secure_string 1.1.0 → 1.1.1

data/README.rdoc

@@ -19,13 +19,20 @@ String version of the value.
 WARNING: it is important to note that the String method +length+ is not a good
 measure of a byte string's length, as depending on the encoding, it may count
 multibyte characters as a single element.  To ensure that you get the byte
-length, use the standard string method +bytesize+.
+length, use the standard string method +bytesize+.  See the section on
+String Encodings for more detail.
 
 = Installation & Configuration
 
 == Installation
 
-Install from gem, and add the following to your script:
+SecureString is currently only supported in Ruby 1.9.x.
+
+To install, first install the gem:
+
+  gem install secure_string
+
+Then require the gem like so:
 
   require 'secure_string'
 
@@ -108,13 +115,14 @@ cryptographic hash sums for the data in the string.  Note that since SecureStrin
 handles binary data well, the string value returns is NOT the hex string; to get
 the hex digest, simply call to_hex:
 
+  ss = SecureString.new("Hello World!")
   ss.to_md5.to_hex
     --> "ed076287532e86365e841e92bfc50d8c"
   ss.to_sha1.to_hex
     --> "2ef7bde608ce5404e97d5f042f95f89f1c232871"
   ss.to_sha256.to_hex
      --> "7f83b1657ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069"
-  ss.to_digest(OpenSSL::Digest::SHA512).to_hex
+  ss.to_digest('SHA-512').to_hex
     --> "861844d6704e8573fec34d967e20bcfef3d424cf48be04e6dc08f2bd58c729743371015ead891cc3cf1c9d34b49264b510751b1ff9e537937bc46b5d6ff4ecc8"
 
 == RSA Methods Overview
@@ -167,6 +175,53 @@ cipher:
   # Now decrypt the message:
   decoded_text = cipher_text.from_aes(key, iv)
 
+= String Encodings
+
+== Overview
+
+Starting in Ruby 1.9.x, String instances manage their own encodings.  For example,
+a string with Unicode characters are usually encoded as UTF-8, while a lot of
+source is still written in US-ASCII.
+
+Binary data is independent of the encoding that encodes it, however using the
+binary data when it is assigned a multi-byte character encoding strategy can
+lead to a few surprises.
+
+For example, for a Unicode string, the +length+ method returns the number of
+characters in the string, while +bytesize+ returns the number of bytes encoded
+in the string:
+
+  s = "Resum\u00E9"
+  s.encoding --> UTF-8
+  s.length   --> 6
+  s.bytesize --> 7
+
+== SecureString Encoding
+
+SecureString's basic design philosophy is to--as much as possible--only extend the
+behavior of String, not replace it.  <b>Therefore, SecureString does NOT affect the
+encoding of the string it is using.</b>
+
+This is normally not a problem--as long as you use +bytesize+ instead of +length+
+to get the byte count of the data in the string.
+
+In rare cases, you may want to change a String to the ASCII-8BIT binary
+encoding without changing its data.  To accomplish this, one should call
++force_encoding+ like so:
+
+  s = "Resum\u00E9"
+  s.force_encoding('BINARY')
+  s.encoding --> ASCII-8BIT
+  s.length   --> 7
+  s.bytesize --> 7
+  
+Note that when you do this, equality tests can be broken like so:
+
+  s = "Resum\u00E9"
+  b = s.dup.force_encoding('BINARY')
+  s == b                       --> false
+  s.bytes.to_a == b.bytes.to_a --> true
+  
 = Contact
 
 If you have any questions, comments, concerns, patches, or bugs, you can contact
@@ -179,7 +234,17 @@ or directly via e-mail at:
 mailto:jeff@paploo.net
 
 = Version History
-[1.1.0 - 2030-Nov-04] Extracted methods into a module that can be easily included
+[1.1.1 - 2010-Nov-05] Backed down requirements to ruby 1.9.x; Bugfixes and minor changes.
+                      * Tested in 1.9.1 and 1.9.2.
+                      * Added some documentation and tests on String encodings.
+                      * Added more spec tests.
+                      * (FEATURE) Digest methods may be supplied via string now.
+                      * (FEATURE) RSA encryption works with both public and private keys.
+                      * (FEATURE) RSA keys encoded as SecureString can be asked if public or private.
+                      * (CHANGE) BinaryStringDataMethods now is non-clobbering and independent.
+                      * (CHANGE) An empty string's integer value is now zero.
+                      * (FIX) Non-hex characters are ignored when accepting hex data input.
+[1.1.0 - 2010-Nov-04] Extracted methods into a module that can be easily included
                       on any String class.
 [1.0.0 - 2010-Nov-04] Added Tests, Examples, and Bugfixes
                       * Added a full suite of spec tests.
@@ -193,13 +258,9 @@ mailto:jeff@paploo.net
                       
 = TODO List
 
-* Add a +to_ss+ or +to_secure+ method to String for easy conversion.
-* to_digest should be able to take a string that is the algorithm name.
-* Explore how encodings affect the data.  What about when finding length?  What
-  methods should be recommended to users for finding byte-length vs. char length.
-* RSA encoding/decoding should auto-detect if the given key is public or private,
-  and use the correct encoding routine?  What about key confusion?
-* RSA signature digests: accept Digest hashes, not just OpenSSL::Digest hashes.
+* See what happens when including SecurizeString into an object that is not a String.
+  What are the expected root methods?  +to_s+, <tt>self.new(string)</tt> are two
+  that I know of.
   
 
 = License

data/lib/secure_string.rb

@@ -17,4 +17,21 @@ class SecureString < String
     self.replace( data_string )
   end
   
+  # Override the default to_i method to return the integer value of the data
+  # contained in the string, rather than the parsed value of the characters.
+  def to_i
+    return data_to_i
+  end
+  
+  # Add a method to convert the internal binary data into a hex string.
+  def to_hex
+    return data_to_hex
+  end
+  
+  # Override the default inspect to return the hexidecimal
+  # representation of the data contained in this string.
+  def inspect
+    return "<#{to_hex}>"
+  end
+  
 end

data/lib/securize_string/binary_string_data_methods.rb

@@ -1,8 +1,7 @@
 require 'base64'
 
 module SecurizeString
-  # Adds the base methods necessary to make String or a String subclass handle
-  # binary data better.
+  # Adds base methods that help in interpreting the binary data represented by the String value of an object.
   # See BinaryStringDataMethods::ClassMethods and BinaryStringDataMethods::InstanceMethods for more deatils.
   module BinaryStringDataMethods
     
@@ -11,8 +10,7 @@ module SecurizeString
       mod.send(:include, InstanceMethods)
     end
     
-    # Adds basic binary data class methods to String or a String subclass, via
-    # an include of SecurizeString::BinaryStringDataMethods
+    # Adds basic binary data class methods via an include of SecurizeString::BinaryStringDataMethods.
     module ClassMethods
       
       # Creates a data string from one many kinds of values:
@@ -23,7 +21,7 @@ module SecurizeString
       def parse_data(mode = :data, value)
         case mode
         when :hex
-          hex_string = value.to_s
+          hex_string = value.to_s.delete('^0-9a-fA-F')
           data_string = [hex_string].pack('H' + hex_string.bytesize.to_s)
         when :data
           data_string = value.to_s
@@ -38,28 +36,19 @@ module SecurizeString
       
     end
     
-    # Adds basic binary data instance methods to String or a String subclass, via
-    # an include of SecurizeString::BinaryStringDataMethods.
+    # Adds basic binary data instance methods via an include of SecurizeString::BinaryStringDataMethods.
     module InstanceMethods
       
-      # Override the default inspect to return the hexidecimal
-      # representation of the data contained in this string.
-      def inspect
-        return "<#{to_hex}>"
-      end
-      
       # Returns the hexidecimal string representation of the data.
-      def to_hex
+      def data_to_hex
         return (self.to_s.empty? ? '' : self.to_s.unpack('H' + (self.to_s.bytesize*2).to_s)[0])
       end
       
       # Returns the data converted from hexidecimal into an integer.
       # This is usually as a BigInt.
       #
-      # WARNING: If the data string is empty, then this returns -1, as there is no
-      # integer representation of the absence of data.
-      def to_i
-        return (self.to_s.empty? ? -1 : to_hex.hex)
+      def data_to_i
+        return (self.to_s.empty? ? 0 : self.data_to_hex.hex)
       end
       
     end

data/lib/securize_string/cipher_methods.rb

@@ -55,7 +55,7 @@ module SecurizeString
         cipher.encrypt # MUST set the mode BEFORE setting the key and iv!
         cipher.key = key
         cipher.iv = iv
-        msg = cipher.update(self)
+        msg = cipher.update(self.to_s)
         msg << cipher.final
         return self.class.new(msg)
       end
@@ -67,7 +67,7 @@ module SecurizeString
         cipher.decrypt # MUST set the mode BEFORE setting the key and iv!
         cipher.key = key
         cipher.iv = iv
-        msg = cipher.update(self)
+        msg = cipher.update(self.to_s)
         msg << cipher.final
         return self.class.new(msg)
       end
@@ -78,13 +78,13 @@ module SecurizeString
       # combination on two different messages as this weakens the security.
       def to_aes(key, iv)
         key_len = (key.bytesize * 8)
-        return self.class.new( to_cipher("aes-#{key_len.to_i}-cbc", key, iv) )
+        return self.class.new( to_cipher("aes-#{key_len}-cbc", key, iv) )
       end
       
       # Given an AES key and init vector, AES-CBC decode the data.
       def from_aes(key, iv)
         key_len = (key.bytesize * 8)
-        return self.class.new( from_cipher("aes-#{key_len.to_i}-cbc", key, iv) )
+        return self.class.new( from_cipher("aes-#{key_len}-cbc", key, iv) )
       end
       
     end

data/lib/securize_string/digest_finder.rb

@@ -0,0 +1,56 @@
+require 'digest'
+require 'openssl'
+
+module SecurizeString
+  #  A Helper class to look-up digests easily.
+  class DigestFinder
+    DIGESTS = {
+      'DSS'        => OpenSSL::Digest::DSS      ,
+      'DSS1'       => OpenSSL::Digest::DSS1     ,
+      'MD2'        => OpenSSL::Digest::MD2      ,
+      'MD4'        => OpenSSL::Digest::MD4      ,
+      'MD5'        => OpenSSL::Digest::MD5      ,
+      'SHA'        => OpenSSL::Digest::SHA      ,
+      'SHA-0'      => OpenSSL::Digest::SHA      ,
+      'SHA0'       => OpenSSL::Digest::SHA      ,
+      'SHA-1'      => OpenSSL::Digest::SHA1     ,
+      'SHA1'       => OpenSSL::Digest::SHA1     ,
+      'SHA-224'    => OpenSSL::Digest::SHA224   ,
+      'SHA-256'    => OpenSSL::Digest::SHA256   ,
+      'SHA-384'    => OpenSSL::Digest::SHA384   ,
+      'SHA-512'    => OpenSSL::Digest::SHA512   ,
+      'SHA224'     => OpenSSL::Digest::SHA224   ,
+      'SHA256'     => OpenSSL::Digest::SHA256   ,
+      'SHA384'     => OpenSSL::Digest::SHA384   ,
+      'SHA512'     => OpenSSL::Digest::SHA512   ,
+      'RIPEMD-160' => OpenSSL::Digest::RIPEMD160,
+      'RIPEMD160'  => OpenSSL::Digest::RIPEMD160
+    }.freeze
+    
+    # Returns the complete list of digest strings recognized by find.
+    def self.digests
+      @supported_digests = DIGESTS.keys.inject([]) {|a,v| a | [v.upcase, v.downcase]}.sort if @supported_digests.nil?
+      return @supported_digests
+    end
+    
+    # Returns the OpenSSL::Digest class that goes with a given argument.
+    def self.find(obj)
+      if( obj.kind_of?(OpenSSL::Digest) )
+        klass = obj.class
+      elsif( obj.kind_of?(Class) && (obj < OpenSSL::Digest) )
+        klass = obj
+      elsif( obj.kind_of?(Class) && (obj < Digest::Base) )
+        klass = DIGESTS[obj.name.split('::').last.upcase]
+      elsif( obj.kind_of?(Digest::Base) )
+        klass = DIGESTS[obj.class.name.split('::').last.upcase]
+      else
+        klass = DIGESTS[obj.to_s.upcase]
+      end
+      
+      raise ArgumentError, "Cannot convert to OpenSSL::Digest: #{obj.inspect}" if klass.nil?
+      
+      return klass
+    end
+  
+  end
+end

data/lib/securize_string/digest_methods.rb

@@ -1,31 +1,45 @@
 require 'openssl'
+require_relative 'digest_finder'
   
 module SecurizeString
   # Adds methods for OpenSSL::Digest support.
   # See DigestMethods::ClassMethods and DigestMethods::InstanceMethods for more details.
   module DigestMethods
-    
     def self.included(mod)
       mod.send(:include, InstanceMethods)
     end
     
+    # Adds instance methods for OpenSSL::Digest support via inclusion of
+    # SecurizeString::DigestMethods to a class.
+    module ClassMethods
+      
+      # Returns a list of supported digests.  These can be passed directly into
+      # the cipher methods.
+      def supported_digests
+        return DigestFinder.digests
+      end
+      
+    end
+    
     # Adds instance methods for OpenSSL::Digest support via inclusion of
     # SecurizeString::DigestMethods to a class.
     module InstanceMethods
       
-      # Returns the digest of the byte string as a SecureString, using the passed OpenSSL object.
-      def to_digest(digest_obj)
+      # Returns the digest of the byte string as a SecureString using the passed
+      # digest from the list of digests in +supported_digests+.
+      def to_digest(digest)
+        digest_obj = DigestFinder.find(digest).new
         return self.class.new( digest_obj.digest(self) )
       end
       
       # Returns the MD5 of the byte string as a SecureString.
       def to_md5
-        return to_digest( OpenSSL::Digest::MD5.new )
+        return to_digest('MD5')
       end
       
       # Returns the SHA1 of the byte string as SecureString
       def to_sha1
-        return to_digest( OpenSSL::Digest::SHA1.new )
+        return to_digest('SHA-1')
       end
       
       # Returns the SHA2 of the byte string as a SecureString.
@@ -34,8 +48,8 @@ module SecurizeString
       # specification of which bit length to use.
       def to_sha2(length=256)
         if [224,256,384,512].include?(length)
-          digest_klass = OpenSSL::Digest.const_get("SHA#{length}", false)
-          return to_digest( digest_klass )
+          digest = "SHA-#{length}"
+          return to_digest( digest )
         else
           raise ArgumentError, "Invalid SHA2 length: #{length}"
         end

data/lib/securize_string/rsa_methods.rb

@@ -42,22 +42,25 @@ module SecurizeString
       #
       # Note that the key must be 11 bytes longer than the data string or it doesn't
       # work.
-      def to_rsa(public_key)
-        key = OpenSSL::PKey::RSA.new(public_key)
-        return self.class.new( key.public_encrypt(self) )
+      def to_rsa(key)
+        key = OpenSSL::PKey::RSA.new(key)        
+        cipher_text = key.private? ? key.private_encrypt(self.to_s) : key.public_encrypt(self.to_s)
+        return self.class.new(cipher_text)
       end
       
       # Given an RSA private key, it decrypts the data string back into the original text.
-      def from_rsa(private_key)
-        key = OpenSSL::PKey::RSA.new(private_key)
-        return self.class.new( key.private_decrypt(self) )
+      def from_rsa(key)
+        key = OpenSSL::PKey::RSA.new(key)
+        plain_text = key.private? ? key.private_decrypt(self.to_s) : key.public_decrypt(self.to_s)
+        return self.class.new(plain_text)
       end
       
       # Signs the given message using hte given private key.
       #
-      # By default, signs using SHA256, but another digest object can be given.
-      def sign(private_key, digest_obj=OpenSSL::Digest::SHA256.new)
-        digest_obj = (digest_obj.kind_of?(Class) ? digest_obj.new : digest_obj)
+      # By default, verifies using SHA256, but another digest method can be given
+      # using the list of DigestFinder supported digests.
+      def sign(private_key, digest_method='SHA-256')
+        digest_obj = DigestFinder.find(digest_method).new
         key = OpenSSL::PKey::RSA.new(private_key)
         return self.class.new( key.sign(digest_obj, self) )
       end
@@ -65,13 +68,32 @@ module SecurizeString
       # Verifies the given signature matches the messages digest, using the
       # signer's public key.
       #
-      # By default, verifies using SHA256, but another digest object can be given.
-      def verify?(public_key, signature, digest_obj=OpenSSL::Digest::SHA256.new)
-        digest_obj = (digest_obj.kind_of?(Class) ? digest_obj.new : digest_obj)
+      # By default, verifies using SHA256, but another digest method can be given
+      # using the list of DigestFinder supported digests.
+      def verify?(public_key, signature, digest_method='SHA-256')
+        digest_obj = DigestFinder.find(digest_method).new
         key = OpenSSL::PKey::RSA.new(public_key)
         return key.verify(digest_obj, signature.to_s, self)
       end
       
+      # Interpret the conetents of the string as an RSA key, and determine if it is public.
+      #
+      # Even though private keys contain all the information necessary to reconstitute
+      # a public key, this method returns false.  This is in contrast to the
+      # behavior of OpenSSL::PKey::RSA, which return true for both public and
+      # private checks with a private key (since it reconstituted the public
+      # key and it is available for use).
+      def public_rsa_key?
+        # There is an interesting bug I came across, where +public?+ can be true on a private key!
+        return !private_rsa_key?
+      end
+      
+      # Interpret the conents of the string as an RSA key, and determine if it is private.
+      def private_rsa_key?
+        key = OpenSSL::PKey::RSA.new(self.to_s)
+        return key.private?
+      end
+      
     end
     
   end

data/spec/base64_methods_spec.rb

@@ -41,6 +41,7 @@ describe "SecureString" do
         ss.from_base64.should == message[:string]
       end
     end
+    
   end
   
 end

data/spec/binary_string_data_methods_spec.rb

@@ -11,14 +11,14 @@ describe "SecurityString" do
     it 'should be able to convert to a hex string' do
       @messages.each do |message|
         ss = SecureString.new(message[:string])
-        ss.to_hex.should == message[:hex]
+        ss.data_to_hex.should == message[:hex]
       end
     end
   
     it 'should be able to convert to an int value' do
       @messages.each do |message|
         ss = SecureString.new(message[:string])
-        ss.to_i.should == message[:int]
+        ss.data_to_i.should == message[:int]
       end
     end
   
@@ -34,11 +34,19 @@ describe "SecurityString" do
       @messages.each do |message|
         s = String.new(message[:string])
         ss = SecureString.new(message[:string])
-        ss.inspect.should include(ss.to_hex)
+        ss.inspect.should include(ss.data_to_hex)
         ss.inspect.should_not include(s.to_s)
       end
     end
     
+    it 'should return appropriate values on an empty string' do
+      ss = SecureString.new('')
+      
+      ss.data_to_hex.should == ''
+      ss.data_to_i.should be_kind_of(Integer)
+      ss.data_to_i.should == 0
+    end
+    
   end
   
 end

data/spec/digest_finder_spec.rb

@@ -0,0 +1,48 @@
+require File.join(File.dirname(__FILE__), 'spec_helper')
+
+describe "Digest Finder" do
+  
+  it 'should give a list of digests' do
+    digests = SecurizeString::DigestFinder.digests
+    digests.should be_kind_of(Array)
+    digests.should_not be_empty
+  end
+  
+  it 'should list both upcase and downcase versions of each digest, just like OpenSSL::Cipher::ciphers' do
+    digests = SecurizeString::DigestFinder.digests
+    lower = digests.select {|d| d == d.downcase}
+    upper = digests.select {|d| d == d.upcase}
+    
+    lower.length == upper.length
+    (lower.length * 2) == digests.length
+  end
+  
+  it 'should find an OpenSSL::Digest instance for a string' do
+    SecurizeString::DigestFinder.find('SHA-256').should == OpenSSL::Digest::SHA256
+    SecurizeString::DigestFinder.find('sha-256').should == OpenSSL::Digest::SHA256
+    SecurizeString::DigestFinder.find('sha256').should  == OpenSSL::Digest::SHA256
+    SecurizeString::DigestFinder.find('SHA256').should  == OpenSSL::Digest::SHA256
+    
+    lambda{ SecurizeString::DigestFinder.find('foobar') }.should raise_error(ArgumentError)
+  end
+  
+  it 'should pass through a valid OpenSSL::Digest instance' do
+    SecurizeString::DigestFinder.find(OpenSSL::Digest::SHA256).should == OpenSSL::Digest::SHA256
+  end
+  
+  it 'should instantiate an OpenSSL::Digest class' do
+    digest_obj = OpenSSL::Digest::SHA256.new
+    SecurizeString::DigestFinder.find(digest_obj).should == OpenSSL::Digest::SHA256
+  end
+  
+  it 'should instantiate a Digest class' do
+    SecurizeString::DigestFinder.find(Digest::SHA256).should == OpenSSL::Digest::SHA256
+  end
+  
+  it 'sould convert a Digest instance' do
+    digest_obj = Digest::SHA256.new
+    
+    SecurizeString::DigestFinder.find(digest_obj).should == OpenSSL::Digest::SHA256
+  end
+  
+end

data/spec/digest_methods_spec.rb

@@ -1,5 +1,3 @@
-# Make sure to test that the cipher methods are from openssl and not jsut digest?
-
 require File.join(File.dirname(__FILE__), 'spec_helper')
 
 describe "SecureString" do
@@ -18,16 +16,16 @@ describe "SecureString" do
       end
       
       it 'should encode as a SecureString' do
-        @message.to_digest(OpenSSL::Digest::MD5).should be_kind_of(SecureString)
-        @message.to_digest(OpenSSL::Digest::SHA512).should be_kind_of(SecureString)
+        @message.to_digest('MD5').should be_kind_of(SecureString)
+        @message.to_digest('SHA-512').should be_kind_of(SecureString)
       end
       
       it 'should contain the raw value, not the hex value' do
-        md5 = @message.to_digest(OpenSSL::Digest::MD5)
+        md5 = @message.to_digest('MD5')
         md5.should_not == @message_md5_hex
         md5.to_hex.should == @message_md5_hex
         
-        sha512 = @message.to_digest(OpenSSL::Digest::SHA512)
+        sha512 = @message.to_digest('SHA-512')
         sha512.should_not == @message_sha512_hex
         sha512.to_hex.should == @message_sha512_hex
       end

data/spec/example_spec.rb

@@ -0,0 +1,75 @@
+
+
+describe "Examples" do
+  
+  it 'should perform the basic usage example' do
+    
+    ss = SecureString.new("Hello World!")
+    ss.to_s.should == "Hello World!"
+    ss.inspect.should == "<48656c6c6f20576f726c6421>"
+    
+    ss.to_hex.should == "48656c6c6f20576f726c6421"
+    ss.to_i.should == 22405534230753928650781647905
+    ss.to_base64.should == "SGVsbG8gV29ybGQh"
+    
+    ss1 = SecureString.new(:data, "Hello World!")
+    ss2 = SecureString.new(:hex, "48656c6c6f20576f726c6421")
+    ss3 = SecureString.new(:int, 22405534230753928650781647905)
+    ss4 = SecureString.new(:base64, "SGVsbG8gV29ybGQh")
+    
+    ss1.should == ss
+    ss2.should == ss
+    ss3.should == ss 
+    ss4.should == ss 
+  end
+  
+  it 'should perform the base64 example' do
+    SecureString.new("Hello World!").to_base64.should == "SGVsbG8gV29ybGQh"
+    
+    (SecureString.new(:base64, "SGVsbG8gV29ybGQh") == "Hello World!"   ).should be_true
+    (SecureString.new("SGVsbG8gV29ybGQh") == "Hello World!"            ).should be_false
+    (SecureString.new("SGVsbG8gV29ybGQh").from_base64 == "Hello World!").should be_true
+  end
+  
+  it 'should perform digest example' do
+    ss = SecureString.new("Hello World!")
+    ss.to_md5.to_hex.should == "ed076287532e86365e841e92bfc50d8c"
+    ss.to_sha1.to_hex.should == "2ef7bde608ce5404e97d5f042f95f89f1c232871"
+    ss.to_sha256.to_hex.should == "7f83b1657ff1fc53b92dc18148a1d65dfc2d4b1fa3d677284addd200126d9069"
+    ss.to_digest(OpenSSL::Digest::SHA512).to_hex.should == "861844d6704e8573fec34d967e20bcfef3d424cf48be04e6dc08f2bd58c729743371015ead891cc3cf1c9d34b49264b510751b1ff9e537937bc46b5d6ff4ecc8"
+  end
+  
+  it 'should perform the cipher example' do
+    # Generate a random key and initialization vector.
+    key, iv = SecureString.aes_keygen
+    
+    # Now encrypt a message:
+    message = SecureString.new("Hello World!")
+    cipher_text = message.to_aes(key, iv)
+    
+    # Now decrypt the message:
+    decoded_text = cipher_text.from_aes(key, iv)
+    
+    decoded_text.should == message
+    cipher_text.should_not == message
+  end
+  
+  it 'should perform the char encoding example' do
+    s = "Resum\u00E9"
+    s.encoding.should == Encoding.find("UTF-8")
+    s.length.should == 6
+    s.bytesize.should == 7
+    
+    s = "Resum\u00E9"
+    s.force_encoding('BINARY')
+    s.encoding.should == Encoding.find("ASCII-8BIT")
+    s.length.should == 7
+    s.bytesize.should == 7
+    
+    s = "Resum\u00E9"
+    b = s.dup.force_encoding('BINARY')
+    (s == b).should be_false
+    (s.bytes.to_a == b.bytes.to_a).should be_true
+  end
+  
+end

data/spec/rsa_methods_spec.rb

@@ -61,14 +61,29 @@ describe "SecureString" do
         end
       end
       
+      it 'should be able to determine if the key is public or private' do
+        pvt_key, pub_key = SecureString.rsa_keygen
+        
+        pvt_key.public_rsa_key?.should be_false
+        pvt_key.private_rsa_key?.should be_true
+        
+        pub_key.public_rsa_key?.should be_true
+        pub_key.private_rsa_key?.should be_false
+      end
+      
     end
     
     describe "Encryption" do
       
       before(:all) do
         @key_length = 128
-        @pvt_key = SecureString.new(:hex, "2d2d2d2d2d424547494e205253412050524956415445204b45592d2d2d2d2d0a4d47454341514143455143364c704764426d334a78495048513945345537443141674d424141454345474c62517a6e724a6652525762433365474b3561656b430a4351446d633569312f5669666277494a414d37536b4534554b7750624167682b7831316430564274395149494a4648372f346f784a364d4343474e646e3933330a4a43774d0a2d2d2d2d2d454e44205253412050524956415445204b45592d2d2d2d2d0a")
-        @pub_key = SecureString.new(:hex, "2d2d2d2d2d424547494e20525341205055424c4943204b45592d2d2d2d2d0a4d426743455143364c704764426d334a78495048513945345537443141674d424141453d0a2d2d2d2d2d454e4420525341205055424c4943204b45592d2d2d2d2d0a")
+        
+        #@pvt_key = SecureString.new(:hex, "2d2d2d2d2d424547494e205253412050524956415445204b45592d2d2d2d2d0a4d47454341514143455143364c704764426d334a78495048513945345537443141674d424141454345474c62517a6e724a6652525762433365474b3561656b430a4351446d633569312f5669666277494a414d37536b4534554b7750624167682b7831316430564274395149494a4648372f346f784a364d4343474e646e3933330a4a43774d0a2d2d2d2d2d454e44205253412050524956415445204b45592d2d2d2d2d0a")
+        @pvt_key = SecureString.new("-----BEGIN RSA PRIVATE KEY-----\nMGECAQACEQC6LpGdBm3JxIPHQ9E4U7D1AgMBAAECEGLbQznrJfRRWbC3eGK5aekC\nCQDmc5i1/VifbwIJAM7SkE4UKwPbAgh+x11d0VBt9QIIJFH7/4oxJ6MCCGNdn933\nJCwM\n-----END RSA PRIVATE KEY-----")
+        
+        #@pub_key = SecureString.new(:hex, "2d2d2d2d2d424547494e20525341205055424c4943204b45592d2d2d2d2d0a4d426743455143364c704764426d334a78495048513945345537443141674d424141453d0a2d2d2d2d2d454e4420525341205055424c4943204b45592d2d2d2d2d0a")
+        @pub_key = SecureString.new("-----BEGIN RSA PUBLIC KEY-----\nMBgCEQC6LpGdBm3JxIPHQ9E4U7D1AgMBAAE=\n-----END RSA PUBLIC KEY-----")
+        
         @message = SecureString.new("Hello")
       end
       
@@ -81,7 +96,7 @@ describe "SecureString" do
       
       # We cannot independently test encryption because it changes everytime
       # thanks to padding generation.
-      it 'should encrypt and decrypy a message' do
+      it 'should encrypt and decrypt a message' do
         encrypted_message = @message.to_rsa(@pub_key)
         (encrypted_message.bytesize * 8).should == @key_length
         
@@ -89,6 +104,14 @@ describe "SecureString" do
         decrypted_message.should == @message
       end
       
+      it 'should encrypt and decrypt a message swapping pub and pvt keys' do
+        encrypted_message = @message.to_rsa(@pvt_key)
+        (encrypted_message.bytesize * 8).should == @key_length
+        
+        decrypted_message = encrypted_message.from_rsa(@pub_key)
+        decrypted_message.should == @message
+      end
+      
     end
     
     
@@ -102,50 +125,53 @@ describe "SecureString" do
         @message = SecureString.new("Hello")
       end
       
-      it 'should sign and verify a message using a private key' do
+      it 'should do a standard encrypt/sign then verify/decrypt cycle' do
         # Alice encrypts a message for Bob and signs is.
-        @encrypted_message = @message.to_rsa(@bob_pub_key)
-        @signature = @encrypted_message.sign(@alice_pvt_key)
+        encrypted_message = @message.to_rsa(@bob_pub_key)
+        signature = encrypted_message.sign(@alice_pvt_key)
+        encrypted_message.should_not be_empty
+        signature.should_not be_empty
         
         # Verify it came from Alice.
-        is_verified = @encrypted_message.verify?(@alice_pub_key, @signature)
+        is_verified = encrypted_message.verify?(@alice_pub_key, signature)
         is_verified.should be_true
         
         # Verify it did not come from Bob.
-        is_verified = @encrypted_message.verify?(@bob_pub_key, @signature)
+        is_verified = encrypted_message.verify?(@bob_pub_key, signature)
         is_verified.should be_false
         
         # Bob should now decrypt it
-        @decrypted_message = @encrypted_message.from_rsa(@bob_pvt_key)
-        @decrypted_message.should == @message
+        decrypted_message = encrypted_message.from_rsa(@bob_pvt_key)
+        decrypted_message.should == @message
       end
       
       it 'should default to signing with SHA-256' do
         encrypted_message = @message.to_rsa(@bob_pub_key)
-        encrypted_message.sign(@alice_pvt_key).should == encrypted_message.sign(@alice_pvt_key, OpenSSL::Digest::SHA256.new)
+        encrypted_message.sign(@alice_pvt_key).should == encrypted_message.sign(@alice_pvt_key, 'SHA-256')
       end
       
-      it 'should allow signing with other digest' do
+      it 'should allow signing with other digests' do
         encrypted_message = @message.to_rsa(@bob_pub_key)
-        comparison_digest_klass = OpenSSL::Digest::SHA256
-        [OpenSSL::Digest::SHA512, OpenSSL::Digest::MD5, OpenSSL::Digest::SHA1].each do |digest_klass|
-          next if digest_klass == comparison_digest_klass
-          signature = encrypted_message.sign(@alice_pvt_key, digest_klass.new)
-          signature.should_not == encrypted_message.sign(@alice_pvt_key, comparison_digest_klass.new)
+        comparison_digest_method = 'SHA-256'
+        ['SHA-512', 'MD5', 'SHA-1'].each do |digest_method|
+          next if digest_method == comparison_digest_method
+          signature = encrypted_message.sign(@alice_pvt_key, digest_method)
+          signature.should_not == encrypted_message.sign(@alice_pvt_key, comparison_digest_method)
         end
       end
       
-      it 'should allow passing the digest method as an instance or class' do
+      it 'should allow passing the digest method as an instance, class, or string' do
         encrypted_message = @message.to_rsa(@bob_pub_key)
         [OpenSSL::Digest::SHA512, OpenSSL::Digest::SHA256, OpenSSL::Digest::MD5, OpenSSL::Digest::SHA1].each do |digest_klass|
-          signature1 = encrypted_message.sign(@alice_pvt_key, digest_klass.new)
-          signature2 = encrypted_message.sign(@alice_pvt_key, digest_klass)
-          signature1.should == signature2
+          signature1 = encrypted_message.sign(@alice_pvt_key, digest_klass)
+          signature2 = encrypted_message.sign(@alice_pvt_key, digest_klass.new)
+          signature3 = encrypted_message.sign(@alice_pvt_key, digest_klass.name.split('::').last)
+          signature2.should == signature1
+          signature3.should == signature1
         end
       end
       
       it 'should work with Digest scoped digest classes' do
-        pending "TODO: postponing feature"
         encrypted_message = @message.to_rsa(@bob_pub_key)
         signature1 = encrypted_message.sign(@alice_pvt_key, Digest::SHA256)
         signature2 = encrypted_message.sign(@alice_pvt_key, OpenSSL::Digest::SHA256)
@@ -153,7 +179,6 @@ describe "SecureString" do
       end
       
       it 'should work with Digest scoped digest instances' do
-        pending "TODO: postponing feature"
         encrypted_message = @message.to_rsa(@bob_pub_key)
         signature1 = encrypted_message.sign(@alice_pvt_key, Digest::SHA256.new)
         signature2 = encrypted_message.sign(@alice_pvt_key, OpenSSL::Digest::SHA256.new)

data/spec/secure_string_spec.rb

@@ -1,3 +1,5 @@
+#encoding: UTF-8
+
 require File.join(File.dirname(__FILE__), 'spec_helper')
 
 describe "SecureString" do
@@ -56,4 +58,72 @@ describe "SecureString" do
     newline_count.select {|nl_count| nl_count > 1}.should_not be_empty
   end
   
+  it 'should implement to_hex' do
+    SecureString.instance_methods.should include(:to_hex)
+    
+    @messages.each do |message|
+      ss = SecureString.new(message[:string])
+      ss.to_hex.should == ss.data_to_hex
+    end
+  end
+  
+  it 'should implement to_i properly' do
+    SecureString.instance_methods.should include(:to_i)
+    
+    @messages.each do |message|
+      ss = SecureString.new(message[:string])
+      ss.to_i.should == ss.data_to_i
+    end
+  end
+  
+  it 'should parse hex data with spaces' do
+    
+    data = <<-DATA
+    a766a602 b65cffe7 73bcf258 26b322b3 d01b1a97 2684ef53 3e3b4b7f 53fe3762
+    24c08e47 e959b2bc 3b519880 b9286568 247d110f 70f5c5e2 b4590ca3 f55f52fe
+    effd4c8f e68de835 329e603c c51e7f02 545410d1 671d108d f5a4000d cf20a439
+    4949d72c d14fbb03 45cf3a29 5dcda89f 998f8755 2c9a58b1 bdc38483 5e477185
+    f96e68be bb0025d2 d2b69edf 21724198 f688b41d eb9b4913 fbe696b5 457ab399
+    21e1d759 1f89de84 57e8613c 6c9e3b24 2879d4d8 783b2d9c a9935ea5 26a729c0
+    6edfc501 37e69330 be976012 cc5dfe1c 14c4c68b d1db3ecb 24438a59 a09b5db4
+    35563e0d 8bdf572f 77b53065 cef31f32 dc9dbaa0 4146261e 9994bd5c d0758e3d"
+    DATA
+    
+    ss = SecureString.new(:hex, data)
+    
+    # This was taken from a publically published SHA-0 data collision document,
+    # so the best way to know that the data is good is to SHA-0 it and see if
+    # we get back the value!  (http://fr.wikipedia.org/wiki/SHA-0)
+    OpenSSL::Digest::SHA.hexdigest(ss).should == "c9f160777d4086fe8095fba58b7e20c228a4006b"
+  end
+  
+  describe 'Encodings' do
+    
+    before(:each) do
+      @unicode_string = "A resumé for the moose; Eine Zusammenfassung für die Elche; Резюме для лосей; アメリカヘラジカのための概要; Μια περίληψη για τις άλκες; 麋的一份簡歷; Un résumé pour les orignaux."
+    end
+    
+    it 'should NOT change the encoding of a string' do
+      @unicode_string.encoding.should == Encoding.find("UTF-8")
+      ss = SecureString.new(@unicode_string)
+      ss.encoding.should == @unicode_string.encoding
+    end
+    
+    it 'should NOT change the length to the byte count for UTF-8 encoded strings.' do
+      @unicode_string.encoding.should == Encoding.find("UTF-8")
+      ss = SecureString.new(@unicode_string)
+      ss.length.should < ss.bytesize
+    end
+    
+    it 'should allow forced transcoding to binary' do
+      ss = SecureString.new(@unicode_string)
+      
+      ss.encoding.should == Encoding.find("UTF-8")
+      ss.force_encoding("Binary")
+      ss.encoding.should == Encoding.find("ASCII-8BIT")
+      @unicode_string.encoding.should == Encoding.find("UTF-8")
+    end
+    
+  end
+  
 end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 1
   - 1
-  - 0
-  version: 1.1.0
+  - 1
+  version: 1.1.1
 platform: ruby
 authors: 
 - Jeff Reinecke
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-11-04 00:00:00 -07:00
+date: 2010-11-05 00:00:00 -07:00
 default_executable: 
 dependencies: []
 
@@ -34,13 +34,16 @@ files:
 - lib/securize_string/base64_methods.rb
 - lib/securize_string/binary_string_data_methods.rb
 - lib/securize_string/cipher_methods.rb
+- lib/securize_string/digest_finder.rb
 - lib/securize_string/digest_methods.rb
 - lib/securize_string/rsa_methods.rb
 - lib/securize_string.rb
 - spec/base64_methods_spec.rb
 - spec/binary_string_data_methods_spec.rb
 - spec/cipher_methods_spec.rb
+- spec/digest_finder_spec.rb
 - spec/digest_methods_spec.rb
+- spec/example_spec.rb
 - spec/rsa_methods_spec.rb
 - spec/secure_string_spec.rb
 - spec/spec_helper.rb
@@ -61,8 +64,8 @@ required_ruby_version: !ruby/object:Gem::Requirement
       segments: 
       - 1
       - 9
-      - 2
-      version: 1.9.2
+      - 0
+      version: 1.9.0
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: