CMS is a high influence by django's cryptographic library and json web
signature/encryption signing algorithm with focus on have a compact
representation. It's build on top of fantastic ptaoussanis/nippy
serialization library.
In order to use this you shall include the concrete nippy library because
buddy-sign does not have a hardcoded dependency to it:
;; project.clj
[com.taoensso/nippy "3.1.1"]
;; deps.edn
com.taoensso/nippy {:mvn/version "3.1.1"}
In the same way as JWS, it support a great number of different signing algorithms that can be used for sign your messages:
| Algorithm name | Hash algorithms | Keywords | Priv/Pub Key? |
|---|---|---|---|
| Elliptic Curve DSA | sha256, sha512 | :es256, :es512 | Yes |
| RSASSA PSS | sha256, sha512 | :ps256, :ps512 | Yes |
| RSASSA PKCS1 v1_5 | sha256, sha512 | :rs256, :rs512 | Yes |
| Poly1305 | aes, twofish, serpent | :poly1305-aes, :poly1305-serpent, :poly1305-twofish | No |
| HMAC | sha256*, sha512 | :hs256, :hs512 | No |
In difference with jwt, this implementation is not limited to hash-map like objects, and you can sign any clojure valid type.
Let see an example:
(require '[buddy.sign.compact :as cms])
(def data (cms/sign #{:foo :bar} "secret")
(cms/unsign data "secret")
;; => #{:foo :bar}
Then, you also will be able validate the signed message based in its age:
(cm/unsign data "secret" {:max-age (* 15 60)})
;; => ExceptionInfo: "Token is older than 1427836475"
NOTE: Only :max-age validation is bundlind all other validation
are delegated to the user code.
Can you improve this documentation?Edit on GitHub
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |