Class: Paseto::V2::Local::Key

Inherits:

Object

• Object
• Paseto::V2::Local::Key

Defined in:

lib/paseto/local.rb

Class Method Summary

• .decode64(encoded_key) ⇒ Object
• .generate ⇒ Object

Instance Method Summary

• #decrypt(token, footer = nil) ⇒ Object
• #encode64 ⇒ Object
• #encrypt(message, footer = EMPTY_FOOTER) ⇒ Object
• #initialize(key) ⇒ Key constructor

  A new instance of Key.

Constructor Details

#initialize(key) ⇒ Key

Returns a new instance of Key.

# File 'lib/paseto/local.rb', line 18

def initialize(key)
  @key = key
  @aead = RbNaCl::AEAD::XChaCha20Poly1305IETF.new(key)
end

Class Method Details

.decode64(encoded_key) ⇒ Object

# File 'lib/paseto/local.rb', line 14

def self.decode64(encoded_key)
  new(Paseto.decode64(encoded_key))
end

.generate ⇒ Object

# File 'lib/paseto/local.rb', line 10

def self.generate
  new(RbNaCl::Random.random_bytes(RbNaCl::AEAD::XChaCha20Poly1305IETF.key_bytes))
end

Instance Method Details

#decrypt(token, footer = nil) ⇒ Object

Raises:

• (BadMessageError)

# File 'lib/paseto/local.rb', line 37

def decrypt(token, footer = nil)
  footer ||= token.footer if token.is_a? Paseto::Token
  footer ||= EMPTY_FOOTER

  parsed = Paseto.verify_token(token, HEADER, footer)

  nonce = parsed.payload[0, NONCE_BYTES]
  ciphertext = parsed.payload[NONCE_BYTES..-1]

  raise BadMessageError.new('Unable to process message') if nonce.nil? || ciphertext.nil?

  begin
    data = additional_data(nonce, footer)
    @aead.decrypt(nonce, ciphertext, data)
  rescue RbNaCl::LengthError
    raise NonceError, 'Invalid nonce'
  rescue RbNaCl::CryptoError
    raise AuthenticationError, 'Token signature invalid'
  rescue
    raise TokenError, 'Unable to process message'
  end
end

#encode64 ⇒ Object

# File 'lib/paseto/local.rb', line 23

def encode64
  Paseto.encode64(@key)
end

#encrypt(message, footer = EMPTY_FOOTER) ⇒ Object

# File 'lib/paseto/local.rb', line 27

def encrypt(message, footer = EMPTY_FOOTER)
  # Make a nonce: A single-use value never repeated under the same key
  nonce = generate_nonce(message)

  # Encrypt a message with the AEAD
  ciphertext = @aead.encrypt(nonce, message, additional_data(nonce, footer))

  Paseto::Token.new(HEADER, nonce + ciphertext, footer).to_message
end