signing 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gems +1 -0
- data/.gitignore +2 -0
- data/Rakefile +8 -0
- data/Readme.md +30 -0
- data/lib/signing.rb +54 -0
- data/signing.gemspec +13 -0
- data/test/signing_test.rb +38 -0
- metadata +51 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 27be608b8ac3aee608f4310beeb4ce80a6de6cb9
|
|
4
|
+
data.tar.gz: 4451fb4fbcc524f46218ebca1ae617493982d0a0
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 2b1fff1e92c316a64b60b9dad4251d03b28b769be9e3aa2f6731aa66cf75cb5463f02baabcdbe93fe52c9ca8935e8e1b5895cbdfa52a11eea1150e87bec5f984
|
|
7
|
+
data.tar.gz: 575a9dea70071b0c1b1e299cf3a7d90c423202d0b92b139291b00f473aa0575c67fa6f21b2fe25a065d392ec2adbb2cce8e04dce3b317e0dd064387204451ab5
|
data/.gems
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
cutest -v 1.2.1
|
data/.gitignore
ADDED
data/Rakefile
ADDED
data/Readme.md
ADDED
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# signing
|
|
2
|
+
|
|
3
|
+
Sign and unsign your data.
|
|
4
|
+
|
|
5
|
+
## Usage
|
|
6
|
+
|
|
7
|
+
```ruby
|
|
8
|
+
require "signing"
|
|
9
|
+
include Signing
|
|
10
|
+
|
|
11
|
+
signer = Signer.new("secret", "salt")
|
|
12
|
+
|
|
13
|
+
# sign
|
|
14
|
+
signed_value = signer.sign("value")
|
|
15
|
+
|
|
16
|
+
# unsign
|
|
17
|
+
signer.unsign(signed_value) # returns "value"
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
## Installation
|
|
21
|
+
|
|
22
|
+
Install it using rubygems.
|
|
23
|
+
|
|
24
|
+
```
|
|
25
|
+
$ gem install signing
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
## License
|
|
29
|
+
|
|
30
|
+
MIT
|
data/lib/signing.rb
ADDED
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
require "base64"
|
|
2
|
+
require "digest/hmac"
|
|
3
|
+
require "digest/sha1"
|
|
4
|
+
|
|
5
|
+
module Signing
|
|
6
|
+
def self.base64_encode(string)
|
|
7
|
+
Base64.urlsafe_encode64(string).gsub(/(=*$)/, "")
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def self.base64_decode(string)
|
|
11
|
+
Base64.urlsafe_decode64(string + "=" * (-string.length % 4))
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
# constant-time comparison to prevent timing attacks
|
|
15
|
+
def self.compare(a, b)
|
|
16
|
+
len_eq = a.length == b.length
|
|
17
|
+
res = len_eq ? 0 : 1
|
|
18
|
+
left = len_eq ? a : b
|
|
19
|
+
(0...left.length).each { |i| res |= a[i].ord ^ b[i].ord }
|
|
20
|
+
res == 0
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
class Signer
|
|
24
|
+
def initialize(secret, salt)
|
|
25
|
+
@secret = secret
|
|
26
|
+
@salt = salt
|
|
27
|
+
@sep = "."
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def sign(value)
|
|
31
|
+
value = Signing::base64_encode(value)
|
|
32
|
+
value + @sep + get_signature(value)
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def unsign(signed_value)
|
|
36
|
+
return false if not signed_value.include? @sep
|
|
37
|
+
|
|
38
|
+
value, s, sig = signed_value.rpartition(@sep)
|
|
39
|
+
if Signing::compare(sig, get_signature(value))
|
|
40
|
+
return Signing::base64_decode(value)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
false
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
private
|
|
47
|
+
|
|
48
|
+
def get_signature(value)
|
|
49
|
+
key = Digest::SHA1.digest("#{@salt}signer#{@secret}")
|
|
50
|
+
mac = Digest::HMAC.digest(value, key, Digest::SHA1)
|
|
51
|
+
Signing::base64_encode(mac)
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
data/signing.gemspec
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
|
|
3
|
+
Gem::Specification.new do |s|
|
|
4
|
+
s.name = "signing"
|
|
5
|
+
s.version = "0.0.1"
|
|
6
|
+
s.summary = "Sign and unsign your data."
|
|
7
|
+
s.description = "Sign and unsign your data."
|
|
8
|
+
s.authors = ["Gustavo Leguizamon"]
|
|
9
|
+
s.email = ["leguizamon.gustavo@gmail.com"]
|
|
10
|
+
s.homepage = "https://github.com/goopi/signing"
|
|
11
|
+
s.files = `git ls-files`.split("\n")
|
|
12
|
+
s.license = "MIT"
|
|
13
|
+
end
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
require File.expand_path("../lib/signing", File.dirname(__FILE__))
|
|
2
|
+
include Signing
|
|
3
|
+
|
|
4
|
+
scope do
|
|
5
|
+
setup do
|
|
6
|
+
{
|
|
7
|
+
:value => "hi",
|
|
8
|
+
:signed_value => "aGk.H9tzyMqq_e4j8yH-0KfNTZvoNBk",
|
|
9
|
+
:secret => "secret",
|
|
10
|
+
:salt => "salt"
|
|
11
|
+
}
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
test "should sign the value" do |params|
|
|
15
|
+
s = Signer.new(params[:secret], params[:salt])
|
|
16
|
+
signed_value = s.sign(params[:value])
|
|
17
|
+
assert_equal signed_value, params[:signed_value]
|
|
18
|
+
|
|
19
|
+
s = Signer.new("othersecret", params[:salt])
|
|
20
|
+
signed_value = s.sign(params[:value])
|
|
21
|
+
assert signed_value != params[:signed_value]
|
|
22
|
+
|
|
23
|
+
s = Signer.new(params[:secret], "othersalt")
|
|
24
|
+
signed_value = s.sign(params[:value])
|
|
25
|
+
assert signed_value != params[:signed_value]
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
test "should unsign the signed value" do |params|
|
|
29
|
+
s = Signer.new(params[:secret], params[:salt])
|
|
30
|
+
assert_equal params[:value], s.unsign(params[:signed_value])
|
|
31
|
+
|
|
32
|
+
s = Signer.new("othersecret", params[:salt])
|
|
33
|
+
assert_equal false, s.unsign(params[:signed_value])
|
|
34
|
+
|
|
35
|
+
s = Signer.new(params[:secret], "othersalt")
|
|
36
|
+
assert_equal false, s.unsign(params[:signed_value])
|
|
37
|
+
end
|
|
38
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: signing
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.1
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Gustavo Leguizamon
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2013-09-16 00:00:00.000000000 Z
|
|
12
|
+
dependencies: []
|
|
13
|
+
description: Sign and unsign your data.
|
|
14
|
+
email:
|
|
15
|
+
- leguizamon.gustavo@gmail.com
|
|
16
|
+
executables: []
|
|
17
|
+
extensions: []
|
|
18
|
+
extra_rdoc_files: []
|
|
19
|
+
files:
|
|
20
|
+
- .gems
|
|
21
|
+
- .gitignore
|
|
22
|
+
- Rakefile
|
|
23
|
+
- Readme.md
|
|
24
|
+
- lib/signing.rb
|
|
25
|
+
- signing.gemspec
|
|
26
|
+
- test/signing_test.rb
|
|
27
|
+
homepage: https://github.com/goopi/signing
|
|
28
|
+
licenses:
|
|
29
|
+
- MIT
|
|
30
|
+
metadata: {}
|
|
31
|
+
post_install_message:
|
|
32
|
+
rdoc_options: []
|
|
33
|
+
require_paths:
|
|
34
|
+
- lib
|
|
35
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - '>='
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '0'
|
|
40
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
41
|
+
requirements:
|
|
42
|
+
- - '>='
|
|
43
|
+
- !ruby/object:Gem::Version
|
|
44
|
+
version: '0'
|
|
45
|
+
requirements: []
|
|
46
|
+
rubyforge_project:
|
|
47
|
+
rubygems_version: 2.1.3
|
|
48
|
+
signing_key:
|
|
49
|
+
specification_version: 4
|
|
50
|
+
summary: Sign and unsign your data.
|
|
51
|
+
test_files: []
|