signing 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gems +1 -0
- data/.gitignore +2 -0
- data/Rakefile +8 -0
- data/Readme.md +30 -0
- data/lib/signing.rb +54 -0
- data/signing.gemspec +13 -0
- data/test/signing_test.rb +38 -0
- metadata +51 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 27be608b8ac3aee608f4310beeb4ce80a6de6cb9
|
4
|
+
data.tar.gz: 4451fb4fbcc524f46218ebca1ae617493982d0a0
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 2b1fff1e92c316a64b60b9dad4251d03b28b769be9e3aa2f6731aa66cf75cb5463f02baabcdbe93fe52c9ca8935e8e1b5895cbdfa52a11eea1150e87bec5f984
|
7
|
+
data.tar.gz: 575a9dea70071b0c1b1e299cf3a7d90c423202d0b92b139291b00f473aa0575c67fa6f21b2fe25a065d392ec2adbb2cce8e04dce3b317e0dd064387204451ab5
|
data/.gems
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
cutest -v 1.2.1
|
data/.gitignore
ADDED
data/Rakefile
ADDED
data/Readme.md
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
# signing
|
2
|
+
|
3
|
+
Sign and unsign your data.
|
4
|
+
|
5
|
+
## Usage
|
6
|
+
|
7
|
+
```ruby
|
8
|
+
require "signing"
|
9
|
+
include Signing
|
10
|
+
|
11
|
+
signer = Signer.new("secret", "salt")
|
12
|
+
|
13
|
+
# sign
|
14
|
+
signed_value = signer.sign("value")
|
15
|
+
|
16
|
+
# unsign
|
17
|
+
signer.unsign(signed_value) # returns "value"
|
18
|
+
```
|
19
|
+
|
20
|
+
## Installation
|
21
|
+
|
22
|
+
Install it using rubygems.
|
23
|
+
|
24
|
+
```
|
25
|
+
$ gem install signing
|
26
|
+
```
|
27
|
+
|
28
|
+
## License
|
29
|
+
|
30
|
+
MIT
|
data/lib/signing.rb
ADDED
@@ -0,0 +1,54 @@
|
|
1
|
+
require "base64"
|
2
|
+
require "digest/hmac"
|
3
|
+
require "digest/sha1"
|
4
|
+
|
5
|
+
module Signing
|
6
|
+
def self.base64_encode(string)
|
7
|
+
Base64.urlsafe_encode64(string).gsub(/(=*$)/, "")
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.base64_decode(string)
|
11
|
+
Base64.urlsafe_decode64(string + "=" * (-string.length % 4))
|
12
|
+
end
|
13
|
+
|
14
|
+
# constant-time comparison to prevent timing attacks
|
15
|
+
def self.compare(a, b)
|
16
|
+
len_eq = a.length == b.length
|
17
|
+
res = len_eq ? 0 : 1
|
18
|
+
left = len_eq ? a : b
|
19
|
+
(0...left.length).each { |i| res |= a[i].ord ^ b[i].ord }
|
20
|
+
res == 0
|
21
|
+
end
|
22
|
+
|
23
|
+
class Signer
|
24
|
+
def initialize(secret, salt)
|
25
|
+
@secret = secret
|
26
|
+
@salt = salt
|
27
|
+
@sep = "."
|
28
|
+
end
|
29
|
+
|
30
|
+
def sign(value)
|
31
|
+
value = Signing::base64_encode(value)
|
32
|
+
value + @sep + get_signature(value)
|
33
|
+
end
|
34
|
+
|
35
|
+
def unsign(signed_value)
|
36
|
+
return false if not signed_value.include? @sep
|
37
|
+
|
38
|
+
value, s, sig = signed_value.rpartition(@sep)
|
39
|
+
if Signing::compare(sig, get_signature(value))
|
40
|
+
return Signing::base64_decode(value)
|
41
|
+
end
|
42
|
+
|
43
|
+
false
|
44
|
+
end
|
45
|
+
|
46
|
+
private
|
47
|
+
|
48
|
+
def get_signature(value)
|
49
|
+
key = Digest::SHA1.digest("#{@salt}signer#{@secret}")
|
50
|
+
mac = Digest::HMAC.digest(value, key, Digest::SHA1)
|
51
|
+
Signing::base64_encode(mac)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
data/signing.gemspec
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
Gem::Specification.new do |s|
|
4
|
+
s.name = "signing"
|
5
|
+
s.version = "0.0.1"
|
6
|
+
s.summary = "Sign and unsign your data."
|
7
|
+
s.description = "Sign and unsign your data."
|
8
|
+
s.authors = ["Gustavo Leguizamon"]
|
9
|
+
s.email = ["leguizamon.gustavo@gmail.com"]
|
10
|
+
s.homepage = "https://github.com/goopi/signing"
|
11
|
+
s.files = `git ls-files`.split("\n")
|
12
|
+
s.license = "MIT"
|
13
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
require File.expand_path("../lib/signing", File.dirname(__FILE__))
|
2
|
+
include Signing
|
3
|
+
|
4
|
+
scope do
|
5
|
+
setup do
|
6
|
+
{
|
7
|
+
:value => "hi",
|
8
|
+
:signed_value => "aGk.H9tzyMqq_e4j8yH-0KfNTZvoNBk",
|
9
|
+
:secret => "secret",
|
10
|
+
:salt => "salt"
|
11
|
+
}
|
12
|
+
end
|
13
|
+
|
14
|
+
test "should sign the value" do |params|
|
15
|
+
s = Signer.new(params[:secret], params[:salt])
|
16
|
+
signed_value = s.sign(params[:value])
|
17
|
+
assert_equal signed_value, params[:signed_value]
|
18
|
+
|
19
|
+
s = Signer.new("othersecret", params[:salt])
|
20
|
+
signed_value = s.sign(params[:value])
|
21
|
+
assert signed_value != params[:signed_value]
|
22
|
+
|
23
|
+
s = Signer.new(params[:secret], "othersalt")
|
24
|
+
signed_value = s.sign(params[:value])
|
25
|
+
assert signed_value != params[:signed_value]
|
26
|
+
end
|
27
|
+
|
28
|
+
test "should unsign the signed value" do |params|
|
29
|
+
s = Signer.new(params[:secret], params[:salt])
|
30
|
+
assert_equal params[:value], s.unsign(params[:signed_value])
|
31
|
+
|
32
|
+
s = Signer.new("othersecret", params[:salt])
|
33
|
+
assert_equal false, s.unsign(params[:signed_value])
|
34
|
+
|
35
|
+
s = Signer.new(params[:secret], "othersalt")
|
36
|
+
assert_equal false, s.unsign(params[:signed_value])
|
37
|
+
end
|
38
|
+
end
|
metadata
ADDED
@@ -0,0 +1,51 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: signing
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Gustavo Leguizamon
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2013-09-16 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: Sign and unsign your data.
|
14
|
+
email:
|
15
|
+
- leguizamon.gustavo@gmail.com
|
16
|
+
executables: []
|
17
|
+
extensions: []
|
18
|
+
extra_rdoc_files: []
|
19
|
+
files:
|
20
|
+
- .gems
|
21
|
+
- .gitignore
|
22
|
+
- Rakefile
|
23
|
+
- Readme.md
|
24
|
+
- lib/signing.rb
|
25
|
+
- signing.gemspec
|
26
|
+
- test/signing_test.rb
|
27
|
+
homepage: https://github.com/goopi/signing
|
28
|
+
licenses:
|
29
|
+
- MIT
|
30
|
+
metadata: {}
|
31
|
+
post_install_message:
|
32
|
+
rdoc_options: []
|
33
|
+
require_paths:
|
34
|
+
- lib
|
35
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - '>='
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '0'
|
40
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
41
|
+
requirements:
|
42
|
+
- - '>='
|
43
|
+
- !ruby/object:Gem::Version
|
44
|
+
version: '0'
|
45
|
+
requirements: []
|
46
|
+
rubyforge_project:
|
47
|
+
rubygems_version: 2.1.3
|
48
|
+
signing_key:
|
49
|
+
specification_version: 4
|
50
|
+
summary: Sign and unsign your data.
|
51
|
+
test_files: []
|