Module: Fernet

Defined in:: lib/fernet.rb,
lib/fernet/token.rb,
lib/fernet/errors.rb,
lib/fernet/secret.rb,
lib/fernet/version.rb,
lib/fernet/verifier.rb,
lib/fernet/generator.rb,
lib/fernet/encryption.rb,
lib/fernet/bit_packing.rb,
lib/fernet/configuration.rb

Defined Under Namespace

Modules: BitPacking, Encryption Classes: Configuration, Error, Generator, Secret, Token, Verifier

Constant Summary collapse

VERSION =

"2.2"

Class Method Summary collapse

.generate(secret, message = '', opts = {}) ⇒ Object

Public: generates a fernet token.
.verifier(secret, token, opts = {}) ⇒ Object

Public: verifies a fernet token.

Class Method Details

.generate(secret, message = '', opts = {}) ⇒ `Object`

Public: generates a fernet token

secret - a base64 encoded, 32 byte string message - the message being secured in plain text

Examples

secret = ...
token = Fernet.generate(secret, 'my secrets')

Returns the fernet token as a string

# File 'lib/fernet.rb', line 25

def self.generate(secret, message = '', opts = {})
  # OpenSSL::Cipher loses all encoding informaion upon decoding ciphertext
  # and everything comes out as ASCII. To prevent that, let's just explicitly
  # convert input value to UTF-8 so we can assume the decrypted value will
  # also be unicode.  This is not exactly a wonderful solution, but it's
  # better than just returning ASCII with mangled unicode bytes in it.
  message = message.encode(Encoding::UTF_8) if message

  Generator.new(opts.merge({secret: secret, message: message})).
    generate
end

.verifier(secret, token, opts = {}) ⇒ `Object`

Public: verifies a fernet token

secret - the secret used to generate the token token - the token to verify as a string opts - an optional hash containing

enforce_ttl - whether to enforce TTL in this verification
ttl - number of seconds token is valid

Both enforce_ttl and ttl can be configured globally via Configuration

Raises Fernet::Token::InvalidToken if token is invalid and message

is attempted to be extracted