Skip to content

99designs/http-signatures-ruby

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
lib
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

HTTP Signatures

Ruby implementation of HTTP Signatures draft specification; cryptographically sign and verify HTTP requests and responses.

See also:

Usage

Add http_signatures to your Gemfile.

Configure a context with your algorithm, keys, headers to sign. In Rails, this is best placed in an initializer.

require "http_signatures"

$context = HttpSignatures::Context.new(
  keys: {"examplekey" => "secret-key-here"},
  algorithm: "hmac-sha256",
  headers: ["(request-target)", "Date", "Content-Length"],
)

If there's only one key in the keys hash, that will be used for signing. Otherwise, specify one via signing_key_id: "examplekey".

Messages

A message is an HTTP request or response. A subset of the interface of Ruby's Net::HTTPRequest and Net::HTTPResponse is expected; the ability to set/read headers via message["name"], and for requests, the presence of message#method and message#path for (request-target) support.

require "net/http"
require "time"

message = Net::HTTP::Get.new(
  "/path?query=123",
  "Date" => Time.now.rfc822,
  "Content-Length" => "0",
)

Signing a message

$context.signer.sign(message)

Now message contains the signature headers:

message["Signature"]
# keyId="examplekey",algorithm="hmac-sha256",headers="...",signature="..."

message["Authorization"]
# Signature keyId="examplekey",algorithm="hmac-sha256",headers="...",signature="..."

Verifying a signed message

$context.verifier.valid?(message)  # => true or false

Contributing

Pull Requests are welcome.

About

Sign and verify HTTP messages in Ruby.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages