sel-0.0.1.0: Cryptography for the casual user
MaintainerThe Haskell Cryptography Group
PortabilityGHC only
Safe HaskellSafe-Inferred
LanguageHaskell2010

Sel.SecretKey.Authentication

Description

 
Synopsis

Introduction

The authenticate function computes an authentication tag for a message and a secret key, and provides a way to verify that a given tag is valid for a given message and a key.

The function computing the tag deterministic: the same (message, key) tuple will always produce the same output. However, even if the message is public, knowing the key is required in order to be able to compute a valid tag. Therefore, the key should remain confidential. The tag, however, can be public.

Usage

import Sel.SecretKey.Authentication qualified as Auth

main = do
  -- The parties agree on a shared secret key
  authKey <- Auth.newAuthenticationKey
  -- An authentication tag is computed for the message by the server
  let message = "Hello, world!"
  tag <- Auth.authenticate message
  -- The server sends the message and its authentication tag
  -- […]
  -- The recipient of the message uses the shared secret to validate the message's tag
  Auth.verify tag authKey message
  -- => True

Operations

authenticate Source #

Arguments

:: StrictByteString

Message to authenticate

-> AuthenticationKey

Secret key for authentication

-> IO AuthenticationTag

Cryptographic tag for authentication

Compute an authentication tag for a message with a secret key shared by all parties.

Since: 0.0.1.0

verify :: AuthenticationTag -> AuthenticationKey -> StrictByteString -> Bool Source #

Verify that the tag is valid for the provided message and secret key.

Since: 0.0.1.0

Authentication key

data AuthenticationKey Source #

A secret authentication key of size cryptoAuthKeyBytes.

Since: 0.0.1.0

Instances

Instances details
Show AuthenticationKey Source #
show authenticationKey == "[REDACTED]"

Since: 0.0.1.0

Instance details

Defined in Sel.SecretKey.Authentication

Methods

showsPrec :: Int -> AuthenticationKey -> ShowS #

show :: AuthenticationKey -> String #

showList :: [AuthenticationKey] -> ShowS #

Eq AuthenticationKey Source #

Since: 0.0.1.0

Instance details

Defined in Sel.SecretKey.Authentication

Methods

(==) :: AuthenticationKey -> AuthenticationKey -> Bool #

(/=) :: AuthenticationKey -> AuthenticationKey -> Bool #

Ord AuthenticationKey Source #

Since: 0.0.1.0

Instance details

Defined in Sel.SecretKey.Authentication

Methods

compare :: AuthenticationKey -> AuthenticationKey -> Ordering #

(<) :: AuthenticationKey -> AuthenticationKey -> Bool #

(<=) :: AuthenticationKey -> AuthenticationKey -> Bool #

(>) :: AuthenticationKey -> AuthenticationKey -> Bool #

(>=) :: AuthenticationKey -> AuthenticationKey -> Bool #

max :: AuthenticationKey -> AuthenticationKey -> AuthenticationKey #

min :: AuthenticationKey -> AuthenticationKey -> AuthenticationKey #

Display AuthenticationKey Source #
display authenticatonKey == "[REDACTED]"

Since: 0.0.1.0

Instance details

Defined in Sel.SecretKey.Authentication

Methods

displayBuilder :: AuthenticationKey -> Builder #

displayList :: [AuthenticationKey] -> Builder #

displayPrec :: Int -> AuthenticationKey -> Builder #

newAuthenticationKey :: IO AuthenticationKey Source #

Generate a new random secret key.

Since: 0.0.1.0

authenticationKeyFromHexByteString :: StrictByteString -> Either Text AuthenticationKey Source #

Create an AuthenticationKey from a binary StrictByteString that you have obtained on your own, usually from the network or disk.

The input secret key, once decoded from base16, must be of length cryptoAuthKeyBytes.

Since: 0.0.1.0

unsafeAuthenticationKeyToHexByteString :: AuthenticationKey -> StrictByteString Source #

Convert a 'AuthenticationKey to a hexadecimal-encoded StrictByteString.

⚠️ Be prudent as to where you store it!

Since: 0.0.1.0

Authentication tag

data AuthenticationTag Source #

A secret authentication key of size cryptoAuthBytes.

Since: 0.0.1.0

Instances

Instances details
Show AuthenticationTag Source #

Since: 0.0.1.0

Instance details

Defined in Sel.SecretKey.Authentication

Methods

showsPrec :: Int -> AuthenticationTag -> ShowS #

show :: AuthenticationTag -> String #

showList :: [AuthenticationTag] -> ShowS #

Eq AuthenticationTag Source #

Since: 0.0.1.0

Instance details

Defined in Sel.SecretKey.Authentication

Methods

(==) :: AuthenticationTag -> AuthenticationTag -> Bool #

(/=) :: AuthenticationTag -> AuthenticationTag -> Bool #

Ord AuthenticationTag Source #

Since: 0.0.1.0

Instance details

Defined in Sel.SecretKey.Authentication

Methods

compare :: AuthenticationTag -> AuthenticationTag -> Ordering #

(<) :: AuthenticationTag -> AuthenticationTag -> Bool #

(<=) :: AuthenticationTag -> AuthenticationTag -> Bool #

(>) :: AuthenticationTag -> AuthenticationTag -> Bool #

(>=) :: AuthenticationTag -> AuthenticationTag -> Bool #

max :: AuthenticationTag -> AuthenticationTag -> AuthenticationTag #

min :: AuthenticationTag -> AuthenticationTag -> AuthenticationTag #

Display AuthenticationTag Source #

Since: 0.0.1.0

Instance details

Defined in Sel.SecretKey.Authentication

Methods

displayBuilder :: AuthenticationTag -> Builder #

displayList :: [AuthenticationTag] -> Builder #

displayPrec :: Int -> AuthenticationTag -> Builder #

authenticationTagToHexByteString :: AuthenticationTag -> StrictByteString Source #

Convert an AuthenticationTag to a hexadecimal-encoded StrictByteString.

Since: 0.0.1.0

authenticationTagFromHexByteString :: StrictByteString -> Either Text AuthenticationTag Source #

Create an AuthenticationTag from a binary StrictByteString that you have obtained on your own, usually from the network or disk.

The input secret key, once decoded from base16, must be of length cryptoAuthBytes.

Since: 0.0.1.0