Module: Darrrr::CryptoHelper

Includes:

Constants

Included in:

AccountProvider, RecoveryProvider

Defined in:

lib/darrrr/crypto_helper.rb

Constant Summary

Constants included from Constants

Darrrr::Constants::CLOCK_SKEW, Darrrr::Constants::COUNTERSIGNED_RECOVERY_TOKEN_TYPE, Darrrr::Constants::DIGEST, Darrrr::Constants::GROUP, Darrrr::Constants::PRIME_256_V1, Darrrr::Constants::PROTOCOL_VERSION, Darrrr::Constants::RECOVERY_TOKEN_TYPE, Darrrr::Constants::TOKEN_ID_BYTE_LENGTH, Darrrr::Constants::WELL_KNOWN_CONFIG_PATH

Instance Method Summary

• #seal(token, context = nil) ⇒ Object

  Signs the provided token and joins the data with the signature.

• #unseal(token_and_signature, context = nil) ⇒ Object

  Splits the payload by the token size, treats the remaining portion as the signature of the payload, and verifies the signature is valid for the given payload.

Instance Method Details

#seal(token, context = nil) ⇒ Object

Signs the provided token and joins the data with the signature.

token: a RecoveryToken instance

returns a base64 value for the binary token string and the signature of the token.

Raises:

• (RuntimeError)

# File 'lib/darrrr/crypto_helper.rb', line 12

def seal(token, context = nil)
  raise RuntimeError, "signing private key must be set" unless self.instance_variable_get(:@signing_private_key)
  binary_token = token.to_binary_s
  signature = self.encryptor.sign(binary_token, self.instance_variable_get(:@signing_private_key), self, context)
  Base64.strict_encode64([binary_token, signature].join)
end

#unseal(token_and_signature, context = nil) ⇒ Object

Splits the payload by the token size, treats the remaining portion as the signature of the payload, and verifies the signature is valid for the given payload.

token_and_signature: binary string consisting of [token_binary_str, signature].join keys - An array of public keys to use for signature verification.

returns a RecoveryToken if the payload has been verified and deserializes correctly. Raises exceptions if any crypto fails. Raises an error if the token’s version field is not valid.

Raises:

• (CryptoError)

# File 'lib/darrrr/crypto_helper.rb', line 29

def unseal(token_and_signature, context = nil)
  token = RecoveryToken.parse(token_and_signature)

  unless token.version.to_i == PROTOCOL_VERSION
    raise TokenFormatError, "Version field must be #{PROTOCOL_VERSION}"
  end

  token_data, signature = partition_signed_token(token_and_signature, token)
  self.unseal_keys(context).each do |key|
    return token if self.encryptor.verify(token_data, signature, key, self, context)
  end
  raise CryptoError, "Recovery token signature was invalid"
end