Fernet generates and verifies HMAC-based authentication tokens.
Originally designed for use within OpenStack clusters, it was intended to be fast and light-weight, with non-persistent tokens. Integrity and confidentiality of the token contents are implemented with HMAC SHA256 and AES128 CBC.
See the Fernet Spec for a little more information.
To encrypt a token:
>>> import Network.Fernet
>>> k <- generateKey
>>> keyToBase64 k
"JQAeL3iFN9wIW_hMKiIzA1EiG_EZNivnMPBOOJn2wZc="
>>> token <- encrypt k "secret text"
>>> print token
"gAAAAABY0H9kx7ihkcj6ZF_bQ73Lvc7aG-ZlEtjx24io-DQy5tCjLbq1JvVY27uAe6BuwG8css-4LDIywOJRyY_zetq7aLPPag=="
The resulting token can be distributed to clients. To check and decrypt the token, use the same key:
>>> decrypt k 60 token
Right "secret text"
Do read the Network.Fernet module documentation for further information.
This package also includes a command-line tool for encrypting and decrypting tokens.
Fernet Utility
Usage: fernet (((-k|--key STRING) | --key-file FILENAME) ([-e|--encrypt] |
[-d|--decrypt]) [--ttl SECONDS] | (-g|--gen-key))
Encrypts/decrypts Fernet tokens. One token written to stdout for each line
read from stdin. Use --gen-key to make a key.
Available options:
-h,--help Show this help text
-k,--key STRING Base64-urlsafe-encoded 32 byte encryption key
--key-file FILENAME File containing the encryption key
-e,--encrypt Encryption mode (default: autodetect)
-d,--decrypt Decryption mode (default: autodetect)
--ttl SECONDS Token lifetime in seconds (default: 1 minute)
-g,--gen-key Generate a key from the password on standard input
stack build
nix-shell -p cabal2nix --command "cabal2nix --shell . > default.nix"
nix-shell --command "cabal configure"
cabal build
You might also be interested in hsoz.