Class: JWT::JWA::Hmac

Inherits:

Object

• Object
• JWT::JWA::Hmac

Includes:

SigningAlgorithm

Defined in:

lib/jwt/jwa/hmac.rb

Overview

Implementation of the HMAC family of algorithms

Defined Under Namespace

Modules: SecurityUtils

Constant Summary

MIN_KEY_LENGTHS =

Minimum key lengths for HMAC algorithms based on RFC 7518 Section 3.2. Keys must be at least the size of the hash output to ensure sufficient entropy for the algorithm's security level.

{
  'HS256' => 32,
  'HS384' => 48,
  'HS512' => 64
}.freeze

Instance Attribute Summary

Attributes included from SigningAlgorithm

#alg

Instance Method Summary

• #initialize(alg, digest) ⇒ Hmac constructor

  A new instance of Hmac.

• #sign(data:, signing_key:) ⇒ Object
• #verify(data:, signature:, verification_key:) ⇒ Object

Methods included from SigningAlgorithm

#header, #raise_sign_error!, #raise_verify_error!, #valid_alg?

Constructor Details

#initialize(alg, digest) ⇒ Hmac

Returns a new instance of Hmac.

# File 'lib/jwt/jwa/hmac.rb', line 18

def initialize(alg, digest)
  @alg = alg
  @digest = digest
end

Instance Method Details

#sign(data:, signing_key:) ⇒ Object

# File 'lib/jwt/jwa/hmac.rb', line 23

def sign(data:, signing_key:)
  ensure_valid_key!(signing_key)
  validate_key_length!(signing_key)

  OpenSSL::HMAC.digest(digest.new, signing_key, data)
end

#verify(data:, signature:, verification_key:) ⇒ Object

# File 'lib/jwt/jwa/hmac.rb', line 30

def verify(data:, signature:, verification_key:)
  ensure_valid_key!(verification_key)
  validate_key_length!(verification_key)

  SecurityUtils.secure_compare(signature, OpenSSL::HMAC.digest(digest.new, verification_key, data))
end