Class: Trustworthy::Settings

Inherits:

Object

• Object
• Trustworthy::Settings

Defined in:

lib/trustworthy/settings.rb

Class Method Summary

• .open(filename) ⇒ Object

Instance Method Summary

• #_cipher_from_password(salt, password) ⇒ Object
• #_decrypt(ciphertext, salt, password) ⇒ Object
• #_encrypt(plaintext, salt, password) ⇒ Object
• #add_key(key, username, password) ⇒ Object
• #empty? ⇒ Boolean
• #find_key(username) ⇒ Object
• #initialize(store) ⇒ Settings constructor

  A new instance of Settings.

• #key?(username) ⇒ Boolean
• #recoverable? ⇒ Boolean
• #unlock_key(username, password) ⇒ Object

Constructor Details

#initialize(store) ⇒ Settings

Returns a new instance of Settings.

# File 'lib/trustworthy/settings.rb', line 12

def initialize(store)
  @store = store
end

Class Method Details

.open(filename) ⇒ Object

# File 'lib/trustworthy/settings.rb', line 3

def self.open(filename)
  store = YAML::Store.new(filename)
  store.ultra_safe = true if store.respond_to?(:ultra_safe=)

  store.transaction do
    yield Trustworthy::Settings.new(store)
  end
end

Instance Method Details

#_cipher_from_password(salt, password) ⇒ Object

# File 'lib/trustworthy/settings.rb', line 46

def _cipher_from_password(salt, password)
  cost, salt = salt.rpartition('$')
  key = SCrypt::Engine.scrypt(password, salt, cost, Trustworthy::Cipher.key_len)
  Trustworthy::Cipher.new(key)
end

#_decrypt(ciphertext, salt, password) ⇒ Object

# File 'lib/trustworthy/settings.rb', line 52

def _decrypt(ciphertext, salt, password)
  cipher = _cipher_from_password(salt, password)
  nonce, ciphertext = ciphertext.split('--').map do |field|
    Base64.decode64(field)
  end
  cipher.decrypt(nonce, '', ciphertext)
end

#_encrypt(plaintext, salt, password) ⇒ Object

# File 'lib/trustworthy/settings.rb', line 60

def _encrypt(plaintext, salt, password)
  cipher = _cipher_from_password(salt, password)
  nonce = Trustworthy::Cipher.generate_nonce
  ciphertext = cipher.encrypt(nonce, '', plaintext)
  [nonce, ciphertext].map do |field|
    Base64.strict_encode64(field)
  end.join('--')
end

#add_key(key, username, password) ⇒ Object

# File 'lib/trustworthy/settings.rb', line 16

def add_key(key, username, password)
  salt = SCrypt::Engine.generate_salt(Trustworthy::SCryptParams)
  encrypted_point = _encrypt(key.to_s, salt, password)
  @store[username] = {'salt' => salt, 'encrypted_point' => encrypted_point, 'timestamp' => DateTime.now.iso8601}
end

#empty? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/trustworthy/settings.rb', line 22

def empty?
  @store.roots.empty?
end

#find_key(username) ⇒ Object

# File 'lib/trustworthy/settings.rb', line 26

def find_key(username)
  @store[username]
end

#key?(username) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/trustworthy/settings.rb', line 30

def key?(username)
  @store.root?(username)
end

#recoverable? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/trustworthy/settings.rb', line 34

def recoverable?
  @store.roots.count >= 2
end

#unlock_key(username, password) ⇒ Object

# File 'lib/trustworthy/settings.rb', line 38

def unlock_key(username, password)
  key = find_key(username)
  salt = key['salt']
  ciphertext = key['encrypted_point']
  plaintext = _decrypt(ciphertext, salt, password)
  Trustworthy::Key.create_from_string(plaintext)
end