urlcrypt 0.0.1

data/README.md

@@ -0,0 +1,53 @@
+# URLcrypt
+
+Ever wanted to securely transmit (not too long) pieces of arbitrary binary data
+in a URL? *urlencrypt* makes it easy!
+
+This gem is based on the base32 gem from Samuel Tesla.
+
+URLcrypt uses a 256-bit AES symmetric encryption to securely encrypt data, and
+and encodes and decodes Base 62 strings that can be used directly in URLs.
+
+For example, this can be used to securely store user ids and the like when you 
+access a web application from a place that doesn't have other authentication
+mechanisms, like when you load an image in an email.
+
+URLcrypt uses a modified Base 32 algorithm that doesn't use padding characters,
+and doesn't use vowels to avoid bad words in the generated string.
+
+The main reason why Base 32 is useful is that Ruby's built-in Base 64 support
+is, IMO, looking ugly in URLs and requires several characters that need to be 
+URL-escaped.
+
+Unfortunately, some other gems out there that in theory could handle this 
+(like the radix gem) fail with strings that start with a "\0" byte.
+
+*WORD OF WARNING* THERE IS NO GUARANTEE WHATSOEVER THAT THIS GEM IS ACTUALLY
+SECURE AND WORKS. USE AT YOUR OWN RISK.
+
+Note: this is version 0.0.1 which doesn't actually come with the encryption part
+just yet. It will only work on Ruby 1.8.7 for now.
+
+Patches are welcome, please include tests.
+
+## Installation
+
+Add the `urlcrypt` gem to your Gemfile.
+
+## Simple Example
+
+```ruby
+URLcrypt.encode('chunky bacon!')          # => "mnAhk6tlp2qg2yldn8xcc"
+URLcrypt.decode('mnAhk6tlp2qg2yldn8xcc')  # => "chunky bacon!"
+```
+
+## Running the Test Suite
+
+If you want to run the automated tests for URLcrypt, issue this command from the
+distribution directory.
+
+  % rake test:all
+
+## References
+
+* Base 32: RFC 3548: http://www.faqs.org/rfcs/rfc3548.html

data/Rakefile

@@ -0,0 +1,54 @@
+# Copyright (c) 2013 Thomas Fuchs
+# Copyright (c) 2007-2011 Samuel Tesla
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require File.join(File.dirname(__FILE__), 'config', 'environment.rb')
+require 'rake/clean'
+require 'rake/testtask'
+require 'rubygems'
+require 'rubygems/package_task'
+
+task :default => ['test:all']
+
+gemspec = Gem::Specification.new do |s|
+  s.author = "Thomas Fuchs"
+  s.email = "thomas@slash7.com"
+  s.extra_rdoc_files = ["README.md"]
+  s.files = FileList["Rakefile", "{config,lib,test}/**/*"]
+  s.has_rdoc = true
+  s.name = 'urlcrypt'
+  s.require_paths << 'lib'
+  s.requirements << 'none'
+  s.summary = "Securely encode and decode short pieces of arbitrary binary data in URLs."
+  s.version = "0.0.1"
+end
+
+Gem::PackageTask.new(gemspec) do |pkg|
+  pkg.need_tar = true
+end
+
+namespace :test do
+  Rake::TestTask.new :all do |t|
+    t.libs << 'test'
+    t.pattern = 'test/**/*_test.rb'
+    t.verbose = true
+  end
+  Rake::Task['test:all'].comment = 'Run all of the tests'
+end

data/config/environment.rb

@@ -0,0 +1,27 @@
+# Copyright (c) 2007-2011 Samuel Tesla
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+unless defined? BASE32_ROOT
+  root_path = File.join(File.dirname(__FILE__), '..')
+  BASE32_ROOT = File.expand_path(root_path)
+end
+
+$LOAD_PATH.unshift File.join(BASE32_ROOT, 'lib')
+$LOAD_PATH.unshift File.join(BASE32_ROOT, 'ext')

data/lib/URLcrypt.rb

@@ -0,0 +1,48 @@
+module URLcrypt
+  # avoid vowels to not generate four-letter words, etc.
+  # this is important because those words can trigger spam 
+  # filters when URLs are used in emails
+  TABLE = "1bcd2fgh3jklmn4pqrstAvwxyz567890".freeze
+
+  class Chunk
+    def initialize(bytes)
+      @bytes = bytes
+    end
+
+    def decode
+      bytes = @bytes.take_while {|c| c != 61} # strip padding
+      bytes = bytes.find_all{|b| !TABLE.index(b.chr).nil? } # remove invalid characters
+      n = (bytes.length * 5.0 / 8.0).floor
+      p = bytes.length < 8 ? 5 - (n * 8) % 5 : 0
+      c = bytes.inject(0) {|m,o| (m << 5) + TABLE.index(o.chr)} >> p
+      (0..n-1).to_a.reverse.collect {|i| ((c >> i * 8) & 0xff).chr}
+    end
+
+    def encode
+      n = (@bytes.length * 8.0 / 5.0).ceil
+      p = n < 8 ? 5 - (@bytes.length * 8) % 5 : 0
+      c = @bytes.inject(0) {|m,o| (m << 8) + o} << p
+      [(0..n-1).to_a.reverse.collect {|i| TABLE[(c >> i * 5) & 0x1f].chr},
+       ("=" * (8-n))] # TODO: remove '=' padding generation
+    end
+  end
+
+  def self.chunks(str, size)
+    result = []
+    bytes = str.bytes
+    while bytes.any? do
+      result << Chunk.new(bytes.take(size))
+      bytes = bytes.drop(size)
+    end
+    result
+  end
+
+  # strip '=' padding, because we don't need it
+  def self.encode(str)
+    chunks(str, 5).collect(&:encode).flatten.join.tr('=','')
+  end
+
+  def self.decode(str)
+    chunks(str, 8).collect(&:decode).flatten.join
+  end
+end

data/test/URLcrypt_test.rb

@@ -0,0 +1,42 @@
+require 'test/unit'
+require 'URLcrypt'
+
+class TestURLcrypt < Test::Unit::TestCase
+  def assert_decoding(encoded, plain)
+    decoded = URLcrypt.decode(encoded)
+    assert_equal(plain, decoded)
+  end
+
+  def assert_encoding(encoded, plain)
+    actual = URLcrypt.encode(plain)
+    assert_equal(encoded, actual)
+  end
+
+  def assert_encode_and_decode(encoded, plain)
+    assert_encoding(encoded, plain)
+    assert_decoding(encoded, plain)
+  end
+
+  def test_empty_string
+    assert_encode_and_decode('', '')
+  end
+
+  def test_encode
+    assert_encode_and_decode(
+      '111gc86f4nxw5zj1b3qmhpb14n5h25l4m7111',
+      "\0\0awesome \n ü string\0\0")
+  end
+  
+  def test_invalid_encoding
+    assert_decoding('ZZZZZ', '')
+  end
+  
+  def test_arbitrary_byte_strings
+    0.step(1500,17) do |n|
+      original = (0..n).map{rand(256).chr}.join
+      encoded = URLcrypt::encode(original)
+      assert_decoding(encoded, original)
+    end
+  end
+
+end

metadata

@@ -0,0 +1,70 @@
+--- !ruby/object:Gem::Specification 
+name: urlcrypt
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: 
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Thomas Fuchs
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2013-03-18 00:00:00 Z
+dependencies: []
+
+description: 
+email: thomas@slash7.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.md
+files: 
+- Rakefile
+- config/environment.rb
+- lib/URLcrypt.rb
+- test/URLcrypt_test.rb
+- README.md
+homepage: 
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: 
+- none
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Securely encode and decode short pieces of arbitrary binary data in URLs.
+test_files: []
+