module JsonWebToken::Algorithm::Hmac
Sign or verify a JSON Web Signature (JWS) structure using HMAC with SHA-2 algorithms @see tools.ietf.org/html/rfc7518#section-3.2
Public Instance Methods
sign(sha_bits, shared_key, signing_input)
click to toggle source
@param sha_bits [String] size of the hash output @param shared_key [String] secret key used to sign and verify a digital signature, or mac @param signing_input [String] input payload for a mac computation @return [BinaryString] a digital signature, or mac @example
shared_key = "gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C" Hmac.sign('256', shared_key, 'signing_input').bytes # => [90, 34, 44, 252, 147, 130, 167, 173, 86, 191, 247, 93, 94, 12, 200, 30, 173, 115, 248, 89, 246, 222, 4, 213, 119, 74, 70, 20, 231, 194, 104, 103]
# File lib/json_web_token/algorithm/hmac.rb, line 22 def sign(sha_bits, shared_key, signing_input) validate_key(sha_bits, shared_key) OpenSSL::HMAC.digest(digest_new(sha_bits), shared_key, signing_input) end
validate_key_size(sha_bits, key)
click to toggle source
# File lib/json_web_token/algorithm/hmac.rb, line 40 def validate_key_size(sha_bits, key) fail('Invalid shared key') if weak_key?(sha_bits, key) end
verify?(mac, sha_bits, shared_key, signing_input)
click to toggle source
@param mac [BinaryString] a digital signature, or mac @param (see sign
) @return [Boolean] a predicate to verify the signing_input by comparing a given mac
to the +mac+ for a newly signed message; comparison done in a constant-time manner to thwart timing attacks
@example
shared_key = "gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr9C" Hmac.verify?(< binary_string >, '256', shared_key, 'signing_input') # => true
# File lib/json_web_token/algorithm/hmac.rb, line 36 def verify?(mac, sha_bits, shared_key, signing_input) Util.constant_time_compare?(mac, sign(sha_bits, shared_key, signing_input)) end
weak_key?(sha_bits, key)
click to toggle source
# File lib/json_web_token/algorithm/hmac.rb, line 44 def weak_key?(sha_bits, key) !key || key.bytesize * 8 < sha_bits.to_i end