diff options
| author | mo <mo.khan@gmail.com> | 2018-06-13 17:21:57 -0600 |
|---|---|---|
| committer | mo <mo.khan@gmail.com> | 2018-06-13 17:21:57 -0600 |
| commit | f39549c6d88cb5e9298f4265b6916a25c597da74 (patch) | |
| tree | 2498cb14fa09e55088be71235def9aa23831311d | |
| parent | 719a5aeb638e52950a8644c98292cf3bf9a42d95 (diff) | |
public-key encryption.
| -rw-r--r-- | lib/trunk/cli.rb | 15 | ||||
| -rw-r--r-- | lib/trunk/serializers/crypto.rb | 20 | ||||
| -rw-r--r-- | lib/trunk/yaml_storage.rb | 2 | ||||
| -rw-r--r-- | spec/storage_spec.rb | 8 | ||||
| -rw-r--r-- | spec/support/crypto.rb | 31 |
5 files changed, 22 insertions, 54 deletions
diff --git a/lib/trunk/cli.rb b/lib/trunk/cli.rb index 87a1249..872bb3d 100644 --- a/lib/trunk/cli.rb +++ b/lib/trunk/cli.rb @@ -7,7 +7,7 @@ module Trunk desc "show NAME", "print the password associated with a key" def show(name) - say storage.fetch(name) + print storage.fetch(name) end desc "version", "print the version" @@ -15,12 +15,11 @@ module Trunk say Trunk::VERSION end - desc "setup PASSWORD", "create the database and private key file." - def setup(password) + desc "setup", "create the database and private key file." + def setup + IO.write(private_key_path, OpenSSL::PKey::RSA.new(4096).export('AES-256-CBC', passphrase)) FileUtils.touch(database_path) FileUtils.chmod(0600, database_path) - private_key = OpenSSL::PKey::RSA.new(4096) - IO.write(private_key_path, private_key.export('AES-256-CBC', password)) end private @@ -42,7 +41,11 @@ module Trunk end def private_key - '922886eb487a61e852575aeae5a72bc9' + OpenSSL::PKey::RSA.new(IO.read(private_key_path), passphrase) + end + + def passphrase + ask("passphrase?", echo: false) end end end diff --git a/lib/trunk/serializers/crypto.rb b/lib/trunk/serializers/crypto.rb index a374cd2..94b267e 100644 --- a/lib/trunk/serializers/crypto.rb +++ b/lib/trunk/serializers/crypto.rb @@ -1,28 +1,16 @@ module Trunk module Serializers - class SymmetricCrypto - attr_reader :private_key, :algorithm - - def initialize(private_key, algorithm: 'AES-256-CBC') + class Crypto + def initialize(private_key) @private_key = private_key - @algorithm = algorithm end def serialize(plain_text) - cipher = OpenSSL::Cipher.new(algorithm) - cipher.encrypt - cipher.key = private_key - cipher.random_iv + cipher.update(plain_text) + cipher.final + @private_key.public_encrypt(plain_text) end def deserialize(cipher_text) - cipher = OpenSSL::Cipher.new(algorithm) - cipher.decrypt - iv = cipher_text[0..cipher.iv_len - 1] - data = cipher_text[cipher.iv_len..-1] - cipher.key = private_key - cipher.iv = iv - cipher.update(data) + cipher.final + @private_key.private_decrypt(cipher_text) end end end diff --git a/lib/trunk/yaml_storage.rb b/lib/trunk/yaml_storage.rb index 2d81c27..5c075b4 100644 --- a/lib/trunk/yaml_storage.rb +++ b/lib/trunk/yaml_storage.rb @@ -31,7 +31,7 @@ module Trunk def serializer serializer = Trunk::Serializers::Composite.new - serializer.add(Trunk::Serializers::SymmetricCrypto.new(private_key)) + serializer.add(Trunk::Serializers::Crypto.new(private_key)) serializer.add(Trunk::Serializers::Base64.new) serializer end diff --git a/spec/storage_spec.rb b/spec/storage_spec.rb index e742e2a..62a1186 100644 --- a/spec/storage_spec.rb +++ b/spec/storage_spec.rb @@ -1,17 +1,17 @@ require 'spec_helper' RSpec.describe Trunk::Storage do - let(:crypto) { Crypto.new('aes256-cbc', key) } + let(:crypto) { Crypto.new(key) } let(:serializer) do x = Trunk::Serializers::Composite.new - x.add(Trunk::Serializers::SymmetricCrypto.new(key)) + x.add(Trunk::Serializers::Crypto.new(key)) x.add(Trunk::Serializers::Base64.new) x end describe "#fetch" do subject { described_class.new(encrypted_hash, serializer) } - let(:key) { SecureRandom.hex(16) } + let(:key) { OpenSSL::PKey::RSA.new(4096) } let(:encrypted_hash) do decrypted_hash.keys.inject({}) do |x, y| x[y] = Base64.strict_encode64(crypto.encrypt(decrypted_hash[y])) @@ -41,7 +41,7 @@ RSpec.describe Trunk::Storage do describe "#store" do subject { described_class.new(items, serializer) } - let(:key) { SecureRandom.hex(16) } + let(:key) { OpenSSL::PKey::RSA.new(4096) } let(:items) { { } } let(:secret) { SecureRandom.hex(32) } diff --git a/spec/support/crypto.rb b/spec/support/crypto.rb index 947938f..7484f26 100644 --- a/spec/support/crypto.rb +++ b/spec/support/crypto.rb @@ -1,38 +1,15 @@ require 'openssl' class Crypto - ALGORITHMS = { - "tripledes-cbc" => 'DES-EDE3-CBC', - "aes128-cbc" => 'AES-128-CBC', - "aes192-cbc" => 'AES-192-CBC', - "aes256-cbc" => 'AES-256-CBC', - }.freeze - - def initialize(algorithm, key = nil) - @algorithm = ALGORITHMS[algorithm] - @key = key || cipher.random_key + def initialize(key = nil) + @key = key end def encrypt(plain_text) - cipher.encrypt - cipher.key = @key - cipher.random_iv + cipher.update(plain_text) + cipher.final + @key.public_encrypt(plain_text) end def decrypt(cipher_text) - cipher.decrypt - iv = cipher_text[0..cipher.iv_len - 1] - data = cipher_text[cipher.iv_len..-1] - cipher.key = @key - cipher.iv = iv - cipher.update(data) + cipher.final - end - - private - - attr_reader :key - - def cipher - @cipher ||= OpenSSL::Cipher.new(@algorithm) + @key.private_decrypt(cipher_text) end end |