fast-rsa-engine 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2e56f7cc7015152e2a7728fa6f60248bd92d7df8
+  data.tar.gz: 13364603be73bc8463c93eb601519b90286c3b31
+SHA512:
+  metadata.gz: d4fe8c846948f14b0643d2579a8e42403c9e24b9c0b76c3b337a1466cbfd6bdb85a573018dda6a2859a3fc7c78b43758628c5d330f662489243fcfffc2b9d051
+  data.tar.gz: f2b2c4bb8c4ce4b233141c8e73e26dfadd0022ab0a5f822851ab06d255aa82c3d83f1176d0fcc65ebc471f9d839cb377aa2abec3edce71d6a097f691c818e957

data/.gitignore

@@ -0,0 +1,4 @@
+pkg
+pom*
+*jar
+*lock

data/.travis.yml

@@ -0,0 +1,18 @@
+language: ruby
+install: gem install bundler -v '~>1.10'; bundle install
+gemfile:
+  - Gemfile
+  - Gemfile096
+  - Gemfile098
+rvm:
+  - jruby-1.7.19
+  - jruby-1.7.21
+  - jruby-9.0.0.0
+jdk:
+  - openjdk7
+  - oraclejdk8
+matrix:
+  include:
+    - rvm: 1.9.3
+      gemfile: Gemfile
+      jdk: openjdk7

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+
+gemspec

data/Gemfile096

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+
+
+gemspec
+
+gem 'jruby-openssl', '0.9.6'
+

data/Gemfile098

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+
+gemspec
+
+gem 'jruby-openssl', '0.9.8'

data/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Lookout Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

data/README.md

@@ -0,0 +1,50 @@
+# Fast RSA Engine for jruby-openssl gem
+
+[![Build Status](https://travis-ci.org/lookout/fast-rsa-engine.svg?branch=master)](https://travis-ci.org/lookout/fast-rsa-engine)
+
+This gem replaces the RSA signature and RSA ciphers from jruby-openssl by the much faster implementation of them. See [corner.squareup.com/2014/02/faster-rsa-jnagmp.html](https://corner.squareup.com/2014/02/faster-rsa-jnagmp.html)
+
+but this works only for **darwin** and **linux-x84_64** platforms due to the library used from squareup.
+
+The improvement in performance brings JRuby verify and decrypy using RSA close to MRI.
+
+## installation
+
+via rubygems
+```
+gem install fast-rsa-engine
+```
+or add to your Gemfile
+```
+gem 'fast-rsa-engine'
+```
+
+installing the gem also takes care of the jar dependencies with jruby-1.7.16+
+
+## usage
+
+with bundler its auto-require magic will be sufficient. otherwise just
+
+    require 'fast-rsa-engine'
+
+## running the benchmark
+
+    ruby benchmark/benchmark-with-fast-rsa.rb
+
+or
+    ruby benchmark/benchmark-with-builtin-rsa.rb
+
+## developement
+
+get all the gems and jars in place
+
+    gem install jar-dependencies --development
+    bundle install
+
+for running all specs
+
+	rake
+
+## meta-fu
+
+enjoy :)

data/Rakefile

@@ -0,0 +1,28 @@
+#-*- mode: ruby -*-
+
+require 'bundler/gem_tasks'
+
+if RUBY_PLATFORM == 'java'
+  require 'ruby-maven'
+
+  desc "Pack fast-rsa-engine.jar with the compiled classes"
+  task :jar do
+    raise unless RubyMaven.exec('-f', 'fast-rsa-engine.gemspec', 'prepare-package', '-Dmaven.test.skip')
+  end
+else
+  task :jar do
+  end
+end
+
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new
+
+require 'rubygems/package_task'
+Gem::PackageTask.new( eval File.read( './fast-rsa-engine.gemspec' ) ) do
+  desc 'Pack fast-rsa-engine.gem'
+  task :package => [:jar]
+end
+
+task :default => [ :jar, :spec ]
+
+# vim: syntax=ruby

data/benchmark/benchmark-with-builtin-rsa.rb

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+
+require_relative 'benchmark'

data/benchmark/benchmark-with-fast-rsa.rb

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH << File.expand_path('../../lib', __FILE__)
+if defined? JRUBY_VERSION
+  require 'fast-rsa-engine'
+end
+require_relative 'benchmark'

data/benchmark/benchmark.rb

@@ -0,0 +1,54 @@
+#!/usr/bin/env ruby
+
+count = (ARGV[0] || 1000).to_i
+path = File.dirname(__FILE__)
+ 
+require 'base64'
+require 'benchmark'
+require 'openssl'
+
+# configure keys
+public_key_file = "#{path}/foo_cert.pem" # public key in cert file
+private_key_file = "#{path}/foo.pem"     # private key file
+ 
+$public_key = OpenSSL::X509::Certificate.new(File.read(public_key_file)).public_key
+$private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file))
+
+# example msg
+msg =  "THIS IS A TEST"
+ 
+# example key for encrypt operation
+aes = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+aes.encrypt
+key = aes.random_key
+
+def sign(msg)
+  $private_key.sign(OpenSSL::Digest.new('sha512'), msg)
+end
+ 
+def verify(msg, signature)
+  $public_key.verify(OpenSSL::Digest.new('sha512'), signature, msg)
+end
+ 
+def encrypt(content)
+  $public_key.public_encrypt(content)
+end
+ 
+def decrypt(encrypted_msg)
+  $private_key.private_decrypt(encrypted_msg)
+end
+ 
+# signature, encrypted key for verify, decrypt tests
+signature = sign(msg)
+encrypted_key = encrypt(msg)
+ 
+puts "#{RUBY_ENGINE} N = #{count}"
+Benchmark.bm(17) do |x|
+  x.report('sign') { count.times { sign(msg) } }
+  x.report('verify') { count.times { verify(msg, signature) } }
+  x.report('encrypt') { count.times { encrypt(key) } }
+  x.report('decrypt') { count.times { decrypt(encrypted_key) } }
+end
+puts
+p verify(msg, signature)
+p decrypt(encrypted_key)

data/benchmark/foo.pem

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEAtPhHvStOVd29e7ElR3+uUeFYDdmVJ9OW1XQOs2QPpxSnpWbe
+++NNoqroCGCliRbXHYoX+WpnbtdMDmLhSq4w4jmvL9CotFhfwhOtNY87GrEtMi2k
++//OHz7hBZ5FqxEgNuC/vCZoGFZvnGRLmtU0Q2B/7VV4zG9CiEumBdvZ6K40471X
+L1c2W/AOyXXcGHVAO8PYF91CHu0gi6qB3tJ+kOrieX2cIs1W8NVc5Cz4SGwzlI8J
+9td9XE0Yef2aLxT021DxxuRubZI57/zrbR0MUoa0dKG6GTYMGw3g3gzjkcHjFLhn
+7FJgqxubFz2xEQWO03SIaQj5lxF9tW9u8PKJwhiNrnIMa4JreNELlGCfqTd1eYJg
+vC2f6pkiNODbAqwhlALCXKOSVBdT5ZzkP99O8vq3+mLfjYH9/0bheXKe/eeXcNoe
+dH5xtnglQOUqGw5BwkRkcApv/+rcs2GvhlWjCc9SmBQlu2lR7gPkUMvemHlzVtid
+3VKOt45/pGTkcD8iK/6QYmwlqmiU3Wq0NOcF5UcVqyQRCl9Vyzu280OsA8jpNRbT
+m/QLIxVKRwNSlSa3Et17omk2Xi7nLQybrpEpIZ6NsTaps23Auxg3cPHNjcPVOWbU
+piRsQh8JBQMAyJY/7eQ4xtaKOS8VHrwIJVIuJWbLiXW9oBCjk6eA/kHM/FMCAwEA
+AQKCAgEAkxUrsUsOOumixHJgmzDh7DibSX5rJNhqwge2nwSXWDOIYf0vBEhk4+3F
+8nEieT4wDhkbjSJ2+HZRoWuqMflLT8KUaOdNBm7BPUqiv2IvJm2UDzFb41iwHWMM
+nnVZqESeCxw1mWUZu5Yc1l4JuMjJ1m0K7ElIiddvmrjpMd/SxrM311UfFCHs02JT
+kleRT+uUDj8JVbQFtn8BsaIeNYydQ4k0EowNp5d+rvSqr+UA0lPmxDpRXeccQzWB
+zDxa4SNGMy4ho4YrXjC3mB7W9XLjfftvlU+Qokb0JdTsy2xsVR3hQwjxpff6C3e/
+YG9Kh0weHiybZcremHKl2h28bGajoNf36z6MdGG9ins/zPc2DHSUXytDxE2Zri1q
+Esl41CO1NGQl/FLs6fJes9RvYeDU6C+6iQf+P3iHen8ruHns3OGYKKFwLRWMiQwG
+cK0Oy2+L8G23GhE2g+hor89MNMMLnsTOHe0OBnBFQfuujn2ZZ1kmUxkKFm43WjUi
+psqTuYR/Cs14jwUTFpe6/MMaRcYurueJY2PQEo28dFmz+FClUdRR7OZvbXAq0bb5
+JeeFcU6S5tWtZNcLsK93L+r290Jw7E34/J+zyV9G45kzpUqyIF7Cw6BlRaq2VD+V
+nxEpbo9h4ZnKcYsjFuFul7NvPUHWicfsN7e1HKGa/bkcZF/+RlECggEBAOFN2MQW
+y6ND3P18+k6EzAPlsqZAnnhO8Mh6kxoOdTSayD23iUbCFMkohGEOVeyvRLHqX971
+W0rtqZ4Qrew3U/dWboUWWo7WkIk2Iicfx8DXIReIwzjMnWZAJnylEzAYosiaIJG5
+ZUPaeCOFdZsMPT8mLKwo8hFM3sWVq9hb52xwBgraqQIsCZM6SoZb+LbbwVdEHR6z
+6MVUEhqgsI64qF+tlZGThuCCJQzRwz9Uwrr+dKNC1fskhnCYbsHX37K6O5PB5ILW
+vamGCqCfsP+vzpWZwB9X43muRq0CPNsuoHfwL/uzHTzVRgBhGSNpDkf1ytl4RW7/
+9ECk68h0e2lxYDsCggEBAM2gJO5KlVI9ES8liccdSH22PKQtYhQzFmCqUookcdap
+rH1RdGSvT7FnZLLEjDZUQfcHF1fU1xTwuXEXixmlDwFG9AftaQNT2cvaANYGjhSA
+DP5RSaC+DH9teRatwgihN9oNfTL6Rj8Eg+HDAFT6m7Hjyxiz1/7D2y0Kk4NHbMwZ
+YhHbblfyWnPx0jtdY02jeenAdamRmmaF68GtqgCsYxaWXzeZt8CVm+qXbu18dw0D
+y0XT4FlwajDqdMkzdrKtU7biTJdK8Mq2JUyzkfzWM7dO39UQFVGLbmULsgdvRDw9
++7AvIrjwYznTwtao3MZFiyx588TG9vGWOJ4rhKLQaskCggEADIN+XqXFebPzOkEO
+xf2qNy0y1vkP1C7OQNROB0x2Rg2ywXrILR3qeaG+eIWLUDIL5rXVzVRjVa4NlbHn
+dw87oqkySkILlZNlQ7m1++ZP+e348I2wCh+TPnKhsJqajjlQEUQ+OtnJPhOMSKzI
+82uimzdLk+RSTZOva9n8SXARUnyGWWP7rxszDPJX4U6Kad2ax3YJCAOGEi+xMblr
+FQI8l9PUUtmWzDFuTV/5MDNM/YXUhJzZtbE5pldRD4Ml8Y9Wb8Z9Iqc6sYe4X2N/
+OTRSjQyVFyiSgdekJUfSiXn1f7PfdmNkZFSUJsE93DGhkW2dbqa3dIrSziRa1C9k
+C184sQKCAQEAmMLQrPdb16zmh1Ar+3EV2c75Xj8ZDkil50qh518L8546Nx+8iNB1
+NCbL+MNsJzCRkSQDg4zr/PKZ0hrbjEHD0/8SbJFD4uT4eSmMVXSpOTGodYeOW4zV
+XBXIT8Dm1eJvy98ZlDW62jZQg/iK1pcX9CB3UfLKFMsMmXmx/WWivj5dTUbnww6Z
+hGmy9cd7bsJ0X+RLhZ5WRrRXYZvTIIzxUGaGdpgMm1aKbs3x6xz8lP6slUPC+K87
+NPv5p0BEfpmmB8g3fm5+VRrcuw7s9hlsclJ2l6NLMzmS2h7GNB/FYbvqsAlUknCE
+RwG7Th5FZkdkDbbMEvR9oR0pEtjhwNN1gQKCAQEAvJQkeVWUZQ4aC0xTeLwdWbFE
+EftxREWpsVbe/j9sO1km5CMJsbWqLEQ9el3iOIAIetht0qKe1wdh7LC2N8uvhim4
+OnUkoHdWBER6D2xi2T+KzSZo9NJSGefE+IFAYBBg3ncrQzrASFN9Ij7iHC6MRSaB
+BBYZ3YbsaCm3koQRE0f9R/b8OM0kO8dec1hlGC2/Zi599sttyp8RUcCb/eEz1I/t
+MhwJC7EE7+QWjfbHQlmRxYRoMtfgpis18cdm8LDGg6eA42MfLwrAPAkPhkt8wATp
+c/TIDOyx1RSMY1ssLp51tgf9exiElWSO6zxq9CPvlLP3nM3pkEJGnmSmzS9LOQ==
+-----END RSA PRIVATE KEY-----

data/benchmark/foo_cert.pem

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFAjCCAuoCBFWkCjYwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5
+IEx0ZDAeFw0xNTA3MTMxODU3NThaFw0xNzA3MTIxODU3NThaMEYxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtTYW5GcmFuY2lzbzEM
+MAoGA1UEAwwDZm9vMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtPhH
+vStOVd29e7ElR3+uUeFYDdmVJ9OW1XQOs2QPpxSnpWbe++NNoqroCGCliRbXHYoX
++WpnbtdMDmLhSq4w4jmvL9CotFhfwhOtNY87GrEtMi2k+//OHz7hBZ5FqxEgNuC/
+vCZoGFZvnGRLmtU0Q2B/7VV4zG9CiEumBdvZ6K40471XL1c2W/AOyXXcGHVAO8PY
+F91CHu0gi6qB3tJ+kOrieX2cIs1W8NVc5Cz4SGwzlI8J9td9XE0Yef2aLxT021Dx
+xuRubZI57/zrbR0MUoa0dKG6GTYMGw3g3gzjkcHjFLhn7FJgqxubFz2xEQWO03SI
+aQj5lxF9tW9u8PKJwhiNrnIMa4JreNELlGCfqTd1eYJgvC2f6pkiNODbAqwhlALC
+XKOSVBdT5ZzkP99O8vq3+mLfjYH9/0bheXKe/eeXcNoedH5xtnglQOUqGw5BwkRk
+cApv/+rcs2GvhlWjCc9SmBQlu2lR7gPkUMvemHlzVtid3VKOt45/pGTkcD8iK/6Q
+YmwlqmiU3Wq0NOcF5UcVqyQRCl9Vyzu280OsA8jpNRbTm/QLIxVKRwNSlSa3Et17
+omk2Xi7nLQybrpEpIZ6NsTaps23Auxg3cPHNjcPVOWbUpiRsQh8JBQMAyJY/7eQ4
+xtaKOS8VHrwIJVIuJWbLiXW9oBCjk6eA/kHM/FMCAwEAATANBgkqhkiG9w0BAQsF
+AAOCAgEAdcnH4rVynCQWGYfR/n2XC0j34d058kfTqFuIYuTwEkY0jkIZqRBZuzwm
+F88BKlRPk4qkkMXjRmvBisdcyFQiyvlf+fJlDuNKk21Dae+4P3HMz6xPK6vathKS
+pAzQr9KDOp628c/8rGoxCV2hAkSyzHBC5WUwP8yBxWVG6QzqFrnUkTEo6x9S6RkG
+10g7YWi594L3RoJ/gFWKuqn3sGCetrqhQfrdskS5FaCEGLrs7/h74AJnjs6aVJCZ
+LklsjPJpadd+WSFIRCGQhTWQUKVc8bil9vDxfIPW5Kj/DJvirbeJinGEIc7gR9WI
+bYdje5UCphWlJr5ePGreyZvyDUElgTjhiiqWlUAgG5eJYJ2NEvH4g70laIDJZYt2
+PZA0egp29+EKG3U3CXJkOoW8/z4mFgReYpWh/pqZesLePh4dbBrK/WCdAprKImZc
+ymOD6K5IY9A0CeN6uW9VBnI0ed8KEGagfKCpCEBgbkhq27y7FVke1/oVXkWrXIFt
+WfDd1hAJwUbxAeQXEwyAqDoCyKIvDqksGW+NL2o0N9DCP5cTMgho34WeUVdAuezM
+6wznqkkK9TB8mOtiJhPomlO2YL5/ShVVX0FoyQQ+ox2WMYIurbwguRVUAUNnfIdf
+EqvJtVogFDekF8bxVA5RoiON8Dr8cDxSMU5eoH0Ixp3id5zsxQI=
+-----END CERTIFICATE-----

data/fast-rsa-engine.gemspec

@@ -0,0 +1,36 @@
+#-*- mode: ruby -*-
+
+Gem::Specification.new do |s|
+  s.name = 'fast-rsa-engine'
+  s.version = '0.2.0'
+  s.author = 'Christian Meier'
+  s.email = [ 'christian.meier@lookout.com', 'rtyler.croy@lookout.com' ]
+
+  s.license = 'MIT'
+  s.summary = %q(replaces the RSA signature and RSA ciphers from jruby-openssl by a faster implementation of them)
+  s.homepage = 'https://github.com/lookout/fast-rsa-engine'
+  s.description = %q(this gem replaces the RSA signature and RSA ciphers from jruby-openssl by a faster implementation of them. see https://corner.squareup.com/2014/02/faster-rsa-jnagmp.html)
+
+  s.files = `git ls-files`.split($/)
+
+  if RUBY_PLATFORM == 'java'
+    unless defined?(BC_VERSION)
+      BC_VERSION = '1.50'
+    end
+    s.platform = 'java'
+    # needed for runtime
+    s.requirements << "jar com.squareup.jnagmp:bouncycastle-rsa, 1.0.0"
+    # needed for compilation
+    s.requirements << "jar org.bouncycastle:bcpkix-jdk15on, #{BC_VERSION}, :scope => :provided"
+    s.requirements << "jar org.bouncycastle:bcprov-jdk15on, #{BC_VERSION}, :scope => :provided"
+    s.requirements << "pom org.jruby:jruby-core, 1.7.21, :scope => :provided"
+
+    s.add_runtime_dependency 'jar-dependencies', '~> 0.1'
+    s.add_development_dependency 'ruby-maven', '~> 3.3'
+  end
+
+  s.add_development_dependency 'rspec', '~> 3.3'
+  s.add_development_dependency 'rake', '~> 10.2'
+end
+
+# vim: syntax=ruby

data/lib/fast-rsa-engine.rb

@@ -0,0 +1,32 @@
+if RUBY_PLATFORM == 'java'
+  require 'fast-rsa-engine_jars.rb'
+  begin
+    Java::OrgJrubyExtOpenssl::SecurityHelper
+    warn 'openssl loaded before fast-rsa-engine'
+  rescue NameError
+    require 'fast-rsa-engine.jar'
+  end
+  require 'openssl'
+
+  # lexical compare is sufficient here
+  if Jopenssl::Version::VERSION > '0.9.5'
+    # keep the default name space clean and use tap
+    tap do
+      sign_names = [ "MD2", "MD4", "MD5",
+                     "RIPEMD128", "RIPEMD160", "RIPEMD256",
+                     "SHA1", "SHA224", "SHA256", "SHA384", "SHA512" ]
+      sign_names.each do |name|
+        full = "#{name}WITHRSA"
+        clazz = JRuby.runtime.jruby_class_loader.load_class( "com.github.lookout.fastrsa.FastDigestSignatureSpi$#{name}" )
+        Java::OrgJrubyExtOpenssl::SecurityHelper.add_signature(full, clazz)
+      end
+
+      Java::OrgJrubyExtOpenssl::SecurityHelper.add_cipher('RSA',
+                                                          com.github.lookout.fastrsa.FastCipherSpi::NoPadding.java_class)
+    end
+  else
+    warn "jruby-openssl gem #{Jopenssl::Version::VERSION} is too old"
+  end
+else
+  warn "fast-rsa-engine does not affect MRI"
+end

data/lib/fast-rsa-engine_jars.rb

@@ -0,0 +1,6 @@
+# this is a generated file, to avoid over-writing it just delete this comment
+require 'jar_dependencies'
+
+require_jar( 'com.squareup.jnagmp', 'bouncycastle-rsa', '1.0.0' )
+require_jar( 'net.java.dev.jna', 'jna', '4.0.0' )
+require_jar( 'com.squareup.jnagmp', 'jnagmp', '1.0.0' )

data/spec/cipher_spec.rb

@@ -0,0 +1,45 @@
+require_relative 'setup'
+
+describe 'Cipher' do
+
+  let( :this ) { File.expand_path( '..', __FILE__) }
+
+  let( :private_key ) {
+    file = File.read("#{this}/foo.pem")
+    OpenSSL::PKey::RSA.new(file)
+  }
+
+  let( :msg ) {
+    file = File.read("#{this}/foo_cert.pem")
+    public_key = OpenSSL::X509::Certificate.new(file).public_key
+    public_key.public_encrypt("THIS IS A TEST")
+  }
+
+  let( :rounds ) { 100 }
+
+  it 'is faster the regular cipher' do
+    skip( 'jruby too old' ) if too_old
+    # clear the fast engines
+    engines.clear
+
+    start = Time.new.to_f
+    rounds.times do
+      private_key.private_decrypt(msg)
+    end
+    delta1 = Time.new.to_f - start
+
+    # setup the fast engines
+    engines.clear
+    # this creates a warning
+    load( "${this}/../lib/fast-rsa-engine.rb" )
+
+    start = Time.new.to_f
+    rounds.times do
+      private_key.private_decrypt(msg)
+    end
+    delta2 = Time.new.to_f - start
+
+    expect( delta1 ).to be > 2 * delta2
+  end
+  
+end

data/spec/foo.pem

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEAtPhHvStOVd29e7ElR3+uUeFYDdmVJ9OW1XQOs2QPpxSnpWbe
+++NNoqroCGCliRbXHYoX+WpnbtdMDmLhSq4w4jmvL9CotFhfwhOtNY87GrEtMi2k
++//OHz7hBZ5FqxEgNuC/vCZoGFZvnGRLmtU0Q2B/7VV4zG9CiEumBdvZ6K40471X
+L1c2W/AOyXXcGHVAO8PYF91CHu0gi6qB3tJ+kOrieX2cIs1W8NVc5Cz4SGwzlI8J
+9td9XE0Yef2aLxT021DxxuRubZI57/zrbR0MUoa0dKG6GTYMGw3g3gzjkcHjFLhn
+7FJgqxubFz2xEQWO03SIaQj5lxF9tW9u8PKJwhiNrnIMa4JreNELlGCfqTd1eYJg
+vC2f6pkiNODbAqwhlALCXKOSVBdT5ZzkP99O8vq3+mLfjYH9/0bheXKe/eeXcNoe
+dH5xtnglQOUqGw5BwkRkcApv/+rcs2GvhlWjCc9SmBQlu2lR7gPkUMvemHlzVtid
+3VKOt45/pGTkcD8iK/6QYmwlqmiU3Wq0NOcF5UcVqyQRCl9Vyzu280OsA8jpNRbT
+m/QLIxVKRwNSlSa3Et17omk2Xi7nLQybrpEpIZ6NsTaps23Auxg3cPHNjcPVOWbU
+piRsQh8JBQMAyJY/7eQ4xtaKOS8VHrwIJVIuJWbLiXW9oBCjk6eA/kHM/FMCAwEA
+AQKCAgEAkxUrsUsOOumixHJgmzDh7DibSX5rJNhqwge2nwSXWDOIYf0vBEhk4+3F
+8nEieT4wDhkbjSJ2+HZRoWuqMflLT8KUaOdNBm7BPUqiv2IvJm2UDzFb41iwHWMM
+nnVZqESeCxw1mWUZu5Yc1l4JuMjJ1m0K7ElIiddvmrjpMd/SxrM311UfFCHs02JT
+kleRT+uUDj8JVbQFtn8BsaIeNYydQ4k0EowNp5d+rvSqr+UA0lPmxDpRXeccQzWB
+zDxa4SNGMy4ho4YrXjC3mB7W9XLjfftvlU+Qokb0JdTsy2xsVR3hQwjxpff6C3e/
+YG9Kh0weHiybZcremHKl2h28bGajoNf36z6MdGG9ins/zPc2DHSUXytDxE2Zri1q
+Esl41CO1NGQl/FLs6fJes9RvYeDU6C+6iQf+P3iHen8ruHns3OGYKKFwLRWMiQwG
+cK0Oy2+L8G23GhE2g+hor89MNMMLnsTOHe0OBnBFQfuujn2ZZ1kmUxkKFm43WjUi
+psqTuYR/Cs14jwUTFpe6/MMaRcYurueJY2PQEo28dFmz+FClUdRR7OZvbXAq0bb5
+JeeFcU6S5tWtZNcLsK93L+r290Jw7E34/J+zyV9G45kzpUqyIF7Cw6BlRaq2VD+V
+nxEpbo9h4ZnKcYsjFuFul7NvPUHWicfsN7e1HKGa/bkcZF/+RlECggEBAOFN2MQW
+y6ND3P18+k6EzAPlsqZAnnhO8Mh6kxoOdTSayD23iUbCFMkohGEOVeyvRLHqX971
+W0rtqZ4Qrew3U/dWboUWWo7WkIk2Iicfx8DXIReIwzjMnWZAJnylEzAYosiaIJG5
+ZUPaeCOFdZsMPT8mLKwo8hFM3sWVq9hb52xwBgraqQIsCZM6SoZb+LbbwVdEHR6z
+6MVUEhqgsI64qF+tlZGThuCCJQzRwz9Uwrr+dKNC1fskhnCYbsHX37K6O5PB5ILW
+vamGCqCfsP+vzpWZwB9X43muRq0CPNsuoHfwL/uzHTzVRgBhGSNpDkf1ytl4RW7/
+9ECk68h0e2lxYDsCggEBAM2gJO5KlVI9ES8liccdSH22PKQtYhQzFmCqUookcdap
+rH1RdGSvT7FnZLLEjDZUQfcHF1fU1xTwuXEXixmlDwFG9AftaQNT2cvaANYGjhSA
+DP5RSaC+DH9teRatwgihN9oNfTL6Rj8Eg+HDAFT6m7Hjyxiz1/7D2y0Kk4NHbMwZ
+YhHbblfyWnPx0jtdY02jeenAdamRmmaF68GtqgCsYxaWXzeZt8CVm+qXbu18dw0D
+y0XT4FlwajDqdMkzdrKtU7biTJdK8Mq2JUyzkfzWM7dO39UQFVGLbmULsgdvRDw9
++7AvIrjwYznTwtao3MZFiyx588TG9vGWOJ4rhKLQaskCggEADIN+XqXFebPzOkEO
+xf2qNy0y1vkP1C7OQNROB0x2Rg2ywXrILR3qeaG+eIWLUDIL5rXVzVRjVa4NlbHn
+dw87oqkySkILlZNlQ7m1++ZP+e348I2wCh+TPnKhsJqajjlQEUQ+OtnJPhOMSKzI
+82uimzdLk+RSTZOva9n8SXARUnyGWWP7rxszDPJX4U6Kad2ax3YJCAOGEi+xMblr
+FQI8l9PUUtmWzDFuTV/5MDNM/YXUhJzZtbE5pldRD4Ml8Y9Wb8Z9Iqc6sYe4X2N/
+OTRSjQyVFyiSgdekJUfSiXn1f7PfdmNkZFSUJsE93DGhkW2dbqa3dIrSziRa1C9k
+C184sQKCAQEAmMLQrPdb16zmh1Ar+3EV2c75Xj8ZDkil50qh518L8546Nx+8iNB1
+NCbL+MNsJzCRkSQDg4zr/PKZ0hrbjEHD0/8SbJFD4uT4eSmMVXSpOTGodYeOW4zV
+XBXIT8Dm1eJvy98ZlDW62jZQg/iK1pcX9CB3UfLKFMsMmXmx/WWivj5dTUbnww6Z
+hGmy9cd7bsJ0X+RLhZ5WRrRXYZvTIIzxUGaGdpgMm1aKbs3x6xz8lP6slUPC+K87
+NPv5p0BEfpmmB8g3fm5+VRrcuw7s9hlsclJ2l6NLMzmS2h7GNB/FYbvqsAlUknCE
+RwG7Th5FZkdkDbbMEvR9oR0pEtjhwNN1gQKCAQEAvJQkeVWUZQ4aC0xTeLwdWbFE
+EftxREWpsVbe/j9sO1km5CMJsbWqLEQ9el3iOIAIetht0qKe1wdh7LC2N8uvhim4
+OnUkoHdWBER6D2xi2T+KzSZo9NJSGefE+IFAYBBg3ncrQzrASFN9Ij7iHC6MRSaB
+BBYZ3YbsaCm3koQRE0f9R/b8OM0kO8dec1hlGC2/Zi599sttyp8RUcCb/eEz1I/t
+MhwJC7EE7+QWjfbHQlmRxYRoMtfgpis18cdm8LDGg6eA42MfLwrAPAkPhkt8wATp
+c/TIDOyx1RSMY1ssLp51tgf9exiElWSO6zxq9CPvlLP3nM3pkEJGnmSmzS9LOQ==
+-----END RSA PRIVATE KEY-----