ArZypher is a simple mechanism to generate URL-safe tokens with data like JWT, but with the data encrypted. The token consists of three parts:
[n-bits random seed]|[n-bits verify signature]|[n-bits data stored]
pip3 install git+https://github.com/Andres77872/ArZypher.git@master
from ArZypher import arzypher_decoder, arzypher_encoder
private_key = 'PRIVATE KEY'
params_keys = [32]
params_data = [7]
check_sum = 256
random_key = 32
b64, key = arzypher_encoder(
private_key=private_key,
random_key=random_key,
check_sum=check_sum,
params_keys=params_keys,
params_data=params_data,
padding=None
)
decode, key = arzypher_decoder(
private_key=private_key,
random_key=random_key,
check_sum=check_sum,
params_keys=params_keys,
encoded=b64,
padding=None
)
Optional. By default, it's an empty string ""
. This is used as a shared private key to verify the token's
signature.
Optional integer, by default, it's None
. This defines the hash algorithm, and the possible values are
256 (HS256)
, 384 (HS384)
, and 512 (HS512)
. This will use the private_key
.
If you set a value less than 256, then by default, it will use HS256 and the n-bits defined by the user. This is useful to keep the token the same length each time (24 bits = 4 b64 characters).
The token's signature consists of:
key
=private_key
msg
=binary_random_key + binary_params_data + ''.join(map(str, params_keys))
Optional integer, by default, it's None
. Used to generate a new token with the same data each time it's
created, used in token refresh.
This parameter consists of an n-bits integer random number generated by the lib secrets
and used as a seed for the random
lib to encrypt the token.
This is not another field of security; it's just to generate new tokens in the same session.
A list
with the n-bits used by each data.
For example, to save the register id, the timestamp in seconds, some data with 8 bits (0-255),
and 3 True-False permissions, the list of params_keys
must be this.
params_keys = [
64,
32,
8,
1,
1,
1,
]
The system is sensitive to the position number, and this [32,24,8,1]
is different from
[32,24,1,8]
. Also, at the moment of decryption, the decrypted value will be recovered using
the n-bits declared in the list.
A list
with the data that will be encoded in the token.
It's possible to store integers and string data, but the string type must be declared in the params_keys
variable.
For example, to use the last params_keys
and in addition to the numbers, it's necessary
to save a UTF-8 string. This type must be declared as [str, len(msg)*8]
. The int can also
be described as [int, n-bits]
.
params_keys = [
[int, 64],
32,
8,
1,
1,
1,
[str, 11 * 8]
]
# The params_data
params_data = [
1245,
1497169783,
214,
1,
0,
0,
"hello world"
]
Not implemented yet.
from ArZypher import arzypher_decoder, arzypher_encoder
private_key = 'PRIVATE KEY'
params_keys = [
[int, 64],
32,
8,
1,
1,
1,
[str, 11 * 8]
]
params_data = [
1245,
1497169783,
214,
1,
0,
0,
"hello world"
]
check_sum = 256 # HS256
random_key = 32 # 32 bits for the random token generator
b64, key = arzypher_encoder(
private_key=private_key,
random_key=random_key,
check_sum=check_sum,
params_keys=params_keys,
params_data=params_data,
padding=None
)
print(b64) # 4tZ8rOH8mefr66gGsxV4gdRgIC1_NquyXfz_rLUQ5LdbU3PXqlBqOYBmF7Zxl00J4bGHFq4n6OMNALJ-KA
decode, key = arzypher_decoder(
private_key=private_key,
random_key=random_key,
check_sum=check_sum,
params_keys=params_keys,
encoded=b64,
padding=None
)
print(decode) # [1245, 1497169783, 214, 1, 0, 0, 'hello world']
It's recommended to keep the variables private_key
, random_key
, check_sum
, and params_keys
secreted.
The values can also be used as a key if you keep their value private, but the private_key
MUST BE A SECRET PASSWORD ON THE SERVER SIDE.