Thanks for all the help.

it could probly be done in one line, but attaching one fairly verbose
solution below; i found i had to convert the various items to integers
for them to XOR back and forth properly....

def strxor instr, keystr
    outstr = CGI::unescape(instr)
    puts "xoring #{outstr}"
    outstr.length.times {|x|
        keychar = keystr[x % keystr.length].to_i
        inchar  = instr[x].to_i
        outchar = inchar ^ keychar
        outstr[x]  = outchar
        # puts "#{inchar} ^ #{keychar} -> #{outchar}"
    }
    return outstr
end

# encr a safe str
def encr str, key
    str = strxor(str, key)
    return CGI::escape(str)
end

# decr an ugly URL
def decr str, key
    str = CGI::unescape(str)
    return( strxor(str, key))
end

key = "1x3*"
str = "some/1&url?id=10"
enc = encr(str, key)
dec = decr(enc, key)
puts "enc: #{enc}"
puts "dec: #{dec}"

# gives me>>>

xoring some/1&url?id=10
xoring B^OI_C
             CUE
enc: B%17%5EO%1EI%15_C%14%0CCUE%02%1A
dec: some/1&url?id=10



tx

/dc


On 30/10/06, khaines / enigo.com <khaines / enigo.com> wrote:
> On Mon, 30 Oct 2006, Francis Cianfrocca wrote:
>
> > I probably shouldn't get into this because it's offtopic, but why not just
> > use a plain-vanilla federated identity solution with the external provider?
>
> Because encrypting the id and putting it into the URL is trivial to
> implement, costs nothing, is sufficiently secure for this application, and
> provides the external folks with the information that they need.
>
>
> Kirk Haines
>
>
>


-- 
-------------------------------------------
      David "DC" Collier
mailto:dc / pikkle.com
      +81 (0)80 6521 9559
      skype: callto://d3ntaku
-------------------------------------------
      Pikkle ³ô¼°²ñ¼Ò
      http://www.pikkle.com
-------------------------------------------