Skip to content
/ hapijs-iron-sharp Public

A mostly compatibly .NET implementation of @hapi/iron encapsulated tokens (encrypted and mac'ed objects)

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

heathprovost/hapijs-iron-sharp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
IronSharp
IronSharp
 
 
.gitignore
.gitignore
 
 
IronSharp.sln
IronSharp.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

hapijs-iron-sharp

A mostly compatible .NET implementation of @hapijs/iron encapsulated tokens (encrypted and mac'ed objects)

Differences

  • You must serialize/deserialize your data yourself (@hapijs/iron does this for you).
  • To ensure interoperability with @hapijs/iron in node, just make sure anything you seal can be cleanly parsed by JSON.parse and that your password matches as well at the settings for ttl, timestampSkew, and localtimeOffset.
  • Password rotation is supported and is interoporable, but is implemented differently. See examples.
  • Encryption\decryption uses aes-256-cbc and Hmac uses sha256 exclusively, exactly as configured in @hapijs/iron default settings.
  • aes-128-ctr is not supported, nor is customizing algorithms settings like iterations, minPasswordlength, or saltBits.

Examples

Basics

var plaintext = "{\"foo\":\"bar\"}"; //anything serialized into JSON
var password = "my-really-secure-password-string";

var token = Iron.Seal(plaintext, password, Iron.DEFAULTS);
var unsealed = Iron.Unseal(token, password, Iron.DEFAULTS);

Console.WriteLine(unsealed);
//Prints {"foo":"bar"}

Set TTL

var plaintext = "{\"foo\":\"bar\"}"; //anything serialized into JSON
var options = new IronOptions(ttl: (60 * 1000)); //1 minute in milliseconds
var password = "my-really-secure-password-string";

var token = Iron.Seal(plaintext, password, options);

//...wait until TTL expires

var unsealed = Iron.Unseal(token, password, options);

//Throws "Expired seal" exception

Password Rotation

var plaintext = "{\"foo\":\"bar\"}"; //anything serialized into JSON
var password1 = new IronPassword(id: "foo", password: "my-really-secure-password-string");
var password2 = new IronPassword(id: "bar", password: "my-other-really-secure-password-string");
var token = Iron.Seal(plaintext, password1, Iron.DEFAULTS);

var unsealed = Iron.Unseal(token, password2, Iron.DEFAULTS); //Throws "Cannot find password foo" exception

//create array with both passwords in it and try again

var passwords = new IronPassword[] {password1, password2};
var unsealed = Iron.Unseal(token, passwords, Iron.DEFAULTS);
Console.WriteLine(unsealed);
//Prints {"foo":"bar"}

About

A mostly compatibly .NET implementation of @hapi/iron encapsulated tokens (encrypted and mac'ed objects)

Topics

csharp hapi dotnet hapijs

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages