write json blob to encrypted file.

3 files changed, 15 insertions, 24 deletions

diff --git a/lib/tfa.rb b/lib/tfa.rb
index 2f934dd..30e7e72 100644
--- a/lib/tfa.rb
+++ b/lib/tfa.rb
@@ -1,5 +1,6 @@
 require "base64"
 require "digest"
+require "json"
 require "openssl"
 require "pstore"
 require "rotp"
diff --git a/lib/tfa/secure_proxy.rb b/lib/tfa/secure_proxy.rb
index 0c18d83..96481e5 100644
--- a/lib/tfa/secure_proxy.rb
+++ b/lib/tfa/secure_proxy.rb
@@ -5,30 +5,29 @@ module TFA
       @digest = Digest::SHA256.digest(passphrase)
     end
 
-    def encrypt!
-      cipher = OpenSSL::Cipher.new("AES-256-CBC")
+    def encrypt!(algorithm = "AES-256-CBC")
+      cipher = OpenSSL::Cipher.new(algorithm)
       cipher.encrypt
       cipher.key = @digest
-      #iv = cipher.random_iv
-      #cipher.iv = iv
-
-      plain_text = read_all
-      #cipher_text = iv + cipher.update(plain_text) + cipher.final
-      cipher_text = cipher.update(plain_text) + cipher.final
-      flush(cipher_text)
+      cipher.iv = iv = cipher.random_iv
+      plain_text = IO.read(@original.path)
+      json = JSON.generate(
+        algorithm: algorithm,
+        iv: Base64.encode64(iv),
+        cipher_text: Base64.encode64(cipher.update(plain_text) + cipher.final),
+      )
+      IO.write(@original.path, json)
     end
 
     def decrypt!
       return unless File.exist?(@original.path)
 
-      cipher_text = read_all
-      decipher = OpenSSL::Cipher.new("AES-256-CBC")
+      data = JSON.parse(IO.read(@original.path), symbolize_names: true)
+      decipher = OpenSSL::Cipher.new(data[:algorithm])
       decipher.decrypt
-      #decipher.iv = cipher_text[0..decipher.iv_len-1]
       decipher.key = @digest
-      #data = cipher_text[decipher.iv_len..-1]
-      data = cipher_text
-      flush(decipher.update(data) + decipher.final)
+      decipher.iv = Base64.decode64(data[:iv])
+      IO.write(@original.path, decipher.update(Base64.decode64(data[:cipher_text])) + decipher.final)
     end
 
     private
@@ -41,13 +40,5 @@ module TFA
       encrypt!
       result
     end
-
-    def read_all
-      IO.read(@original.path)
-    end
-
-    def flush(data)
-      IO.write(@original.path, data)
-    end
   end
 end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 0521f72..72a74a5 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -18,7 +18,6 @@ require 'tfa'
 require 'securerandom'
 require 'tempfile'
 require 'tmpdir'
-require 'json'
 RSpec.configure do |config|
 # The settings below are suggested to provide a good initial experience
 # with RSpec, but feel free to customize to your heart's content.