class Keepasshttp::KeyStore::SshAgent

Use your running ssh-agent session to encrypt your session key

Public Class Methods

available?() click to toggle source
# File lib/keepasshttp/key_store.rb, line 48
def available?
  require 'net/ssh'

  super
rescue LoadError
  raise LoadError, 'To use key_store: :SshAgent you have to install ' \
                   "the 'net-ssh' gem"
end
load() click to toggle source
Calls superclass method Keepasshttp::KeyStore::Plain::load
# File lib/keepasshttp/key_store.rb, line 64
def load
  params = super
  params[:key] = decrypt(params[:key], iv: params.delete(:iv))
  params
end
save(params = {}) click to toggle source
Calls superclass method Keepasshttp::KeyStore::Plain::save
# File lib/keepasshttp/key_store.rb, line 57
def save(params = {})
  enc, iv = encrypt(params.delete(:key))
  params[:key] = enc
  params[:iv] = iv
  super(params)
end

Private Class Methods

decrypt(string, iv:) click to toggle source
# File lib/keepasshttp/key_store.rb, line 84
def decrypt(string, iv:)
  agent = Net::SSH::Authentication::Agent.connect

  cip = OpenSSL::Cipher.new('AES-256-CBC')
  cip.decrypt
  cip.iv = iv

  cip.key = agent.sign(identity(agent), iv)[-32..-1]

  cip.update(string) + cip.final
end
encrypt(string) click to toggle source
# File lib/keepasshttp/key_store.rb, line 72
def encrypt(string)
  agent = Net::SSH::Authentication::Agent.connect

  cip = OpenSSL::Cipher.new('AES-256-CBC')
  cip.encrypt
  iv = cip.random_iv

  cip.key = agent.sign(identity(agent), iv)[-32..-1]

  [cip.update(string) + cip.final, iv]
end
identity(agent) click to toggle source

TODO, make the key selectable

# File lib/keepasshttp/key_store.rb, line 97
def identity(agent)
  if agent.identities.empty?
    raise 'No identity available. Run `ssh-add` and try again'
  end

  agent.identities.first
end