urlcrypt 0.1.0 → 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 4b88fc478e4e9f1be07a35951eb871bfa2cacc5ca3d6478d95dff1ea24df138d
+  data.tar.gz: 6f01a73f86568c9baec085265539c0b889007ea570273b78609924fc1939a865
+SHA512:
+  metadata.gz: b1a7d56dd3bcf4e27a396d3949e9e8cd546cc70a68bff62444ffee6d6e7a8bc1c8370ae94ba28fc24e4d37c01c979cd989d81370854dd7d10aff1489dac39ec7
+  data.tar.gz: a1322a2ebf8c4965c1f6945ba7bf9e61fde1566d5ea33fc05668897a0eb5c3133a83f5dc23ea5d649b7024b06dfec9b8dd0f0f79f04bd8b525919e81be7e636b

data/README.md

@@ -1,6 +1,7 @@
 # URLcrypt
 
-[![Build Status](https://travis-ci.org/madrobby/URLcrypt.png?branch=master)](https://travis-ci.org/madrobby/URLcrypt)
+[![Build Status](https://travis-ci.org/cheerful/URLcrypt.png?branch=master)](https://travis-ci.org/cheerful/URLcrypt)
+[![Coverage Status](https://coveralls.io/repos/cheerful/URLcrypt/badge.png?branch=master)](https://coveralls.io/r/cheerful/URLcrypt)
 
 Ever wanted to securely transmit (not too long) pieces of arbitrary binary data
 in a URL? **URLcrypt** makes it easy!
@@ -8,44 +9,53 @@ in a URL? **URLcrypt** makes it easy!
 This gem is based on the [base32](https://github.com/stesla/base32) gem from Samuel Tesla.
 
 URLcrypt uses **256-bit AES symmetric encryption**
-to securely encrypt data, and encodes and decodes 
+to securely encrypt data, and encodes and decodes
 **Base 32 strings that can be used directly in URLs**.
 
-This can be used to securely store user ids, download expiration dates and 
-other arbitrary data like that when you access a web application from a place 
+This can be used to securely store user ids, download expiration dates and
+other arbitrary data like that when you access a web application from a place
 that doesn't have other authentication or persistence mechanisms (like cookies):
- 
+
   * Loading a generated image from your web app in an email
   * Links that come with an expiration date (à la S3)
   * Mini-apps that don't persist data on the server
 
-Works with Ruby 1.8, 1.9 and 2.0.
+Works with Ruby 2.6+
 
-**Important**: As a general guideline, URL lengths shouldn't exceed about 2000 
+**Important**: As a general guideline, URL lengths shouldn't exceed about 2000
 characters in length, as URLs longer than that will not work in some browsers
 and with some (proxy) servers. This limits the amount of data you can store
 with URLcrypt.
 
 **WORD OF WARNING: THERE IS NO GUARANTEE WHATSOEVER THAT THIS GEM IS ACTUALLY SECURE AND WORKS. USE AT YOUR OWN RISK.**
 
+URLcrypt is an extraction from [Noko Time Tracking](https://nokotime.com),
+where it is used to generate URLs for dynamically generated images in emails.
+
 Patches are welcome; please include tests!
 
 ## Installation
 
-Add the `urlcrypt` gem to your Gemfile.
+Add to your Gemfile:
+```ruby
+gem 'urlcrypt', '~> 0.1.1', require: 'URLcrypt'
+```
+
+Then, set `ENV['urlcrypt_key']` to the default encryption key you will be using. This should be at least a 256-bit AES key, see below. **To ensure your strings are encoded, URLcrypt uses `ENV.fetch` to check for the variable, so it _must_ be set.**
 
-## Simple Example
+## Example
 
 ```ruby
-# encrypt and encode with 256-bit AES
-# one-time setup, set this to a securely random key with at least 256 bits, see below
-URLcrypt::key = '...' 
-
-# now encrypt and decrypt!
-URLcrypt::encrypt('chunky bacon!')        # => "sgmt40kbmnh1663nvwknxk5l0mZ6Av2ndhgw80rkypnp17xmmg5hy"
-URLcrypt::decrypt('sgmt40kbmnh1663nvwknxk5l0mZ6Av2ndhgw80rkypnp17xmmg5hy')
+# encrypt and decrypt using the default key from ENV['urlcrypt_key']!
+URLcrypt.encrypt('chunky bacon!')        # => "sgmt40kbmnh1663nvwknxk5l0mZ6Av2ndhgw80rkypnp17xmmg5hy"
+URLcrypt.decrypt('sgmt40kbmnh1663nvwknxk5l0mZ6Av2ndhgw80rkypnp17xmmg5hy')
   # => "chunky bacon!"
 
+# If needed, you can specify a custom key per-call
+URLcrypt.encrypt('chunky bacon!', key: '...')        # => "....."
+URLcrypt.decrypt('sgmt40kbmnh1663nvwknxk5l0mZ6Av2ndhgw80rkypnp17xmmg5hy', key: '...')
+# => "chunky bacon!"
+
 # encoding without encryption (don't use for anything sensitive!), doesn't need key set
 URLcrypt.encode('chunky bacon!')          # => "mnAhk6tlp2qg2yldn8xcc"
 URLcrypt.decode('mnAhk6tlp2qg2yldn8xcc')  # => "chunky bacon!"
@@ -55,15 +65,15 @@ URLcrypt.decode('mnAhk6tlp2qg2yldn8xcc')  # => "chunky bacon!"
 
 The easiest way to generate a secure key is to use `rake secret` in a Rails app:
 
-```
-% rake secret
+```sh
+$ rake secret
 ba7f56f8f9873b1653d7f032cc474938fd749ee8fbbf731a7c41d698826aca3cebfffa832be7e6bc16eaddc3826602f35d3fd6b185f261ee8b0f01d33adfbe64
 ```
 
 To use the key with URLcrypt, you'll need to convert that from a hex string into a real byte array:
 
-```
-URLcrypt::key = ['longhexkeygoeshere'].pack('H*')
+```ruby
+ENV['urlcrypt_key'] = ['longhexkeygoeshere'].pack('H*')
 ```
 
 ## Running the Test Suite
@@ -71,8 +81,8 @@ URLcrypt::key = ['longhexkeygoeshere'].pack('H*')
 If you want to run the automated tests for URLcrypt, issue this command from the
 distribution directory.
 
-```
-% rake test:all
+```sh
+$ rake test:all
 ```
 
 ## Why not Base 64, or an other radix/base library?
@@ -81,13 +91,13 @@ URLcrypt uses a modified Base 32 algorithm that doesn't use padding characters,
 and doesn't use vowels to avoid bad words in the generated string.
 
 The main reason why Base 32 is useful is that Ruby's built-in Base 64 support
-is, IMO, looking ugly in URLs and requires several characters that need to be 
+is, IMO, looking ugly in URLs and requires several characters that need to be
 URL-escaped.
 
-Unfortunately, some other gems out there that in theory could handle this 
+Unfortunately, some other gems out there that in theory could handle this
 (like the radix gem) fail with strings that start with a "\0" byte.
 
 
 ## References
 
-* Base 32: RFC 3548: http://www.faqs.org/rfcs/rfc3548.html
+* Base 32: RFC 3548: http://www.faqs.org/rfcs/rfc3548.html

data/Rakefile

@@ -1,4 +1,4 @@
-# Copyright (c) 2013 Thomas Fuchs
+# Copyright (c) 2013-2022 Thomas Fuchs
 # Copyright (c) 2007-2011 Samuel Tesla
 
 # Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -24,6 +24,7 @@ require 'rake/clean'
 require 'rake/testtask'
 require 'rubygems'
 require 'rubygems/package_task'
+require 'bundler'
 
 task :default => ['test:all']
 
@@ -32,12 +33,11 @@ gemspec = Gem::Specification.new do |s|
   s.email = "thomas@slash7.com"
   s.extra_rdoc_files = ["README.md"]
   s.files = FileList["Rakefile", "{config,lib,test}/**/*"]
-  s.has_rdoc = true
   s.name = 'urlcrypt'
   s.require_paths << 'lib'
   s.requirements << 'none'
   s.summary = "Securely encode and decode short pieces of arbitrary binary data in URLs."
-  s.version = "0.1.0"
+  s.version = "0.2.0"
 end
 
 Gem::PackageTask.new(gemspec) do |pkg|

data/lib/URLcrypt.rb

@@ -2,14 +2,10 @@ require 'openssl'
 
 module URLcrypt
   # avoid vowels to not generate four-letter words, etc.
-  # this is important because those words can trigger spam 
+  # this is important because those words can trigger spam
   # filters when URLs are used in emails
   TABLE = "1bcd2fgh3jklmn4pqrstAvwxyz567890".freeze
 
-  def self.key=(key)
-    @key = key
-  end
-
   class Chunk
     def initialize(bytes)
       @bytes = bytes
@@ -31,7 +27,11 @@ module URLcrypt
       [(0..n-1).to_a.reverse.collect {|i| TABLE[(c >> i * 5) & 0x1f].chr},
        ("=" * (8-n))] # TODO: remove '=' padding generation
     end
-    
+  end
+
+  def self.key=(key)
+    warn "`URLcrypt.key=` is deprecated. See the README on using environment variables with URLcrypt."
+    ENV['urlcrypt_key'] = [key].pack('H*')
   end
 
   def self.chunks(str, size)
@@ -52,27 +52,28 @@ module URLcrypt
   def self.decode(data)
     chunks(data, 8).collect(&:decode).flatten.join
   end
-  
-  def self.decrypt(data)
-    parts = data.split('Z').map{|part| decode(part)}
-    decrypter = cipher(:decrypt)
-    decrypter.iv = parts[0]
-    decrypter.update(parts[1]) + decrypter.final 
+
+  def self.decrypt(data, key: ENV.fetch('urlcrypt_key'))
+    iv, encrypted = data.split('Z').map{|part| decode(part)}
+    fail DecryptError, "not a valid string to decrypt" unless iv && encrypted
+    decrypter = cipher(:decrypt, key: key)
+    decrypter.iv = iv
+    decrypter.update(encrypted) + decrypter.final
   end
-    
-  def self.encrypt(data)
-    crypter = cipher(:encrypt)
+
+  def self.encrypt(data, key: ENV.fetch('urlcrypt_key'))
+    crypter = cipher(:encrypt, key: key)
     crypter.iv = iv = crypter.random_iv
     "#{encode(iv)}Z#{encode(crypter.update(data) + crypter.final)}"
   end
-  
-  private 
-    
-    def self.cipher(mode)
+
+  private
+    def self.cipher(mode, key:)
       cipher = OpenSSL::Cipher.new('aes-256-cbc')
       cipher.send(mode)
-      cipher.key = @key
+      cipher.key = key.byteslice(0,cipher.key_len)
       cipher
     end
 
-end
+  class DecryptError < ::ArgumentError; end
+end

data/test/URLcrypt_test.rb

@@ -1,29 +1,7 @@
 # encoding: utf-8
-require 'test/unit'
-require 'URLcrypt'
-
-class TestURLcrypt < Test::Unit::TestCase
-  def assert_bytes_equal(string1, string2)
-    bytes1 = string1.bytes.to_a.join(':')
-    bytes2 = string2.bytes.to_a.join(':')
-    assert_equal(bytes1, bytes2)
-  end
-  
-  def assert_decoding(encoded, plain)
-    decoded = URLcrypt.decode(encoded)
-    assert_bytes_equal(plain, decoded)
-  end
-
-  def assert_encoding(encoded, plain)
-    actual = URLcrypt.encode(plain)
-    assert_bytes_equal(encoded, actual)
-  end
-
-  def assert_encode_and_decode(encoded, plain)
-    assert_encoding(encoded, plain)
-    assert_decoding(encoded, plain)
-  end
+require 'test_helper'
 
+class TestURLcrypt < TestClass
   def test_empty_string
     assert_encode_and_decode('', '')
   end
@@ -33,11 +11,11 @@ class TestURLcrypt < Test::Unit::TestCase
       '111gc86f4nxw5zj1b3qmhpb14n5h25l4m7111',
       "\0\0awesome \n ü string\0\0")
   end
-  
+
   def test_invalid_encoding
     assert_decoding('ZZZZZ', '')
   end
-  
+
   def test_arbitrary_byte_strings
     0.step(1500,17) do |n|
       original = (0..n).map{rand(256).chr}.join
@@ -45,15 +23,9 @@ class TestURLcrypt < Test::Unit::TestCase
       assert_decoding(encoded, original)
     end
   end
-  
-  def test_encryption
-    # this key was generated via rake secret in a rails app, the pack() converts it into a byte array
-    URLcrypt::key =
-['d25883a27b9a639da85ea7e159b661218799c9efa63069fac13a6778c954fb6d721968887a19bdb01af8f59eb5a90d256bd9903355c20b0b4b39bf4048b9b17b'].pack('H*')
-    
-    original  = "hello world!"
-    encrypted = URLcrypt::encrypt(original)
-    assert_equal(URLcrypt::decrypt(encrypted), original)
-  end
 
+  def test_key_deprecation
+    URLcrypt.key = 'aaaa'
+    assert_equal "\xAA\xAA", ENV.fetch('urlcrypt_key')
+  end
 end

data/test/encryption_test.rb

@@ -0,0 +1,120 @@
+# encoding: utf-8
+require 'test_helper'
+
+class URLcryptEncryptionTest < TestClass
+  def teardown
+    ENV["urlcrypt_key"] = nil
+  end
+
+  def test_requires_ENV_if_no_key_provided
+    error = assert_raises(KeyError) do
+      ::URLcrypt::decrypt("just some plaintext")
+    end
+    assert_equal error.message, "key not found: \"urlcrypt_key\""
+
+    error = assert_raises(KeyError) do
+      ::URLcrypt::encrypt("just some plaintext")
+    end
+    assert_equal error.message, "key not found: \"urlcrypt_key\""
+  end
+
+  def test_encryption_with_ENV_key
+    # pack() converts this secret into a byte array
+    secret = ['d25883a27b9a639da85ea7e159b661218799c9efa63069fac13a6778c954fb6d'].pack('H*')
+    ENV['urlcrypt_key'] = secret
+
+    assert_equal  OpenSSL::Cipher.new('aes-256-cbc').key_len, secret.bytesize
+
+    original  = "hello world!"
+    encrypted = URLcrypt::encrypt(original)
+    assert_equal(URLcrypt::decrypt(encrypted), original)
+  end
+
+  def test_decrypt_error_with_ENV_key
+    secret = ['d25883a27b9a639da85ea7e159b661218799c9efa63069fac13a6778c954fb6d'].pack('H*')
+    ENV['urlcrypt_key'] = secret
+    error = assert_raises(URLcrypt::DecryptError) do
+      ::URLcrypt::decrypt("just some plaintext")
+    end
+    assert_equal error.message, "not a valid string to decrypt"
+  end
+
+  def test_encryption_with_explicit_key
+    # pack() converts this secret into a byte array
+    secret = ['d25883a27b9a639da85ea7e159b661218799c9efa63069fac13a6778c954fb6d'].pack('H*')
+
+    assert_equal  OpenSSL::Cipher.new('aes-256-cbc').key_len, secret.bytesize
+
+    original  = "hello world!"
+    encrypted = URLcrypt::encrypt(original, key: secret)
+    assert_equal(URLcrypt::decrypt(encrypted, key: secret), original)
+  end
+
+  def test_decrypt_error_with_explicit_key
+    secret = ['d25883a27b9a639da85ea7e159b661218799c9efa63069fac13a6778c954fb6d'].pack('H*')
+    error = assert_raises(URLcrypt::DecryptError) do
+      ::URLcrypt::decrypt("just some plaintext", key: secret)
+    end
+    assert_equal error.message, "not a valid string to decrypt"
+  end
+
+  def test_threads_with_ENV_keys
+    # pack() converts this secret into a byte array
+    secret = ['d25883a27b9a639da85ea7e159b661218799c9efa63069fac13a6778c954fb6d'].pack('H*')
+    ENV['urlcrypt_key'] = secret
+
+    assert_equal  OpenSSL::Cipher.new('aes-256-cbc').key_len, secret.bytesize
+
+    parent_string  = "hello world!"
+    parent_encrypted = URLcrypt::encrypt(parent_string)
+    assert_equal(URLcrypt::decrypt(parent_encrypted), parent_string)
+
+    threads = 100.times.map do |n|
+      Thread.new{
+        original = "Test String #{n}"
+        encrypted = URLcrypt::encrypt(original)
+        assert_equal(URLcrypt::decrypt(encrypted), original)
+
+        thread_encrypted = URLcrypt::encrypt(parent_string)
+
+        assert_equal(URLcrypt::decrypt(thread_encrypted), parent_string)
+        assert_equal(URLcrypt::decrypt(parent_encrypted), parent_string)
+      }
+    end
+
+    threads.each { |thr| thr.join }
+  end
+
+  def test_threads_with_explicit_per_thread_keys
+    threads = 100.times.map do |n|
+      Thread.new{
+        key = ["d25883a27b9a639da85ea7e159b661218799c9efa63069fac13a6778c954fb6d-secret-key-#{n}"].pack('H*')
+        original = "Test String #{n}"
+        encrypted = URLcrypt::encrypt(original, key: key)
+        assert_equal(URLcrypt::decrypt(encrypted, key: key), original)
+      }
+    end
+
+    threads.each { |thr| thr.join }
+  end
+
+  def test_threads_with_explicit_per_thread_keys_overriding_ENV_variable
+    secret = ['d25883a27b9a639da85ea7e159b661218799c9efa63069fac13a6778c954fb6d'].pack('H*')
+    ENV['urlcrypt_key'] = secret
+
+    threads = 100.times.map do |n|
+      Thread.new{
+        key = ["d25883a27b9a639da85ea7e159b661218799c9efa63069fac13a6778c954fb6d-secret-key-#{n}"].pack('H*')
+
+        original = "Test String #{n}"
+        encrypted = URLcrypt::encrypt(original, key: key)
+        assert_equal(URLcrypt::decrypt(encrypted, key: key), original)
+
+        parent_encryption = URLcrypt::encrypt(original)
+        refute_equal parent_encryption, encrypted
+      }
+    end
+
+    threads.each { |thr| thr.join }
+  end
+end

data/test/regression_test.rb

@@ -0,0 +1,31 @@
+# encoding: utf-8
+class URLcryptRegressionTest < TestClass
+  def setup
+    # this key was generated via rake secret in a rails app, the pack() converts it into a byte array
+    @secret = ['d25883a27b9a639da85ea7e159b661218799c9efa63069fac13a6778c954fb6d721968887a19bdb01af8f59eb5a90d256bd9903355c20b0b4b39bf4048b9b17b'].pack('H*')
+  end
+
+  def test_encryption_and_decryption
+    original = '{"some":"json_data","token":"dfsfsdfsdf"}'
+    encrypted = URLcrypt.encrypt(original, key: @secret)
+
+    assert_equal(URLcrypt::decrypt(encrypted, key: @secret), original)
+  end
+
+  def test_encryption_with_too_long_key
+    assert OpenSSL::Cipher.new('aes-256-cbc').key_len < @secret.bytesize
+
+    original  = "hello world!"
+    encrypted = URLcrypt::encrypt(original, key: @secret)
+    assert_equal(URLcrypt::decrypt(encrypted, key: @secret), original)
+  end
+
+  def test_encryption_and_decryption_with_too_long_key
+    assert OpenSSL::Cipher.new('aes-256-cbc').key_len < @secret.bytesize
+
+    original = '{"some":"json_data","token":"dfsfsdfsdf"}'
+    encrypted = URLcrypt.encrypt(original, key: @secret)
+
+    assert_equal(URLcrypt::decrypt(encrypted, key: @secret), original)
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,33 @@
+# encoding: utf-8
+require 'bundler'
+Bundler.require(:default, :test)
+
+require 'simplecov'
+SimpleCov.start
+
+require "minitest/autorun"
+
+class TestClass < Minitest::Test
+  require 'URLcrypt'
+
+  def assert_bytes_equal(string1, string2)
+    bytes1 = string1.bytes.to_a.join(':')
+    bytes2 = string2.bytes.to_a.join(':')
+    assert_equal(bytes1, bytes2)
+  end
+
+  def assert_decoding(encoded, plain)
+    decoded = URLcrypt.decode(encoded)
+    assert_bytes_equal(plain, decoded)
+  end
+
+  def assert_encoding(encoded, plain)
+    actual = URLcrypt.encode(plain)
+    assert_bytes_equal(encoded, actual)
+  end
+
+  def assert_encode_and_decode(encoded, plain)
+    assert_encoding(encoded, plain)
+    assert_decoding(encoded, plain)
+  end
+end

metadata

@@ -1,70 +1,52 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: urlcrypt
-version: !ruby/object:Gem::Version 
-  hash: 27
-  prerelease: 
-  segments: 
-  - 0
-  - 1
-  - 0
-  version: 0.1.0
+version: !ruby/object:Gem::Version
+  version: 0.2.0
 platform: ruby
-authors: 
+authors:
 - Thomas Fuchs
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2013-03-18 00:00:00 Z
+date: 2022-02-24 00:00:00.000000000 Z
 dependencies: []
-
 description: 
 email: thomas@slash7.com
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
+- README.md
+files:
 - README.md
-files: 
 - Rakefile
 - config/environment.rb
 - lib/URLcrypt.rb
 - test/URLcrypt_test.rb
-- README.md
+- test/encryption_test.rb
+- test/regression_test.rb
+- test/test_helper.rb
 homepage: 
 licenses: []
-
+metadata: {}
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-requirements: 
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements:
 - none
-rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 3.1.6
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Securely encode and decode short pieces of arbitrary binary data in URLs.
 test_files: []
-