HMACAuth
__ ____ ______ _________ __ __
/ / / / |/ / | / ____/ | __ __/ /_/ /_
/ /_/ / /|_/ / /| |/ / / /| |/ / / / __/ __ \
/ __ / / / / ___ / /___/ ___ / /_/ / /_/ / / /
/_/ /_/_/ /_/_/ |_\____/_/ |_\__,_/\__/_/ /_/
Ruby gem providing HMAC based message signing and verification. Without fancy Rails integration.
Installation
gem 'hmac_auth' # Gemfile
gem install hmac_auth # manual
Usage
# Configuration
HMACAuth.secret = 't0p_s3cr3!!eins1'
HMACAuth.reject_keys = %w(action controller format)
HMACAuth.valid_for = 15.minutes
HMACAuth.keep_values_type = false
to_be_signed = {
b: 2,
a: { d: 4, c: 3 }
}
signed = HMACAuth::Signature.sign to_be_signed
# => Hash including 'timestamp' and 'signature'
HMACAuth::Signature.verify(signed) # => true
HMACAuth::Signature.verify(signed.merge(evil: 'yes')) # => false
HMACAuth::Signature.verify(signed, secret: 'good guess?') # => false
sleep 20.minutes
HMACAuth::Signature.verify(signed) # => false
# That's it. Nothing more, nothing less.
Contributing
This is very much appreciated :-)