_bytes.take(l)
+      str.is_a?(Array) ? unpadded_str_bytes : TSS::Util.bytes_to_utf8(unpadded_str_bytes)
     end
 
     # Constant time string comparison.

data/lib/tss/version.rb

@@ -1,3 +1,3 @@
 module TSS
-  VERSION = '0.4.2'.freeze
+  VERSION = '0.5.0'.freeze
 end

data/tss.gemspec

@@ -48,8 +48,10 @@ Gem::Specification.new do |spec|
   spec.executables   << 'tss'
   spec.require_paths = ['lib']
 
+  spec.metadata["yard.run"] = "yri" # use "yard" to build full HTML docs.
+
   spec.add_dependency 'activesupport', '>= 4.0.0'
-  spec.add_dependency 'sysrandom', '>= 1.0.3', '~> 1.0.3'
+  spec.add_dependency 'sysrandom', '>= 1.0.3', '~> 1.0.4'
   spec.add_dependency 'contracts', '~> 0.14'
   spec.add_dependency 'binary_struct', '~> 2.1'
   spec.add_dependency 'thor', '~> 0.19'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tss
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.5.0
 platform: ruby
 authors:
 - Glenn Rempe
@@ -30,7 +30,7 @@ cert_chain:
   vprF5QiDz8HshVP9DjJT2I1wyGyvxEdU3cTRo0upMP/VZLcgyBVFy90N2XYWWk2D
   GIxGSw==
   -----END CERTIFICATE-----
-date: 2016-10-13 00:00:00.000000000 Z
+date: 2017-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -55,7 +55,7 @@ dependencies:
         version: 1.0.3
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 1.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -65,7 +65,7 @@ dependencies:
         version: 1.0.3
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 1.0.4
 - !ruby/object:Gem::Dependency
   name: contracts
   requirement: !ruby/object:Gem::Requirement
@@ -281,7 +281,8 @@ files:
 homepage: https://github.com/grempe/tss-rb
 licenses:
 - MIT
-metadata: {}
+metadata:
+  yard.run: yri
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -298,7 +299,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: A Ruby gem implementing Threshold Secret Sharing. This code can be used in

metadata.gz.sig

@@ -1 +1 @@
-�)#�g95|O
'J#F��ng#���O4� �NCj�":��)!���|����Y��P$���$(Ց�d-=�s��f�
*%�ʛ(A(�><���	�P(��oyP��3½���Jh�2���؀���4��KJ���Exnݞ��?r��e��,IA���<��(h4���(��6io����>��@J���=�XId����W"Yy��z�/��Tk��_'�����6�W�N�ܭ�$��������7
+<��'