0.0
No commit activity in last 3 years
No release in over 3 years
SessionKeys is a cryptographic tool for the deterministic generation of NaCl compatible Curve25519 encryption and Ed25519 digital signature keys. The strength of the system is rooted in the fact that the keypairs are derived from passing an identifier, such as a username or email address, and a high-entropy passphrase through the SHA256 one-way hash and the scrypt key derivation functions. This means that no private key material need ever be writter to disk or transmitted. The generated keys are deterministic; for any given ID, password, and strength combination the same keys will always be returned.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 0.8.23
~> 5.0
~> 0.12
~> 12.3
~> 1.4

Runtime

~> 7.0.0
>= 1.0, < 2.0
 Project Readme

sessionKeys (Ruby)

Gem Version Build Status Coverage Status Code Climate Inline docs

sessionKeys is a cryptographic tool for the generation of unique user IDs, and NaCl compatible Curve25519 encryption, and Ed25519 digital signature keys using Ruby.

It is compatible with grempe/session-keys-js which can generates identical IDs and crypto keys using Javascript when given the same username and passphrase values. Both libraries have extensive tests to ensure they remain interoperable.

The strength of the system lies in the fact that the keypairs are derived from passing an identifier such as a username or email address, and a high-entropy passphrase through the SHA256 cryptographic one-way hash function, and then 'stretching' that username/password into strong key material using the scrypt key derivation function.

For an overview of the security design, please see the README for the companion project grempe/session-keys-js

Installation

Add this line to your application's Gemfile:

gem 'session_keys'

And then execute:

$ bundle

Or install it yourself as:

$ gem install session_keys

Usage

require 'session_keys'

SessionKeys.generate('user@example.com', 'my strong passphrase')

{
  id: '...',
  byte_keys: [...],
  hex_keys: [...],
  nacl_encryption_key_pairs: [...],
  nacl_encryption_key_pairs_base64: [...],
  nacl_signing_key_pairs: [...],
  nacl_signing_key_pairs_base64: [...],
  process_time: 250
}

Security Note : Each Array will contain eight values. Since each value at a particular Array index is derived from the same key material it is recommended to choose the different key types you need from different Array indexes. This ensures that each key type was not derived from the same value.

# uuid : array index 0
output.hex_keys[0]

# encryption keypair : array index 1
output.nacl_encryption_key_pairs[1]

# signing keypair : array index 2
output.nacl_signing_key_pairs[2]

Installation Security : Signed Git Commits

Most, if not all, of the commits and tags to the repository for this code are signed with my PGP/GPG code signing key. I have uploaded my code signing public keys to GitHub and you can now verify those signatures with the GitHub UI. See this list of commits and look for the Verified tag next to each commit. You can click on that tag for additional information.

You can also clone the repository and verify the signatures locally using your own GnuPG installation. You can find my certificates and read about how to conduct this verification at https://www.rempe.us/keys/.

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/grempe/session-keys-rb. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

Legal

Copyright

(c) 2016 Glenn Rempe <glenn@rempe.us> (https://www.rempe.us/)

License

The gem is available as open source under the terms of the MIT License.

Warranty

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the LICENSE.txt file for the specific language governing permissions and limitations under the License.