zerobin 1.5.1 → 1.5.2
raw patch · 5 files changed
+31/−22 lines, 5 filesPVP: major bump suggested
API removals or changes: PVP suggests a major version bump
API changes (from Hackage documentation)
- Web.ZeroBin: instance Data.Aeson.Types.Class.FromJSON Web.ZeroBin.Response
- Web.ZeroBin: instance GHC.Generics.Constructor Web.ZeroBin.C1_0Response
- Web.ZeroBin: instance GHC.Generics.Datatype Web.ZeroBin.D1Response
- Web.ZeroBin: instance GHC.Generics.Selector Web.ZeroBin.S1_0_0Response
- Web.ZeroBin: instance GHC.Generics.Selector Web.ZeroBin.S1_0_1Response
- Web.ZeroBin: instance GHC.Generics.Selector Web.ZeroBin.S1_0_2Response
- Web.ZeroBin.SJCL: instance Data.Aeson.Types.Class.ToJSON Web.ZeroBin.SJCL.Content
- Web.ZeroBin.SJCL: instance GHC.Generics.Constructor Web.ZeroBin.SJCL.C1_0Content
- Web.ZeroBin.SJCL: instance GHC.Generics.Datatype Web.ZeroBin.SJCL.D1Content
- Web.ZeroBin.SJCL: instance GHC.Generics.Selector Web.ZeroBin.SJCL.S1_0_0Content
- Web.ZeroBin.SJCL: instance GHC.Generics.Selector Web.ZeroBin.SJCL.S1_0_1Content
- Web.ZeroBin.SJCL: instance GHC.Generics.Selector Web.ZeroBin.SJCL.S1_0_2Content
+ Web.ZeroBin: instance Data.Aeson.Types.FromJSON.FromJSON Web.ZeroBin.Response
+ Web.ZeroBin.SJCL: instance Data.Aeson.Types.ToJSON.ToJSON Web.ZeroBin.SJCL.Content
Files
- ChangeLog.md +12/−4
- README.md +11/−11
- cli/Main.hs +3/−3
- src/Web/ZeroBin/SJCL.hs +2/−2
- zerobin.cabal +3/−2
ChangeLog.md view
@@ -1,7 +1,15 @@+1.5.2+=====++ * Fixed `CryptoError_KeySizeInvalid` in `Web.ZeroBin.SJCL.encode`+ by using `Crypto.Cipher.AES.AES128` instead of `Crypto.Cipher.AES.AES256`++ 1.5.1 ===== -* Added ChangeLog-* zerobin command supports reading stdin:- `zerobin -f /etc/fstab` can be done as- `cat /etc/fstab | zerobin -f -` or `zerobin -f < /etc/fstab`+ * Added ChangeLog+ * zerobin command supports reading stdin:+ `zerobin -f /etc/fstab` can be done as+ `cat /etc/fstab | zerobin -f -` or `zerobin -f < /etc/fstab`+
README.md view
@@ -1,5 +1,6 @@ About =====+ This is a library and a command-line utility to share secrets via ["zerobin"](https://github.com/sametmax/0bin) sites like https://paste.ec@@ -8,21 +9,19 @@ This library reimplements encryption part of [SJCL](https://crypto.stanford.edu/sjcl/) allowing you to post secrets from Haskell programs and shell scripts. + Requirements ============+ ZeroBin is written in Haskell with [GHC](http://www.haskell.org/ghc/). All required Haskell libraries are listed in [zerobin.cabal](zerobin.cabal). Use [cabal-install](http://www.haskell.org/haskellwiki/Cabal-Install) to fetch and build all pre-requisites automatically. -Installation-============- $ git clone https://github.com/zalora/zerobin.git- $ cd zerobin- $ cabal install Command-line utility ====================+ The command-line utility `zerobin` encrypts text or file, post the encrypted data to https://paste.ec and prints URI to be shared or error message:@@ -38,7 +37,7 @@ Options: -b, --bin=BIN 0bin service [default: https://paste.ec]- -f, --file Paste the content of file TEXT instead of plain TEXT+ -f, --file Paste the content of file TEXT ("-" for stdin) -e, --expire=E Set expiration of paste: once, day, week, month [default: day] -h, --help Show this message@@ -46,32 +45,33 @@ Examples: zerobin hello paste "hello" for a day zerobin -f /etc/fstab paste file /etc/fstab for a day+ cat /etc/fstab | zerobin -f - likewise zerobin -e once hello paste "hello", it will burn after reading zerobin -b http://0bin.net hello paste to 0bin.net Hacking =======+ There is a simple test program in the [./nodejs](./nodejs) directory. It uses this library to encrypt a message and original SJCL running by [Node.js](https://nodejs.org) to decrypt: - $ git clone https://github.com/zalora/zerobin.git- $ cd zerobin $ cabal install -f nodejs --dependencies-only $ cabal install -f nodejs --ghc-option="-Werror"- $ # get nodejs and npm, e. g. on Debian; sudo apt-get install nodejs npm+ $ # get nodejs and npm, e. g. on Debian: sudo apt-get install nodejs npm $ npm install sjcl $ ./dist/build/zerobin-nodejs/zerobin-nodejs heinrich hertz + Features/Bugs/TODOs ===================+ 1. [0bin](https://github.com/sametmax/0bin) supports images, `zerobin` can encrypt anything, but only plain text will be decrypted.-2. "Burn after reading" (`-e once`) really means "burn after two readings",+2. "Burn after reading" (`-e once`) might mean "burn after two readings", because we do not redirect like browser does. You can verify your paste before sharing the link ;-) 3. http://0bin.net does not support `-e week`-
cli/Main.hs view
@@ -53,9 +53,9 @@ exitFailure getContent :: Bool -> String -> IO BS.ByteString-getContent fromFile text- | fromFile && (text == "-") = BS.getContents- | fromFile = BS.readFile text+getContent isFile text+ | isFile && (text == "-") = BS.getContents+ | isFile = BS.readFile text | otherwise = return $ C.pack text main :: IO ()
src/Web/ZeroBin/SJCL.hs view
@@ -14,7 +14,7 @@ encrypt ) where -import Crypto.Cipher.AES (AES256)+import Crypto.Cipher.AES (AES128) import Crypto.Cipher.Types (ivAdd, blockSize, cipherInit, ecbEncrypt, ctrCombine, makeIV) import Crypto.Error (throwCryptoErrorIO) import Crypto.Hash.Algorithms (SHA256(..))@@ -43,7 +43,7 @@ instance JSON.ToJSON Content where toJSON = JSON.genericToJSON JSON.defaultOptions -makeCipher :: ByteString -> IO AES256+makeCipher :: ByteString -> IO AES128 makeCipher = throwCryptoErrorIO . cipherInit -- https://github.com/bitwiseshiftleft/sjcl/blob/master/core/pbkdf2.js
zerobin.cabal view
@@ -1,5 +1,5 @@ name: zerobin-version: 1.5.1+version: 1.5.2 synopsis: Post to 0bin services description: Post encrypted content to 0bin sites like http://0bin.net or https://paste.ec@@ -8,6 +8,7 @@ author: Igor Pashev maintainer: Igor Pashev <pashev.igor@gmail.com> copyright: 2015, Zalora South East Asia Pte. Ltd+ 2017, Igor Pashev <pashev.igor@gmail.com> category: Cryptography, Web build-type: Simple extra-source-files: README.md ChangeLog.md@@ -15,7 +16,7 @@ source-repository head type: git- location: https://github.com/zalora/zerobin.git+ location: https://github.com/ip1981/zerobin.git flag nodejs description: Build a test program for decrypting with Node.js and SJCL.