RubyGems - jwt - Versions diffs - 2.2.1 → 2.8.1 - Mend

jwt 2.2.1 → 2.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

checksums.yaml +4 -4
data/AUTHORS +79 -44
data/CHANGELOG.md +305 -20
data/CODE_OF_CONDUCT.md +84 -0
data/CONTRIBUTING.md +99 -0
data/README.md +268 -40
data/lib/jwt/base64.rb +16 -2
data/lib/jwt/claims_validator.rb +13 -9
data/lib/jwt/configuration/container.rb +32 -0
data/lib/jwt/configuration/decode_configuration.rb +46 -0
data/lib/jwt/configuration/jwk_configuration.rb +27 -0
data/lib/jwt/configuration.rb +15 -0
data/lib/jwt/decode.rb +80 -18
data/lib/jwt/deprecations.rb +29 -0
data/lib/jwt/encode.rb +24 -19
data/lib/jwt/error.rb +17 -14
data/lib/jwt/jwa/ecdsa.rb +76 -0
data/lib/jwt/jwa/eddsa.rb +42 -0
data/lib/jwt/jwa/hmac.rb +75 -0
data/lib/jwt/jwa/hmac_rbnacl.rb +50 -0
data/lib/jwt/jwa/hmac_rbnacl_fixed.rb +46 -0
data/lib/jwt/jwa/none.rb +19 -0
data/lib/jwt/jwa/ps.rb +30 -0
data/lib/jwt/jwa/rsa.rb +25 -0
data/lib/jwt/{algos → jwa}/unsupported.rb +8 -5
data/lib/jwt/jwa/wrapper.rb +26 -0
data/lib/jwt/jwa.rb +62 -0
data/lib/jwt/jwk/ec.rb +251 -0
data/lib/jwt/jwk/hmac.rb +103 -0
data/lib/jwt/jwk/key_base.rb +57 -0
data/lib/jwt/jwk/key_finder.rb +19 -30
data/lib/jwt/jwk/kid_as_key_digest.rb +15 -0
data/lib/jwt/jwk/okp_rbnacl.rb +110 -0
data/lib/jwt/jwk/rsa.rb +181 -25
data/lib/jwt/jwk/set.rb +80 -0
data/lib/jwt/jwk/thumbprint.rb +26 -0
data/lib/jwt/jwk.rb +39 -15
data/lib/jwt/verify.rb +25 -6
data/lib/jwt/version.rb +24 -3
data/lib/jwt/x5c_key_finder.rb +52 -0
data/lib/jwt.rb +6 -4
data/ruby-jwt.gemspec +18 -10
metadata +45 -76
data/.codeclimate.yml +0 -20
data/.ebert.yml +0 -18
data/.gitignore +0 -11
data/.rspec +0 -1
data/.rubocop.yml +0 -98
data/.travis.yml +0 -20
data/Appraisals +0 -14
data/Gemfile +0 -3
data/Rakefile +0 -11
data/lib/jwt/algos/ecdsa.rb +0 -35
data/lib/jwt/algos/eddsa.rb +0 -23
data/lib/jwt/algos/hmac.rb +0 -33
data/lib/jwt/algos/ps.rb +0 -43
data/lib/jwt/algos/rsa.rb +0 -19
data/lib/jwt/default_options.rb +0 -15
data/lib/jwt/security_utils.rb +0 -57
data/lib/jwt/signature.rb +0 -52

data/lib/jwt/version.rb CHANGED Viewed

@@ -1,4 +1,3 @@
-# encoding: utf-8
 # frozen_string_literal: true
 # Moments version builder module
@@ -12,13 +11,35 @@ module JWT
     # major version
     MAJOR = 2
     # minor version
-    MINOR = 2
+    MINOR = 8
     # tiny version
     TINY  = 1
     # alpha, beta, etc. tag
     PRE   = nil
     # Build version string
-    STRING = [[MAJOR, MINOR, TINY].compact.join('.'), PRE].compact.join('-')
+    STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
+  end
+  def self.openssl_3?
+    return false if OpenSSL::OPENSSL_VERSION.include?('LibreSSL')
+    true if 3 * 0x10000000 <= OpenSSL::OPENSSL_VERSION_NUMBER
+  end
+  def self.rbnacl?
+    defined?(::RbNaCl)
+  end
+  def self.rbnacl_6_or_greater?
+    rbnacl? && ::Gem::Version.new(::RbNaCl::VERSION) >= ::Gem::Version.new('6.0.0')
+  end
+  def self.openssl_3_hmac_empty_key_regression?
+    openssl_3? && openssl_version <= ::Gem::Version.new('3.0.0')
+  end
+  def self.openssl_version
+    @openssl_version ||= ::Gem::Version.new(OpenSSL::VERSION)
   end
 end

data/lib/jwt/x5c_key_finder.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+module JWT
+  # If the x5c header certificate chain can be validated by trusted root
+  # certificates, and none of the certificates are revoked, returns the public
+  # key from the first certificate.
+  # See https://tools.ietf.org/html/rfc7515#section-4.1.6
+  class X5cKeyFinder
+    def initialize(root_certificates, crls = nil)
+      raise(ArgumentError, 'Root certificates must be specified') unless root_certificates
+      @store = build_store(root_certificates, crls)
+    end
+    def from(x5c_header_or_certificates)
+      signing_certificate, *certificate_chain = parse_certificates(x5c_header_or_certificates)
+      store_context = OpenSSL::X509::StoreContext.new(@store, signing_certificate, certificate_chain)
+      if store_context.verify
+        signing_certificate.public_key
+      else
+        error = "Certificate verification failed: #{store_context.error_string}."
+        if (current_cert = store_context.current_cert)
+          error = "#{error} Certificate subject: #{current_cert.subject}."
+        end
+        raise(JWT::VerificationError, error)
+      end
+    end
+    private
+    def build_store(root_certificates, crls)
+      store = OpenSSL::X509::Store.new
+      store.purpose = OpenSSL::X509::PURPOSE_ANY
+      store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK | OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+      root_certificates.each { |certificate| store.add_cert(certificate) }
+      crls&.each { |crl| store.add_crl(crl) }
+      store
+    end
+    def parse_certificates(x5c_header_or_certificates)
+      if x5c_header_or_certificates.all? { |obj| obj.is_a?(OpenSSL::X509::Certificate) }
+        x5c_header_or_certificates
+      else
+        x5c_header_or_certificates.map do |encoded|
+          OpenSSL::X509::Certificate.new(::JWT::Base64.url_decode(encoded))
+        end
+      end
+    end
+  end
+end

data/lib/jwt.rb CHANGED Viewed

@@ -1,9 +1,11 @@
 # frozen_string_literal: true
+require 'jwt/version'
 require 'jwt/base64'
 require 'jwt/json'
 require 'jwt/decode'
-require 'jwt/default_options'
+require 'jwt/configuration'
+require 'jwt/deprecations'
 require 'jwt/encode'
 require 'jwt/error'
 require 'jwt/jwk'
@@ -13,7 +15,7 @@ require 'jwt/jwk'
 # Should be up to date with the latest spec:
 # https://tools.ietf.org/html/rfc7519
 module JWT
-  include JWT::DefaultOptions
+  extend ::JWT::Configuration
   module_function
@@ -24,7 +26,7 @@ module JWT
                headers: header_fields).segments
   end
-  def decode(jwt, key = nil, verify = true, options = {}, &keyfinder)
-    Decode.new(jwt, key, verify, DEFAULT_OPTIONS.merge(options), &keyfinder).decode_segments
+  def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
+    Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
   end
 end

data/ruby-jwt.gemspec CHANGED Viewed

@@ -1,4 +1,6 @@
-lib = File.expand_path('../lib/', __FILE__)
+# frozen_string_literal: true
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'jwt/version'
@@ -13,22 +15,28 @@ Gem::Specification.new do |spec|
   spec.description = 'A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT) standard.'
   spec.homepage = 'https://github.com/jwt/ruby-jwt'
   spec.license = 'MIT'
-  spec.required_ruby_version = '>= 2.1'
+  spec.required_ruby_version = '>= 2.5'
+  spec.metadata = {
+    'bug_tracker_uri' => 'https://github.com/jwt/ruby-jwt/issues',
+    'changelog_uri' => "https://github.com/jwt/ruby-jwt/blob/v#{JWT.gem_version}/CHANGELOG.md",
+    'rubygems_mfa_required' => 'true'
+  }
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(spec|gemfiles|coverage|bin)/}) || # Irrelevant folders
+      f.match(/^\.+/) || # Files and folders starting with .
+      f.match(/^(Appraisals|Gemfile|Rakefile)$/) # Irrelevant files
+  end
-  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(spec|gemfiles|coverage|bin)/}) }
   spec.executables = []
-  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = %w[lib]
+  spec.add_dependency 'base64'
   spec.add_development_dependency 'appraisal'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rubocop'
   spec.add_development_dependency 'simplecov'
-  spec.add_development_dependency 'simplecov-json'
-  spec.add_development_dependency 'codeclimate-test-reporter'
-  spec.add_development_dependency 'codacy-coverage'
-  spec.add_development_dependency 'rbnacl'
-  # RSASSA-PSS support provided by OpenSSL +2.1
-  spec.add_development_dependency 'openssl', '~> 2.1'
 end

metadata CHANGED Viewed

@@ -1,51 +1,23 @@
 --- !ruby/object:Gem::Specification
 name: jwt
 version: !ruby/object:Gem::Version
-  version: 2.2.1
+  version: 2.8.1
 platform: ruby
 authors:
 - Tim Rudat
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-05-24 00:00:00.000000000 Z
+date: 2024-02-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: appraisal
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
+  name: base64
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -53,7 +25,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -81,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: simplecov-json
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -95,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: codeclimate-test-reporter
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -109,7 +81,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: codacy-coverage
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -123,7 +95,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rbnacl
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -136,20 +108,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: openssl
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.1'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.1'
 description: A pure ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT)
   standard.
 email: timrudat@gmail.com
@@ -157,46 +115,57 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".codeclimate.yml"
-- ".ebert.yml"
-- ".gitignore"
-- ".rspec"
-- ".rubocop.yml"
-- ".travis.yml"
 - AUTHORS
-- Appraisals
 - CHANGELOG.md
-- Gemfile
+- CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
 - LICENSE
 - README.md
-- Rakefile
 - lib/jwt.rb
-- lib/jwt/algos/ecdsa.rb
-- lib/jwt/algos/eddsa.rb
-- lib/jwt/algos/hmac.rb
-- lib/jwt/algos/ps.rb
-- lib/jwt/algos/rsa.rb
-- lib/jwt/algos/unsupported.rb
 - lib/jwt/base64.rb
 - lib/jwt/claims_validator.rb
+- lib/jwt/configuration.rb
+- lib/jwt/configuration/container.rb
+- lib/jwt/configuration/decode_configuration.rb
+- lib/jwt/configuration/jwk_configuration.rb
 - lib/jwt/decode.rb
-- lib/jwt/default_options.rb
+- lib/jwt/deprecations.rb
 - lib/jwt/encode.rb
 - lib/jwt/error.rb
 - lib/jwt/json.rb
+- lib/jwt/jwa.rb
+- lib/jwt/jwa/ecdsa.rb
+- lib/jwt/jwa/eddsa.rb
+- lib/jwt/jwa/hmac.rb
+- lib/jwt/jwa/hmac_rbnacl.rb
+- lib/jwt/jwa/hmac_rbnacl_fixed.rb
+- lib/jwt/jwa/none.rb
+- lib/jwt/jwa/ps.rb
+- lib/jwt/jwa/rsa.rb
+- lib/jwt/jwa/unsupported.rb
+- lib/jwt/jwa/wrapper.rb
 - lib/jwt/jwk.rb
+- lib/jwt/jwk/ec.rb
+- lib/jwt/jwk/hmac.rb
+- lib/jwt/jwk/key_base.rb
 - lib/jwt/jwk/key_finder.rb
+- lib/jwt/jwk/kid_as_key_digest.rb
+- lib/jwt/jwk/okp_rbnacl.rb
 - lib/jwt/jwk/rsa.rb
-- lib/jwt/security_utils.rb
-- lib/jwt/signature.rb
+- lib/jwt/jwk/set.rb
+- lib/jwt/jwk/thumbprint.rb
 - lib/jwt/verify.rb
 - lib/jwt/version.rb
+- lib/jwt/x5c_key_finder.rb
 - ruby-jwt.gemspec
 homepage: https://github.com/jwt/ruby-jwt
 licenses:
 - MIT
-metadata: {}
-post_install_message:
+metadata:
+  bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
+  changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.8.1/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -204,15 +173,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.1'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key:
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: JSON Web Token implementation in Ruby
 test_files: []

data/.codeclimate.yml DELETED Viewed

@@ -1,20 +0,0 @@
-engines:
-  rubocop:
-    enabled: true
-  golint:
-    enabled: false
-  gofmt:
-    enabled: false
-  eslint:
-    enabled: false
-  csslint:
-    enabled: false
-ratings:
-  paths:
-    - lib/**
-    - "**.rb"
-exclude_paths:
-  - spec/**/*
-  - vendor/**/*

data/.ebert.yml DELETED Viewed

@@ -1,18 +0,0 @@
-styleguide: excpt/linters
-engines:
-  reek:
-    enabled: true
-  fixme:
-    enabled: true
-  rubocop:
-    enabled: true
-    channel: rubocop-0-49
-  duplication:
-    config:
-      languages:
-      - ruby
-    enabled: true
-  remark-lint:
-    enabled: true
-exclude_paths:
-- spec

data/.gitignore DELETED Viewed

@@ -1,11 +0,0 @@
-.idea/
-jwt.gemspec
-pkg
-Gemfile.lock
-coverage/
-.DS_Store
-.rbenv-gemsets
-.ruby-version
-.vscode/
-.bundle
-*gemfile.lock

data/.rspec DELETED Viewed

	@@ -1 +0,0 @@
1	- --color

data/.rubocop.yml DELETED Viewed

@@ -1,98 +0,0 @@
-AllCops:
-  Exclude:
-    - 'bin/**/*'
-    - 'db/**/*'
-    - 'config/**/*'
-    - 'script/**/*'
-Rails:
-  Enabled: true
-Style/AlignParameters:
-  EnforcedStyle: with_fixed_indentation
-Style/CaseIndentation:
-  EnforcedStyle: end
-Style/AsciiComments:
-  Enabled: false
-Style/IndentHash:
-  Enabled: false
-Style/CollectionMethods:
-  Enabled: true
-  PreferredMethods:
-      inject: 'inject'
-Style/Documentation:
-  Enabled: false
-Style/BlockDelimiters:
-  Exclude:
-    - spec/**/*_spec.rb
-Style/BracesAroundHashParameters:
-  Exclude:
-    - spec/**/*_spec.rb
-Style/GuardClause:
-  Enabled: false
-Style/IfUnlessModifier:
-  Enabled: false
-Style/SpaceInsideHashLiteralBraces:
-  Enabled: false
-Style/Lambda:
-  Enabled: false
-Style/RaiseArgs:
-  Enabled: false
-Style/SignalException:
-  Enabled: false
-Metrics/AbcSize:
-  Max: 20
-Metrics/ClassLength:
-  Max: 100
-Metrics/ModuleLength:
-  Max: 100
-Metrics/LineLength:
-  Enabled: false
-Metrics/MethodLength:
-  Max: 15
-Style/SingleLineBlockParams:
-  Enabled: false
-Lint/EndAlignment:
-  EnforcedStyleAlignWith: variable
-Style/FormatString:
-  Enabled: false
-Style/MultilineMethodCallIndentation:
-  EnforcedStyle: indented
-Style/MultilineOperationIndentation:
-  EnforcedStyle: indented
-Style/WordArray:
-  Enabled: false
-Style/RedundantSelf:
-  Enabled: false
-Style/AlignHash:
-  Enabled: true
-  EnforcedLastArgumentHashStyle: always_ignore
-Style/TrivialAccessors:
-  AllowPredicates: true

data/.travis.yml DELETED Viewed

@@ -1,20 +0,0 @@
-sudo: required
-cache: bundler
-dist: trusty
-language: ruby
-rvm:
-  - 2.3
-  - 2.4
-  - 2.5
-  - 2.6
-gemfiles:
-  - gemfiles/standalone.gemfile
-  - gemfiles/rails_5.0.gemfile
-  - gemfiles/rails_5.1.gemfile
-  - gemfiles/rails_5.2.gemfile
-script: "bundle exec rspec && bundle exec codeclimate-test-reporter"
-before_install:
-  - sudo add-apt-repository ppa:chris-lea/libsodium -y
-  - sudo apt-get update -q
-  - sudo apt-get install libsodium-dev -y
-  - gem install bundler

data/Appraisals DELETED Viewed

@@ -1,14 +0,0 @@
-appraise 'standalone' do
-end
-appraise 'rails-5.0' do
-  gem 'rails', '~> 5.0.0'
-end
-appraise 'rails-5.1' do
-  gem 'rails', '~> 5.1.0'
-end
-appraise 'rails-5.2' do
-  gem 'rails', '~> 5.2.0'
-end

data/Gemfile DELETED Viewed

@@ -1,3 +0,0 @@
-source 'https://rubygems.org'
-gemspec

data/Rakefile DELETED Viewed

@@ -1,11 +0,0 @@
-require 'bundler/gem_tasks'
-begin
-  require 'rspec/core/rake_task'
-  RSpec::Core::RakeTask.new(:test)
-  task default: :test
-rescue LoadError
-  puts 'RSpec rake tasks not available. Please run "bundle install" to install missing dependencies.'
-end

data/lib/jwt/algos/ecdsa.rb DELETED Viewed

@@ -1,35 +0,0 @@
-module JWT
-  module Algos
-    module Ecdsa
-      module_function
-      SUPPORTED = %w[ES256 ES384 ES512].freeze
-      NAMED_CURVES = {
-        'prime256v1' => 'ES256',
-        'secp384r1' => 'ES384',
-        'secp521r1' => 'ES512'
-      }.freeze
-      def sign(to_sign)
-        algorithm, msg, key = to_sign.values
-        key_algorithm = NAMED_CURVES[key.group.curve_name]
-        if algorithm != key_algorithm
-          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} signing key was provided"
-        end
-        digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
-        SecurityUtils.asn1_to_raw(key.dsa_sign_asn1(digest.digest(msg)), key)
-      end
-      def verify(to_verify)
-        algorithm, public_key, signing_input, signature = to_verify.values
-        key_algorithm = NAMED_CURVES[public_key.group.curve_name]
-        if algorithm != key_algorithm
-          raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key_algorithm} verification key was provided"
-        end
-        digest = OpenSSL::Digest.new(algorithm.sub('ES', 'sha'))
-        public_key.dsa_verify_asn1(digest.digest(signing_input), SecurityUtils.raw_to_asn1(signature, public_key))
-      end
-    end
-  end
-end

data/lib/jwt/algos/eddsa.rb DELETED Viewed

@@ -1,23 +0,0 @@
-module JWT
-  module Algos
-    module Eddsa
-      module_function
-      SUPPORTED = %w[ED25519].freeze
-      def sign(to_sign)
-        algorithm, msg, key = to_sign.values
-        raise EncodeError, "Key given is a #{key.class} but has to be an RbNaCl::Signatures::Ed25519::SigningKey" if key.class != RbNaCl::Signatures::Ed25519::SigningKey
-        raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{key.primitive} signing key was provided"  if algorithm.downcase.to_sym != key.primitive
-        key.sign(msg)
-      end
-      def verify(to_verify)
-        algorithm, public_key, signing_input, signature = to_verify.values
-        raise IncorrectAlgorithm, "payload algorithm is #{algorithm} but #{public_key.primitive} verification key was provided" if algorithm.downcase.to_sym != public_key.primitive
-        raise DecodeError, "key given is a #{public_key.class} but has to be a RbNaCl::Signatures::Ed25519::VerifyKey" if public_key.class != RbNaCl::Signatures::Ed25519::VerifyKey
-        public_key.verify(signature, signing_input)
-      end
-    end
-  end
-end