mirror
/
staticrypt
kopia lustrzana https://github.com/robinmoisson/staticrypt
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Merge pull request #101 from robinmoisson/cli 

Update CLI doc & info for publication on npm
pull/103/head
Robin Moisson 2018-01-04 21:21:12 +01:00 zatwierdzone przez GitHub
rodzic 1089909a1b cbd521b276
commit 3d96b573f8
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 4AEE18F83AFDEB23
4 zmienionych plików z 136 dodań i 31 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

24
README.md
Wyświetl plik

@ -18,3 +18,27 @@ AES-256 is state of the art but brute-force/dictionary attacks would be trivial
The concept is simple but this is a side project - not purporting to be bulletproof, feel free to contribute or report any thought to the GitHub project !
## CLI
Staticrypt is available through npm as a CLI, install with `npm install -g staticrypt` and use as follow:
Usage: staticrypt <input> <password> [options]
Options:
--help Show help [boolean]
--version Show version number [boolean]
-e, --embed Whether or not to embed crypto-js in the page (or use an
external CDN) [boolean] [default: false]
-o, --output File name / path for generated encrypted file
[string] [default: null]
-t, --title Title for output HTML page
[string] [default: "Protected Page"]
-i, --instructions Special instructions to display to the user.
[string] [default: null]
Example usages:
- `staticrypt test.html mysecretpassword` -> creates a `test_encrypted.html` file
- `find . -type f -name "*.html" -exec staticrypt {} mypassword \;` -> create encrypted files for all HTML files in your directory
Thanks [Aaron Coplan](https://github.com/AaronCoplan) for bringing the CLI to life !

42
cli/README.md 100644
Wyświetl plik

@ -0,0 +1,42 @@
# StatiCrypt
Based on the [crypto-js](https://github.com/brix/crypto-js) library, StatiCrypt uses AES-256 to encrypt your input with your passphrase and put it in a HTML file with a password prompt that can decrypted in-browser (client side).
You can then upload your static html file anywhere and it'll be password protected (see [how it looks](https://robinmoisson.github.io/staticrypt/example.html)).
Obviously, pick a lengthy passphrase !
## HOW IT WORKS
StatiCrypt generates a static, password protected page that can be decrypted in-browser: just send or upload the generated page to a place serving static content (github pages, for example) and you're done: the javascript will prompt users for password, decrypt the page and load your HTML.
StatiCrypt basically encrypts your page and puts everything with a user-friendly way to use a password in the new file.
AES-256 is state of the art but brute-force/dictionary attacks would be trivial to do at a really fast pace: **use a long, unusual passphrase!**
The concept is simple but this is a side project - if you have extra sensitive banking data you might want to use something else :)
Feel free to contribute or report any thought to the [GitHub project](https://robinmoisson.github.io/staticrypt) !
## USAGE
Staticrypt is available through npm as a CLI, install with `npm install -g staticrypt` and use as follow:
Usage: staticrypt <input file> <password> [options]
Options:
--help Show help [boolean]
--version Show version number [boolean]
-e, --embed Whether or not to embed crypto-js in the page (or use an
external CDN) [boolean] [default: false]
-o, --output File name / path for generated encrypted file
[string] [default: null]
-t, --title Title for output HTML page
[string] [default: "Protected Page"]
-i, --instructions Special instructions to display to the user.
[string] [default: null]
Example usages:
- `staticrypt test.html mypassword` -> creates a `test_encrypted.html` file
- `find . -type f -name "*.html" -exec staticrypt {} mypassword \;` -> create encrypted files for all HTML files in your directory (recursively)

52
cli/index.js
Wyświetl plik

@ -34,11 +34,11 @@ const namedArgs = Yargs
alias: 'instructions',
type: 'string',
describe: 'Special instructions to display to the user.',
default: null
default: ''
})
.argv;
if(namedArgs._.length != 2){
if(namedArgs._.length !== 2){
Yargs.showHelp();
process.exit(1);
}
@ -53,32 +53,41 @@ try{
process.exit(1);
}
// encrypt input
var encrypted = CryptoJS.AES.encrypt(contents, password);
var hmac = CryptoJS.HmacSHA256(encrypted.toString(), CryptoJS.SHA256(password).toString()).toString();
var encryptedMessage = hmac + encrypted;
var data = {
title: namedArgs.title != null ? namedArgs.title : "Protected Page",
instructions: namedArgs.instructions != null ? namedArgs.instructions : "",
encrypted: encryptedMessage,
crypto_tag: SCRIPT_TAG,
embed: namedArgs.embed != null ? namedArgs.embed : false,
outputFilePath: namedArgs.output != null ? namedArgs.output : input.replace(/\.html$/, '') + "_encrypted.html"
};
if(data.embed){
try{
// create crypto-js tag (embedded or not)
var cryptoTag = SCRIPT_TAG;
if (namedArgs.embed) {
try {
var embedContents = FileSystem.readFileSync('crypto-js.min.js', 'utf8');
data["crypto_tag"] = '<script>' + embedContents + '</script>';
genFile(data);
}catch(e){
} catch(e) {
console.log("Failure: embed file does not exist!");
process.exit(1);
}
}else{
genFile(data);
cryptoTag = '<script>' + embedContents + '</script>';
}
var data = {
title: namedArgs.title,
instructions: namedArgs.instructions,
encrypted: encryptedMessage,
crypto_tag: cryptoTag,
embed: namedArgs.embed,
outputFilePath: namedArgs.output !== null ? namedArgs.output : input.replace(/\.html$/, '') + "_encrypted.html"
};
genFile(data);
/**
* Fill the template with provided data and writes it to output file.
*
* @param data
*/
function genFile(data){
try{
var templateContents = FileSystem.readFileSync(__dirname + '/password_template.html', 'utf8');
@ -97,6 +106,13 @@ function genFile(data){
}
}
/**
* Replace the placeholder tags (between '{tag}') in 'tpl' string with provided data.
*
* @param tpl
* @param data
* @returns string
*/
function render(tpl, data){
return tpl.replace(/{(.*?)}/g, function (_, key) {
return data && data[key] || '';

49
cli/package.json
Wyświetl plik

@ -1,15 +1,38 @@
{
"name": "staticrypt-cli",
"version": "1.0.0",
"description": "",
"main": "index.js",
"bin": {
"staticrypt": "./index.js"
},
"dependencies": {
"crypto-js": ">=3.1.9-1",
"yargs": ">=10.0.3"
},
"author": "Aaron Coplan",
"license": "MIT"
"name": "staticrypt",
"version": "1.0.0",
"description": "Based on the [crypto-js](https://github.com/brix/crypto-js) library, StatiCrypt uses AES-256 to encrypt your input with your passphrase and put it in a HTML file with a password prompt that can decrypted in-browser (client side).",
"main": "index.js",
"bin": {
"staticrypt": "./index.js"
},
"dependencies": {
"crypto-js": ">=3.1.9-1",
"yargs": ">=10.0.3"
},
"author": "Robin Moisson (https://github.com/robinmoisson)",
"contributors": [
"Aaron Coplan (https://github.com/AaronCoplan)"
],
"license": "MIT",
"devDependencies": {},
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"repository": {
"type": "git",
"url": "git+https://github.com/robinmoisson/staticrypt.git"
},
"keywords": [
"static",
"html",
"password",
"protected",
"encrypted",
"encryption"
],
"bugs": {
"url": "https://github.com/robinmoisson/staticrypt/issues"
},
"homepage": "https://github.com/robinmoisson/staticrypt#readme"
}