urg 1.0.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ab5fdbf2ded7cae1dcab226132f54a5288df63fe5211517cedf8fd78d0581c3d
-  data.tar.gz: 28ecb8f88aa4c8a0c503aa9390747af06f7a50afa3927df8ce992b0398c8da85
+  metadata.gz: caa54c0d547147e299a5fe633dffb9788ad484bfd1a2b6069de082b2eed9eb21
+  data.tar.gz: 6d2cbad977fe534ca66cd7c529c72a619e4cfcfe37d1bb8844738390fb7aca16
 SHA512:
-  metadata.gz: 0d08ab8c416deff8ed5a3aa5bbe573126ed7e9073dc4b2cb550def06b0b6017862076052932958f24ea43009940f3da2f5d4d424aed5d2f7632068c662c5fed3
-  data.tar.gz: 958dc223cea12f3b756496e7063ce05157cf8ec4817ecefef0fbc4b97870a2d6bae2e6f49c846ae0e589f7c8683ef9a8f59a8760ffe29291e1d367a47ae8fa83
+  metadata.gz: d0045e15e2b7ac46f47ec6bcb5a8dee46e00902da8e26eb6e2bf364743db62f207967d669d184e6b09c20df37ff2675af6c6616b5d91b6319ff3dcc1527360c2
+  data.tar.gz: 83716724a828da6cd6a63054fca9b7b1917692aed9796b85d7de9a474a5f81c3e4c87555fac011d546e75d3d28f1b1a95a28332c91f14241b65bd4947084fba9

data/lib/one_time_secret.rb

@@ -0,0 +1,79 @@
+require "faraday"
+
+module Urg
+class OneTimeSecret
+  def share_secret(secret, passphrase:nil, ttl: nil, notify_email: nil)
+    secret_params = {
+      secret: secret,
+      passphrase: passphrase,
+      ttl: ttl.presence || default_secret_ttl,
+      recipient: notify_email
+    }
+
+    conn = Faraday.new(
+      url: api_url("/share"),
+      params: secret_params,
+      headers: api_headers
+    )
+
+    resp = conn.post
+
+    unless resp.success?
+      raise "OneTimeSecret share_secret request failed with status #{resp.status}, and body `#{resp.body}`"
+    end
+
+    JSON.parse(resp.body)
+  end
+
+  def fetch_secret(secret_key, passphrase: nil)
+    secret_params = {
+      passphrase: passphrase
+    }
+
+    conn = Faraday.new(
+      url: api_url("/secret/#{secret_key}"),
+      params: secret_params,
+      headers: api_headers
+    )
+
+    resp = conn.post
+
+    unless resp.success?
+      raise "OneTimeSecret fetch_secret request failed with status #{resp.status}#{' (it\'s possible that the secret has already been consumed)' if resp.status == 404}, and body `#{resp.body}`"
+    end
+
+    JSON.parse(resp.body)
+
+  end
+
+  private
+
+  def default_secret_ttl
+    600 # in seconds => 10 minutes
+  end
+
+  def api_url(path)
+    api_base_url + path
+  end
+
+  def api_base_url
+    "https://#{[username.sub('@', '%40'), api_key].join(":")}@onetimesecret.com/api/v1"
+  end
+
+  def api_headers
+    {
+      "Content-Type" => "application/json"
+    }
+  end
+
+  def username
+    "tech@unreasonablegroup.com"
+  end
+
+  def api_key
+    # TODO!
+    # ENV["OTS_API_KEY"]
+    "8489b3912d38b9d1ba0ab943c28543a44548f909"
+  end
+end
+end

data/lib/secure_data.rb

@@ -0,0 +1,31 @@
+require "securerandom"
+
+module Urg
+class SecureData
+  def self.encrypt(plaintext)
+    cipher.encrypt
+    key = cipher.random_key
+    iv = cipher.random_iv
+    cyphertext = cipher.update(plaintext) + cipher.final
+
+    {
+      cyphertext: Base64.strict_encode64(cyphertext),
+      key: Base64.strict_encode64(key),
+      iv: Base64.strict_encode64(iv)
+    }
+  end
+
+  def self.decrypt(cyphertext, iv:, key:)
+    cipher.decrypt
+    cipher.key = Base64.strict_decode64(key)
+    cipher.iv = Base64.strict_decode64(iv)
+    cipher.update(Base64.strict_decode64(cyphertext)) + cipher.final
+  end
+
+  private
+
+  def self.cipher
+    @cipher ||= OpenSSL::Cipher::AES.new(256, :CBC)
+  end
+end
+end

data/lib/urg.rb

@@ -3,9 +3,32 @@ require "zlib"
 require "openssl"
 require "open-uri"
 
+require_relative "./one_time_secret"
+require_relative "./secure_data"
+
 module Urg
   DEFAULT_PUBLIC_KEY_URI = "https://urg-public-keys.s3-us-west-2.amazonaws.com/urg-exfil.pub"
 
+  def self.export(object)
+    string = Base64.encode64(Zlib::Deflate.deflate(Marshal.dump(object)))
+
+    encryption = SecureData.encrypt(string)
+
+    ots_passphrase = SecureRandom.urlsafe_base64
+    ots = OneTimeSecret.new.share_secret(encryption[:cyphertext], passphrase: ots_passphrase)
+
+    puts (("*" * 25) + "\n") * 1
+    puts "Exported. Data will self-destruct in 10 minutes OR after first use, whichever comes first."
+    puts "Import data remotely via: Urg.import(ots_key: \"#{ots['secret_key']}\", ots_passphrase: \"#{ots_passphrase}\", decryption_key: \"#{encryption[:key]}\", decryption_iv: \"#{encryption[:iv]}\")"
+    puts (("*" * 25) + "\n") * 1
+  end
+
+  def self.import(ots_key:, ots_passphrase:, decryption_key:, decryption_iv:)
+    ots = OneTimeSecret.new.fetch_secret(ots_key, passphrase: ots_passphrase)
+    plaintext = SecureData.decrypt(ots["value"], iv: decryption_iv, key: decryption_key)
+    Marshal.load(Zlib::Inflate.inflate(Base64.decode64(plaintext)))
+  end
+
   def self.exfil(object, key: DEFAULT_PUBLIC_KEY_URI)
     if key
       public_key_uri = URI.parse(key)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: urg
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Lawson Kurtz
@@ -9,13 +9,29 @@ autorequire:
 bindir: bin
 cert_chain: []
 date: 2019-08-08 00:00:00.000000000 Z
-dependencies: []
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.15.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.15.4
 description: Utils for urg
 email: lawson.kurtz@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- lib/one_time_secret.rb
+- lib/secure_data.rb
 - lib/urg.rb
 homepage: https://rubygems.org/gems/urg
 licenses:
@@ -36,8 +52,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: urg, mostly.