nobsign's Introduction

nobsign

A simple but effective sign library, written in Rust.

Ported from nobi, which itself is a port of itsdangerous.

Documentation

Possible use cases

Creating an activation link for users
Creating a password reset link

Basic Example:

use nobsign::Signer;
let signer = Signer::new(b"my secret");

// Let's say the user's ID is 101
let signed = signer.sign("101");

// You can now email this url to your users!
let url = format!("http://yoursite.com/activate/?key={}", signed);

// Later check the signature and get the value back
let unsigned = signer.unsign(&signed).unwrap();

Example with timestamped signatures

use nobsign::TimestampSigner;
let signer = TimestampSigner::new(b"my secret");

// Let's say the user's ID is 101
let signed = signer.sign("101");

// You can now email this url to your users!
let url = format!("http://yoursite.com/activate/?key={}", signed);

// In your code, you can verify the expiration:
signer.unsign(&signed, 86400).unwrap(); // 1 day expiration

nobsign's People

Contributors

Stargazers

Watchers

nobsign's Issues

The type of `secret` parameters should be `&[u8]`, not `String`

Here is how one would go about creating a secure key for use with nobsign:

fn make_key() -> Result<Vec<u8>, ()> {
     use ring::{digest, rand};
     let key = vec![0u8; digest::SHA1.digest_len];
     try!(rand::fill_secure_random(&mut key[..]));
     Ok(key)
}

However, such a secure key won't work because nobsign uses String as the type of the secret, and Rust's String type only allows UTF-8 encoded values. Rust's insistence on String and &str being UTF-8 encoded means that they can never be used for storing a secure key.

Because of the weird way that HMAC handles large key sizes, BASE64-encoding the key to store it in a String would not be as secure as expected, either.

New release on crates.io?

The current version fails to compile due to an invalid ring dependency:

error: failed to select a version for the requirement `ring = "^0.2.3"`
  candidate versions found which didn't match: 0.14.1, 0.14.0, 0.13.5, ...
  location searched: crates.io index
required by package `nobsign v0.1.0`
    ...

Recommend Projects