Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Have RbNaCl::Util#check_string check encodings #101

Merged
merged 2 commits into from
Apr 15, 2014
Merged

Have RbNaCl::Util#check_string check encodings #101

merged 2 commits into from
Apr 15, 2014

Conversation

tarcieri
Copy link
Contributor

I've been bitten by non-binary encodings repeatedly. This raises
EncodingError if we're given a non-BINARY encoding.

@tarcieri
Have RbNaCl::Util#check_string check encodings
73d4c2a 
I've been bitten by non-binary encodings repeatedly. This raises
EncodingError if we're given a non-BINARY encoding.
@namelessjon
Copy link
Contributor

Can we add a spec for this? Otherwise, looks good!

@tarcieri
Copy link
Contributor Author

I added a spec. Gonna go ahead and merge this.

What do you think about releasing 3.0.0?

tarcieri added a commit that referenced this pull request Apr 15, 2014
@tarcieri
Merge pull request #101 from cryptosphere/ensure-binary-encoding
583c7bd 
Have RbNaCl::Util#check_string check encodings
@tarcieri tarcieri merged commit 583c7bd into master Apr 15, 2014
@tarcieri tarcieri deleted the ensure-binary-encoding branch April 15, 2014 18:29
@Asmod4n
Copy link
Contributor

Asmod4n commented Apr 15, 2014

Would like to see everything of libsodium exposed in a 3.0 release.

On 15.04.2014, at 20:29, Tony Arcieri notifications@github.com wrote:

I added a spec. Gonna go ahead and merge this.

What do you think about releasing 3.0.0?


Reply to this email directly or view it on GitHub.

@tarcieri
Copy link
Contributor Author

@Asmod4n is there something specific you need which isn't exposed? We have most of the major features, aside from the "dangerous" ones people probably shouldn't be using anyway.

Mostly I want to start using the SimpleBox API...

@Asmod4n
Copy link
Contributor

Asmod4n commented Apr 15, 2014

Afaik crypto_shorthash and aes-ctr are missing, but don’t need them @tarcieri

On 15.04.2014, at 20:36, Tony Arcieri notifications@github.com wrote:

@Asmod4n is there something specific you need which isn't exposed? We have most of the major features, aside from the "dangerous" ones people probably shouldn't be using anyway.

Mostly I want to start using the SimpleBox API...


Reply to this email directly or view it on GitHub.

@wasifhossain
Copy link
Contributor

since OpenSSL doesn't require the key to be in binary encoding, (hex)digest is usually different for non-binary keys.

non_binary_secret = 'secret'
binary_secret = [non_binary_secret].pack('H*')

data = 'a=1'

## non-binary secret

OpenSSL::HMAC.hexdigest('sha256', non_binary_secret, data)
#=> "82b8b502fa852da323a3e5b1bfb10a043ece1551b5c16576d9a995590596389a"

## binary secret

OpenSSL::HMAC.hexdigest('sha256', binary_secret, data)
#=> "6893231bee54ad8a1ddf7f0aae91ea3ee08e2daf09a322574b4c1e2ef0a7ef8e"

RbNaCl::HMAC::SHA256.auth(binary_secret, data).unpack1('H*')
#=> "6893231bee54ad8a1ddf7f0aae91ea3ee08e2daf09a322574b4c1e2ef0a7ef8e"

Seems like Shopify is also following the non-binary approach: https://shopify.dev/apps/auth/oauth/getting-started#process-through-the-hash-function.

Would you recommend a way that the community could follow. Thank you.

@tarcieri
Copy link
Contributor Author

tarcieri commented Aug 8, 2022

@wasifhossain generally I'd recommend Encoding::BINARY

@wasifhossain
Copy link
Contributor

thank you, @tarcieri. we'll try to follow this standard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tarcieri @namelessjon @Asmod4n @wasifhossain