Class: OpenSecret::Crypto

Inherits:

Object

• Object
• OpenSecret::Crypto

Defined in:

lib/opensecret/plugins.io/cipher/crypto.rb

Overview

Create dynamic secrets of various flavours including

• ssh public/private key secrets

• secret keys for internal database services

• hashed SHA256 keys for Jenkins user auth

Class Method Summary

• .assert_input_text_size(input_size, minimum_size) ⇒ Object

  – – Output an error message and then exit if the entered input – text size does not meet the minimum requirements.

• .assert_min_size(minimum_size) ⇒ Object

  – – Raise an exception if asked to collect text that is less – than 3 characters in length.

• .assert_same_size_text(first_text, second_text) ⇒ Object

  – – Assert that the text entered the second time is exactly (case sensitive) – the same as the text entered the first time.

• .collect_secret(minimum_size, prompt_1, prompt_2) ⇒ Object

  – – Collect a password from the user with a minimum length – specified in the parameter.

• .engineer_password(approx_length) ⇒ Object

  – – Engineer a raw password that is similar (approximate) in – length to the integer parameter.

• .get_amalgam_password(human_password, machine_password, mix_ratio) ⇒ Object

  – – Get a viable machine password taking into account the human – password length and the specified mix_ratio.

• .get_machine_password(human_password_length, mix_ratio) ⇒ Object

  – – Get a viable machine password taking into account the human – password length and the specified mix_ratio.

• .print_secret_env_var(env_var_name, env_var_value) ⇒ Object

  – – Print out the machine password that is to be kept as an environment variable – on any workstation used for material decryption.

• .register_domain(domain, store_url) ⇒ Object

  Register two fundamental opensecret crypt pointers .

Class Method Details

.assert_input_text_size(input_size, minimum_size) ⇒ Object

– – Output an error message and then exit if the entered input – text size does not meet the minimum requirements. –

# File 'lib/opensecret/plugins.io/cipher/crypto.rb', line 145

def self.assert_input_text_size input_size, minimum_size

  if( input_size < minimum_size  )

    puts
    puts "Input is too short. Please enter at least #{minimum_size} characters."
    puts

    exit

  end

end

.assert_min_size(minimum_size) ⇒ Object

– – Raise an exception if asked to collect text that is less – than 3 characters in length. –

# File 'lib/opensecret/plugins.io/cipher/crypto.rb', line 133

def self.assert_min_size minimum_size

  min_length_msg = "\n\nCrypts with 2 (or less) characters open up exploitable holes.\n\n"
  raise ArgumentError.new min_length_msg if minimum_size < 3

end

.assert_same_size_text(first_text, second_text) ⇒ Object

– – Assert that the text entered the second time is exactly (case sensitive) – the same as the text entered the first time. –

# File 'lib/opensecret/plugins.io/cipher/crypto.rb', line 164

def self.assert_same_size_text first_text, second_text
  
  unless( first_text.eql? second_text )

    puts
    puts "Those two bits of text are not the same (in my book)!"
    puts

    exit

  end

end

.collect_secret(minimum_size, prompt_1, prompt_2) ⇒ Object

– – Collect a password from the user with a minimum length – specified in the parameter. – – An exception is raised if the minimum length is not at – least 8 characters. –

# File 'lib/opensecret/plugins.io/cipher/crypto.rb', line 96

def self.collect_secret minimum_size, prompt_1, prompt_2

  assert_min_size minimum_size

  sleep(1)
  puts "\n#{prompt_1} : "
  first_secret = STDIN.noecho(&:gets).chomp

  assert_input_text_size first_secret.length, minimum_size

  sleep(1)
  puts "\n#{prompt_2} : "
  check_secret = STDIN.noecho(&:gets).chomp

  assert_same_size_text first_secret, check_secret
  
  return first_secret

end

.engineer_password(approx_length) ⇒ Object

– – Engineer a raw password that is similar (approximate) in – length to the integer parameter. –

# File 'lib/opensecret/plugins.io/cipher/crypto.rb', line 121

def self.engineer_password approx_length

  non_alphanum = SecureRandom.urlsafe_base64(approx_length);
  return non_alphanum.delete("-_")

end

.get_amalgam_password(human_password, machine_password, mix_ratio) ⇒ Object

– – Get a viable machine password taking into account the human – password length and the specified mix_ratio. – – machine password length = human password length * mix_ratio - 1 –

# File 'lib/opensecret/plugins.io/cipher/crypto.rb', line 45

def self.get_amalgam_password human_password, machine_password, mix_ratio

  size_error_msg = "Human pass length times mix_ratio must equal machine pass length."
  lengths_are_perfect = human_password.length * mix_ratio == machine_password.length
  raise ArgumentError.new size_error_msg unless lengths_are_perfect

  machine_passwd_chunk = 0
  amalgam_passwd_index = 0
  amalgamated_password = ""

  human_password.each_char do |passwd_char|

    amalgamated_password[amalgam_passwd_index] = passwd_char
    amalgam_passwd_index += 1

    for i in 0..(mix_ratio-1) do
      machine_pass_index = machine_passwd_chunk * mix_ratio + i
      amalgamated_password[amalgam_passwd_index] = machine_password[machine_pass_index]
      amalgam_passwd_index += 1
    end

    machine_passwd_chunk += 1

  end

  return amalgamated_password

end

.get_machine_password(human_password_length, mix_ratio) ⇒ Object

– – Get a viable machine password taking into account the human – password length and the specified mix_ratio. – – machine password length = human password length * mix_ratio - 1 –

# File 'lib/opensecret/plugins.io/cipher/crypto.rb', line 81

def self.get_machine_password human_password_length, mix_ratio

  machine_raw_secret = engineer_password( human_password_length * ( mix_ratio + 1) )
  return machine_raw_secret[ 0..( human_password_length * mix_ratio - 1 ) ]

end

.print_secret_env_var(env_var_name, env_var_value) ⇒ Object

– – Print out the machine password that is to be kept as an environment variable – on any workstation used for material decryption. – – Remember that neither the human nor machine passwords are required for the – encryption phase. That is the beauty of assymetric cryptography - you don’t – need a private key to encrypt - just the end user’s public key. –

# File 'lib/opensecret/plugins.io/cipher/crypto.rb', line 187

def self.print_secret_env_var env_var_name, env_var_value

  machine_to_env_txt = "sudo echo \"#{env_var_name}=#{env_var_value}\" >> /etc/environment"

  puts
  puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
  puts "@@@ Add as environment variable @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
  puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
  puts machine_to_env_txt
  puts "@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
  puts

end

.register_domain(domain, store_url) ⇒ Object

Register two fundamental opensecret crypt pointers

• an opensecret domain like » **lecturers@harvard**

• the url to a backend store like Git, S3 or an SSH accessible drive.

The domain will be extended to cover verified internet domains. They will also latch onto LDAP domains so when admins add, revoke or remove users, their opensecret access is adjusted accordingly.

Parameters:

• domain (String) —

  the DOMAIN eg lecturers@harvard for your family or work group.

• store_url (String) —

  the STORE_URL for connecting to the backend storage service

# File 'lib/opensecret/plugins.io/cipher/crypto.rb', line 27

def self.register_domain domain, store_url

  # -> read config file map
  # -> create new domain in map
  # -> add type and store url to map
  # -> backup configuration
  # -> overwrite the ini config file
  puts "hello i am registering this super domain #{domain} at #{store_url}"

end