fernet

Generate and verify HMAC-based authentication tokens. https://github.com/rvl/fernet-hs

Latest on Hackage:0.1.0.0

This package is not currently in any snapshots. If you're interested in using it, we recommend adding it to Stackage Nightly. Doing so will make builds more reliable, and allow stackage.org to host generated Haddocks.

LGPL-3 licensed by Rodney Lorrimar
Maintained by dev@rodney.id.au

Fernet Haskell Implementation

Build Status Hackage

Fernet generates and verifies HMAC-based authentication tokens.

Originally designed for use within OpenStack clusters, it was intended to be fast and light-weight, with non-persistent tokens. Integrity and confidentiality of the token contents are implemented with HMAC SHA256 and AES128 CBC.

See the Fernet Spec for a little more information.

Usage

To encrypt a token:

>>> import Network.Fernet
>>> k <- generateKey
>>> keyToBase64 k
"JQAeL3iFN9wIW_hMKiIzA1EiG_EZNivnMPBOOJn2wZc="
>>> token <- encrypt k "secret text"
>>> print token
"gAAAAABY0H9kx7ihkcj6ZF_bQ73Lvc7aG-ZlEtjx24io-DQy5tCjLbq1JvVY27uAe6BuwG8css-4LDIywOJRyY_zetq7aLPPag=="

The resulting token can be distributed to clients. To check and decrypt the token, use the same key:

>>> decrypt k 60 token
Right "secret text"

Do read the Network.Fernet module documentation for further information.

Command-line tool

This package also includes a command-line tool for encrypting and decrypting tokens.

Fernet Utility

Usage: fernet (((-k|--key STRING) | --key-file FILENAME) ([-e|--encrypt] |
              [-d|--decrypt]) [--ttl SECONDS] | (-g|--gen-key))
  Encrypts/decrypts Fernet tokens. One token written to stdout for each line
  read from stdin. Use --gen-key to make a key.

Available options:
  -h,--help                Show this help text
  -k,--key STRING          Base64-urlsafe-encoded 32 byte encryption key
  --key-file FILENAME      File containing the encryption key
  -e,--encrypt             Encryption mode (default: autodetect)
  -d,--decrypt             Decryption mode (default: autodetect)
  --ttl SECONDS            Token lifetime in seconds (default: 1 minute)
  -g,--gen-key             Generate a key from the password on standard input

Development

Building with Stack

stack build

Building with Nix

nix-shell -p cabal2nix --command "cabal2nix --shell . > default.nix"
nix-shell --command "cabal configure"
cabal build

Better & Cooler Stuff

You might also be interested in hsoz.

Changes

Revision history for fernet

0.1.0.0 -- 2017-03-22

  • First version. Released on an unsuspecting world.
comments powered byDisqus