Skip to content

Instantly share code, notes, and snippets.

@parallel588

parallel588/Joken.md

Forked from UA3MQJ/Joken.md
Created September 3, 2018 09:30
Show Gist options
  • Save parallel588/ae989bc156a69dd1b793bc98f10f4c39 to your computer and use it in GitHub Desktop.
Save parallel588/ae989bc156a69dd1b793bc98f10f4c39 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -101,7 +101,7 @@ signed_token = %{user_id: 123}
    |> Joken.sign(Joken.rs256(key_pri))
    |> Joken.get_compact()
    ```
    #### 3.2 Проверяем подпись используя только публичный ключ1
    #### 3.2 Проверяем подпись, имея только публичный ключ1
    ```elixir
    key_pub = JOSE.JWK.from_pem_file("./mykey1.pub") # загружаем публичный ключ

  2. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 3 additions and 2 deletions.
    5 changes: 3 additions & 2 deletions Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -91,7 +91,8 @@ openssl rsa -in mykey1.pri -pubout > mykey1.pub
    openssl genrsa -out mykey2.pri 1024
    openssl rsa -in mykey2.pri -pubout > mykey2.pub
    ```
    Создаем токен, подписанный приватным ключем1

    #### 3.1 Создаем токен, подписанный приватным ключем1
    ```elixir
    key_pri = JOSE.JWK.from_pem_file("./mykey1.pri") # загружаем ключ

    @@ -100,7 +101,7 @@ signed_token = %{user_id: 123}
    |> Joken.sign(Joken.rs256(key_pri))
    |> Joken.get_compact()
    ```
    Проверяем подпись с помощью публичного ключа
    #### 3.2 Проверяем подпись используя только публичный ключ1
    ```elixir
    key_pub = JOSE.JWK.from_pem_file("./mykey1.pub") # загружаем публичный ключ

  3. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 33 additions and 1 deletion.
    34 changes: 33 additions & 1 deletion Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -75,13 +75,14 @@ token
    |> Joken.token()
    |> Joken.with_signer(Joken.hs256("my_fake_secret_key"))
    |> Joken.verify!()

    {:error, "Invalid signature"}
    ```
    ### 3. Ассиметричное шифрование

    Цель - сделать так, чтобы Сервер А создал токен, а Сервер Б мог проверить подпись токена, при этом не разглашая "секретный ключ" из Сервера А в Сервер Б, т.к. он нам может не принадлежать. Для этого можно применять пару закрытый/публичный ключ.

    Формируем пары ключей:
    Формируем пары ключей (вторая пара для теста проверки подписи не тем открытым ключем):

    ```bash
    openssl genrsa -out mykey1.pri 1024
    @@ -90,5 +91,36 @@ openssl rsa -in mykey1.pri -pubout > mykey1.pub
    openssl genrsa -out mykey2.pri 1024
    openssl rsa -in mykey2.pri -pubout > mykey2.pub
    ```
    Создаем токен, подписанный приватным ключем1
    ```elixir
    key_pri = JOSE.JWK.from_pem_file("./mykey1.pri") # загружаем ключ

    signed_token = %{user_id: 123}
    |> Joken.token()
    |> Joken.sign(Joken.rs256(key_pri))
    |> Joken.get_compact()
    ```
    Проверяем подпись с помощью публичного ключа
    ```elixir
    key_pub = JOSE.JWK.from_pem_file("./mykey1.pub") # загружаем публичный ключ

    signed_token \
    |> Joken.token() \
    |> Joken.with_signer(Joken.rs256(key_pub)) \
    |> Joken.verify!()
    ```
    Результат - <code>{:ok, данные}</code>
    ```elixir
    {:ok, %{"user_id" => 123}}
    ```
    С другим публичным ключем будет, естественно, ошибка:
    ```elixir
    key_pub2 = JOSE.JWK.from_pem_file("./mykey2.pub")

    signed_token \
    |> Joken.token() \
    |> Joken.with_signer(Joken.rs256(key_pub2)) \
    |> Joken.verify!()

    {:error, "Invalid signature"}
    ```
  4. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 12 additions and 0 deletions.
    12 changes: 12 additions & 0 deletions Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -77,6 +77,18 @@ token
    |> Joken.verify!()
    {:error, "Invalid signature"}
    ```
    ### 3. Ассиметричное шифрование

    Цель - сделать так, чтобы Сервер А создал токен, а Сервер Б мог проверить подпись токена, при этом не разглашая "секретный ключ" из Сервера А в Сервер Б, т.к. он нам может не принадлежать. Для этого можно применять пару закрытый/публичный ключ.

    Формируем пары ключей:

    ```bash
    openssl genrsa -out mykey1.pri 1024
    openssl rsa -in mykey1.pri -pubout > mykey1.pub

    openssl genrsa -out mykey2.pri 1024
    openssl rsa -in mykey2.pri -pubout > mykey2.pub
    ```


  5. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 8 additions and 0 deletions.
    8 changes: 8 additions & 0 deletions Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -69,6 +69,14 @@ fake_token
    |> Joken.verify!()
    {:error, "Invalid signature"}
    ```
    проверяем не верным секретным текстовым ключем
    ```elixir
    token
    |> Joken.token()
    |> Joken.with_signer(Joken.hs256("my_fake_secret_key"))
    |> Joken.verify!()
    {:error, "Invalid signature"}
    ```



  6. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 34 additions and 1 deletion.
    35 changes: 34 additions & 1 deletion Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -34,8 +34,41 @@ token \
    |> Joken.with_signer(Joken.hs256("my_secret_key")) \
    |> Joken.verify!()
    ```

    Результат - <code>{:ok, данные}</code>
    ```elixir
    {:ok, %{"user_id" => 123}}
    ```
    Поддельный токен
    ```elixir
    fake_data = token
    |> String.split(".")
    |> (fn([_, y, _]) -> y end).()
    |> Base.url_decode64!(padding: false)
    |> Poison.decode!()
    |> Map.merge(%{"user_id" => 666})
    |> Poison.encode!()
    |> Base.url_encode64(padding: false)

    "eyJ1c2VyX2lkIjo2NjZ9"

    [head, _, sign] = token
    |> String.split(".")

    fake_token = head <> "." <> fake_data <> "." <> sign

    iex(xx)> fake_token = head <> "." <> fake_data <> "." <> sign
    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjo2NjZ9.czVgXnZv56oliGbbFV3HZMwrJsZEWgpoZO13yxgjPuA"
    iex(xx)> token
    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxMjN9.czVgXnZv56oliGbbFV3HZMwrJsZEWgpoZO13yxgjPuA"
    ```
    проверяем
    ```elixir
    fake_token
    |> Joken.token()
    |> Joken.with_signer(Joken.hs256("my_secret_key"))
    |> Joken.verify!()
    {:error, "Invalid signature"}
    ```



  7. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -35,7 +35,7 @@ token \
    |> Joken.verify!()
    ```

    Результат - <span style="color: #f2cf4a; font-family: Babas; font-size: 2em;">{:ok, данные}</span>
    Результат - <code>{:ok, данные}</code>
    ```elixir
    {:ok, %{"user_id" => 123}}
    ```
  8. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 15 additions and 1 deletion.
    16 changes: 15 additions & 1 deletion Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -24,4 +24,18 @@
    Результат - данные
    ```elixir
    %{"user_id" => 123}
    ```
    ```

    ### 3. Проверить подпись, зная текстовый секретный ключ

    ```elixir
    token \
    |> Joken.token() \
    |> Joken.with_signer(Joken.hs256("my_secret_key")) \
    |> Joken.verify!()
    ```

    Результат - <span style="color: #f2cf4a; font-family: Babas; font-size: 2em;">{:ok, данные}</span>
    ```elixir
    {:ok, %{"user_id" => 123}}
    ```
  9. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,6 +1,6 @@
    [https://github.com/bryanjos/joken](https://github.com/bryanjos/joken) - A JSON Web Token (JWT) Library

    # 1. Закодировать JWT - подпись секретным текстовым ключем "my_secret_key"
    ### 1. Закодировать JWT - подпись секретным текстовым ключем "my_secret_key"

    ```elixir
    token = %{user_id: 123}
    @@ -14,7 +14,7 @@
    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxMjN9.czVgXnZv56oliGbbFV3HZMwrJsZEWgpoZO13yxgjPuA"
    ```

    # 2. Расшифровать токен без проверки
    ### 2. Расшифровать токен без проверки

    ```elixir
    token
  10. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,6 +1,6 @@
    [https://github.com/bryanjos/joken](https://github.com/bryanjos/joken) - A JSON Web Token (JWT) Library

    1. Закодировать JWT - подпись секретным текстовым ключем "my_secret_key"
    # 1. Закодировать JWT - подпись секретным текстовым ключем "my_secret_key"

    ```elixir
    token = %{user_id: 123}
    @@ -14,7 +14,7 @@
    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxMjN9.czVgXnZv56oliGbbFV3HZMwrJsZEWgpoZO13yxgjPuA"
    ```

    2. Расшифровать токен без проверки
    # 2. Расшифровать токен без проверки

    ```elixir
    token
  11. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -22,6 +22,6 @@
    |> Joken.peek()
    ```
    Результат - данные
    ```json
    ```elixir
    %{"user_id" => 123}
    ```
  12. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -22,6 +22,6 @@
    |> Joken.peek()
    ```
    Результат - данные
    ```
    ```json
    %{"user_id" => 123}
    ```
  13. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 16 additions and 0 deletions.
    16 changes: 16 additions & 0 deletions Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -8,4 +8,20 @@
    |> Joken.with_signer(Joken.hs256("my_secret_key"))
    |> Joken.sign()
    |> Joken.get_compact()
    ```
    Результат - токен
    ```
    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxMjN9.czVgXnZv56oliGbbFV3HZMwrJsZEWgpoZO13yxgjPuA"
    ```

    2. Расшифровать токен без проверки

    ```elixir
    token
    |> Joken.token()
    |> Joken.peek()
    ```
    Результат - данные
    ```
    %{"user_id" => 123}
    ```
  14. @UA3MQJ UA3MQJ revised this gist Feb 7, 2018. 1 changed file with 8 additions and 6 deletions.
    14 changes: 8 additions & 6 deletions Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -1,9 +1,11 @@
    https://github.com/bryanjos/joken - A JSON Web Token (JWT) Library
    [https://github.com/bryanjos/joken](https://github.com/bryanjos/joken) - A JSON Web Token (JWT) Library

    1. Закодировать JWT - подпись секретным текстовым ключем "my_secret_key"

    token = %{user_id: 123}
    |> Joken.token()
    |> Joken.with_signer(Joken.hs256("my_secret_key"))
    |> Joken.sign()
    |> Joken.get_compact()
    ```elixir
    token = %{user_id: 123}
    |> Joken.token()
    |> Joken.with_signer(Joken.hs256("my_secret_key"))
    |> Joken.sign()
    |> Joken.get_compact()
    ```
  15. @UA3MQJ UA3MQJ created this gist Feb 7, 2018.
    9 changes: 9 additions & 0 deletions Joken.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,9 @@
    https://github.com/bryanjos/joken - A JSON Web Token (JWT) Library

    1. Закодировать JWT - подпись секретным текстовым ключем "my_secret_key"

    token = %{user_id: 123}
    |> Joken.token()
    |> Joken.with_signer(Joken.hs256("my_secret_key"))
    |> Joken.sign()
    |> Joken.get_compact()