vault-tree 0.1.0 → 0.3.3

data/features/keywords/master_passphrase.feature

@@ -0,0 +1,68 @@
+Feature: Master Passphrase
+
+```javascript
+"lock_with": "MASTER_PASSPHRASE",
+"unlock_with": "MASTER_PASSPHRASE"
+```
+
+The master password can be thought of as the secure password for the system that is executing the contract. It should never be shared or transfered between parties.
+
+Vault Tree prevents this value from ever being stored within a vault. If you attempt to store the master password within a vault, an exception will be thrown.
+
+As a best practice you should minimize the number of vaults that are locked or
+unlocked with your master password. Specifically, consider randomly generating a
+contract secret and then locking it with your master password. Then you can lock
+other vaults with this randomly generated ephemeral secret when you want store
+confidential contract data.
+
+Scenario: Close And Open With Master Password
+  Given the blank contract:
+    """javascript
+      {
+        "header": {},
+        "vaults": {
+          "random_vault_key":{
+            "description":"Random Number",
+            "fill_with": "RANDOM_NUMBER",
+            "lock_with": "MASTER_PASSPHRASE",
+            "unlock_with": "MASTER_PASSPHRASE",
+            "contents": ""
+            },
+          "message":{
+            "description": "Simple Congratulations Message",
+            "fill_with": "EXTERNAL_DATA",
+            "lock_with": "KEY['random_vault_key']",
+            "unlock_with": "KEY['random_vault_key']",
+            "contents": ""
+          }
+        }
+      }
+    """
+  When I lock a message in a vault with my Master Password
+  Then I can recover the message with my Master Password
+
+Scenario: Missing Passphrase
+  Given the blank contract:
+    """javascript
+      {
+        "header": {},
+        "vaults": {
+          "random_vault_key":{
+            "description":"Random Number",
+            "fill_with": "RANDOM_NUMBER",
+            "lock_with": "MASTER_PASSPHRASE",
+            "unlock_with": "MASTER_PASSPHRASE",
+            "contents": ""
+            },
+          "message":{
+            "description": "Simple Congratulations Message",
+            "fill_with": "EXTERNAL_DATA",
+            "lock_with": "KEY['random_vault_key']",
+            "unlock_with": "KEY['random_vault_key']",
+            "contents": ""
+          }
+        }
+      }
+    """
+  When I attempt fill a vault without providing a master passphrase
+  Then a MissingPassphrase exception is raised

data/features/keywords/public_encryption_key.feature

@@ -0,0 +1,14 @@
+Feature: Public Encryption Key
+
+
+```javascript
+  "fill_with": "PUBLIC_ENCRYPTION_KEY['decryption_key_vault_id']",
+```
+
+Public encryption keys are derived from their corresponding private decryption key.
+
+This Keyword takes one argument the vault ID containing the associated private
+key.
+
+Public encryption keys and private decryption keys are used to build DH Keys
+to lock and unlock asymmetric vaults.

data/features/keywords/random_number.feature

@@ -0,0 +1,44 @@
+Feature: Random Number
+
+The keyword
+
+```javascript
+RANDOM_NUMBER
+```
+
+behaves as expected.
+
+When used, the Vault Tree library generates a Cryptographic Hash of a random number and places it in the designated vault.
+
+You should use this keyword to build secure symmetric Vault keys.
+
+Scenario: Close And Open With Random Key
+  Given the blank contract:
+    """javascript
+      {
+        "header": {
+          "title":"Close And Open With Random Key"
+        },
+        "vaults": {
+          "random_vault_key":{
+            "description":"Random Number",
+            "fill_with": "RANDOM_NUMBER",
+            "lock_with": "MASTER_PASSPHRASE",
+            "unlock_with": "MASTER_PASSPHRASE",
+            "contents": ""
+            },
+
+          "message_locked_with_random":{
+            "description":"A simple message locked with a random number",
+            "fill_with": "EXTERNAL_DATA",
+            "lock_with": "KEY['random_vault_key']",
+            "unlock_with": "KEY['random_vault_key']",
+            "contents": ""
+          }
+
+        }
+      }
+    """
+  When I lock away a random vault key
+  And I use the random key to lock a message
+  Then I can recover the message with the Random Key

data/features/keywords/readme.md

@@ -0,0 +1,3 @@
+The Vault Tree DSL provides keywords that allow you to craft the behavior of your contract in useful ways.
+
+Keywords are expressed with all capital letters and can take **Vault Ids** as arguments.

data/features/keywords/split_key.feature

@@ -0,0 +1,54 @@
+Feature: Split Key
+
+  ```javascript
+  SPLIT_KEY['id_1','id_2','id_3']
+  ```
+  Split Key is a simple for of secret sharing. 
+
+Scenario: Close And Open With Split Key
+  Given the blank contract:
+    """javascript
+      {
+        "header": {},
+        "vaults": {
+          "a_consent_key":{
+            "fill_with": "RANDOM_NUMBER",
+            "lock_with": "EXTERNAL_DATA",
+            "unlock_with": "EXTERNAL_DATA",
+            "contents": ""
+          },
+
+          "b_consent_key":{
+            "fill_with": "RANDOM_NUMBER",
+            "lock_with": "EXTERNAL_DATA",
+            "unlock_with": "EXTERNAL_DATA",
+            "contents": ""
+          },
+
+          "c_consent_key":{
+            "fill_with": "RANDOM_NUMBER",
+            "lock_with": "EXTERNAL_DATA",
+            "unlock_with": "EXTERNAL_DATA",
+            "contents": ""
+          },
+
+          "abc_joint_consent_key":{
+            "fill_with": "RANDOM_NUMBER",
+            "lock_with": "SPLIT_KEY['a_consent_key','b_consent_key','c_consent_key']",
+            "unlock_with": "SPLIT_KEY['a_consent_key','b_consent_key','c_consent_key']",
+            "contents": ""
+          },
+
+          "abc_consent_message":{
+            "fill_with": "EXTERNAL_DATA",
+            "lock_with": "KEY['abc_joint_consent_key']",
+            "unlock_with": "KEY['abc_joint_consent_key']",
+            "contents": ""
+          }
+        }
+      }
+    """
+  And Consent keys for parties A, B, and C
+  When I lock a message in a vault using a split key
+  Then I can recover the message if each party gives consent
+  And I cannot recover the message if one party fails to give consent

data/features/keywords/unlocked.feature

@@ -0,0 +1,51 @@
+Feature: Unlocked
+
+```javascript
+  "lock_with": "UNLOCKED",
+  "unlock_with": "UNLOCKED"
+```
+
+This keyword should be used to make vault contents accessable to anyone.
+
+When the contract interpreter reads this keyword it simply hashes the actual string _"UNLOCKED"_ and uses the resulting digest as the symmetric vault key.
+
+Scenario: Transfer Key Via Unlocked Vault
+  Given the blank contract:
+    """javascript
+      {
+        "header": {},
+        "vaults": {
+          "random_vault_key":{
+            "description":"Random Number",
+            "fill_with": "RANDOM_NUMBER",
+            "lock_with": "MASTER_PASSPHRASE",
+            "unlock_with": "MASTER_PASSPHRASE",
+            "contents": ""
+            },
+          "message_locked_with_random":{
+            "description":"A simple message locked with a random number",
+            "fill_with": "EXTERNAL_DATA",
+            "lock_with": "KEY['random_vault_key']",
+            "unlock_with": "KEY['random_vault_key']",
+            "contents": ""
+          },
+          "unlocked_random_key":{
+            "description":"An unlocked random key",
+            "fill_with": "KEY['random_vault_key']",
+            "lock_with": "UNLOCKED",
+            "unlock_with": "UNLOCKED",
+            "contents": ""
+          },
+          "message_locked_with_unlocked_random_number":{
+            "fill_with": "CONTENTS['message_locked_with_random']",
+            "lock_with": "KEY['unlocked_random_key']",
+            "unlock_with": "KEY['unlocked_random_key']",
+            "contents": ""
+          }
+        }
+      }
+    """
+  When I lock away a random vault key
+  And I use the random key to lock a message
+  And I put this random key in an unlocked vault
+  Then another user can recover the message with the Unlocked Random Key

data/features/manipulating_contracts.md

@@ -0,0 +1,84 @@
+Contracts are a central part of the [Vault Tree Project]. Here is what you
+need to know:
+
+* A Vault Tree Contract is simply a [JSON] text file
+* Every contract is composed of two parts:
+  - The **Header** section, which includes helpful meta data
+  - The **Vaults** section, which can be any collection of _vaults_ that form the
+    contract.
+* The way in which you, the contract author, organize the vaults will determine the **Self-Enforcing Terms** of your contract.
+* Each vault will typically contain either an **external data** string that is provided by one of the contract
+  participants, or a key to anther vault.
+
+### Writing and Simulating Contracts
+
+If you've made it to this far, then you're ready to build some stuff. You're
+thinking to yourself:
+
+* For my Vault Tree Contract to be useful it probably needs to involve more than one person.
+* I think I can write a contract, but I really need a way to test it out and think through all the different scenarios.
+* When my final contract is complete it might involve network calls to pass it
+  between parties, queries the Bitcoin Block Chain, or some other crazy step involving the outside world.
+
+What I really need is a way to **Simulate** how the contract will be used in real life ...
+
+Enter [Cucumber].
+
+[Cucumber]: https://github.com/cucumber/cucumber
+
+Cucumber is a tool designed to test complicated full stack web applications. However, we are going to use it for a slightly different purpose.
+
+Take a look at this simple example:
+
+```Gherkin
+Scenario: Alice and Bob Execute the One Two Three Contract
+  Given Alice has the blank contract
+  When she locks all of her attributes
+  And she sends the contract to Bob
+  Then Bob can access all of her public attributes
+  When Bob locks his attributes
+  And He fills and locks each of the three main vaults
+  Then Alice can execute the contract to recover the final message
+```
+
+Great. So we wrote down how the contract is used in some funny looking format  ... so what.
+
+Well, what if we associate each one of these steps in the scenario with some simple Ruby code that interacts with the Vault Tree API. Here are the first three step definitions:
+
+```Ruby
+# This file: "features/core/one_two_three/one_two_three.steps.rb"
+# Associated Contract: "core/one_two_three.0.7.0.json"
+
+Given(/^Alice has the blank contract$/) do
+  contract_path = VaultTree::ContractsRepo::PathHelpers.core_contracts('one_two_three.0.7.0.json')
+  @contract_json = File.read(contract_path)
+end
+
+When(/^she locks all of her attributes$/) do
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'ALICE_SECURE_PASS', external_data: {})
+  @contract = @contract.close_vault('alice_decryption_key')
+  @contract = @contract.close_vault('alice_public_encryption_key')
+end
+
+When(/^she sends the contract to Bob$/) do
+  @contract_json = @contract.as_json
+  @bobs_external_data = {"congratulations_message" => "CONGRATS! YOU OPENED THE THIRD VAULT."}
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'BOB_SECURE_PASS', external_data: @bobs_external_data)
+end
+```
+
+Not only can we easily run the contract throught the library to test that it
+works, we have a straight forward mechanism for simulating otherwise complicated
+steps like sending the JSON representation of the contact _over the wire_.
+
+Some items to keep in mind when you run Cucumber scenarios:
+
+* Run `rake` instead of `cucumber` when in the VM `/vagrant` dir
+* This will:
+  - Take care of the wierd cucumber configuration flags needed to handle the unconventional directory structure.
+  - Execute all cucumber scenarios associated with contracts in the `/core` directory
+
+[JSON]: http://www.json.org 
+[Vault Tree Homepage]: http://www.vault-tree.org
+[Vault Tree Project]: http://www.vault-tree.org
+

data/features/readme.md

@@ -0,0 +1,6 @@
+#### Vault Tree Developer Documentation
+
+If you are coming to this page from a redirect and are unfamiliar with Vault Tree,
+take a look at the [Homepage] for an overview of the project.
+
+[Homepage]: http://vault-tree.org

data/features/steps/asymmetric_vault.steps.rb

@@ -0,0 +1,41 @@
+Given(/^Alice has the blank asymmetric vault contract$/) do
+  contract_path = VaultTree::PathHelpers.core_contracts('asymmetric_vault.0.1.0.json')
+  @contract_json = File.read(contract_path)
+end
+
+When(/^she locks all of her public and private keys$/) do
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'ALICE_SECURE_PASS', external_data: {})
+  @contract = @contract.close_vault('alice_contract_secret')
+  @contract = @contract.close_vault('alice_decryption_key')
+  @contract = @contract.close_vault('alice_public_encryption_key')
+end
+
+When(/^she sends the contract to Bob over the internet$/) do
+  @contract_json = @contract.as_json
+  @bobs_external_data = {"message" => "CONGRATS ALICE! YOU UNLOCKED THE SECRET MESSAGE WITH A DH KEY."}
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'BOB_SECURE_PASS', external_data: @bobs_external_data)
+end
+
+Then(/^Bob can access of her public keys but not her private keys$/) do
+  @contents = @contract.retrieve_contents('alice_public_encryption_key')
+end
+
+When(/^Bob locks his public and private keys$/) do
+  @contract = @contract.close_vault('bob_decryption_key')
+  @contract = @contract.close_vault('bob_public_encryption_key')
+end
+
+When(/^He fills and locks the vault containing the message using a DH_KEY$/) do
+  @contract = @contract.close_vault('message')
+end
+
+
+When(/^he sends the contract back to Alice over the internet$/) do
+  @contract_json = @contract.as_json
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'ALICE_SECURE_PASS', external_data: {})
+end
+
+Then(/^Alice can unlock the message with a DH_KEY$/) do
+  puts @contract.retrieve_contents('message')
+  @contract.retrieve_contents('message').should == @bobs_external_data['message']
+end

data/features/steps/block_chain_key_transfer.steps.rb

@@ -0,0 +1,43 @@
+Given(/^the SENDER has the blank contract template$/) do
+  contract_path = VaultTree::PathHelpers.core_contracts('block_chain_key_transfer.0.1.0.json')
+  @contract_json = File.read(contract_path)
+end
+
+Given(/^the SENDER chooses an origin address and a concealed destination address$/) do
+  @sender_external_data =
+    {
+      'sender_origin_wallet_address' => '1XJEBF8EUBF855NEBHVENPFE9JE74E',
+      'sender_concealed_destination_wallet_address' => '1JVKE8HD5JDHFEJHF678JEH8DEJGHE',
+      'sender_btc_signing_key' => 'BITCOIN_SIGNING_KEY_KEEP_IT_SECRET'
+    }
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'SENDER_SECURE_PASS', external_data: @sender_external_data)
+  @contract = @contract.close_vault('sender_origin_wallet_address')
+  @contract = @contract.close_vault('sender_concealed_destination_wallet_address')
+end
+
+Given(/^he locks away the secret BTC signing key$/) do
+  @contract = @contract.close_vault('sender_btc_signing_key')
+end
+
+When(/^the SENDER transfers the contract to the RECEIVER$/) do
+  @contract_json_over_the_wire = @contract.as_json
+  @contract = VaultTree::Contract.new(@contract_json_over_the_wire, master_passphrase: 'RECEIVER_SECURE_PASS')
+end
+
+Then(/^the RECEIVER can access the origin wallet address$/) do
+  @contract.retrieve_contents('sender_origin_wallet_address').should == @sender_external_data['sender_origin_wallet_address']
+end
+
+When(/^the SENDER reveals the hidden wallet address by transfering bitcoins from the origin address$/) do
+  @contract_json = @contract.as_json # save the json state
+  wallet_address_from_watching_blockchain = @sender_external_data['sender_concealed_destination_wallet_address']
+  @receiver_external_data = { 'receiver_revealed_destination_wallet_address' => wallet_address_from_watching_blockchain}
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'RECEIVER_SECURE_PASS', external_data: @receiver_external_data)
+  @contract = @contract.close_vault('receiver_revealed_destination_wallet_address')
+end
+
+Then(/^the RECEIVER can unlock the vault to recover the transfered signing key$/) do
+  transfered_secret_key = @contract.retrieve_contents('sender_btc_signing_key')
+  transfered_secret_key.should ==  @sender_external_data['sender_btc_signing_key']
+  puts "PROPERLY TRANSFERED: #{transfered_secret_key} !"
+end

data/features/steps/core.steps.rb

@@ -1,105 +1,3 @@
-Given(/^Alice has the blank contract$/) do
-  contract_path = VaultTree::PathHelpers.reference_contract
-  @contract_json = File.read(contract_path)
-end
-
-# Change this to just attributes vice public attributes
-When(/^she locks all of her attributes$/) do
-  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'ALICE_SECURE_PASS', external_data: {})
-  @contract = @contract.close_vault('alice_decryption_key')
-  @contract = @contract.close_vault('alice_public_encryption_key')
-end
-
-When(/^she sends the contract to Bob$/) do
-  @contract_json = @contract.as_json 
-  @bobs_external_data = {"congratulations_message" => "CONGRATS! YOU OPENED THE THIRD VAULT."}
-  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'BOB_SECURE_PASS', external_data: @bobs_external_data)
-end
-
-Then(/^Bob can access her public attributes$/) do
-  @contents = @contract.retrieve_contents('alice_public_encryption_key')
-end
-
-When(/^Bob locks his attributes$/) do
-
-  @contract = @contract.close_vault('bob_decryption_key')
-  # Verify can reopen
-  @contract.retrieve_contents('bob_decryption_key')
-
-  @contract = @contract.close_vault('congratulations_message')
-  # Verify can reopen
-  @contract.retrieve_contents('congratulations_message')
-
-  @contract = @contract.close_vault('vault_two_key')
-  # Verify they can reopen
-  @contract.retrieve_contents('vault_two_key')
-
-  @contract = @contract.close_vault('vault_three_key')
-  # Verify they can reopen
-  @contract.retrieve_contents('vault_three_key')
-
-  @contract = @contract.close_vault('bob_public_encryption_key')
-  # Verify they can reopen
-  @contract.retrieve_contents('bob_public_encryption_key')
-end
-
-When(/^He fills and locks each of the three vaults$/) do
-  @contract = @contract.close_vault('first')
-  @contract = @contract.close_vault('second')
-  @contract = @contract.close_vault('third')
-end
-
-Then(/^Alice can execute the contract to recover the final message$/) do
-  @contract_json = @contract.as_json 
-  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'ALICE_SECURE_PASS', external_data: {})
-  puts @contract.retrieve_contents('third')
-  @contract.retrieve_contents('third').should == @bobs_external_data['congratulations_message']
-end
-
-Given(/^the SENDER has the blank BTC Key Transfer template$/) do
-  contract_path = VaultTree::PathHelpers.reference_contract
-  @contract_json = File.read(contract_path)
-end
-
-Given(/^the SENDER chooses an origin wallet address and concealed destination address$/) do
-  @sender_external_data =
-    {
-      'sender_origin_wallet_address' => '1XJEBF8EUBF855NEBHVENPFE9JE74E',
-      'sender_concealed_destination_wallet_address' => '1JVKE8HD5JDHFEJHF678JEH8DEJGHE',
-      'sender_btc_signing_key' => 'BITCOIN_SIGNING_KEY_KEEP_IT_SECRET'
-    }
-  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'SENDER_SECURE_PASS', external_data: @sender_external_data)
-  @contract = @contract.close_vault('sender_origin_wallet_address')
-  @contract = @contract.close_vault('sender_concealed_destination_wallet_address')
-end
-
-Given(/^he locks away the secret BTC signing key$/) do
-  @contract = @contract.close_vault('sender_btc_signing_key')
-end
-
-When(/^the SENDER transfers the Vault\-Tree contract to the RECEIVER$/) do
-  @contract_json_over_the_wire = @contract.as_json
-  @contract = VaultTree::Contract.new(@contract_json_over_the_wire, master_passphrase: 'RECEIVER_SECURE_PASS')
-end
-
-Then(/^the RECEIVER can access the origin wallet address$/) do
-  @contract.retrieve_contents('sender_origin_wallet_address').should == @sender_external_data['sender_origin_wallet_address']
-end
-
-When(/^the SENDER reveals the hidden wallet address by Blockchain payment from the origin address$/) do
-  @contract_json = @contract.as_json # save the json state
-  wallet_address_from_watching_blockchain = @sender_external_data['sender_concealed_destination_wallet_address']
-  @receiver_external_data = { 'receiver_revealed_destination_wallet_address' => wallet_address_from_watching_blockchain}
-  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'RECEIVER_SECURE_PASS', external_data: @receiver_external_data)
-  @contract = @contract.close_vault('receiver_revealed_destination_wallet_address')
-end
-
-Then(/^the RECEIVER can unlock the vault to recover the transfered signing key$/) do
-  transfered_secret_key = @contract.retrieve_contents('sender_btc_signing_key')
-  transfered_secret_key.should ==  @sender_external_data['sender_btc_signing_key']
-  puts "PROPERLY TRANSFERED: #{transfered_secret_key} !"
-end
-
 Given(/^I have a blank reference contract$/) do
   contract_path = VaultTree::PathHelpers.reference_contract
   @contract_json = File.read(contract_path)
@@ -151,7 +49,7 @@ Given(/^I have access to the another user's unlocked public key$/) do
   @contract = @contract.close_vault('my_public_key')
 end
 
-Given(/^I lock a simple message with a shared key$/) do
+Given(/^I lock a simple message with a DH Key$/) do
   @contract_json = @contract.as_json
   @external_data = {"asymmetric_message" => "CONGRATS! YOU OPENED THE ASYMMETRIC VAULT."}
   @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'MY_SECURE_PASS', external_data: @external_data)
@@ -163,6 +61,61 @@ When(/^I transfer the contract to the other user$/) do
   @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'ANOTHER_USERS_SECURE_PASS')
 end
 
-Then(/^they can create a shared key and unlock the message$/) do
+Then(/^they can create a DH Key and unlock the message$/) do
   @contract.retrieve_contents('asymmetric_message').should == @external_data['asymmetric_message']
 end
+
+Given(/^Consent keys for parties A, B, and C$/) do
+  @locking_consent_keys = {
+    "a_consent_key" => "A_SECRET_CONSENT_KEY",
+    "b_consent_key" => "B_SECRET_CONSENT_KEY",
+    "c_consent_key" => "C_SECRET_CONSENT_KEY"
+  }
+end
+
+When(/^I lock a message in a vault using a split key$/) do
+  @message = {"abc_consent_message" => "A, B, AND C ALL AGREED TO OPEN THE VAULT." }
+  @external_data = @locking_consent_keys.merge(@message)
+  @contract = VaultTree::Contract.new(@contract_json, external_data: @external_data)
+  @contract = @contract.close_vault('a_consent_key')
+  @contract = @contract.close_vault('b_consent_key')
+  @contract = @contract.close_vault('c_consent_key')
+  @contract = @contract.close_vault('abc_joint_consent_key')
+  @contract = @contract.close_vault('abc_consent_message')
+  @contract_json = @contract.as_json
+end
+
+Then(/^I can recover the message if each party gives consent$/) do
+  @unlocking_consent_keys = {
+    "a_consent_key" => "A_SECRET_CONSENT_KEY",
+    "b_consent_key" => "B_SECRET_CONSENT_KEY",
+    "c_consent_key" => "C_SECRET_CONSENT_KEY"
+  }
+  @contract = VaultTree::Contract.new(@contract_json, external_data: @unlocking_consent_keys)
+  @contract.retrieve_contents('abc_consent_message').should == @external_data['abc_consent_message']
+  puts @contract.retrieve_contents('abc_consent_message')
+end
+
+Then(/^I cannot recover the message if one party fails to give consent$/) do
+  @incomplete_unlocking_consent_keys = {
+    "a_consent_key" => "A_WRONG_SECRET_CONSENT_KEY",
+    "b_consent_key" => "B_SECRET_CONSENT_KEY",
+    "c_consent_key" => "C_SECRET_CONSENT_KEY"
+  }
+  @contract = VaultTree::Contract.new(@contract_json, external_data: @incomplete_unlocking_consent_keys)
+  expect{@contract.retrieve_contents('abc_consent_message')}.to raise_error(VaultTree::Exceptions::FailedUnlockAttempt)
+end
+
+Given(/^the blank contract:$/) do |string|
+  @contract_json = string
+end
+
+When(/^I lock a message in a vault using a symmetric vault key$/) do
+  @external_data = {"message" => "CONGRATS! YOU OPENED THE VAULT."}
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'MY_SECURE_PASS', external_data: @external_data)
+  @contract = @contract.close_vault('message')
+end
+
+Then(/^I can recover the message using the same key$/) do
+  @contract.retrieve_contents('message').should == @external_data['message']
+end