fernet: Generate and verify HMAC-based authentication tokens.

[ authentication, lgpl, library, web ] [ Propose Tags ]

Originally designed for use within OpenStack clusters, Fernet is intended to be fast and light-weight, with non-persistent tokens. Fernet tokens are signed with a SHA256 HMAC and their contents encrypted with AES128 in CBC mode.


[Skip to Readme]

Modules

[Index]

Flags

Automatic Flags
NameDescriptionDefault
cli

Build the example application

Enabled

Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info

Downloads

Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees

Candidates

Versions [RSS] 0.1.0.0
Change log ChangeLog.md
Dependencies base (>=4.9 && <4.10), binary (>=0.8.3.0 && <0.10), byteable (>=0.1.1 && <0.2), bytestring (>=0.10.8 && <0.11), cryptonite (>=0.21 && <0.23), fernet, memory (>=0.14.1 && <0.15), optparse-applicative (>=0.12 && <0.15), time (>=1.6.0 && <1.7), unix (>=2.7.2.1 && <2.8) [details]
License LGPL-3.0-only
Copyright 2017 Rodney Lorrimar
Author Rodney Lorrimar
Maintainer dev@rodney.id.au
Category Web, Authentication
Home page https://github.com/rvl/fernet-hs
Bug tracker https://github.com/rvl/fernet/issues
Source repo head: git clone https://github.com/rvl/fernet-hs
Uploaded by rvl at 2017-03-22T23:39:55Z
Distributions
Executables fernet
Downloads 1050 total (4 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs available [build log]
Last success reported on 2017-03-22 [all 1 reports]

Readme for fernet-0.1.0.0

[back to package description]

Fernet Haskell Implementation

Build Status Hackage

Fernet generates and verifies HMAC-based authentication tokens.

Originally designed for use within OpenStack clusters, it was intended to be fast and light-weight, with non-persistent tokens. Integrity and confidentiality of the token contents are implemented with HMAC SHA256 and AES128 CBC.

See the Fernet Spec for a little more information.

Usage

To encrypt a token:

>>> import Network.Fernet
>>> k <- generateKey
>>> keyToBase64 k
"JQAeL3iFN9wIW_hMKiIzA1EiG_EZNivnMPBOOJn2wZc="
>>> token <- encrypt k "secret text"
>>> print token
"gAAAAABY0H9kx7ihkcj6ZF_bQ73Lvc7aG-ZlEtjx24io-DQy5tCjLbq1JvVY27uAe6BuwG8css-4LDIywOJRyY_zetq7aLPPag=="

The resulting token can be distributed to clients. To check and decrypt the token, use the same key:

>>> decrypt k 60 token
Right "secret text"

Do read the Network.Fernet module documentation for further information.

Command-line tool

This package also includes a command-line tool for encrypting and decrypting tokens.

Fernet Utility

Usage: fernet (((-k|--key STRING) | --key-file FILENAME) ([-e|--encrypt] |
              [-d|--decrypt]) [--ttl SECONDS] | (-g|--gen-key))
  Encrypts/decrypts Fernet tokens. One token written to stdout for each line
  read from stdin. Use --gen-key to make a key.

Available options:
  -h,--help                Show this help text
  -k,--key STRING          Base64-urlsafe-encoded 32 byte encryption key
  --key-file FILENAME      File containing the encryption key
  -e,--encrypt             Encryption mode (default: autodetect)
  -d,--decrypt             Decryption mode (default: autodetect)
  --ttl SECONDS            Token lifetime in seconds (default: 1 minute)
  -g,--gen-key             Generate a key from the password on standard input

Development

Building with Stack

stack build

Building with Nix

nix-shell -p cabal2nix --command "cabal2nix --shell . > default.nix"
nix-shell --command "cabal configure"
cabal build

Better & Cooler Stuff

You might also be interested in hsoz.