Add version byte to token format

Question

Add version byte to token format

hgmnz opened this issue 12 years ago · 2 comments

hgmnz commented 12 years ago

Start with 0x80, per #6 (comment)
Fernet code should reject formats it cannot handle.

hgmnz commented 12 years ago

done

Answer 1 · 2013-04-13T07:13:20.000Z

The proposed format is:

VERSION(1 byte) + HMAC (32b) + TIMESTAMP (8b) + IV (16b) + ciphertext

where the hmac is computed on

version + timestamp + iv + ciphertext

This makes me a little sad, since I'd prefer if the hmac input were also
exactly present in the token. It would be a little easier to compute and
verify that way.

Here's another possible approach to format changes:

Don't explicitly represent the "version" at all in the token, just try all
supported formats one by one. If any verifies, return success.

What do you think?

cc @tmaher