Project

jwt_nacl

0.0
No commit activity in last 3 years
No release in over 3 years
A Ruby JSON Web Token implementation using NaCl Ed25519 digital signatures from the state-of-the-art networking and cryptography library by Daniel J. Bernstein.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 1.13
~> 5.0
~> 12.0
~> 0.13
~> 1.3
~> 0.9

Runtime

 Project Readme

JWT NaCl travis yard docs code climate

A JSON Web Token (JWT) implementation using NaCl cryptography

Description

A Ruby JSON Web Token implementation using Edwards-curve Digital Signature Algorithm (EdDSA) curve Ed25519 digital signatures from the state-of-the-art NaCl Networking and Cryptography library by Daniel J. Bernstein.

Installation

Add this line to your application's Gemfile:

gem 'jwt_nacl'

And then execute:

$ bundle

Or install it directly as:

$ gem install jwt_nacl

Philosophy & Design Goals

  • Convention over configuration
  • Use of state-of-the-art cryptography, including EdDSA Curve25519 elliptic curves
  • Minimal API surface area
  • Thorough test coverage
  • Modularity for comprehension and extensibility

Why NaCl?

Cryptography typically exposes a high degree of complexity, due to many possible configuration decisions. One poor choice could result in an insecure system.

NaCl is different. NaCl provides an expertly-assembled, high-level cryptographic API with the correct configuration already built-in. See RbNaCl for more rationale.

For a more conventional JWT implementation, please refer to the related json_web_token gem.

Usage

JWT.sign(claims, private_key)

Returns a 3 element hash that includes:

  • a JSON Web Token
  • the private key
  • the public key

claims (required) hash (non-empty)

private_key (optional) string, 32 random byte signing key

Example

require 'jwt_nacl'

claims = {iss: "mike", exp: 1300819380, :"http://example.com/is_root" => false}

private_hex = "d2c5c54bc205266f12a8a21809aa2989536959f666a5d68710e6fab94674041a"
private_key = [private_hex].pack("H*")

public_hex = "1e10af4b79b8d005c8b4237161f1350844b2e6c1a8d6aa4817151c04a2751731"
public_key = [public_hex].pack("H*")

# Sign with an elliptical curve Ed25519 digital signature
jwt = JWT.sign(claims, private_key)
#=> {
  jwt: "eyJhbGciOiJFZDI1NTE5IiwidHlwIjoiSldUIn0.eyJpc3MiOiJtaWtlIiwiZXhwIjoxMzAwODE5MzgwLCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6ZmFsc2V9.f2y6Sax9eK9M3JiFCt4ZfzzOL56SWNhydHpPPIoVkm21D3_bJq5DmFLgH8ee2OlzSlZMoq009jLSg6AC0mn4DA",
  private_key: private_key,
  public_key: public_key
}

JWT.verify(jwt, public_key)

Returns a hash:

  • {claims: < JWT claims set >}, if the digital signature is verified
  • {error: "invalid"}, otherwise

jwt (required) is a JSON web token string

public_key (required) string, 32 byte verifying key

Example

require 'jwt_nacl'

jwt = "eyJhbGciOiJFZDI1NTE5IiwidHlwIjoiSldUIn0.eyJpc3MiOiJtaWtlIiwiZXhwIjoxMzAwODE5MzgwLCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6ZmFsc2V9.f2y6Sax9eK9M3JiFCt4ZfzzOL56SWNhydHpPPIoVkm21D3_bJq5DmFLgH8ee2OlzSlZMoq009jLSg6AC0mn4DA"

hex = "1e10af4b79b8d005c8b4237161f1350844b2e6c1a8d6aa4817151c04a2751731"
public_key = [hex].pack("H*")

# Verify with an elliptical curve Ed25519 public key
JWT.verify(jwt, public_key)
#=> {
  claims: {iss: "mike", exp: 1300819380, :"http://example.com/is_root" => false}
}

Supported encryption algorithm

Ed25519, Edwards-curve Digital Signature Algorithm (EdDSA) using Curve25519

Supported Ruby versions

Ruby 2.2.6 and up