branca_erl

Release 0.3.0

An Erlang implementation of the Branca specification for authenticated and encrypted tokens

Homepage Repository Hex Erlang Documentation Download

License
Other

Documentation

branca-erl

Build Status

An Erlang implementation of the Branca specification for authenticated and encrypted tokens.

These are symmetrically encrypted, tamper-proof strings of arbitrary contents that can be safely exposed.

Installation

Add this to your rebar.config file to install the library through hex.pm:

{deps, [
    {branca_erl, "0.1.1"}
]}.

Basic Usage

1> Secret = soda:rand(32). % the spec mandates that secret keys must be exactly 32 bytes long.
<<238,191,60,162,227,35,20,3,135,35,6,69,45,10,213,250,3,
  106,71,133,119,70,131,43,173,147,60,182,122,...>>

2> Message = erlang:term_to_binary({foo, bar, baz, [1,2,3]}).
<<131,104,4,100,0,3,102,111,111,100,0,3,98,97,114,100,0,3,
  98,97,122,107,0,3,1,2,3>>

3> Token = branca:encode(Message, Secret).
<<"9GBoip8wFIboItLRutv335YmhKpa4vRX5qXKFoyABy0f8LOw9hk3Zi4I14H2AL9VKk0i6GRentlKXc9qr">>

4> {ok, Message} = branca:decode(Token, Secret).
{ok,<<131,104,4,100,0,3,102,111,111,100,0,3,98,97,114,
      100,0,3,98,97,122,107,0,3,1,2,3>>}

API

branca:encode/2

Uses Secret to turn PlainText into a Branca token using the current Unix time as the timestamp. Returns the token as an Erlang binary.

branca:encode/3

Same as above, but using a custom timestamp. If used, it must be greater than 0 and less than 2^32 (4 bytes long).

branca:decode/2

Uses Secret to turn a Branca token into the original PlainText. Returns a two-valued tuple for each possible outcome:

  • {ok, PlainText} -> successful token decryption.
  • {error, bad_encoding} -> CipherText contains at least one non-base62 character.
  • {error, invalid_token} -> CipherText is base62, but it does not have the layout of a valid Branca token.
  • {error, invalid_sig} -> the Secret used to decrypt the token is incorrect, or the token has been tampered.

branca:decode/3

Same as above, but using a TTL to determine if the token has to be considered stale. Might return any of the above tuples, plus:

  • {expired, PlainText} -> the token was successfully decrypted, but it expired (i.e. it was minted more than TTL seconds ago).

Testing

The library includes EUnit and PropEr test suites.

These can be run with the usual rebar3 commands (rebar3 eunit and rebar3 proper).

Caveats

  • The base62 encoding and decoding is based on an O(n^2) algorithm involving arithmetic division and is dog slow. On my development laptop encoding 1KB of random data takes about 100ms, and 5KB jumps to 2.5s. Future releases might try to mitigate this problem by implementing branca_transcoder as a NIF, or replace the base62 algorithm altogether (though that would make the tokens incompatible with the Branca spec and the ones produced by other implementations).

TODO

  • Travis CI build
  • Timestamp expiration
  • Spec annotations for Dialyzer
  • Improve all modules documentation

Stats

Dependencies
1
Dependent packages
0
Dependent repositories
0
Total releases
4
Latest release
First release
Stars
10
Forks
1
Watchers
1
Contributors
1
Repository size
23.4 KB
SourceRank
9

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.1.0
0.1.1
0.2.0
0.3.0

Maintainers

1ma

Contributors

Unhosted Marcellus


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2020-09-15 17:06:38 UTC

Login to resync this project