fernet: Generate and verify HMAC-based authentication tokens.
Originally designed for use within OpenStack clusters, Fernet is intended to be fast and light-weight, with non-persistent tokens. Fernet tokens are signed with a SHA256 HMAC and their contents encrypted with AES128 in CBC mode.
[Skip to Readme]
Flags
Automatic Flags
| Name | Description | Default |
|---|---|---|
| cli | Build the example application | Enabled |
Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info
Downloads
- fernet-0.1.0.0.tar.gz [browse] (Cabal source package)
- Package description (as included in the package)
Maintainer's Corner
For package maintainers and hackage trustees
Candidates
| Versions [RSS] | 0.1.0.0 |
|---|---|
| Change log | ChangeLog.md |
| Dependencies | base (>=4.9 && <4.10), binary (>=0.8.3.0 && <0.10), byteable (>=0.1.1 && <0.2), bytestring (>=0.10.8 && <0.11), cryptonite (>=0.21 && <0.23), fernet, memory (>=0.14.1 && <0.15), optparse-applicative (>=0.12 && <0.15), time (>=1.6.0 && <1.7), unix (>=2.7.2.1 && <2.8) [details] |
| License | LGPL-3.0-only |
| Copyright | 2017 Rodney Lorrimar |
| Author | Rodney Lorrimar |
| Maintainer | dev@rodney.id.au |
| Category | Web, Authentication |
| Home page | https://github.com/rvl/fernet-hs |
| Bug tracker | https://github.com/rvl/fernet/issues |
| Source repo | head: git clone https://github.com/rvl/fernet-hs |
| Uploaded | by rvl at 2017-03-22T23:39:55Z |
| Distributions | |
| Executables | fernet |
| Downloads | 1089 total (6 in the last 30 days) |
| Rating | (no votes yet) [estimated by Bayesian average] |
| Your Rating | |
| Status | Docs available [build log] Last success reported on 2017-03-22 [all 1 reports] |
Readme for fernet-0.1.0.0
[back to package description]Fernet Haskell Implementation
Fernet generates and verifies HMAC-based authentication tokens.
Originally designed for use within OpenStack clusters, it was intended to be fast and light-weight, with non-persistent tokens. Integrity and confidentiality of the token contents are implemented with HMAC SHA256 and AES128 CBC.
See the Fernet Spec for a little more information.
Usage
To encrypt a token:
>>> import Network.Fernet
>>> k <- generateKey
>>> keyToBase64 k
"JQAeL3iFN9wIW_hMKiIzA1EiG_EZNivnMPBOOJn2wZc="
>>> token <- encrypt k "secret text"
>>> print token
"gAAAAABY0H9kx7ihkcj6ZF_bQ73Lvc7aG-ZlEtjx24io-DQy5tCjLbq1JvVY27uAe6BuwG8css-4LDIywOJRyY_zetq7aLPPag=="
The resulting token can be distributed to clients. To check and decrypt the token, use the same key:
>>> decrypt k 60 token
Right "secret text"
Do read the Network.Fernet module documentation for further information.
Command-line tool
This package also includes a command-line tool for encrypting and decrypting tokens.
Fernet Utility
Usage: fernet (((-k|--key STRING) | --key-file FILENAME) ([-e|--encrypt] |
[-d|--decrypt]) [--ttl SECONDS] | (-g|--gen-key))
Encrypts/decrypts Fernet tokens. One token written to stdout for each line
read from stdin. Use --gen-key to make a key.
Available options:
-h,--help Show this help text
-k,--key STRING Base64-urlsafe-encoded 32 byte encryption key
--key-file FILENAME File containing the encryption key
-e,--encrypt Encryption mode (default: autodetect)
-d,--decrypt Decryption mode (default: autodetect)
--ttl SECONDS Token lifetime in seconds (default: 1 minute)
-g,--gen-key Generate a key from the password on standard input
Development
Building with Stack
stack build
Building with Nix
nix-shell -p cabal2nix --command "cabal2nix --shell . > default.nix"
nix-shell --command "cabal configure"
cabal build
Better & Cooler Stuff
You might also be interested in hsoz.