Module: Fernet

Defined in:
lib/fernet.rb,
lib/fernet/token.rb,
lib/fernet/errors.rb,
lib/fernet/secret.rb,
lib/fernet/version.rb,
lib/fernet/verifier.rb,
lib/fernet/generator.rb,
lib/fernet/encryption.rb,
lib/fernet/bit_packing.rb,
lib/fernet/configuration.rb

Defined Under Namespace

Modules: BitPacking, Encryption Classes: Configuration, Error, Generator, Secret, Token, Verifier

Constant Summary collapse

VERSION =
"2.3"

Class Method Summary collapse

Class Method Details

.generate(secret, message = '', opts = {}) ⇒ Object

Public: generates a fernet token

secret - a base64 encoded, 32 byte string message - the message being secured in plain text

Examples

secret = ...
token = Fernet.generate(secret, 'my secrets')

Returns the fernet token as a string


25
26
27
28
29
30
31
32
33
34
35
# File 'lib/fernet.rb', line 25

def self.generate(secret, message = '', opts = {})
  # OpenSSL::Cipher loses all encoding informaion upon decoding ciphertext
  # and everything comes out as ASCII. To prevent that, let's just explicitly
  # convert input value to UTF-8 so we can assume the decrypted value will
  # also be unicode.  This is not exactly a wonderful solution, but it's
  # better than just returning ASCII with mangled unicode bytes in it.
  message = message.encode(Encoding::UTF_8) if message

  Generator.new(opts.merge({secret: secret, message: message})).
    generate
end

.verifier(secret, token, opts = {}) ⇒ Object

Public: verifies a fernet token

secret - the secret used to generate the token token - the token to verify as a string opts - an optional hash containing

  • enforce_ttl - whether to enforce TTL in this verification

  • ttl - number of seconds token is valid

Both enforce_ttl and ttl can be configured globally via Configuration

Raises Fernet::Token::InvalidToken if token is invalid and message

is attempted to be extracted

Examples

secret = ...
token = ...
verifier = Fernet.verifier(secret, old_token, enforce_ttl: false)
if verifier.valid?
  verifier.message # original message in plain text
end

verifier = Fernet.verifier(secret, old_token)
if verifier.valid?
  verifier.message
else
  verifier.errors
  # => { issued_timestamp: "is too far in the past: token expired" }
  verifier.error_messages
  # => ["issued_timestamp is too far in the past: token expired"]
end

verifier = Fernet.verifier(secret, old_token)
verifier.message
# => raises Fernet::Token::InvalidToken if token too old or invalid

Returns a verifier object, which responds to `#valid?` and `#message`


74
75
76
# File 'lib/fernet.rb', line 74

def self.verifier(secret, token, opts = {})
  Verifier.new(opts.merge({secret: secret, token: token}))
end