Click here to Skip to main content
15,881,172 members
Search within:


Articles / Security / Encryption
 
Article

Enhanced String Handling II

Rate me:
Please Sign up or sign in to vote.
3.76/5 (11 votes)
16 Dec 2010CPOL2 min read 35.7K   213   15   17
Overcoming limitations of: Enhanced String Handling

Introduction

In my previous article, Enhanced String Handling, EnhancedStringHandling.aspx, I ended the article with a section: Where do we go from here, where I pointed out a limitation: “The specifications as they stand now will not allow for a delimiter as part of the value. So for example: {identifier::value containing an open or close brace} will not pass the brace matching check. This is not of theoretical interest only. For example, if we would like to write a {Decrypt::encrypted value} decryption construct—if we cannot guarantee that the encrypted value has neither open nor close braces, then we cannot write such a ProcessDecrypt class. This problem is not necessarily confined to the case of a single charactered delimiter because the multi charactered delimiters are transformed into single charactered delimiters.”

A few days after I published the article, it occurred to me that the limitation was in my mind only.

The Perceived Problem

When we attempt to write a regular expression that will match on the form: {Crypt::encrypted-text} we are in trouble if the encrypted-text contains an open delimiter (“{”), a close delimiter (“}”) or a separator string (“::”). Therefore, I concluded, prematurely, that we needed more powerful machinery to handle such situations.

Fixing the Limitation

Up to now, throughout the article: Enhanced String Handling, we handled problems of this kind by substituting the offending string with a new string. In this case, we can use this very same technique by providing the encrypted text as unicode numbers converted to strings.

So if we are to encrypt the string: “01234 -- The quick brown fox jumped over the lazy dogs -- 56789!” we will first encrypt it into a string or characters. But instead of including the encrypted characters in a string as is (in the {Crypt::encrypted string} construct) we will include the unicode character representation of the encrypted string, comma separated. So the string: 

"01234 -- The quick brown fox jumped over the lazy dogs -- 56789!"

encrypted will be represented as: 

"225,14,132,43,189,68,220,227,84,28,69,216,140,97,101,85,254,11,229,238,
 148,191,73,177,235,233,193,176,45,187,218,44,92,107,175,168,56,90,14,24,201,219,
 251,161,82,146,221,133,249,49,111,196,239,55,164,209,93,126,144,158,212,39,101,2
 9,197,221,62,174,210,137,124,134"

The ProcessCrypt(), therefore, will process a construct representing the above string, encrypted, like so: {Crypt::225,14,132,..}. Therefore, we solve the issue of an encrypted string that can contain any character including a delimiter or a separator. See CypherTest(), TestMethod. (The sample code in ProcessCrypt() is not meant to be the most secure encryption/decryption code, it is meant to illustrate the point—that we can overcome a delimiter or a separator in the string value to be processed.)

C#
[TestMethod]
public void CypherTest()
{
    string org = "01234 -- The quick brown fox jumped over the lazy dogs -- 56789!";
    string encripted = string.Format("Text: {{Crypt::{0}}}",
              ProcessCrypt.Encrypt(org));

    var context = new List<IProcessEvaluate>();
    context.Add(new ProcessCrypt());
    var eval = new EnhancedStringEval(context);
    string decript = eval.EvaluateString(encripted);

    Assert.AreEqual("Text: " + org, decript);
}

While ProcessCrypt is as follows:

C#
public sealed class ProcessCrypt : IProcessEvaluate
{
 static ProcessCrypt()
 {
   var reo = RegexOptions.Singleline | RegexOptions.IgnoreCase;
     _reCrypt = new Regex(@"{\s*Crypt\s*::(?<cipher>[0-9,]*)}", reo);
 }

 public ProcessCrypt() { }

 #region IProcessEvaluate Members

 /// <summary>
 ///
 /// </summary>
 /// <param name="src"></param>
 /// <param name="ea"></param>
 public void Evaluate(object src, EnhancedStringEventArgs ea)
 {
     // Task 1:
     string encrypted = ea.EhancedPairElem.Value;

     // ea.IsHandled == false, by default.
     Match m = _reCrypt.Match(encrypted);
     if (!m.Success) return;

     string deciphered = _reCrypt.Replace(encrypted, CipherReplace);
     if (deciphered == encrypted) return;

     // Task 2
     ea.IsHandled = true;

     // Task 3
     ea.EhancedPairElem.Value = deciphered;
 }

 #endregion

 /// <summary>
 ///
 /// </summary>
 /// <param name="m"></param>
 /// <returns></returns>
 private string CipherReplace(Match m)
 {
     string encrypted = m.Groups["cipher"].Value;
     return Decrypt(encrypted);
 }

 private const string _criptSplitter = ",";
 private static Regex _reCrypt;

 ...

}

Enjoy!

Avi

History

  • 15th December, 2010: Initial post

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Avi Farah
United States United States
avifarah@gmail.com

Comments and Discussions

 
First Prev Next
GeneralMy vote of 5 Pin
Michael Haephrati3-Dec-12 5:18
professionalMichael Haephrati3-Dec-12 5:18 
GeneralRe: My vote of 5 Pin
Avi Farah3-Dec-12 17:10
Avi Farah3-Dec-12 17:10 
GeneralMy vote of 5 Pin
Manoj Kumar Choubey8-Feb-12 20:02
professionalManoj Kumar Choubey8-Feb-12 20:02 
GeneralRe: My vote of 5 Pin
Avi Farah3-Dec-12 17:09
Avi Farah3-Dec-12 17:09 
Generalnice one Pin
Pranay Rana18-Dec-10 10:07
professionalPranay Rana18-Dec-10 10:07 
GeneralRe: nice one Pin
Avi Farah18-Dec-10 17:00
Avi Farah18-Dec-10 17:00 
GeneralMy vote of 5 Pin
Paul Selormey16-Dec-10 11:18
Paul Selormey16-Dec-10 11:18 
GeneralRe: My vote of 5 Pin
Avi Farah16-Dec-10 13:26
Avi Farah16-Dec-10 13:26 
GeneralMy vote of 2 Pin
#realJSOP15-Dec-10 23:56
mve#realJSOP15-Dec-10 23:56 
GeneralRe: My vote of 2 Pin
Indivara16-Dec-10 3:12
professionalIndivara16-Dec-10 3:12 
GeneralRe: My vote of 2 Pin
#realJSOP17-Dec-10 0:14
mve#realJSOP17-Dec-10 0:14 
GeneralRe: My vote of 2 Pin
Paul Selormey16-Dec-10 11:43
Paul Selormey16-Dec-10 11:43 
GeneralRe: My vote of 2 Pin
#realJSOP17-Dec-10 2:20
mve#realJSOP17-Dec-10 2:20 
GeneralRe: My vote of 2 Pin
Paul Selormey17-Dec-10 3:52
Paul Selormey17-Dec-10 3:52 
QuestionFew Questions... Pin
Paul Selormey15-Dec-10 22:32
Paul Selormey15-Dec-10 22:32 
GeneralRe: Few Questions... Pin
Avi Farah16-Dec-10 7:00
Avi Farah16-Dec-10 7:00 
Hey Paul,

I will start by saying that your questions indicate that you are on your way to understanding.

1. Changes: No change. I will elaborate after I answer point 4.

2a. Is this approach better: This is not a new approach it only comes to solve the issue: “If you have (or may have) a delimiter/separator in the value part of the {id, value} construct then how will the approach taken in the EnhancedStringHandling.aspx work?” The approach provided is away for it to work.

2b. Better than a simple string search? say find '{' and then loop till next '}': This is exactly what we have done except that we did not loop through in a c# loop but expressed “nearest closing delimiter” in a regular expression language. Our regular expression had more than just “nearest closing delimiter” it insisted on adhering to the expected expression as much as possible. Recall the example:
string pattern = @"({)\s*Counter\s*:Frown | :( <name>[^{}:]+)" +
@"(::\s*(?<extras>(init)|(next)|(previous)|" +
@"((?<op>[=+-])\s*" +
@"(?<direction>[+-])?\s*(?<val>[0-9]+)))?)?\s*(})";

3. Will this handle nested items? Absolutely, nothing changed.

4. Is the “::” separator a requirement? No. It never was. Neither the delimiters nor the separator is/are a requirement. You have the DelimitersAndSeparator class where you can change the default value of the delimiters and/or the separator.

Back to a complete answer to Q1: The reason that I published this second article, in a way an addendum or a correction type of a codicil, to the first article is the fact that after coming up with the solution, I looked into all the ways I could think of that the approach can fail.

In the first article, EnhancedStringHandling.aspx, I believe that we handled all the points of failure except for one. We could handle nested constructs, for which we needed to handle “how to express in a regular expression language: not this string”. This really was one of the major points of the first article. However there was one hole in things that the approach (in the first article) could not handle: if the construct {id, value} needs to contain a delimiter or separator in the value part, then I deemed the approach (in the first article) lacking.

In this second article, EhhancedStringHandlingII, I point out that the limitation was in my head only. If there is a need for the value part to have a delimiter and/or separator then one solution is to represent the value as a string of comma delimited unicode numbers. A real live example where such a thing can happen is handling of encryption/decryption (example provided as code).

Now, in all fairness, I expect the need for such handling to be rare. But if the value part does need to contain a delimiter or a separator then I provided a solution.

Paul, I hope this helps, if not please do not hesitate to point out what I am not explaining.
All the best,
Avi
GeneralRe: Few Questions... Pin
Paul Selormey16-Dec-10 11:20
Paul Selormey16-Dec-10 11:20 
Last Visit: 31-Dec-99 18:00     Last Update: 18-Apr-24 14:44Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 15 Dec 2010

Article Copyright 2010 by Avi Farah
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-04-02:1