Skip to content
/ hapijs-iron-sharp Public

A mostly compatibly .NET implementation of @hapi/iron encapsulated tokens (encrypted and mac'ed objects)

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

heathprovost/hapijs-iron-sharp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits

IronSharp

IronSharp

 
 

.gitignore

.gitignore

 
 

IronSharp.sln

IronSharp.sln

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

hapijs-iron-sharp

A mostly compatible .NET implementation of @hapijs/iron encapsulated tokens (encrypted and mac'ed objects)

Differences

  • You must serialize/deserialize your data yourself (@hapijs/iron does this for you).
  • To ensure interoperability with @hapijs/iron in node, just make sure anything you seal can be cleanly parsed by JSON.parse and that your password matches as well at the settings for ttl, timestampSkew, and localtimeOffset.
  • Password rotation is supported and is interoporable, but is implemented differently. See examples.
  • Encryption\decryption uses aes-256-cbc and Hmac uses sha256 exclusively, exactly as configured in @hapijs/iron default settings.
  • aes-128-ctr is not supported, nor is customizing algorithms settings like iterations, minPasswordlength, or saltBits.

Examples

Basics

var plaintext = "{\"foo\":\"bar\"}"; //anything serialized into JSON
var password = "my-really-secure-password-string";

var token = Iron.Seal(plaintext, password, Iron.DEFAULTS);
var unsealed = Iron.Unseal(token, password, Iron.DEFAULTS);

Console.WriteLine(unsealed);
//Prints {"foo":"bar"}

Set TTL

var plaintext = "{\"foo\":\"bar\"}"; //anything serialized into JSON
var options = new IronOptions(ttl: (60 * 1000)); //1 minute in milliseconds
var password = "my-really-secure-password-string";

var token = Iron.Seal(plaintext, password, options);

//...wait until TTL expires

var unsealed = Iron.Unseal(token, password, options);

//Throws "Expired seal" exception

Password Rotation

var plaintext = "{\"foo\":\"bar\"}"; //anything serialized into JSON
var password1 = new IronPassword(id: "foo", password: "my-really-secure-password-string");
var password2 = new IronPassword(id: "bar", password: "my-other-really-secure-password-string");
var token = Iron.Seal(plaintext, password1, Iron.DEFAULTS);

var unsealed = Iron.Unseal(token, password2, Iron.DEFAULTS); //Throws "Cannot find password foo" exception

//create array with both passwords in it and try again

var passwords = new IronPassword[] {password1, password2};
var unsealed = Iron.Unseal(token, passwords, Iron.DEFAULTS);
Console.WriteLine(unsealed);
//Prints {"foo":"bar"}

About

A mostly compatibly .NET implementation of @hapi/iron encapsulated tokens (encrypted and mac'ed objects)

Topics

csharp hapi dotnet hapijs

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages