encrypted_strings 0.1.1 → 0.2.0

data/lib/encrypted_strings/{sha_encryptor.rb → sha_cipher.rb}

@@ -6,17 +6,17 @@ module PluginAWeek #:nodoc:
     # 
     # == Encrypting
     # 
-    # To encrypt a string using an SHA algorithm, the salt used to seed the
-    # encrypting must be specified.  You can define the default for this
-    # value like so:
+    # To encrypt a string using an SHA cipher, the salt used to seed the
+    # algorithm must be specified.  You can define the default for this value
+    # like so:
     # 
-    #   PluginAWeek::EncryptedStrings::ShaEncryptor.default_salt = "secret"
+    #   PluginAWeek::EncryptedStrings::ShaCipher.default_salt = 'secret'
     # 
     # If these configuration options are not passed in to #encrypt, then the
     # default values will be used.  You can override the default values like so:
     # 
-    #   password = "shhhh"
-    #   password.encrypt(:sha, :salt => "my_salt")  # => "ae645b35bb5dfea6c9133ac872e6adfa92a3c2bd"
+    #   password = 'shhhh'
+    #   password.encrypt(:sha, :salt => 'secret')  # => "ae645b35bb5dfea6c9133ac872e6adfa92a3c2bd"
     # 
     # == Decrypting
     # 
@@ -24,10 +24,10 @@ module PluginAWeek #:nodoc:
     # whether an unencrypted value is equal to an SHA-encrypted string is to
     # encrypt the value with the same salt.  For example,
     # 
-    #   password = "shhhh".encrypt(:sha, :salt => "secret") # => "3b22cbe4acde873c3efc82681096f3ae69aff828"
-    #   input = "shhhh".encrypt(:sha, :salt => "secret")    # => "3b22cbe4acde873c3efc82681096f3ae69aff828"
+    #   password = 'shhhh'.encrypt(:sha, :salt => 'secret') # => "3b22cbe4acde873c3efc82681096f3ae69aff828"
+    #   input = 'shhhh'.encrypt(:sha, :salt => 'secret')    # => "3b22cbe4acde873c3efc82681096f3ae69aff828"
     #   password == input                                   # => true
-    class ShaEncryptor < Encryptor
+    class ShaCipher < Cipher
       class << self
         # The default salt value to use during encryption
         attr_accessor :default_salt
@@ -39,13 +39,15 @@ module PluginAWeek #:nodoc:
       # The salt value to use for encryption
       attr_accessor :salt
       
+      # Creates a new cipher that uses an SHA encryption strategy.
+      # 
       # Configuration options:
-      # * +salt+ - Salt value to use for encryption
+      # * +salt+ - Random bytes used as one of the inputs for generating the encrypted string
       def initialize(options = {})
         invalid_options = options.keys - [:salt]
         raise ArgumentError, "Unknown key(s): #{invalid_options.join(", ")}" unless invalid_options.empty?
         
-        options = {:salt => ShaEncryptor.default_salt}.merge(options)
+        options = {:salt => self.class.default_salt}.merge(options)
         
         self.salt = options[:salt].to_s
         

data/lib/encrypted_strings/symmetric_cipher.rb

@@ -0,0 +1,102 @@
+module PluginAWeek #:nodoc:
+  module EncryptedStrings
+    # Indicates no password was specified for the symmetric cipher
+    class NoPasswordError < StandardError
+    end
+    
+    # Symmetric encryption uses a specific algorithm and password to encrypt
+    # the string.  As long as the algorithm and password are known, the string
+    # can be decrypted.
+    # 
+    # Source: http://support.microsoft.com/kb/246071
+    # 
+    # == Encrypting 
+    # 
+    # To encrypt a string using a symmetric cipher, the algorithm and password
+    # must be specified.  You can define the defaults for these values like so:
+    # 
+    #   PluginAWeek::EncryptedStrings::SymmetricCipher.default_algorithm = 'des-ecb'
+    #   PluginAWeek::EncryptedStrings::SymmetricCipher.default_password = 'secret'
+    # 
+    # If these configuration options are not passed in to #encrypt, then the
+    # default values will be used.  You can override the default values like so:
+    # 
+    #   password = 'shhhh'
+    #   password.encrypt(:symmetric, :algorithm => 'des-ecb', :password => 'secret')  # => "S/sEkViX3v4=\n"
+    # 
+    # An exception will be raised if no password is specified.
+    # 
+    # == Decrypting
+    # 
+    # To decrypt a string using an symmetric cipher, the algorithm and password
+    # must be specified.  Defaults for these values can be defined as show above.
+    # 
+    # If these configuration options are not passed in to #decrypt, then the
+    # default values will be used.  You can override the default values like so:
+    # 
+    #   password = "S/sEkViX3v4=\n"
+    #   password.decrypt(:symmetric, :algorithm => 'des-ecb', :password => 'secret') # => "shhhh"
+    # 
+    # An exception will be raised if no password is specified.
+    class SymmetricCipher < Cipher
+      class << self
+        # The default algorithm to use for encryption.  Default is DES-EDE3-CBC.
+        attr_accessor :default_algorithm
+        
+        # The default password to use for generating the key and initialization
+        # vector.  Default is nil.
+        attr_accessor :default_password
+      end
+      
+      # Set default values
+      @default_algorithm = 'DES-EDE3-CBC'
+      
+      # The algorithm to use for encryption/decryption
+      attr_accessor :algorithm
+      
+      # The password that generates the key/initialization vector for the
+      # algorithm
+      attr_accessor :password
+      
+      # Creates a new cipher that uses a symmetric encryption strategy.
+      # 
+      # Configuration options:
+      # * +algorithm+ - The algorithm to use for generating the encrypted string
+      # * +password+ - The secret value to use for generating the key/initialization vector for the algorithm
+      def initialize(options = {})
+        invalid_options = options.keys - [:algorithm, :password]
+        raise ArgumentError, "Unknown key(s): #{invalid_options.join(", ")}" unless invalid_options.empty?
+        
+        options = {
+          :algorithm => self.class.default_algorithm,
+          :password => self.class.default_password
+        }.merge(options)
+        
+        self.algorithm = options[:algorithm]
+        self.password = options[:password]
+        raise NoPasswordError if password.nil?
+        
+        super()
+      end
+      
+      # Decrypts the current string using the current key and algorithm specified
+      def decrypt(data)
+        cipher = build_cipher(:decrypt)
+        cipher.update(Base64.decode64(data)) + cipher.final
+      end
+      
+      # Encrypts the current string using the current key and algorithm specified
+      def encrypt(data)
+        cipher = build_cipher(:encrypt)
+        Base64.encode64(cipher.update(data) + cipher.final)
+      end
+      
+      private
+        def build_cipher(type) #:nodoc:
+          cipher = OpenSSL::Cipher.new(algorithm).send(type)
+          cipher.pkcs5_keyivgen(password)
+          cipher
+        end
+    end
+  end
+end

data/lib/encrypted_strings.rb

@@ -1,5 +1,5 @@
 require 'encrypted_strings/extensions/string'
-require 'encrypted_strings/encryptor'
-require 'encrypted_strings/symmetric_encryptor'
-require 'encrypted_strings/asymmetric_encryptor'
-require 'encrypted_strings/sha_encryptor'
+require 'encrypted_strings/cipher'
+require 'encrypted_strings/symmetric_cipher'
+require 'encrypted_strings/asymmetric_cipher'
+require 'encrypted_strings/sha_cipher'

data/test/asymmetric_cipher_test.rb

@@ -0,0 +1,183 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class NoPrivateKeyErrorTest < Test::Unit::TestCase
+  def test_should_exist
+    assert_not_nil PluginAWeek::EncryptedStrings::NoPrivateKeyError
+  end
+end
+
+class NoPublicKeyErrorTest < Test::Unit::TestCase
+  def test_should_exist
+    assert_not_nil PluginAWeek::EncryptedStrings::NoPublicKeyError
+  end
+end
+
+class AsymmetricCipherByDefaultTest < Test::Unit::TestCase
+  def setup
+    @asymmetric_cipher = PluginAWeek::EncryptedStrings::AsymmetricCipher.new(:public_key_file => File.dirname(__FILE__) + '/keys/public')
+  end
+  
+  def test_should_raise_an_exception
+    assert_raise(ArgumentError) {PluginAWeek::EncryptedStrings::AsymmetricCipher.new}
+  end
+  
+  def test_should_not_have_a_public_key_file
+    @asymmetric_cipher = PluginAWeek::EncryptedStrings::AsymmetricCipher.new(:private_key_file => File.dirname(__FILE__) + '/keys/private')
+    assert_nil @asymmetric_cipher.public_key_file
+  end
+  
+  def test_should_not_have_a_private_key_file
+    assert_nil @asymmetric_cipher.private_key_file
+  end
+  
+  def test_should_not_have_an_algorithm
+    assert_nil @asymmetric_cipher.algorithm
+  end
+  
+  def test_should_not_have_a_password
+    assert_nil @asymmetric_cipher.password
+  end
+end
+
+class AsymmetricCipherWithCustomDefaultsTest < Test::Unit::TestCase
+  def setup
+    @original_default_public_key_file = PluginAWeek::EncryptedStrings::AsymmetricCipher.default_public_key_file
+    @original_default_private_key_file = PluginAWeek::EncryptedStrings::AsymmetricCipher.default_private_key_file
+    
+    PluginAWeek::EncryptedStrings::AsymmetricCipher.default_public_key_file = File.dirname(__FILE__) + '/keys/public'
+    PluginAWeek::EncryptedStrings::AsymmetricCipher.default_private_key_file = File.dirname(__FILE__) + '/keys/private'
+    
+    @asymmetric_cipher = PluginAWeek::EncryptedStrings::AsymmetricCipher.new
+  end
+  
+  def test_should_use_default_public_key_file
+    assert_equal File.dirname(__FILE__) + '/keys/public', @asymmetric_cipher.public_key_file
+  end
+  
+  def test_should_use_default_private_key_file
+    assert_equal File.dirname(__FILE__) + '/keys/private', @asymmetric_cipher.private_key_file
+  end
+  
+  def test_should_not_have_an_algorithm
+    assert_nil @asymmetric_cipher.algorithm
+  end
+  
+  def test_should_not_have_a_password
+    assert_nil @asymmetric_cipher.password
+  end
+  
+  def teardown
+    PluginAWeek::EncryptedStrings::AsymmetricCipher.default_public_key_file = @original_default_public_key_file
+    PluginAWeek::EncryptedStrings::AsymmetricCipher.default_private_key_file = @original_default_private_key_file
+  end
+end
+
+class AsymmetricCipherWithInvalidOptionsTest < Test::Unit::TestCase
+  def test_should_throw_an_exception
+    assert_raise(ArgumentError) {PluginAWeek::EncryptedStrings::AsymmetricCipher.new(:invalid => true)}
+  end
+end
+
+class AsymmetricCipherTest < Test::Unit::TestCase
+  def setup
+    @asymmetric_cipher = PluginAWeek::EncryptedStrings::AsymmetricCipher.new(:public_key_file => File.dirname(__FILE__) + '/keys/public')
+  end
+  
+  def test_should_be_able_to_decrypt
+    assert @asymmetric_cipher.can_decrypt?
+  end
+end
+
+class AsymmetricCipherWithoutPublicKeyTest < Test::Unit::TestCase
+  def setup
+    @asymmetric_cipher = PluginAWeek::EncryptedStrings::AsymmetricCipher.new(:public_key_file => nil, :private_key_file => File.dirname(__FILE__) + '/keys/private')
+  end
+  
+  def test_should_not_be_public
+    assert !@asymmetric_cipher.public?
+  end
+  
+  def test_should_not_be_able_to_encrypt
+    assert_raise(PluginAWeek::EncryptedStrings::NoPublicKeyError) {@asymmetric_cipher.encrypt('test')}
+  end
+end
+
+class AsymmetricCipherWithPublicKeyTest < Test::Unit::TestCase
+  def setup
+    @asymmetric_cipher = PluginAWeek::EncryptedStrings::AsymmetricCipher.new(:public_key_file => File.dirname(__FILE__) + '/keys/public')
+  end
+  
+  def test_should_be_public
+    assert @asymmetric_cipher.public?
+  end
+  
+  def test_should_not_be_private
+    assert !@asymmetric_cipher.private?
+  end
+  
+  def test_should_be_able_to_encrypt
+    assert_equal 90, @asymmetric_cipher.encrypt('test').length
+  end
+  
+  def test_should_not_be_able_to_decrypt
+    assert_raise(PluginAWeek::EncryptedStrings::NoPrivateKeyError) {@asymmetric_cipher.decrypt("HbEh0Hwri26S7SWYqO26DBbzfhR1h/0pXYLjSKUpxF5DOaOCtD9oRN748+Na\nrfNaVN5Eg7RUhbRFZE+UnNHo6Q==\n")}
+  end
+end
+
+class AsymmetricCipherWithoutPrivateKeyTest < Test::Unit::TestCase
+  def setup
+    @asymmetric_cipher = PluginAWeek::EncryptedStrings::AsymmetricCipher.new(:private_key_file => nil, :public_key_file => File.dirname(__FILE__) + '/keys/public')
+  end
+  
+  def test_should_not_be_private
+    assert !@asymmetric_cipher.private?
+  end
+  
+  def test_should_not_be_able_to_decrypt
+    assert_raise(PluginAWeek::EncryptedStrings::NoPrivateKeyError) {@asymmetric_cipher.decrypt("HbEh0Hwri26S7SWYqO26DBbzfhR1h/0pXYLjSKUpxF5DOaOCtD9oRN748+Na\nrfNaVN5Eg7RUhbRFZE+UnNHo6Q==\n")}
+  end
+end
+
+class AsymmetricCipherWithPrivateKeyTest < Test::Unit::TestCase
+  def setup
+    @asymmetric_cipher = PluginAWeek::EncryptedStrings::AsymmetricCipher.new(:private_key_file => File.dirname(__FILE__) + '/keys/private')
+  end
+  
+  def test_should_not_be_public
+    assert !@asymmetric_cipher.public?
+  end
+  
+  def test_should_be_private
+    assert @asymmetric_cipher.private?
+  end
+  
+  def test_not_should_be_able_to_encrypt
+    assert_raise(PluginAWeek::EncryptedStrings::NoPublicKeyError) {@asymmetric_cipher.encrypt('test')}
+  end
+  
+  def test_should_be_able_to_decrypt
+    assert_equal 'test', @asymmetric_cipher.decrypt("HbEh0Hwri26S7SWYqO26DBbzfhR1h/0pXYLjSKUpxF5DOaOCtD9oRN748+Na\nrfNaVN5Eg7RUhbRFZE+UnNHo6Q==\n")
+  end
+end
+
+class AsymmetricCipherWithEncryptedPrivateKeyTest < Test::Unit::TestCase
+  def setup
+    @asymmetric_cipher = PluginAWeek::EncryptedStrings::AsymmetricCipher.new(:private_key_file => File.dirname(__FILE__) + '/keys/encrypted_private', :algorithm => 'DES-EDE3-CBC', :password => 'secret')
+  end
+  
+  def test_should_not_be_public
+    assert !@asymmetric_cipher.public?
+  end
+  
+  def test_should_be_private
+    assert @asymmetric_cipher.private?
+  end
+  
+  def test_should_not_be_able_to_encrypt
+    assert_raise(PluginAWeek::EncryptedStrings::NoPublicKeyError) {@asymmetric_cipher.encrypt('test')}
+  end
+  
+  def test_should_be_able_to_decrypt
+    assert_equal 'test', @asymmetric_cipher.decrypt("HbEh0Hwri26S7SWYqO26DBbzfhR1h/0pXYLjSKUpxF5DOaOCtD9oRN748+Na\nrfNaVN5Eg7RUhbRFZE+UnNHo6Q==\n")
+  end
+end

data/test/cipher_test.rb

@@ -0,0 +1,15 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class CipherByDefaultTest < Test::Unit::TestCase
+  def setup
+    @cipher = PluginAWeek::EncryptedStrings::Cipher.new
+  end
+  
+  def test_should_be_able_to_decrypt_by_default
+    assert @cipher.can_decrypt?
+  end
+  
+  def test_should_raise_exception_if_decrypt_not_implemented
+    assert_raises(NotImplementedError) {@cipher.decrypt('test')}
+  end
+end

data/test/keys/encrypted_private

@@ -1,12 +1,12 @@
-OBNa1q8kbx8pyZZjIpr/pZV0oulE2czh5JlPW/13XsDKYjIwiLkCTZI5Vhv5
-cCF+wQuNvrbnp/QvJGzc5aJK1GwxqEb9hAwCzxw69DVjIhUowXDk/rYWUaTq
-YwpieO1v6gQrOVxerOubR7LT6A4I6k1CTECX6zeJeGgT2jOfXzIii0T1gmYD
-tJxLlNclpGB+eS+tuwrfyNmE4CkYa5vjuWdxHAeMRXPlm+o3ErE0QZ36Sn51
-TScPDsZHo7Ppit87sPXpubM/5JltN0QwV4Hj9dJoSm0QNWDb3BoyT1uuJ0wm
-b/adzINN1oUjdgMB9g3kmkErS3MRJtuPRNuU7/GvAuv78pQ5tAdkvk8gu7Cd
-5cFgnzvE7l96oZB6TXgsnpjVLide61Di+mX8K2dvUdoCNgrQ1iPklTbEfJeH
-U/GoUV1ZyVnEfHkeWBEmC8YVBeri+lFL923g7z29luhxiBRkhows8TQsQ4hX
-SMlFCKCKWKW2/58aSlvj0INa4NiBwkY987/X7VYvnSm747vOcD8Xmnd0Qwvt
-weC2/NK11NFTNBIIodqsbvtlt1Ff0SXrO5PfbDU1yY+xzbx7SAwqhImXwScS
-4b0nFpArdfeVKNp5teSiu050m4B8kb2EjPW7NISui5NXxWtU5Mu41EnenGES
-CkHsLI3plvL/
+TGr8Jm/7zh1dfjjoNJtOncvX/BdUL47b8k2rQbMTY7VD6ZpD317NTuVX1hHV
+54Nm6pnCId5wcga3sI3TqolTxkqKBy7Rb1mPVBeJyd7ZuoD7zp65+ws+o4Lr
+Xn/3WculfuThUnDESqD53vnKPCfRK6hoMDygEV7urmuide5ogpZp52lidUku
+cXOHDqfVETX7NNnHHghg/6qDUX7+0qf+XeKe8uiI0cPoE5YFnOHyF7oOBGtR
+IqJG97q1InCJMeAbMSxcjO71Te51Z098yI+XN4rGmXbmzSrVKHMUk0tdsVxi
+CE5OmnzLeXK1xomxkRmXZzl10WDBn9e4knoLJTlDdNR3fA4gLRfy3r6RBlDl
+j7HI53o5gi9PTshSXwHr6Q8SV9fty2Nz3/yRT/ZPLUJC1GUqErLl2j6zYbVR
+8YMaLt1Zqi79ycPZxZV4Zh57YE86nUqepS1pzVpcS8dHZMne846lTyaOyxZ8
+dxW+18s7E7KqpHj17QYrF6c7R5ZHgoNAbLFeGSUCXqkW8YdyidLqQTzWN7hF
+roVcZWFe8YfSUKmgndVBOHGHxMGr+OYgVdAStOEwmRHaNGgSBE4FCkKXYJUj
+ec3zNpiOCb8zxfNku5nT5nIHnGqO4JKWDvDGVioV+ffHwXpAw3OFE5n+M/uo
+4ZZbVSh1qZxd

data/test/sha_cipher_test.rb

@@ -0,0 +1,81 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class ShaCipherByDefaulTest < Test::Unit::TestCase
+  def setup
+    @sha_cipher = PluginAWeek::EncryptedStrings::ShaCipher.new
+  end
+  
+  def test_should_use_default_salt
+    assert_equal 'salt', @sha_cipher.salt
+  end
+  
+  def test_should_encrypt_using_default_salt
+    assert_equal 'f438229716cab43569496f3a3630b3727524b81b', @sha_cipher.encrypt('test')
+  end
+end
+
+class ShaCipherWithCustomDefaultsTest < Test::Unit::TestCase
+  def setup
+    @original_default_salt = PluginAWeek::EncryptedStrings::ShaCipher.default_salt
+    PluginAWeek::EncryptedStrings::ShaCipher.default_salt = 'custom_salt'
+    @sha_cipher = PluginAWeek::EncryptedStrings::ShaCipher.new
+  end
+  
+  def test_should_use_custom_default_salt
+    assert_equal 'custom_salt', @sha_cipher.salt
+  end
+  
+  def test_should_encrypt_using_custom_default_salt
+    assert_equal '280f3c516070b09aa3eb755378509c725a9c6561', @sha_cipher.encrypt('test')
+  end
+  
+  def teardown
+    PluginAWeek::EncryptedStrings::ShaCipher.default_salt = @original_default_salt
+  end
+end
+
+class ShaCipherWithInvalidOptionsTest < Test::Unit::TestCase
+  def test_should_throw_an_exception
+    assert_raise(ArgumentError) {PluginAWeek::EncryptedStrings::ShaCipher.new(:invalid => true)}
+  end
+end
+
+class ShaCipherTest < Test::Unit::TestCase
+  def setup
+    @sha_cipher = PluginAWeek::EncryptedStrings::ShaCipher.new
+  end
+  
+  def test_should_not_be_able_to_decrypt
+    assert !PluginAWeek::EncryptedStrings::ShaCipher.new.can_decrypt?
+  end
+  
+  def test_should_raise_exception_if_trying_to_decrypt
+    assert_raises(NotImplementedError) {PluginAWeek::EncryptedStrings::ShaCipher.new.decrypt('test')}
+  end
+end
+
+class ShaCipherWithCustomOptionsTest < Test::Unit::TestCase
+  def setup
+    @sha_cipher = PluginAWeek::EncryptedStrings::ShaCipher.new(:salt => 'different salt')
+  end
+  
+  def test_should_use_custom_salt
+    assert_equal 'different salt', @sha_cipher.salt
+  end
+  
+  def test_should_encrypt_using_custom_salt
+    assert_equal '18e3256d71529db8fa65b2eef24a69ddad7070f3', @sha_cipher.encrypt('test')
+  end
+end
+
+class ShaCipherWithNonStringSaltTest < Test::Unit::TestCase
+  require 'time'
+  
+  def setup
+    @sha_cipher = PluginAWeek::EncryptedStrings::ShaCipher.new(:salt => Time.parse('Tue Jan 01 00:00:00 UTC 2008'))
+  end
+  
+  def test_should_stringify_salt
+    assert_equal 'Tue Jan 01 00:00:00 UTC 2008', @sha_cipher.salt
+  end
+end