messagesodium 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -3
- data/lib/messagesodium/version.rb +1 -1
- data/lib/messagesodium.rb +7 -2
- data/messagesodium.gemspec +2 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ab737303b92992980e7aa7189686b57603c40cea
|
|
4
|
+
data.tar.gz: 3d3216c1bfbc8174f4ed8d4a1808a44c7b3d515a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6f267c8fc47f1741adfb8b239cf7e71f9b5e44d9ff2f1735f72c44f6916d2d0db74db9cd3d0d6bfcab4e37a10e98da80de7fa4a8e17060ae4fc4b6224fe5a7d5
|
|
7
|
+
data.tar.gz: 4024beeed614f60c3831940d0295f9baf14ef7cae9d627c1832d70ae46be2803e877579f8567459960fd192f005bb61689071adb169caee7b230f8db53f88ecb
|
data/README.md
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
# Messagesodium
|
|
2
2
|
|
|
3
|
-
Project status:
|
|
3
|
+
Project status: 1.0 Release candidate
|
|
4
4
|
|
|
5
5
|
Patches Cookiestore to use libsodium for encryption and verification.
|
|
6
|
+
[](https://travis-ci.org/technion/messagesodium)
|
|
6
7
|
|
|
7
8
|
# Cookistore
|
|
8
9
|
|
|
9
|
-
Rails [Cookiestore](https://www.justinweiss.com/articles/how-rails-sessions-work/) is a heavily underrated feature. It bought commonsense to session management at a time when [saving every user session in its own tmpfile on a server](http://php.net/manual/en/function.session-start.php) was slow and unreasonable to scale
|
|
10
|
+
Rails [Cookiestore](https://www.justinweiss.com/articles/how-rails-sessions-work/) is a heavily underrated feature. It bought commonsense to session management at a time when [saving every user session in its own tmpfile on a server](http://php.net/manual/en/function.session-start.php) was slow and unreasonable to scale. And finally it avoided by default the horrible security issues we've seen with directly storing session variables in a cookie.
|
|
10
11
|
|
|
11
12
|
This gem brings an alternative backend to CookieStore.
|
|
12
13
|
|
|
@@ -65,7 +66,7 @@ What you'll find in this gem is a much smaller, more easily audited codebase wit
|
|
|
65
66
|
|
|
66
67
|
# Approach
|
|
67
68
|
|
|
68
|
-
This gem is designed largely as a drop-in replacement for MessageEncryptor, which in turn is used by CookieStore. In a
|
|
69
|
+
This gem is designed largely as a drop-in replacement for MessageEncryptor, which in turn is used by CookieStore. In a default environment, Rails astracts away everything I say below.
|
|
69
70
|
|
|
70
71
|
MessageEncryptor takes a "secret", and a "signing secret", using them as two different secrets. Libsodium only needs a 256-bit secret.
|
|
71
72
|
|
data/lib/messagesodium.rb
CHANGED
|
@@ -25,13 +25,18 @@ module ActiveSupport
|
|
|
25
25
|
# Encrypt and authenticate using libsodium XSalsa20/Poly1305
|
|
26
26
|
# Serialise with JSON.dump
|
|
27
27
|
# Returns base64(random nonce + cipher + auth tag)
|
|
28
|
+
# URLSafe encoding means it doesn't have to be mangled further to
|
|
29
|
+
# become a cookie
|
|
28
30
|
def encrypt_and_sign(value)
|
|
29
|
-
Base64.
|
|
31
|
+
Base64.urlsafe_encode64(@box.encrypt(::JSON.dump(value)))
|
|
30
32
|
end
|
|
31
33
|
|
|
32
34
|
# Decrypt the message, and check the auth tag in the process.
|
|
33
35
|
def decrypt_and_verify(value)
|
|
34
|
-
::JSON.parse(
|
|
36
|
+
::JSON.parse(
|
|
37
|
+
@box.decrypt(
|
|
38
|
+
Base64.urlsafe_decode64(value)),
|
|
39
|
+
symbolize_names: true)
|
|
35
40
|
rescue RbNaCl::CryptoError
|
|
36
41
|
raise InvalidMessage
|
|
37
42
|
end
|
data/messagesodium.gemspec
CHANGED
|
@@ -10,7 +10,8 @@ Gem::Specification.new do |spec|
|
|
|
10
10
|
spec.email = ["technion@lolware.net"]
|
|
11
11
|
|
|
12
12
|
spec.summary = %q{Patches MessageEncryptor/Cookiestore to use Libsodium .}
|
|
13
|
-
spec.description =
|
|
13
|
+
spec.description = 'Introduces modern crypto, higher performance,' \
|
|
14
|
+
' smaller cookies to your sessions.'
|
|
14
15
|
spec.homepage = "https://github.com/technion/messagesodium"
|
|
15
16
|
spec.license = "MIT"
|
|
16
17
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: messagesodium
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Technion
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-09-
|
|
11
|
+
date: 2017-09-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rbnacl-libsodium
|