encrypted_text 0.1

data/.gitignore

@@ -0,0 +1,36 @@
+*.gem
+*.rbc
+.bundle
+.config
+coverage
+InstalledFiles
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+
+# YARD artifacts
+.yardoc
+_yardoc
+doc/
+
+# VIM
+*.swp
+*.swo
+*~
+
+# OSX
+.DS_Store
+.AppleDouble
+.LSOverride
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear on external disk
+.Spotlight-V100
+.Trashes

data/LICENSE

@@ -0,0 +1 @@
+Motherflippin' public domain!

data/README.md

@@ -0,0 +1,39 @@
+encrypted_text
+==============
+
+Password-based, two-way encryption with string output. Uses AES encryption
+
+Usage example
+-------------
+
+In order to encode or decode a message, you should know the **key** and **signature** ahead of time. The key is a 16-, 24-, or 32-character string used for AES encryption key. The signature is prepended to the message before encryption, and verified after decryption.
+
+```ruby
+require 'encrypted_text'
+
+codec = EncryptedText.new(
+  :signature => '!@#$1234!@#$', # Should not resemble actual message content
+  :key => '0123456789ABCDEF' # Should be 16, 24, or 32 chars long
+)
+
+encoded = codec.encode("Hello, world!")
+original_message = codec.decode(encoded)
+```
+
+You can also add a random seed, so that repeated encodings of the same message produce different results.
+
+```ruby
+# Continued from previous example
+code.salt_size = 8
+message = "Hello, world!"
+
+a = codec.encode(message)
+b = codec.encode(message) # Should be a different result!
+```
+
+Motivation
+----------
+
+I wrote this library so I could generate tokens that encoded actual information, but seemed opaque and pseudo-random to the outside world.
+
+In situations where tokens are passed from a service to an outside party and then back again, the service needs some way of resolving tokens passed back to it. Oftentimes this means performing a lookup on a stored mapping (e.g. a database query) between the token and some kind of cleartext data that outside parties never see. But this comes with all the clumsiness of maintaining and interacting with a persistent data store. For some applications, it might be acceptable simply to encode data directly into the token itself, using a secret that only the originating service has access to. EncryptedText provides a simple API to accomplish this.

data/encrypted_text.gemspec

@@ -0,0 +1,33 @@
+# encoding: utf-8
+$LOAD_PATH.unshift File.expand_path("../lib", __FILE__)
+require 'encrypted_text/version'
+
+Gem::Specification.new do |s|
+  s.name = 'encrypted_text'
+  s.summary = 'Password-based, text-output two-way encryption.'
+  s.description = s.summary
+  s.homepage = 'http://github.com/jeffomatic/encrypted_text'
+  s.version = EncryptedText::VERSION
+
+  s.authors = [ 'Jeff Lee' ]
+  s.email = [ 'jeffomatic@gmail.com' ]
+
+  s.require_paths = ['lib']
+
+  s.files = `git ls-files`.split("\n")
+  s.test_files = `git ls-files -- {spec}/*`.split("\n")
+
+  # Dependencies
+
+  DEPS = {
+    'fast-aes' => '~> 0.1',
+    'hex_string' => '~> 1.0',
+    'all-your-base' => '~> 0.3',
+  }
+
+  DEPS.each do |lib, version|
+    s.add_dependency lib, version
+  end
+
+  s.add_development_dependency('rspec', '~>1.3.1')
+end

data/lib/encrypted_text.rb

@@ -0,0 +1 @@
+require_relative 'encrypted_text/codec'

data/lib/encrypted_text/codec.rb

@@ -0,0 +1,78 @@
+require 'fast-aes'
+require 'hex_string' # Encryption engines typically return binary, so we need to convert to hex
+require 'all_your_base/are/belong_to_us' # Allows us to compress to high-base character strings
+
+require_relative 'errs'
+
+module EncryptedText
+  class Codec
+
+    attr_accessor :signature
+    attr_reader :charset, :key, :salt_size
+
+    KEY_CHAR_SIZES = [16, 24, 32] # An AES key must be 8-bit char strings of these lengths
+    DEFAULT_CHARSET = Array('A'..'Z') + Array('a'..'z') + Array('0'..'9') + [ '-', '_' ] # base 64, URL-safe
+
+    def initialize(opts)
+      config = {
+        :charset => DEFAULT_CHARSET,
+        :signature => '',
+        :key => nil,
+        :salt_size => 0,
+      }
+
+      config.keys.each do |k|
+        # Replace default value with argument
+        v = opts.has_key?(k) ? opts[k] : config[k]
+        self.send "#{k}=", v
+      end
+    end
+
+    def charset=(charset)
+      @charset = charset
+      @base_converter = AllYourBase::Are.new(:charset => @charset, :radix => @charset.size)
+
+      @charset
+    end
+
+    def key=(key)
+      @key = key
+      @engine = FastAES.new(@key)
+
+      @key
+    end
+
+    def salt_size=(s)
+      raise ArgumentError("Salt size must be integer") unless s.is_a?(Integer)
+      @salt_size = s
+    end
+
+    def encode(message)
+      salt = (0...@salt_size).map { @charset.sample }.join
+      signed = @signature + salt + message
+      encrypted = @engine.encrypt(signed)
+      hex_string = encrypted.to_hex_string.split(' ').join
+      hex = ("1" + hex_string).hex # Add "1" prefix in case hex_string has leading zeroes
+      encoded = @base_converter.convert_from_base_10(hex.to_i)
+    end
+
+    def decode(encoded)
+      begin
+        hex_string = @base_converter.convert_to_base_10(encoded).to_base_16
+        hex_string = hex_string[1..-1] if hex_string[0] == '1' # remove "1" prefix
+        hex_string = "0" + hex_string if (hex_string.size % 2) != 0 # Make sure we have an even number of hex digits
+        byte_string = hex_string.to_byte_string
+        decrypted = @engine.decrypt(hex_string.to_byte_string)
+      rescue #TODO: don't use generic rescue here
+        raise EncryptedText::Err::CannotDecrypt
+      end
+
+      # Ensure that the message is signed correctly
+      matches = decrypted.match(/^#{Regexp.escape(signature)}(.+)/)
+      raise EncryptedText::Err::BadSignature unless matches
+      salted_message = matches[1]
+      message = salted_message[@salt_size..-1]
+    end
+
+  end
+end

data/lib/encrypted_text/errs.rb

@@ -0,0 +1,12 @@
+module EncryptedText
+  module Err
+    class Base < RuntimeError
+    end
+
+    class CannotDecrypt < EncryptedText::Err::Base
+    end
+
+    class BadSignature < EncryptedText::Err::Base
+    end
+  end
+end

data/lib/encrypted_text/version.rb

@@ -0,0 +1,3 @@
+module EncryptedText
+  VERSION = '0.1'
+end

data/spec/encrypted_text/codec_spec.rb

@@ -0,0 +1,109 @@
+require 'spec_helper'
+require 'support/codec_helper'
+
+describe EncryptedText::Codec do
+
+  describe "basic test cases", :basic => true do
+
+    before(:each) do
+      @signature = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+      @key  = '0123456789ABCDEF'
+      @codec = EncryptedText::Codec.new(:signature => @signature, :key => @key)
+      @message = 'Hello, world!'
+    end
+
+    it 'encoded message should not be the same as the message' do
+      @codec.encode(@message).should_not == @message
+    end
+
+    it 'encoded message should not be start with the signature' do
+      @codec.encode(@message).should_not =~ /^#{@signature}/
+    end
+
+    it 'works with zero-length signatures' do
+      @codec.signature = ''
+      expect_successful_encode_decode @codec, @message
+    end
+
+    it 'different signatures should produce different encodings' do
+      encoded = @codec.encode(@message)
+      @codec.signature = rot13(@signature)
+      encoded.should_not == @codec.encode(@message)
+    end
+
+    it 'properly encodes a message' do
+      expect_successful_encode_decode @codec, @message
+    end
+
+    it 'properly encodes using random salt' do
+      @codec.salt_size = 16
+      expect_successful_encode_decode @codec, @message
+    end
+
+    it 'produces identical messages without using random salt' do
+      @codec.salt_size = 0
+      @codec.encode(@message).should == @codec.encode(@message)
+    end
+
+    it 'produces randomized messages using random salt' do
+      @codec.salt_size = 16
+      @codec.encode(@message).should_not == @codec.encode(@message)
+    end
+
+    it 'properly encodes messages that start with the signature' do
+      expect_successful_encode_decode @codec, "#{@signature} #{@message}"
+    end
+
+    it 'raises an error if the key is incorrect' do
+      expect_unsuccessful_encode_decode(@codec, @message) do |c, message, encoded|
+        c.key = rot13(c.key) # Update the codec with a new key
+        encoded # Don't modify the encoded message
+      end
+    end
+
+    it 'raises an error if the signatures differ' do
+      expect_unsuccessful_encode_decode(@codec, @message) do |c, message, encoded|
+        c.signature = rot13(c.signature) # Update the codec with a new signature
+        encoded # Don't modify the encoded message
+      end
+    end
+
+    it 'raises an error if any character is removed' do
+      encoded_message_size = @codec.encode(@message).size
+
+      (0...encoded_message_size).each do |i|
+        expect_unsuccessful_encode_decode(@codec, @message) do |c, message, encoded|
+          String(encoded[0...(i - 1)]) + String(encoded[(i + 1)..-1]) # Remove the ith character
+        end
+      end
+    end
+
+  end # describe "basic test cases"
+
+  describe "stress tests", :stress => true do
+
+    it "random" do
+      codec = EncryptedText::Codec.new(:signature => random_word, :key => random_key)
+
+      salt_sizes = [ 0, 2, 4, 8, 16, 32 ]
+      signatures = (0...9).map { random_word } + [ '' ]
+      keys = (0...10).map { random_key }
+      messages = (0...10).map { random_word }
+
+      salt_sizes.each do |salt_size|
+        codec.salt_size = salt_size
+        signatures.each do |sig|
+          codec.signature = sig
+          keys.each do |k|
+            codec.key = k
+            messages.each do |m|
+              expect_successful_encode_decode codec, m
+            end # messages.each
+          end # keys.each
+        end # signatures.each
+      end #salt_sizes.each
+    end
+
+  end # describe "stress tests"
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+$:.unshift(File.expand_path('../lib', File.dirname(__FILE__)))
+
+require 'rubygems'
+require 'support/codec_helper'
+
+require 'encrypted_text'
+
+RSpec.configure do |c|
+  c.include CodecHelper
+end

data/spec/support/codec_helper.rb

@@ -0,0 +1,28 @@
+module CodecHelper
+
+  def expect_successful_encode_decode(codec, message)
+    encoded = codec.encode(message)
+    codec.decode(encoded).should == message
+  end
+
+  def expect_unsuccessful_encode_decode(codec, message, &after_encode)
+    encoded = codec.encode(message)
+    encoded = after_encode.call(codec, message, encoded) if after_encode
+    expect { codec.decode(message) }.to raise_error(EncryptedText::Err::Base)
+  end
+
+  def rot13(string)
+    string.tr "A-Za-z", "N-ZA-Mn-za-m"
+  end
+
+  def random_word(opts = {})
+    size = opts[:size] || Array(1..100).sample
+    charset = Array('a'..'z') + Array('A'..'Z') + Array(0..9)
+    Array(0...size).map { charset.sample }.join
+  end
+
+  def random_key
+    random_word(:size => EncryptedText::Codec::KEY_CHAR_SIZES.sample)
+  end
+
+end

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: encrypted_text
+version: !ruby/object:Gem::Version
+  version: '0.1'
+  prerelease: 
+platform: ruby
+authors:
+- Jeff Lee
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-09-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: fast-aes
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: hex_string
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: all-your-base
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.3'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+description: Password-based, text-output two-way encryption.
+email:
+- jeffomatic@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- LICENSE
+- README.md
+- encrypted_text.gemspec
+- lib/encrypted_text.rb
+- lib/encrypted_text/codec.rb
+- lib/encrypted_text/errs.rb
+- lib/encrypted_text/version.rb
+- spec/encrypted_text/codec_spec.rb
+- spec/spec_helper.rb
+- spec/support/codec_helper.rb
+homepage: http://github.com/jeffomatic/encrypted_text
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.21
+signing_key: 
+specification_version: 3
+summary: Password-based, text-output two-way encryption.
+test_files: []
+has_rdoc: