module JwtNacl::Jws

Represent content to be secured with digital signatures @see tools.ietf.org/html/rfc7515

Constants

JWS_PARTS

Public Instance Methods

encode_input(payload) click to toggle source
# File lib/jwt_nacl/jws.rb, line 42
def encode_input(payload)
  "#{Base64Url.encode(HEADER.to_json)}.#{Base64Url.encode(payload)}"
end
sign(payload, private_key = nil) click to toggle source

@param payload [String] input for a digital signature computation @param private_key [String] 32 random bytes (optional) @return [Hash] a hash with a signed jwt, private_key, and public_key @example

Jws.sign(payload, private_key)
# => {jwt: jwt, private_key: private_key, public_key: public_key}
# File lib/jwt_nacl/jws.rb, line 22
def sign(payload, private_key = nil)
  signing_input = encode_input(payload)
  hsh = Ed25519.sign(signing_input, private_key)
  {
    jwt: "#{signing_input}.#{Base64Url.encode(hsh[:signature])}",
    private_key: hsh[:private_key],
    public_key: hsh[:public_key]
  }
end
verified?(jwt, public_key) click to toggle source
# File lib/jwt_nacl/jws.rb, line 46
def verified?(jwt, public_key)
  ary = jwt.split(".")
  return unless ary.length == JWS_PARTS
  signature = Base64Url.decode(ary[2])
  message = "#{ary[0]}.#{ary[1]}"

  Ed25519.verify(public_key, signature, message)
end
verify(jwt, public_key) click to toggle source

@param jwt [String] input to be authenticated @param public_key [String] 32 byte key used to authenticate a digital signature @return [Hash] a hash with a verified jwt (e.g. jwt: jwt) or not verified (e.g. error: “invalid”) @example

Jws.verify(jwt, public_key)
# => {jwt: jwt}
# File lib/jwt_nacl/jws.rb, line 38
def verify(jwt, public_key)
  verified?(jwt, public_key) ? {jwt: jwt} : {error: "invalid"}
end