fernet / fernet-go Goto Github PK

Adding FernetReader and FernetWriter implementing io.Reader and io.Writer would be really helpful and avoid tinkering with []byte.

I expected that when I provide a string input s to fernet for decoding, that I can take the resulting key and encode it to be s' and I should find that s' is equal to s.

Here is a sample program that demonstrates that what I expect is not what actually happens:

Fernet Version:

$ cd $GOPATH/src/github.com/kr/fernet
$ git log -1 --pretty=%h
9596341

Go Version:

$ go version
go version go1.1.1 darwin/amd64

Program:

package main

import (
    "fmt"
    "github.com/kr/fernet"
)

func main() {
    s := "BecstsYSkJY33Us91kgl6qPubHowWXcqaBxqhu7Nu6_="
    k := fernet.MustDecodeKeys(s)
    fmt.Printf("s=%s\ns'=%s\n", s, k[0].Encode())
}

Result:

$ go run x.go 
s =BecstsYSkJY33Us91kgl6qPubHowWXcqaBxqhu7Nu6_=
s'=BecstsYSkJY33Us91kgl6qPubHowWXcqaBxqhu7Nu68=

I am attempting to build a simple ruby script that will encrypt_and_sign data that kr/fernet can read.

There seems to be something wrong with my implementation. Any pointers you can provide would be greatly appreciated.

https://gist.github.com/ryandotsmith/5349499

This had me pulling hair for a while, but it seems that, if a different key is used to decrypt a token than is used to create it, even if they have the same secret, it will fail. Unfortunately, this means I cannot use fernet across servers.

• add a test against an invalid version (any value othe than 0x80, say 0x00 and 0x81)
• add a test vector that contains invalid base64 encodings, e.g. whitespace, line endings, missing padding characters, last bits not set to zero, / or + character etc.

I've noticed that encrypted payloads are base64 coded. Does it make any sense to have a binary mode? I'd like to use Fernet in a high-volume way (maybe that's against design ethos, I am not sure) and avoid paying for base64 in size blowup if possible.