yasst 0.1.0

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    MTk4MmY5N2RmODI2NDBmZGY4NzkzNGY2NzAyZTQ5M2U5ZTA4ODU4ZQ==
+  data.tar.gz: !binary |-
+    N2E0YTU5M2Y5ZjliYzcwNzY0Y2M4MDI1OGE0MGJmNTU0YWQwMTk0NA==
+SHA512:
+  metadata.gz: !binary |-
+    M2EwNDA1MDI5YjQ5N2VkNzhiMDUxZDVlYjU1ZmEyZjgwOWQ3ZGVmZDM2NDJm
+    NzlhOWI3NDQzNTRlNTY5ZjVmNmI0Njg0ZDVhYWYzZjhmYjNlZWVjY2VmYmM2
+    Zjc5ZDNiMDJlZjViYzI5OTU0NjJkYjM4MDc0NzhkZWY2MTZhZWU=
+  data.tar.gz: !binary |-
+    YWQ2YjBkNWEwYTZhZTMzZjFjOTU4NzEwNDM3MTZiOWEwNGQ1MmEyNDMzZmFm
+    MTA5NTI0NWZlNmE5NjQwZTk3YTExMDQyN2Q4NGU5MzEyNzdiNGI3MTVlYTVm
+    OWQ3NmZkYTE1YzUyOGQ4ZmUxZjI1ZDc2YTY5OTEyYWMxOTM4ZWE=

data/.gitignore

@@ -0,0 +1,28 @@
+# Default ignores for vim editor
+.*.sw[a-z]
+*.un~
+Session.vim
+.netrwhist
+# Default ignores for emacs editor
+*~
+\#*\#
+/.emacs.desktop
+/.emacs.desktop.lock
+.elc
+auto-save-list
+tramp
+.\#*
+
+# docs
+/doc
+
+# as this is a gem, we don't check Gemfile.lock into version control
+Gemfile.lock
+
+# test harness
+pkg/*
+vendor/bundle
+vendor/cache
+.bundle
+
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.rubocop.yml

@@ -0,0 +1,14 @@
+---
+Style/RegexpLiteral:
+  Exclude:
+    - 'Guardfile'
+# TODO - simplify Yasst::Profiles::OpenSSL
+Metrics/PerceivedComplexity:
+  Exclude:
+    - 'lib/yasst/profiles/openssl.rb'
+Metrics/CyclomaticComplexity:
+  Exclude:
+    - 'lib/yasst/profiles/openssl.rb'
+Metrics/AbcSize:
+  Exclude:
+    - 'lib/yasst/profiles/openssl.rb'

data/.travis.yml

@@ -0,0 +1,11 @@
+language: ruby
+rvm:
+- 2.2.3
+- 2.1.0
+deploy:
+  provider: rubygems
+  gem: yasst
+  on:
+    tags: true
+  api_key:
+    secure: l2mduN8h2tjuBSr0G/XdAD5DNbiV87vZwQoLoH2PX1KQKdgaSzlJ4Mus9pSQzhq5JsLFRNtNdMvRp1AvxEajAf4Oy+H3tBSoeQEz9/wDfZvkAje1BlZyN6fXcIzj1HkDHoA8Da6y8o5xnA3Q8f+bVDloUJyjadT5Y8tOBDBo1QY4s/qPXoqUIsGLgJtBg29MqKGj/lVrvxf/+GRs62VlJny0jRhWJK+OzyxyKHB17wIs5wg+blayd8studtpJBvFFNMSFlwF1YvTCqsCyU4d9DHaR5GS0ZOev1y63E+EkkgJiXpBh+yDXVzpSjVcm4jygJdo7n6wdW+uv7yUP8rm9ULZG6TZmDIU8I1plVjD7aOMgRBvPckomHZ8maj+1FAz8Axl/bDQhM/TT0uT2ckS6h9sXMv1uSIm/hVyiTmETg7JyETHzvd/VrH4QssGdNo60MdhQJ/Cl0US/mt2xiMlAQB4qZCakWv3A8aCCg6dswouYgewvXkrSG3mUpPpmBAjBGNLkG9IRs1lUISqBOp452HuBQ5nyR9l8ATRJvHI8hdD7tPuGfQILG0k6c9ePpFrVD7odB9KkVTd7Zd8iMh0np4oc/XeZdYVelRyeGLS7vh7QdND3w0dSr5svgfzX45lD5kwYzST6JqpaJcBZu76ctMg37AV3hlZA1Ut6etZWa8=

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in yasst.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,22 @@
+# Note: The cmd option is now required due to the increasing number of ways
+#       rspec may be run, below are examples of the most common uses.
+#  * bundler: 'bundle exec rspec'
+#  * bundler binstubs: 'bin/rspec'
+#  * spring: 'bin/rspec' (This will use spring if running and you have
+#                          installed the spring binstubs per the docs)
+#  * zeus: 'zeus rspec' (requires the server to be started separately)
+#  * 'just' rspec: 'rspec'
+
+guard :rspec, cmd: 'rspec' do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/unit/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { 'spec' }
+end
+
+guard :rubocop do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$}) { |m| "spec/unit/#{m[1]}_spec.rb" }
+  watch(%r{[^\/]+\.rb$})
+  watch(%r{.+\.gemspec$})
+  watch(%r{(?:.+/)?\.rubocop\.yml$}) { |m| File.dirname(m[0]) }
+end

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Richard Clark
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,92 @@
+# Yasst
+
+[![Build Status](https://travis-ci.org/rdark/yasst.svg?branch=master)](https://travis-ci.org/rdark/yasst)
+
+Yet Another Secret Stashing Toolkit.
+
+## Overview
+
+This project gives convenient methods for encrypting and decrypting `String`
+and `File` objects (using the [decorator pattern][decorator_pattern], rather
+than [monkey-patching][monkey_patching]) via the `YasstString` and `YasstFile`
+classes respectively.
+
+Encryption and decryption is handled by a `Yasst::Provider`; at the moment only
+OpenSSL is implemented, though support for an OpenPGP provider is planned.
+
+Each provider has a configurable `Yasst::Profile`, with sensible defaults set.
+At the time of writing, the defaults for `Yasst::Profiles::OpenSSL` are:
+
+* AES-256 cipher in CBC mode
+* key generation via PBKDF2 HMAC-SHA1 with 50,000 iterations
+
+Additionally, the OpenSSL provider will ensure that there is:
+
+* random salt generated for every encrypt action
+* random IV generated for every encrypt action
+* new key generated for every encrypt (and decrypt) action
+* encrypted string output is Base64 (web-safe) encoded
+
+[decorator_pattern]: https://github.com/nslocum/design-patterns-in-ruby#decorator
+[monkey_patching]: http://demonastery.org/2012/11/monkey-patching-in-ruby/
+
+## Usage
+
+### YasstString
+
+    provider = Yasst::Provider::OpenSSL.new(passphrase: 'a really strong passphrase')
+    provider.profile.algorithm
+    => "AES-256-CBC"
+    provider.profile.key_gen_method
+    => :pbkdf2
+    provider.profile.pbkdf2_iterations
+    => 50000
+    secrets = YasstString.new('some really secret data')
+    secrets.encrypted?
+    => false
+    secrets.encrypt(provider)
+    => "Ubvxrj7-E7QCNqiof00RwxTka5V2debHX6gdIPdAmdRvsgB2YpjGD4IU5EYYN6uFk5iKo76k6mvK4tTIXbcBlhFmnN4mptpG
+    secrets.encrypted?
+    => true
+
+### YasstFile
+
+NotYetImplemented
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'yasst'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install yasst
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/rdark/yasst. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](contributor-covenant.org) code of conduct.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+
+## Disclaimer
+
+* This security provided by this project has not been independently verified
+* Only AES ciphers are currently supported/tested, and primarily focus has so
+  far been on CBC mode.
+

data/Rakefile

@@ -0,0 +1,19 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+namespace :test do
+  # default unit tests
+  desc 'Run all unit tests in default spec suite'
+  RSpec::Core::RakeTask.new(:unit) do |task|
+    task.pattern = 'spec/unit/**/*_spec.rb'
+  end
+  # add rubocop tasks to test namespace
+  RuboCop::RakeTask.new
+  # run all non-integration/default tests
+  desc 'Run all default test suites'
+  task default: [:unit, :rubocop]
+end
+
+# default task is to run all the default test suites
+task default: ['test:default']

data/TODO.md

@@ -0,0 +1,14 @@
+# TODO
+
+## General Functionality
+
+* YasstFile Implementation
+* support for larger-than-memory files
+* support for authenticated cipher modes
+* support for OpenPGP crypto provider
+* support for logging
+
+## Profiles::OpenSSL
+
+* make banned/recommended/supported list of algorithms
+

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'yasst'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require 'pry'
+# Pry.start
+
+require 'irb'
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/yasst/error.rb

@@ -0,0 +1,17 @@
+module Yasst
+  # Error classes for Yasst
+  class Error < StandardError
+    attr_reader :error
+
+    def initialize(error = nil)
+      @error = error
+    end
+
+    class InvalidCryptoProvider < self; end
+    class InvalidCryptoProfile < self; end
+    class InvalidCryptoAlgorithm < self; end
+    class InvalidPassPhrase < self; end
+    class AlreadyEncrypted < self; end
+    class AlreadyDecrypted < self; end
+  end
+end

data/lib/yasst/primatives/openssl/metadata.rb

@@ -0,0 +1,29 @@
+require 'openssl'
+
+module Yasst
+  module Primatives
+    module OpenSSL
+      ##
+      # Methods for returning various bits of information
+      module Metadata
+        ##
+        # List available ciphers
+        def self.list_ciphers
+          ::OpenSSL::Cipher.ciphers
+        end
+
+        # Return the key length for a given cipher algorithm
+        def self.key_len_for(alg)
+          cipher = ::OpenSSL::Cipher.new(alg)
+          cipher.key_len
+        end
+
+        # Return the key length for a given cipher algorithm
+        def self.iv_len_for(alg)
+          cipher = ::OpenSSL::Cipher.new(alg)
+          cipher.iv_len
+        end
+      end
+    end
+  end
+end

data/lib/yasst/primatives/openssl.rb

@@ -0,0 +1,146 @@
+require 'base64'
+require 'openssl'
+require 'digest/sha2'
+
+module Yasst
+  module Primatives
+    # OpenSSL primatives mixin
+    module OpenSSL
+      private
+
+      # Generate a random salt
+      # ===== Parameters
+      # - +salt_bytes+
+      #   Size of the salt to be generated in bytes
+      def p_salt(salt_bytes)
+        ::OpenSSL::Random.random_bytes(salt_bytes)
+      end
+
+      # Return a cipher object
+      #
+      # ===== Parameters
+      # - +algorithm+
+      #   The algorithm to be used for the cipher (E.G 'AES-256-CBC')
+      def p_cipher(algorithm)
+        ::OpenSSL::Cipher.new(algorithm)
+      end
+
+      # Return a PBKDF2 HMAC SHA1 key
+      #
+      # ===== Parameters
+      # - +passphrase+
+      #   The passphrase to be used for generation of the key
+      # - +salt+
+      #   A random salt to be used for generation of the key
+      # - +iterations+
+      #   How many rounds of SHA1 hashing to use (recommend minimum 20k)
+      # - +key_length+
+      #   How long the key should be (should match the requirements of your
+      #   cipher algorithm)
+      def p_pbkdf2_key(passphrase, salt, iterations, key_length)
+        ::OpenSSL::PKCS5.pbkdf2_hmac_sha1(
+          passphrase,
+          salt,
+          iterations,
+          key_length
+        )
+      end
+
+      # Encrypt a string
+      #
+      # ===== Parameters
+      # - +string+
+      #   Data to be encrypted, presented as a string
+      # - +key+
+      #   Encryption key to be used
+      # - +algorithm+
+      #   Algorithm to use for the cipher
+      #
+      # ===== Returns
+      # - +iv+
+      #   Initialisation vector used for the encryption
+      # - +ciphertext+
+      #   The ciphertext
+      def p_encrypt_string(string, key, algorithm)
+        cipher = p_cipher(algorithm)
+        cipher.encrypt
+        cipher.key = key
+        # random_iv sets + returns simultaneously, grab output for prepending
+        iv = cipher.random_iv
+        ciphertext = cipher.update(Base64.urlsafe_encode64(string))
+        # not required for streaming ciphers but compatible/recommended anyway
+        ciphertext << cipher.final
+        [iv, ciphertext]
+      end
+
+      # Decrypt ciphertext string
+      #
+      # ===== Parameters
+      # - +ciphertext+
+      #   Raw ciphertext as a string
+      # - +key+
+      #   Key that will be used to decrypt the ciphertext
+      # - +iv+
+      #   Initialisation Vector for the ciphertext
+      # - +algorithm+
+      #   Algorithm to use for the cipher
+      def p_decrypt_string(ciphertext, key, iv, algorithm)
+        cipher = p_cipher(algorithm)
+        cipher.key = key
+        cipher.iv = iv
+        cipher.decrypt
+        # decrypt ciphertext
+        encoded_plain = cipher.update(ciphertext)
+        encoded_plain << cipher.final
+        # return the decoded plaintext
+        Base64.urlsafe_decode64(encoded_plain)
+      end
+
+      # Pack a string ready for storing
+      #
+      # ===== Parameters
+      # - +iv+
+      #   The IV used during encryption of the ciphertext
+      # - +salt+
+      #   The salt used for generation of the encryption key
+      def p_pack_string(iv, salt, ciphertext)
+        output = ciphertext
+        output.prepend(iv)
+        output.prepend(salt)
+        Base64.urlsafe_encode64(output)
+      end
+
+      # Unpack a string ready for decryption
+      #
+      # ===== Parameters
+      # - +string+
+      #   Base64 encoded string containing the ciphertext with prepended salt
+      #   and IV
+      # - +key_length+
+      #   The size (in bytes) of the encryption key used to encrypt the data
+      # - +iv_length+
+      #   The size (in bytes) of the IV used to encrypt the data
+      # - +salt_bytes+
+      #   The size (in bytes) of the salt used to generate the encryption key
+      #
+      # ===== Returns
+      # - +salt+
+      #   The salt that was prepended to the string
+      # - +iv+
+      #   The IV that was prepended to the string
+      # - +ciphertext+
+      #   The ciphertext (which should still be base64 encoded)
+      def p_unpack_string(string, key_length, iv_length, salt_bytes)
+        # remove base64 wrapping
+        string = Base64.urlsafe_decode64(string)
+        # pull out prepended salt and build the key using it
+        salt = string.byteslice(0..(salt_bytes - 1))
+        # pull out prepended IV
+        iv = string.byteslice(salt_bytes..(key_length - 1))
+        # pull out remaining data, which is the ciphertext
+        ciphertext = string.byteslice((salt_bytes + iv_length)..string.bytesize)
+        [salt, iv, ciphertext]
+      end
+    end
+  end
+end

data/lib/yasst/profile.rb

@@ -0,0 +1,8 @@
+module Yasst
+  ##
+  # Class to represent a profile for a provider (essentially configuration for
+  # that provider)
+  #
+  class Profile
+  end
+end

data/lib/yasst/profiles/openssl.rb

@@ -0,0 +1,62 @@
+require 'yasst/primatives/openssl/metadata'
+
+module Yasst
+  module Profiles
+    ##
+    # OpenSSL Profile
+    class OpenSSL < Yasst::Profile
+      attr_reader :algorithm, :key_gen_method, :pbkdf2_iterations,
+                  :key_len, :iv_len
+      attr_accessor :salt_bytes
+
+      DEFAULT_SALT_BYTES = 8
+      DEFAULT_KEY_GEN_METHOD = :pbkdf2
+      DEFAULT_PBKDF2_ITERATIONS = 50_000
+      DEFAULT_ALGORITHM = 'AES-256-CBC'.freeze
+      SUPPORTED_KEY_GEN_METHODS = [:pbkdf2].freeze
+
+      include Yasst::Primatives::OpenSSL::Metadata
+
+      def initialize(**args)
+        args[:algorithm].nil? && (self.algorithm = DEFAULT_ALGORITHM) ||
+          (self.algorithm = args[:algorithm])
+        args[:salt_bytes].nil? && (@salt_bytes = DEFAULT_SALT_BYTES) ||
+          (self.salt_bytes = args[:salt_bytes])
+        args[:key_gen_method].nil? &&
+          (self.key_gen_method = DEFAULT_KEY_GEN_METHOD) ||
+          (self.key_gen_method = args[:key_gen_method])
+        args[:pbkdf2_iterations].nil? &&
+          (self.pbkdf2_iterations = DEFAULT_PBKDF2_ITERATIONS) ||
+          (self.pbkdf2_iterations = args[:pbkdf2_iterations])
+      end
+
+      # setter method for algorithm
+      def algorithm=(alg)
+        valgs = Yasst::Primatives::OpenSSL::Metadata.list_ciphers
+        unless valgs.include? alg
+          raise Yasst::Error::InvalidCryptoAlgorithm,
+                "Invalid algorithm. Valid algorithms are #{valgs.join(', ')}"
+        end
+        @key_len = Yasst::Primatives::OpenSSL::Metadata.key_len_for(alg)
+        @iv_len = Yasst::Primatives::OpenSSL::Metadata.iv_len_for(alg)
+        @algorithm = alg
+      end
+
+      def key_gen_method=(method)
+        if SUPPORTED_KEY_GEN_METHODS.include? method
+          @key_gen_method = method
+        else
+          raise NotImplementedError,
+                'Invalid or not-yet-implemented key generation method. Valid ' \
+                "methods are #{SUPPORTED_KEY_GEN_METHODS.join(', ')}"
+        end
+      end
+
+      # set number of pbkdf2_iterations. Only set if key_gen_method is :pbkdf2
+      def pbkdf2_iterations=(iterations)
+        @key_gen_method == :pbkdf2 && (@pbkdf2_iterations = iterations) ||
+          (@pbkdf2_iterations = nil)
+      end
+    end
+  end
+end

data/lib/yasst/profiles.rb

@@ -0,0 +1,8 @@
+require 'yasst/profiles/openssl'
+
+module Yasst
+  ##
+  # parent namespace for profiles
+  module Profiles
+  end
+end

data/lib/yasst/provider/openssl.rb

@@ -0,0 +1,90 @@
+require 'yasst/primatives/openssl'
+
+module Yasst
+  class Provider
+    ##
+    # OpenSSL provider
+    # ===== Parameters
+    # - *profile*
+    # ===== Required Parameters
+    # - *passphrase*
+    class OpenSSL < Yasst::Provider
+      include Yasst::Primatives::OpenSSL
+
+      attr_reader :profile
+
+      ##
+      # initialize hook for superclass
+      def post_initialize(**args)
+        args[:profile].nil? && (@profile = Yasst::Profiles::OpenSSL.new) ||
+          (@profile = args[:profile])
+        validate_passphrase(@passphrase)
+      end
+
+      ##
+      # Whether or not a passphrase is required for this provider
+      def passphrase_required?
+        true
+      end
+
+      ##
+      # Encrypt a string using a unique salt + key for every encrypt action,
+      # and then package it up in a usable base64'd string with iv + salt
+      # prepended
+      #
+      # ===== Parameters
+      # - +string+
+      #   A string to encrypt
+      # ===== Returns
+      # - String
+      def encrypt(string)
+        e_salt = salt
+        e_key = key(e_salt)
+        e_iv, ciphertext = p_encrypt_string(string, e_key, profile.algorithm)
+        p_pack_string(e_iv, e_salt, ciphertext)
+      end
+
+      ##
+      # De-encode, unpack and decrypt a string
+      #
+      # ===== Parameters
+      # - +string+
+      #   A base64-encoded string to decrypt. Must be in the same format as the
+      #   encrypt method produces
+      # ===== Returns
+      def decrypt(string)
+        d_salt, d_iv, ciphertext = p_unpack_string(
+          string,
+          profile.key_len,
+          profile.iv_len,
+          profile.salt_bytes
+        )
+        p_decrypt_string(ciphertext, key(d_salt), d_iv, profile.algorithm)
+      end
+
+      private
+
+      ##
+      # Returns a brand new salt
+      def salt
+        p_salt(profile.salt_bytes)
+      end
+
+      ##
+      # Returns a new key for the configured key gen method.
+      # Called with no parameters, a fresh salt will be used
+      # ===== Parameters
+      # - +salt+
+      #   Optional salt value to use when generating the key
+      def key(salt = nil)
+        salt.nil? && salt = new_salt
+        # Profile should raise NotImplementedErrror if unsupported key
+        # generation method is used
+        if profile.key_gen_method == :pbkdf2
+          return p_pbkdf2_key(@passphrase, salt,
+                              profile.pbkdf2_iterations, profile.key_len)
+        end
+      end
+    end
+  end
+end

data/lib/yasst/provider.rb

@@ -0,0 +1,61 @@
+require 'yasst/provider/openssl'
+module Yasst
+  ##
+  # Represents a Crypto Provider
+  #
+  # === Parameters
+  # - *passphrase*
+  #   The passphrase used for the provider instance. This is optional since
+  #   some providers may not require a passphrase. Where passphrase is given,
+  #   it must conform to minimum complexity requirements.
+  class Provider
+    attr_reader :passphrase
+
+    PASSPHRASE_MIN_LENGTH = 8
+
+    def initialize(**args)
+      self.passphrase = args[:passphrase]
+      post_initialize(args)
+    end
+
+    # post initialize hook for subclasses
+    def post_initialize(**_args)
+      nil
+    end
+
+    # setter method for passphrase
+    def passphrase=(pass)
+      validate_passphrase(pass) && @passphrase = pass
+    end
+
+    # validates a passphrase and raise on error
+    def validate_passphrase(pass = @passphrase)
+      unless passphrase_valid?(pass)
+        raise Yasst::Error::InvalidPassPhrase,
+              'Passphrase does not meet minimum requirements'
+      end
+      true
+    end
+
+    # Whether or not a passphrase is required for this provider instance
+    # Should be overridden in the provider subclass if it requires a passphrase
+    def passphrase_required?
+      false
+    end
+
+    # Validate a passphrase
+    # ===== Parameters
+    # - +pass+
+    #   String. The passphrase to be validated
+    # ===== Returns
+    # - true/false if the passphrase is valid or not
+    def passphrase_valid?(pass = @passphrase)
+      if pass.nil?
+        return false if passphrase_required?
+        return true
+      end
+      return false unless pass.length >= PASSPHRASE_MIN_LENGTH
+      true
+    end
+  end
+end

data/lib/yasst/version.rb

@@ -0,0 +1,3 @@
+module Yasst
+  VERSION = '0.1.0'.freeze
+end

data/lib/yasst/yasst_file.rb

@@ -0,0 +1,7 @@
+##
+# Decorator pattern for File
+class YasstFile < File
+  def initialize(*_args)
+    raise NotImplementedError
+  end
+end

data/lib/yasst/yasst_string.rb

@@ -0,0 +1,36 @@
+##
+# Decorator pattern for String
+#
+# TODO: only way to tell an already encrypted new YasstString object that it is
+# encrypted is by telling it so at initialization time. Is there a more elegant
+# way of doing this without imposing overhead?
+class YasstString < String
+  def initialize(str = '', encrypted = false)
+    super(str)
+    @encrypted = encrypted
+  end
+
+  ##
+  # Encrypt self using a Yasst::Provider
+  def encrypt(provider)
+    raise Yasst::Error::AlreadyEncrypted,
+          'File is already encrypted' if encrypted?
+    @encrypted = true
+    replace(provider.encrypt(to_s))
+  end
+
+  ##
+  # Whether or not the encrypt method has been called
+  def encrypted?
+    @encrypted ||= false
+  end
+
+  ##
+  # Decrypt self using a Yasst::Provider
+  def decrypt(provider)
+    raise Yasst::Error::AlreadyDecrypted,
+          'File is already decrypted' unless encrypted?
+    @encrypted = false
+    replace(provider.decrypt(to_s))
+  end
+end

data/lib/yasst.rb

@@ -0,0 +1,12 @@
+require 'yasst/version'
+require 'yasst/error'
+require 'yasst/profile'
+require 'yasst/profiles'
+require 'yasst/provider'
+require 'yasst/yasst_string'
+require 'yasst/yasst_file'
+
+##
+# Yet Another Secret Stashing Toolset
+module Yasst
+end

data/yasst.gemspec

@@ -0,0 +1,34 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'yasst/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'yasst'
+  spec.version       = Yasst::VERSION
+  spec.authors       = ['Richard Clark']
+  spec.email         = ['richard@fohnet.co.uk']
+
+  spec.summary       = 'Yet Another Secret Stashing Toolkit'
+  spec.description   = 'Yasst is a toolset for managing encryption and ' \
+    'decryption of secrets'
+  spec.homepage      = 'https://github.com/rdark/yasst'
+  spec.license       = 'MIT'
+
+  spec.require_paths = ['lib']
+  spec.files = `git ls-files -z`.split("\x0").reject { |f|
+    f.match(%r{^(TODO|test|spec|features)/})
+  }
+  # ensure gem is built out of versioned files
+  spec.executables = `git ls-files -- bin/*`.split("\n").map { |f|
+    File.basename(f)
+  }
+
+  spec.add_development_dependency 'bundler', '~> 1'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.4.0'
+  spec.add_development_dependency 'rubocop', '~> 0.36'
+  spec.add_development_dependency 'guard', '~> 2.13.0'
+  spec.add_development_dependency 'guard-rspec', '~> 4.6.4'
+  spec.add_development_dependency 'guard-rubocop', '~> 1.2.0'
+end

metadata

@@ -0,0 +1,169 @@
+--- !ruby/object:Gem::Specification
+name: yasst
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Richard Clark
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-02-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.4.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.4.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.36'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.36'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.13.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.13.0
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.6.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.6.4
+- !ruby/object:Gem::Dependency
+  name: guard-rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+description: Yasst is a toolset for managing encryption and decryption of secrets
+email:
+- richard@fohnet.co.uk
+executables:
+- console
+- setup
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .rubocop.yml
+- .travis.yml
+- Gemfile
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- TODO.md
+- bin/console
+- bin/setup
+- lib/yasst.rb
+- lib/yasst/error.rb
+- lib/yasst/primatives/openssl.rb
+- lib/yasst/primatives/openssl/metadata.rb
+- lib/yasst/profile.rb
+- lib/yasst/profiles.rb
+- lib/yasst/profiles/openssl.rb
+- lib/yasst/provider.rb
+- lib/yasst/provider/openssl.rb
+- lib/yasst/version.rb
+- lib/yasst/yasst_file.rb
+- lib/yasst/yasst_string.rb
+- yasst.gemspec
+homepage: https://github.com/rdark/yasst
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Yet Another Secret Stashing Toolkit
+test_files: []