https://github.com/rubyonworld/http-signatures-ruby
Ruby implementation of HTTP Signatures draft specification; cryptographically sign and verify HTTP requests and responses.
https://github.com/rubyonworld/http-signatures-ruby
http signature
Last synced: 9 months ago
JSON representation
Ruby implementation of HTTP Signatures draft specification; cryptographically sign and verify HTTP requests and responses.
- Host: GitHub
- URL: https://github.com/rubyonworld/http-signatures-ruby
- Owner: RubyOnWorld
- License: mit
- Created: 2022-09-27T15:28:05.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2022-09-27T17:38:08.000Z (over 3 years ago)
- Last Synced: 2025-06-21T04:09:38.881Z (10 months ago)
- Topics: http, signature
- Language: Ruby
- Homepage:
- Size: 55.7 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# HTTP Signatures
Ruby implementation of [HTTP Signatures][draft03] draft specification;
cryptographically sign and verify HTTP requests and responses.
See also:
* https://github.com/99designs/http-signatures-php
## Usage
Add [`http_signatures`][gem] to your `Gemfile`.
Configure a context with your algorithm, keys, headers to sign. In Rails,
this is best placed in an initializer.
```rb
require "http_signatures"
$context = HttpSignatures::Context.new(
keys: {"examplekey" => "secret-key-here"},
algorithm: "hmac-sha256",
headers: ["(request-target)", "Date", "Content-Length"],
)
```
If there's only one key in the `keys` hash, that will be used for signing.
Otherwise, specify one via `signing_key_id: "examplekey"`.
### Messages
A message is an HTTP request or response. A subset of the interface of
Ruby's Net::HTTPRequest and Net::HTTPResponse is expected; the ability to
set/read headers via `message["name"]`, and for requests, the presence
of `message#method` and `message#path` for `(request-target)` support.
```rb
require "net/http"
require "time"
message = Net::HTTP::Get.new(
"/path?query=123",
"Date" => Time.now.rfc822,
"Content-Length" => "0",
)
```
### Signing a message
```rb
$context.signer.sign(message)
```
Now `message` contains the signature headers:
```rb
message["Signature"]
# keyId="examplekey",algorithm="hmac-sha256",headers="...",signature="..."
message["Authorization"]
# Signature keyId="examplekey",algorithm="hmac-sha256",headers="...",signature="..."
```
### Verifying a signed message
```rb
$context.verifier.valid?(message) # => true or false
```
## Contributing
Pull Requests are welcome.
[draft03]: http://tools.ietf.org/html/draft-cavage-http-signatures-03
[gem]: http://rubygems.org/gems/http_signatures