ezcrypto 0.2.1 → 0.3

data/CHANGELOG

@@ -1,3 +1,30 @@
+0.3   February 25th, 2006 new encrypted file support by Dirk (dirk.barnikel@gmx.de) Thanks Dirk.
+
+* Added test case for the file-related stuff. file-stuff 
+  seems to work fine
+
+* Replaced hard coded IO buffersize (512) with class attribute
+  Key#block_size and default value.
+
+* Modification to create {De,En}crypters only via the factory methods
+  Key#{de,en}crypter.
+
+* Added Key#{de,en}crypt_file methods that take a file and de- or encrypts it. 
+
+* The methods are implemented to call the cipher with small chunks of data (512 bytes) to keep memory usage low.
+
+* By default, the original file is first overwritten and then removed.
+
+* This overwrite is not really safe but should make it harder to restore the data of the removed file from the filesystem.
+
+* Added Key#{store,load} methods that read and write Key data to/from files.
+
+* Added Key#safe_{create,delete,read} methods to encapsulate the handling of files inside EzCrypto.
+
+0.2.2 January 4th, 2006 Bug fixes and unit tests for active_crypto
+
+There were some serious problems with ActiveCrypto's support for having keys in associated classes. I also added unit tests to active_crypto. The support code was brutaly stolen from Rick Olson's acts_as_paranoid library. Unfortunately I disabled the schema stuff for now, but will add it in the next release, which hopefully is soon.
+
 0.2.1 November 2nd, 2005 New method in KeyHolder
 
 Added set_encoded_key(enc) to KeyHolder for setting a key with the Base64 encoded keyvalue.

data/README

@@ -134,7 +134,19 @@ Also see my blogs at:
 http://stakeventures.com and
 http://neubia.com
 
-This project was based on code used in my project StakeItOut, where you can securely share web services with your partners.
+This project was based on code used in my projects StakeItOut, WideWord and WideBlog.
+
+StakeItOut lets you securely share web services with your partners.
+
 https://stakeitout.com
 
+WideWord lets you collaboratively write and share documents that remain 100% encrypted on the server. Only you have the keys:
+
+http://wideword.net
+
+WideBlog is a secure private blogging system designed for private project blogs. It uses the same encryption technology as WideWord and is very easy to use:
+
+http://wideblog.net
+
+
 (C) 2005 Pelle Braendgaard

data/README_ACTIVE_CRYPTO

@@ -11,7 +11,7 @@ ActiveCrypto is based on EzCrypto and provides application oriented crypto suppo
 
 Download it from here:
 
-http://rubyforge.org/frs/?group_id=755&release_id=3321
+http://rubyforge.org/frs/?group_id=755
 
 or install it via Ruby Gems:
 
@@ -115,7 +115,8 @@ Also see my blogs at:
 http://stakeventures.com and
 http://neubia.com
 
-This project was based on code used in my project StakeItOut, where you can securely share web services with your partners.
+This project was based on code used in my projects WideWord where you can securely share documents and StakeItOut, where you can securely share web services with your partners.
+https://wideword.net
 https://stakeitout.com
 
 (C) 2005 Pelle Braendgaard

data/init.rb

@@ -0,0 +1,2 @@
+require 'active_crypto.rb'
+#ActiveRecord::Base.send :include, ActiveCrypto

data/lib/active_crypto.rb

@@ -1,4 +1,4 @@
-require "ezCrypto"
+require "ezcrypto.rb"
 module ActiveRecord # :nodoc:
   module Crypto  #:nodoc:
     
@@ -49,18 +49,23 @@ Include optional option :key, to specify an external KeyHolder, which holds the
 	
 =end
       def encrypt(*attributes)        
-        	include ActiveRecord::Crypto::Encrypted
-        	alias_method :orig_write_attribute, :write_attribute
-        	alias_method :write_attribute,:write_encrypted_attribute
-          options=attributes.last.is_a?(Hash) ? attributes.pop : {}
-          if options and options[:key]
-    				module_eval <<-"end;"				 
-    					def session_key
-    						(send :#{options[:key]} ).send :session_key
-    					end	 
-    				end;
-                
-          end
+      	include ActiveRecord::Crypto::Encrypted
+      	alias_method :orig_write_attribute, :write_attribute
+      	alias_method :write_attribute,:write_encrypted_attribute
+        options=attributes.last.is_a?(Hash) ? attributes.pop : {}
+        if options and options[:key]
+          include ActiveRecord::Crypto::AssociationKeyHolder
+          
+  				module_eval <<-"end;"				 
+  					def session_key
+  						(send :#{options[:key]} ).send :session_key
+  					end	 
+  					@@external_key=true
+  				end;
+  			else
+  			  include ActiveRecord::Crypto::KeyHolder
+        end
+
   			self.encrypted_attributes=attributes
   			for enc in attributes
             
@@ -88,7 +93,7 @@ Use it as follows:
 
 =end        
       def keyholder()
-      	include ActiveRecord::Crypto::KeyHolder          
+      	include ActiveRecord::Crypto::AssociationKeyHolder          
       end
 
 =begin rdoc
@@ -121,7 +126,7 @@ This module handles all standard key management features.
 Creates a key for object based on given password and an optional salt.
 =end
       def enter_password(password,salt="onetwothree")
-        set_session_key(EzCrypto::Key.with_password password, salt)
+        set_session_key(EzCrypto::Key.with_password(password, salt))
       end
 
 =begin rdoc
@@ -134,25 +139,46 @@ Decodes the Base64 encoded key and uses it as it's session key
 Sets a session key for the object. This should be a EzCrypto::Key instance.
 =end
       def set_session_key(key)    
-        Base.session_keys[session_key_id]=key
+        @session_key=key
       end      
 
 =begin rdoc
 Returns the session_key
 =end
       def session_key
-        Base.session_keys[session_key_id]
+        @session_key
       end
       
+    end
+
+    module AssociationKeyHolder   
+      include KeyHolder
+=begin rdoc
+Sets a session key for the object. This should be a EzCrypto::Key instance.
+=end
+      def set_session_key(key)    
+        Base.session_keys[session_key_id]=key
+      end      
+
+=begin rdoc
+Returns the session_key
+=end
+      def session_key
+        if session_key_id
+          Base.session_keys[session_key_id]
+        else
+          nil
+        end
+      end
+
       private
-      
+
       def session_key_id
           "#{self.class.to_s}:#{id}"
       end      
     end
 
     module Encrypted    #:nodoc:
-      include ActiveRecord::Crypto::KeyHolder
       def self.append_features(base)  #:nodoc:
         super
 				base.module_eval <<-"end;"				 
@@ -182,7 +208,11 @@ Returns the session_key
       if session_key.nil?
         raise MissingKeyError
       else
-        session_key.decrypt(data)
+        if data
+          session_key.decrypt(data)
+        else
+          nil
+        end
       end
     end
     
@@ -190,7 +220,11 @@ Returns the session_key
       if session_key.nil?
         raise MissingKeyError
       else 
-        session_key.encrypt(data)
+        if data
+          session_key.encrypt(data)
+        else
+          nil
+        end
       end
     end
                

data/lib/ezcrypto.rb

@@ -41,8 +41,26 @@ https://stakeitout.com
 =end
 
   class Key
-    attr_reader :raw,:algorithm
-    
+
+    attr_reader :raw, :algorithm
+
+    @@block_size = 512
+
+=begin rdoc
+Set the block-size for IO-operations (default: 512 bytes)
+=end
+    def self.block_size=(size)
+      @@block_size = size
+    end
+
+=begin rdoc
+Return the block-size for IO-operations.
+=end
+    def self.block_size
+      @@block_size
+    end
+
+
 =begin rdoc
 Initialize the key with raw unencoded binary key data. This needs to be at least
 16 bytes long for the default aes-128 algorithm.
@@ -51,28 +69,28 @@ Initialize the key with raw unencoded binary key data. This needs to be at least
       @raw=raw
       @algorithm=options[:algorithm]||"aes-128-cbc"
     end
-    
+
 =begin rdoc
 Generate random key.
 =end
-    def self.generate(options = {})      
+    def self.generate(options = {})
       Key.new(EzCrypto::Digester.generate_key(calculate_key_size(options[:algorithm])),options)
     end
-            
+
 =begin rdoc
-Create key generated from the given password and salt  
+Create key generated from the given password and salt
 =end
     def self.with_password(password,salt,options = {})
       Key.new(EzCrypto::Digester.get_key(password,salt,calculate_key_size(options[:algorithm])),options)
     end
-    
+
 =begin rdoc
 Initialize the key with Base64 encoded key data.
 =end
     def self.decode(encoded,options = {})
       Key.new(Base64.decode64(encoded),options)
     end
-    
+
 =begin rdoc
 Encrypts the data with the given password and a salt. Short hand for:
 
@@ -84,30 +102,31 @@ Encrypts the data with the given password and a salt. Short hand for:
       key=Key.with_password(password,salt,options)
       key.encrypt(data)
     end
-    
+
 =begin rdoc
 Decrypts the data with the given password and a salt. Short hand for:
 
   key=Key.with_password(password,salt,options)
   key.decrypt(data)
 
-  
+
 =end
     def self.decrypt_with_password(password,salt,data,options = {})
       key=Key.with_password(password,salt,options)
       key.decrypt(data)
     end
-    
+
 =begin rdoc
-Given an algorithm this calculates the keysize. This is used by both the generate and with_password methods. This is not yet 100% complete.  
+Given an algorithm this calculates the keysize. This is used by both
+the generate and with_password methods. This is not yet 100% complete.
 =end
-    def self.calculate_key_size(algorithm)    
+    def self.calculate_key_size(algorithm)
       if !algorithm.nil?
         algorithm=~/^([[:alnum:]]+)(-(\d+))?/
         if $3
           size=($3.to_i)/8
-        else 
-          case $1 
+        else
+          case $1
             when "bf"
               size = 16
             when "blowfish"
@@ -126,7 +145,7 @@ Given an algorithm this calculates the keysize. This is used by both the generat
               size = 16
             when "rc4"
               size = 16
-            else 
+            else
               size = 16
             end
         end
@@ -134,7 +153,7 @@ Given an algorithm this calculates the keysize. This is used by both the generat
       if size.nil?
         size = 16
       end
-      
+
       size
     end
 
@@ -144,20 +163,24 @@ returns the Base64 encoded key.
     def encode
       Base64.encode64 @raw
     end
-    
+
 =begin rdoc
-returns the Base64 encoded key. Synonym for encode.  
+returns the Base64 encoded key. Synonym for encode.
 =end
     def to_s
       encode
     end
-    
+
 =begin rdoc
 Encrypts the data and returns it in encrypted binary form.
 =end
     def encrypt(data)
-      @cipher=EzCrypto::Encrypter.new(self,"",@algorithm)
-      @cipher.encrypt(data)
+      if data==nil || data==""
+        nil
+      else
+        encrypter("")
+        @cipher.encrypt(data)
+      end
     end
 
 =begin rdoc
@@ -166,27 +189,215 @@ Encrypts the data and returns it in encrypted Base64 encoded form.
     def encrypt64(data)
       Base64.encode64(encrypt(data))
     end
-    
+
 =begin rdoc
 Decrypts the data passed to it in binary format.
-=end    
+=end
     def decrypt(data)
-      @cipher=EzCrypto::Decrypter.new(self,"",@algorithm)
-      @cipher.gulp(data)
+      if data==nil || data==""
+        nil
+      else
+        decrypter("")
+        @cipher.gulp(data)
+      end
     rescue
       puts @algorithm
       throw $!
     end
-    
+
 =begin rdoc
-Decrypts a Base64 formatted string  
+Decrypts a Base64 formatted string
 =end
     def decrypt64(data)
       decrypt(Base64.decode64(data))
     end
 
+
+=begin rdoc
+Create a file with minimal permissions, and yield
+it to a block. By default only the owner may read it.
+=end
+    def safe_create(file, mod=0400, mask=0066)
+      begin
+        old_umask = File.umask
+        File.umask(mask)
+        File.open(file, File::CREAT | File::EXCL | File::WRONLY) do |f|
+          yield(f) if block_given?
+        end
+      ensure
+        File.umask(old_umask)
+      end
+      File.chmod(mod, file) if File.exists?(file)
+      File.size(file)
+    end
+
+
+=begin rdoc
+Overwrite a file with zero values before removing it's filesystem inode.
+This is not very safe :-)
+=end
+    def safe_delete(file)
+      begin
+        to_clear = File.size(file)
+        zeroes   = Array.new(Key.block_size, "\0").join
+        File.chmod(0600, file)
+        File.open(file, File::WRONLY) do |f|
+          f.rewind
+          while to_clear > 0
+            f.write(zeroes)
+            to_clear -= Key.block_size
+          end
+          f.flush
+        end
+      ensure
+        File.delete(file) if File.exists?(file)
+      end
+      return !File.exists?(file)
+    end
+
+
+=begin rdoc
+Open a file readonly and yield it to a block.
+=end
+    def safe_read(file)
+      File.open(file, File::RDONLY) do |i|
+        yield(i) if block_given?
+      end
+    end
+
+    private :safe_create, :safe_read, :safe_delete
+
+=begin rdoc
+Load a key from a yaml_file generated via Key#store.
+=end
+    def self.load(filename)
+      require 'yaml'
+      hash = YAML::load_file(filename)
+      req = proc { |k| hash[k] or raise "Missing element #{k} in #{filename}" }
+      key = self.new Base64.decode64(req.call(:key)) , :algorithm => req.call(:algorithm)
+      return key
+    end
+
+
+=begin rdoc
+Save the key data into a file, try to do this in a secure manner.
+NOTE: YAML::store & friends are not used to encance control over
+the generated file format.
+=end
+    def store(filename)
+      safe_create(filename) do |f|
+        selfenc = self.encode
+        f.puts "---"
+        f.puts ":EZCRYPTO KEY FILE: KEEP THIS SECURE !"
+        f.puts ":created: #{Time.now}"
+        f.puts ":algorithm: #{@algorithm}"
+        f.puts ":key: #{selfenc}"
+      end
+    end
+
+
+=begin rdoc
+Get a Encrypter object. You have to call #final on it by yourself!
+=end
+    def encrypter(target='')
+      @cipher = EzCrypto::Encrypter.new(self,target,@algorithm)
+    end
+
+
+=begin rdoc
+Get a Decrypter object. You have to call #final on it by yourself!
+=end
+    def decrypter(target='')
+      @cipher = EzCrypto::Decrypter.new(self,target,@algorithm)
+    end
+
+=begin rdoc
+Create a Decrypter object and yield it to a block.
+You must *not* call #final by yourself, the method
+does this.
+=end
+    def on_decrypter(target='', &block)
+      decrypter(target)
+      on_cipher(&block)
+    end
+
+=begin rdoc
+Create an Encrypter object and yield it to a block.
+You must *not* call #final by yourself, the method
+does this.
+=end
+    def on_encrypter(target='', &block)
+      encrypter(target)
+      on_cipher(&block)
+    end
+
+
+=begin rdoc
+Helper method, yields the current cipher to a block.
+=end
+    def on_cipher(&block)
+      begin
+        block.call @cipher
+      ensure
+        @cipher.final
+      end
+    end
+
+    private :on_cipher
+
+
+=begin rdoc
+Encrypt a file 'inplace' and add a suffix
+see #cipher_file.
+IMPORTANT: The inputfile will be deleted by default.
+=end
+    def encrypt_file(src, tgt=nil, options = {} )
+      options = { :suffix => '.ez', :autoclean => 'true' }.update(options)
+      tgt = "#{src}#{options[:suffix]}" unless tgt
+      cipher_file :on_encrypter, src, tgt, options[:autoclean]
+    end
+
+
+=begin rdoc
+Decrypt a file 'inplace' and remove a suffix
+see #cipher_file
+IMPORTANT: The inputfile will be deleted by default.
+=end
+    def decrypt_file(src, tgt=nil, options = {} )
+      options = { :suffix => '.ez', :autoclean => 'true' }.update(options)
+      unless tgt
+        tgt = src
+        tgt = tgt.gsub(/#{options[:suffix]}$/, '')
+      end
+      cipher_file :on_decrypter, src, tgt, options[:autoclean]
+    end
+
+
+=begin rdoc
+uses either  #on_decrypter or #on_encrypter to transform a given sourcefile
+to a targetfile. the sourcefile is deleted after sucessful transformation
+the delete_source is 'true'.
+=end
+    def cipher_file(method, sourcefile, targetfile, delete_source)
+      raise(ArgumentError, "source == target #{sourcefile}") if sourcefile == targetfile
+      safe_create(targetfile,0600) do |o|
+        self.send(method, o) do |c|
+          safe_read(sourcefile) do |i|
+            loop do
+              buffer = i.read(Key.block_size) or break
+              c << buffer
+            end
+          end
+        end
+      end
+      safe_delete(sourcefile) if delete_source && File.exists?(targetfile)
+      return targetfile
+    end
+    
+    private :cipher_file
     
   end
+  
 =begin rdoc
 Abstract Wrapper around OpenSSL's Cipher object. Extended by Encrypter and Decrypter.
   
@@ -213,12 +424,17 @@ Warning! The interface may change.
       @finished=false
     end
     
+    
+    def to_target(data)
+      return data
+    end
+    
 =begin rdoc
 Process the givend data with the cipher.
 =end
     def update(data)
       reset if @finished
-      @target<< @cipher.update(data)
+      @target<< to_target(@cipher.update(data))
     end
 
 =begin rdoc
@@ -232,7 +448,7 @@ Process the givend data with the cipher.
 Finishes up any last bits of data in the cipher and returns the final result.
 =end
     def final
-      @target<< @cipher.final
+      @target<< to_target(@cipher.final)
       @finished=true
       @target
     end

data/rakefile

@@ -8,7 +8,7 @@ require 'rake/contrib/rubyforgepublisher'
 
 PKG_BUILD     = ENV['PKG_BUILD'] ? '.' + ENV['PKG_BUILD'] : ''
 PKG_NAME      = 'ezcrypto'
-PKG_VERSION   = '0.2.1' + PKG_BUILD
+PKG_VERSION   = '0.3' + PKG_BUILD
 PKG_FILE_NAME = "#{PKG_NAME}-#{PKG_VERSION}"
 
 RELEASE_NAME  = "REL #{PKG_VERSION}"
@@ -31,14 +31,12 @@ Rake::TestTask.new { |t|
 Rake::RDocTask.new { |rdoc|
   rdoc.rdoc_dir = 'doc'
   rdoc.title    = "EzCrypto - Simplified Crypto Library"
-  rdoc.options << '--line-numbers --inline-source --main README --template=jamis'
+#  rdoc.options << '--line-numbers --inline-source --main README #--template=jamis'
   rdoc.template = "#{ENV['template']}.rb" if ENV['template']
   rdoc.rdoc_files.include('README')
   rdoc.rdoc_files.include('README_ACTIVE_CRYPTO')
   rdoc.rdoc_files.include('CHANGELOG')
-  rdoc.rdoc_files.include('lib/ezcrypto.rb')
-  rdoc.rdoc_files.include('lib/active_crypto.rb')
-#  rdoc.rdoc_files.include('lib/ezcrypto/*.rb')
+  rdoc.rdoc_files.include('lib/*.rb')
 }
 
 
@@ -60,9 +58,9 @@ spec = Gem::Specification.new do |s|
   s.requirements << 'none'
   s.require_path = 'lib'
 
-  s.files = [ "rakefile", "README", "README_ACTIVE_CRYPTO", "MIT-LICENSE","CHANGELOG" ]
-  s.files = s.files + Dir.glob( "lib/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
-  s.files = s.files + Dir.glob( "test/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
+  s.files = [ "rakefile", "README", "README_ACTIVE_CRYPTO", "MIT-LICENSE","CHANGELOG","init.rb" ]
+  s.files = s.files + Dir.glob( "lib/**/*" ).delete_if { |item| item.include?( "CVS" )||item.include?("\.DS_Store")||item.include?("/\._")  }
+  s.files = s.files + Dir.glob( "test/**/*" ).delete_if { |item| item.include?( "CVS" )||item.include?("\.DS_Store")||item.include?("/\._")  }
 end
   
 Rake::GemPackageTask.new(spec) do |p|

data/test/active_crypto_test.rb

@@ -0,0 +1,197 @@
+$:.unshift(File.dirname(__FILE__) + "/../lib/")
+require File.join(File.dirname(__FILE__), 'test_helper')
+require 'test/unit'
+require 'active_crypto'
+
+class User < ActiveRecord::Base
+	has_many :secrets
+	has_many :groups
+	keyholder
+end
+
+class Secret < ActiveRecord::Base
+	encrypt :name,:email, :key=>:user
+	belongs_to :user
+	has_many :children
+end
+
+class Child < ActiveRecord::Base
+	encrypt :email, :key=>:secret
+	belongs_to :secret
+end
+
+class Asset<ActiveRecord::Base
+  encrypt :title
+  has_many :caps,:dependent=>:destroy
+  
+  def self.create(title,email)
+    asset=Asset.new
+    asset.set_session_key(EzCrypto::Key.generate)
+    asset.title=title
+    if asset.save
+      asset.share(email)
+    else
+      nil
+    end
+  end
+
+  def share(email=nil)
+    Cap.create_for_asset(self,email)
+  end
+  
+end
+
+class Cap < ActiveRecord::Base
+  belongs_to :asset
+  encrypt :shared_key
+  
+  def self.find_by_key(cap_key)
+    cap_key.chop
+    hash=Digest::SHA1.hexdigest(cap_key)
+    if (cap_key.length>=20) # Sanity check
+      cap=self.find_by_key_hash(hash)
+      if cap
+        cap.set_encoded_key(cap_key)
+        cap.asset.set_encoded_key(cap.shared_key)
+        cap
+      end
+    else
+      nil
+    end
+  end
+  
+  def self.create_for_asset(asset,email=nil)
+    cap=Cap.new
+    cap.email=email if email
+    cap.asset=asset
+    if cap.save
+      cap.set_session_key(EzCrypto::Key.generate)
+      cap_key=cap.session_key.encode
+      cap.key_hash=Digest::SHA1.hexdigest(cap_key)
+      cap.shared_key=asset.session_key.encode
+      cap.save
+      cap_key
+    else
+      nil
+    end
+  end
+  
+end
+
+class Group < ActiveRecord::Base
+	belongs_to :user
+	has_many :group_secrets
+	
+	encrypt :name,:group_key, :key=>:user	
+end
+
+class GroupSecret < ActiveRecord::Base
+	belongs_to :group
+	
+	encrypt :title,:body, :key=>:group
+	
+end
+
+class ActiveCryptoTest < Test::Unit::TestCase
+
+  def setup
+  end
+  
+  def test_key_holder
+    user=User.new
+    user.name="bob"
+    user.save
+  	assert user.kind_of?(ActiveRecord::Crypto::KeyHolder)
+  	assert user.kind_of?(ActiveRecord::Base)
+  	assert user.kind_of?(User)
+    assert_nil user.session_key
+  	user.enter_password "shhcccc"
+  	assert_not_nil user.session_key
+  	assert_not_nil user.session_key.encrypt("test")    
+  end
+  
+  def test_encrypted_child
+    user=User.new
+    user.save
+    assert_nil user.session_key
+  	user.enter_password "shhcccc"
+  	assert_not_nil user.session_key
+  	assert user.kind_of?(ActiveRecord::Crypto::KeyHolder)
+  	assert user.kind_of?(ActiveRecord::Base)
+  	assert user.kind_of?(User)
+  	
+  	jill=user.secrets.create
+  	
+  	assert_not_nil jill
+  	assert jill.kind_of?(ActiveRecord::Crypto::AssociationKeyHolder)
+  	assert jill.kind_of?(ActiveRecord::Crypto::KeyHolder)
+  	assert jill.kind_of?(ActiveRecord::Crypto::Encrypted)
+  	assert jill.kind_of?(ActiveRecord::Base)
+  	assert jill.kind_of?(Secret)
+  	
+  	assert jill.respond_to?(:session_key)
+  	
+    assert_not_nil jill.user
+    assert_not_nil jill.user.session_key
+  	
+  	
+    assert_not_nil jill.session_key
+    assert_equal user.session_key,jill.session_key
+
+    jill.name="jill"
+    jill.save
+
+
+    assert_equal "jill",jill.name
+    
+    jill=user.secrets.first
+    assert_not_nil jill.session_key
+    assert_equal user.session_key,jill.session_key
+    assert_equal "jill",jill.name
+    
+    child=jill.children.create
+    child.email="pelle@neubia.com"
+    child.save
+
+    assert_not_nil child.secret
+    assert_not_nil child.secret.session_key
+
+
+    assert_not_nil child.session_key
+    assert_equal user.session_key,child.session_key
+
+    assert_equal "pelle@neubia.com",child.email
+
+    child=jill.children.first
+
+    assert_not_nil child.secret
+    assert_not_nil child.secret.session_key
+
+
+    assert_not_nil child.session_key
+    assert_equal user.session_key,child.session_key
+
+    assert_equal "pelle@neubia.com",child.email
+
+  end
+
+  def test_caps
+    key=Asset.create("title","pelle@neubia.com")
+    assert_not_nil key
+    cap=Cap.find_by_key key
+    assert_not_nil cap
+    assert_not_nil cap.asset
+    assert_equal "title",cap.asset.title
+    assert_equal "pelle@neubia.com",cap.email
+    
+    bob_key=cap.asset.share("bob@bob.com")
+    bob_cap=Cap.find_by_key bob_key
+    
+    assert_not_equal key,bob_key
+    assert_not_nil bob_cap
+    assert_not_nil bob_cap.asset
+    assert_equal "title",bob_cap.asset.title
+    assert_equal "bob@bob.com",bob_cap.email
+  end
+end
+

data/test/database.yml

@@ -0,0 +1,18 @@
+sqlite:
+  :adapter: sqlite
+  :dbfile: crypto_test.sqlite.db
+sqlite3:
+  :adapter: sqlite3
+  :dbfile: crypto_test.sqlite3.db
+postgresql:
+  :adapter: postgresql
+  :username: postgres
+  :password: postgres
+  :database: crypto_test
+  :min_messages: ERROR
+mysql:
+  :adapter: mysql
+  :host: localhost
+  :username: rails
+  :password:
+  :database: crypto_test

data/test/ezcrypto_test.rb

@@ -1,112 +1,212 @@
 $:.unshift(File.dirname(__FILE__) + "/../lib/")
 
 require 'test/unit'
+require 'fileutils'
 require 'ezcrypto'
-require 'base64'
+require 'base64'
 
 class EzCryptoTest < Test::Unit::TestCase
 
   def setup
   end
-
-  def test_generate_alg_key
-    assert_generate_alg_key "aes-128-cbc",16
-    assert_generate_alg_key "aes-192-cbc",24
-    assert_generate_alg_key "aes-256-cbc",32    
-    assert_generate_alg_key "rc2-40-cbc",5 
-    assert_generate_alg_key "rc2-64-cbc",8
-    assert_generate_alg_key "rc4-64" ,8
-    assert_generate_alg_key "blowfish" ,16
-    assert_generate_alg_key "des" ,8
-  end
-  
-  def test_with_password
-      assert_with_password "","secret","aes-128-cbc",16
-      assert_with_password "test","secret","aes-128-cbc",16
-      assert_with_password "password","secret","aes-128-cbc",16
-      assert_with_password "a�sldfad8q5�34j2�l4j24l6j2456","secret","aes-128-cbc",16
-      
-      assert_with_password "","secret","aes-192-cbc",24
-      assert_with_password "test","secret","aes-192-cbc",24
-      assert_with_password "password","secret","aes-192-cbc",24
-      assert_with_password "a�sldfad8q5�34j2�l4j24l6j2456","secret","aes-192-cbc",24
-
-      assert_with_password "","secret","aes-256-cbc",32
-      assert_with_password "test","secret","aes-256-cbc",32
-      assert_with_password "password","secret","aes-256-cbc",32
-      assert_with_password "a�sldfad8q5�34j2�l4j24l6j2456","secret","aes-256-cbc",32
-
-  end
-
-  def test_encoded
-    0.upto 32 do |size|
-      assert_encoded_keys size
-    end
-  end
-  
-  def test_encrypt    
-    0.upto(CLEAR_TEXT.size-1) do |size|
-      assert_encrypt CLEAR_TEXT[0..size]
-    end  
-  end
-  
-  def test_decrypt
-    
-    0.upto(CLEAR_TEXT.size) do |size|
-      assert_decrypt CLEAR_TEXT[0..size]
-    end  
-  end
-
-  def test_decrypt64
-    0.upto(CLEAR_TEXT.size) do |size|
-      assert_decrypt64 CLEAR_TEXT[0..size]
-    end  
-  end
-
-  def assert_key_size(size,key)
-    assert_equal size,key.raw.size      
-  end
-  
-  def assert_generate_alg_key(algorithm,size)
-    key=EzCrypto::Key.generate :algorithm=>algorithm
-    assert_key_size size,key 
-  end
- 
-  def assert_with_password(password,salt,algorithm,size)
-    key=EzCrypto::Key.with_password password,salt,:algorithm=>algorithm
-    assert_key_size size,key
-    assert_equal key.raw,EzCrypto::Key.with_password( password,salt,:algorithm=>algorithm).raw
-  end
-  
-  def assert_encoded_keys(size)
-    key=EzCrypto::Key.generate size
-    key2=EzCrypto::Key.decode(key.encode)
-    assert_equal key.raw, key2.raw    
-  end
-  
-  def assert_encrypt(clear)
-    ALGORITHMS.each do |alg|
-      key=EzCrypto::Key.generate :algorithm=>alg
-      encrypted=key.encrypt clear
-      assert_not_nil encrypted    
-    end
-  end
-  
-  def assert_decrypt(clear)
-    ALGORITHMS.each do |alg|
-      key=EzCrypto::Key.generate :algorithm=>alg
-      encrypted=key.encrypt clear
-      assert_not_nil encrypted
-      assert_equal clear,key.decrypt(encrypted)
-    end
-  end
-  def assert_decrypt64(clear)
-    key=EzCrypto::Key.generate
-    encrypted=key.encrypt64 clear
-    assert_not_nil encrypted
-    assert_equal clear,key.decrypt64(encrypted)
-  end
-  ALGORITHMS=["aes128","bf","blowfish","des","des3","rc4","rc2"]
+
+  def test_generate_alg_key
+    assert_generate_alg_key "aes-128-cbc",16
+    assert_generate_alg_key "aes-192-cbc",24
+    assert_generate_alg_key "aes-256-cbc",32    
+    assert_generate_alg_key "rc2-40-cbc",5 
+    assert_generate_alg_key "rc2-64-cbc",8
+    assert_generate_alg_key "rc4-64" ,8
+    assert_generate_alg_key "blowfish" ,16
+    assert_generate_alg_key "des" ,8
+  end
+  
+  def test_with_password
+      assert_with_password "","secret","aes-128-cbc",16
+      assert_with_password "test","secret","aes-128-cbc",16
+      assert_with_password "password","secret","aes-128-cbc",16
+      assert_with_password "a�sldfad8q5�34j2�l4j24l6j2456","secret","aes-128-cbc",16
+      
+      assert_with_password "","secret","aes-192-cbc",24
+      assert_with_password "test","secret","aes-192-cbc",24
+      assert_with_password "password","secret","aes-192-cbc",24
+      assert_with_password "a�sldfad8q5�34j2�l4j24l6j2456","secret","aes-192-cbc",24
+
+      assert_with_password "","secret","aes-256-cbc",32
+      assert_with_password "test","secret","aes-256-cbc",32
+      assert_with_password "password","secret","aes-256-cbc",32
+      assert_with_password "a�sldfad8q5�34j2�l4j24l6j2456","secret","aes-256-cbc",32
+
+  end
+
+  def test_encoded
+    0.upto 32 do |size|
+      assert_encoded_keys size
+    end
+  end
+  
+  def test_encrypt    
+    0.upto(CLEAR_TEXT.size-1) do |size|
+      assert_encrypt CLEAR_TEXT[0..size]
+    end  
+  end
+  
+  def test_decrypt    
+    0.upto(CLEAR_TEXT.size) do |size|
+      assert_decrypt CLEAR_TEXT[0..size]
+    end  
+  end
+
+  def test_decrypt64
+    0.upto(CLEAR_TEXT.size) do |size|
+      assert_decrypt64 CLEAR_TEXT[0..size]
+    end  
+  end
+    
+  def test_keyfile_store_load
+
+    algo, size = "aes-256-cbc", 32   
+    keyfile = 'ezcrypto-test.key'
+    
+    FileUtils.rm [keyfile], :force => true
+    key = EzCrypto::Key.generate :algorithm => algo    
+    assert_file_not_exists keyfile    
+    key.store keyfile    
+    assert_file_exists keyfile    
+    assert_file_permissions keyfile, 0100400    
+    
+    key2 = EzCrypto::Key.load(keyfile)    
+    assert_equal key.raw, key2.raw
+    
+    FileUtils.rm [keyfile], :force => true    
+  end
+  
+  def test_filestuff_with_defaults      
+
+    clearfile = 'lorem_ipsum.txt'
+    keyfile = 'lorem_ipsum.key'
+    algo, size = "aes-256-cbc", 32
+    
+    File.open(clearfile, 'w') { |f| f.write(CLEAR_TEXT) }
+    assert_file_contains clearfile, CLEAR_TEXT    
+
+    key = EzCrypto::Key.generate :algorithm => algo    
+
+    # default behaviour: remove clearfile, append '.ez' suffix  
+    cryptfile = key.encrypt_file(clearfile)    
+    assert_equal cryptfile, clearfile + ".ez"
+    assert_file_not_exists clearfile
+    assert_file_exists cryptfile 
+    assert_file_contains cryptfile, key.encrypt(CLEAR_TEXT)    
+
+    # default behaviour: unlink cryptfile and remove suffix from filename
+    clearfile = key.decrypt_file cryptfile
+    assert_file_exists clearfile
+    assert_file_not_exists cryptfile
+    assert_file_contains clearfile, CLEAR_TEXT    
+    FileUtils.rm [keyfile, clearfile, cryptfile], :force => true
+  end
+  
+  def test_filestuff_with_options
+  
+    clearfile = 'lorem_ipsum.txt'
+    keyfile = 'lorem_ipsum.key'
+    algo, size = "aes-256-cbc", 32    
+
+    File.open(clearfile, 'w') { |f| f.write(CLEAR_TEXT) }
+    assert_file_contains clearfile, CLEAR_TEXT
+    
+    key = EzCrypto::Key.generate :algorithm => algo      
+    
+    # with options: keep the original file, auto-create a 
+    # new filename with a user-defined suffix        
+    cryptfile = key.encrypt_file(clearfile, nil, :autoclean => false, :suffix => '.Encrypted')
+    assert_equal cryptfile, clearfile + ".Encrypted", 'suffix was added'
+    assert_file_exists clearfile
+    assert_file_exists cryptfile    
+    assert_file_permissions cryptfile, 0100600
+    
+    assert_raises(Errno::EEXIST, "the original file would not be overwritten") { 
+      key.decrypt_file(cryptfile, nil, :autoclean => false, :suffix => '.Encrypted')
+    } 
+    FileUtils.rm [clearfile], :force => true    
+
+    clearfile = key.decrypt_file(cryptfile, nil, :autoclean => false, :suffix => '.Encrypted')
+    assert_equal cryptfile, clearfile + ".Encrypted", 'suffix was removed'    
+    assert_file_exists clearfile
+    assert_file_exists cryptfile
+    assert_file_permissions cryptfile, 0100600    
+    assert_file_contains clearfile, CLEAR_TEXT    
+
+    FileUtils.rm [keyfile, clearfile, cryptfile], :force => true        
+  end
+    
+  def assert_file_permissions(filename, mode, msg='')
+    fmode = File.stat(filename).mode
+    assert_equal fmode, mode, msg 
+  end
+  
+  def assert_file_exists(filename)
+    assert File.exists?(filename)
+  end
+
+  def assert_file_not_exists(filename)
+    assert !File.exists?(filename)
+  end
+  
+  def assert_file_contains(filename, expected)
+    assert_file_exists(filename)
+    content = File.open(filename,'r').read
+    assert_equal expected, content
+  end
+  
+  def assert_key_size(size,key)
+    assert_equal size,key.raw.size      
+  end
+  
+  def assert_generate_alg_key(algorithm,size)
+    key=EzCrypto::Key.generate :algorithm=>algorithm
+    assert_key_size size,key 
+  end
+ 
+  def assert_with_password(password,salt,algorithm,size)
+    key=EzCrypto::Key.with_password password,salt,:algorithm=>algorithm
+    assert_key_size size,key
+    assert_equal key.raw,EzCrypto::Key.with_password( password,salt,:algorithm=>algorithm).raw
+  end
+  
+  def assert_encoded_keys(size)
+    key=EzCrypto::Key.generate size
+    key2=EzCrypto::Key.decode(key.encode)
+    assert_equal key.raw, key2.raw    
+  end
+  
+  def assert_encrypt(clear)
+    ALGORITHMS.each do |alg|
+      key=EzCrypto::Key.generate :algorithm=>alg
+      encrypted=key.encrypt clear
+      assert_not_nil encrypted    
+    end
+  end
+  
+  def assert_decrypt(clear)
+    ALGORITHMS.each do |alg|
+      key=EzCrypto::Key.generate :algorithm=>alg
+      encrypted=key.encrypt clear
+      assert_not_nil encrypted
+      assert_equal clear,key.decrypt(encrypted)
+    end
+  end
+  
+  def assert_decrypt64(clear)
+    key=EzCrypto::Key.generate
+    encrypted=key.encrypt64 clear
+    assert_not_nil encrypted
+    assert_equal clear,key.decrypt64(encrypted)
+  end
+  
+  ALGORITHMS=["aes128","bf","blowfish","des","des3","rc4","rc2"]
   CLEAR_TEXT="Lorem ipsum dolor sit amet, suspendisse id interdum mus leo id. Sapien tempus consequat nullam, platea vitae sociis sed elementum et fermentum, vel praesent eget. Sed blandit augue, molestie mus sed habitant, semper voluptatibus neque, nullam a augue. Aptent imperdiet curabitur, quam quis laoreet. Dolor magna. Quis vestibulum amet eu arcu fringilla nibh, mi urna sunt dictumst nulla, elit quisque purus eros, sem hendrerit. Vulputate tortor rhoncus ac nonummy tortor nulla. Nunc id nunc luctus ligula."
 end
 
+

data/test/test_helper.rb

@@ -0,0 +1,36 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+
+require 'test/unit'
+require 'rubygems'
+require 'action_pack'
+require 'active_record'
+#require 'active_support/binding_of_caller'
+#require 'active_support/breakpoint'
+
+
+unless defined?(RAILS_ROOT)
+  root_path = File.join(File.dirname(__FILE__), '..')
+  unless RUBY_PLATFORM =~ /mswin32/
+    require 'pathname'
+    root_path = Pathname.new(root_path).cleanpath.to_s
+  end
+  RAILS_ROOT = root_path
+end
+
+
+require 'active_record/fixtures'
+require 'initializer'
+
+Rails::Initializer.run(:set_load_path)
+
+config = YAML::load(IO.read(File.dirname(__FILE__) + '/database.yml'))
+ActiveRecord::Base.logger = Logger.new(File.dirname(__FILE__) + "/debug.log")
+ActiveRecord::Base.establish_connection(
+    :adapter  => "mysql",
+    :host     => "localhost",
+    :username => "root",
+    :password => "",
+    :database => "crypto_test"
+  )
+#load(File.dirname(__FILE__) + "/schema.rb")
+

metadata

@@ -3,8 +3,8 @@ rubygems_version: 0.8.10
 specification_version: 1
 name: ezcrypto
 version: !ruby/object:Gem::Version 
-  version: 0.2.1
-date: 2005-11-02
+  version: "0.3"
+date: 2006-02-25
 summary: Simplified encryption library.
 require_paths: 
   - lib
@@ -32,17 +32,13 @@ files:
   - README_ACTIVE_CRYPTO
   - MIT-LICENSE
   - CHANGELOG
+  - init.rb
   - lib/active_crypto.rb
-  - lib/CVS
   - lib/ezcrypto.rb
-  - lib/CVS/Entries
-  - lib/CVS/Repository
-  - lib/CVS/Root
-  - test/CVS
+  - test/active_crypto_test.rb
+  - test/database.yml
   - test/ezcrypto_test.rb
-  - test/CVS/Entries
-  - test/CVS/Repository
-  - test/CVS/Root
+  - test/test_helper.rb
 test_files: []
 rdoc_options: []
 extra_rdoc_files: []

data/lib/CVS/Entries

@@ -1,3 +0,0 @@
-/ezcrypto.rb/1.4/Sun Oct 30 22:24:34 2005//
-/active_crypto.rb/1.4/Wed Nov  2 09:12:07 2005//
-D

data/lib/CVS/Repository

@@ -1 +0,0 @@
-ezcrypto/lib

data/lib/CVS/Root

@@ -1 +0,0 @@
-:ext:pelleb@rubyforge.net:/var/cvs/ezcrypto

data/test/CVS/Entries

@@ -1,2 +0,0 @@
-/ezcrypto_test.rb/1.1.1.1/Wed Jul 20 18:40:51 2005//
-D

data/test/CVS/Repository

@@ -1 +0,0 @@
-ezcrypto/test

data/test/CVS/Root

@@ -1 +0,0 @@
-:ext:pelleb@rubyforge.net:/var/cvs/ezcrypto