Popularity

0.3

Stable

Activity

0.0

Stable

Stars 1

Watchers 2

Forks 0

Last Commit over 2 years ago

Description

It is compatible with grempe/session-keys-js which can generates identical IDs and crypto keys using Javascript when given the same username and passphrase values. Both libraries have extensive tests to ensure they remain interoperable.

The strength of the system lies in the fact that the keypairs are derived from passing an identifier such as a username or email address, and a high-entropy passphrase through the SHA256 cryptographic one-way hash function, and then 'stretching' that username/password into strong key material using the scrypt key derivation function.

For an overview of the security design, please see the README for the companion project grempe/session-keys-js @ https://github.com/grempe/session-keys-js

Code Quality Rank: L5

Monthly Downloads: 37

Programming language: Ruby

License: MIT License

Tags: Authentication And OAuth Encryption Security NaCl Key Derivation

Latest version: v2.0.0

sessionKeys alternatives and similar gems

Based on the "Security" category.
Alternatively, view sessionKeys alternatives based on common mentions on social networks and blogs.

Metasploit

10.0 9.9 L1 sessionKeys VS Metasploit

Metasploit Framework
BeEF

9.8 0.0 sessionKeys VS BeEF

The Browser Exploitation Framework Project

Static code analysis for 29 languages.

Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

Promo www.sonarqube.org

Brakeman

9.5 0.0 L3 sessionKeys VS Brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications
Gitrob

9.3 0.0 L5 sessionKeys VS Gitrob

Reconnaissance tool for GitHub organizations
Rack::Attack

9.2 0.0 L5 sessionKeys VS Rack::Attack

Rack middleware for blocking & throttling
SecureHeaders

8.6 0.0 sessionKeys VS SecureHeaders

Manages application of security headers with many safe defaults
bundler-audit

8.1 0.0 L5 sessionKeys VS bundler-audit

Patch-level verification for Bundler
Bearer

6.4 10.0 sessionKeys VS Bearer

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
RbNaCl

6.0 0.0 L5 sessionKeys VS RbNaCl

Ruby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)
Hashids

5.7 0.0 L5 sessionKeys VS Hashids

A small Ruby gem to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.
Rack::Protection

5.5 0.0 sessionKeys VS Rack::Protection

NOTE: This project has been merged upstream to sinatra/sinatra
Ronin

4.8 10.0 sessionKeys VS Ronin

Ronin is a Free and Open Source Ruby Toolkit for Security Research and Development. Ronin also allows for the rapid development and distribution of code, exploits, payloads, etc, via 3rd party git repositories.
Rack::UTF8Sanitizer

3.8 0.0 sessionKeys VS Rack::UTF8Sanitizer

Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.
Clamby

2.4 0.0 sessionKeys VS Clamby

ClamAV interface to your Ruby on Rails project.
ronin-exploits

2.1 10.0 sessionKeys VS ronin-exploits

A Ruby micro-framework for writing and running exploits
ronin-vulns

1.6 10.0 sessionKeys VS ronin-vulns

Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
SiRP

1.4 0.0 L5 sessionKeys VS SiRP

Secure (interoperable) Remote Password Auth (SRP-6a)
TSS - Threshold Secret Sharing

1.1 0.0 L5 sessionKeys VS TSS - Threshold Secret Sharing

A Ruby implementation of Threshold Secret Sharing (Shamir) as defined in IETF Internet-Draft draft-mcgrew-tss-03.txt
Active Entry

0.7 0.0 sessionKeys VS Active Entry

A flexible access control system for your Rails app
Rack::JsonWebTokenAuth

0.5 0.0 L5 sessionKeys VS Rack::JsonWebTokenAuth

Rack middleware for authentication using JSON Web Tokens (JWT)
Rack::ContentSecurityPolicy

0.3 0.0 L5 sessionKeys VS Rack::ContentSecurityPolicy

Rack middleware for declaratively setting the HTTP ContentSecurityPolicy (W3C CSP Level 2/3) security header to help prevent against XSS and other browser based attacks.

* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.

Do you think we are missing an alternative of sessionKeys or a related project?

Add another 'Security' Gem

Popular Comparisons

README

sessionKeys (Ruby)

sessionKeys is a cryptographic tool for the generation of unique user IDs, and NaCl compatible Curve25519 encryption, and Ed25519 digital signature keys using Ruby.

The strength of the system lies in the fact that the keypairs are derived from passing an identifier such as a username or email address, and a high-entropy passphrase through the SHA256 cryptographic one-way hash function, and then 'stretching' that username/password into strong key material using the scrypt key derivation function.

For an overview of the security design, please see the README for the companion project grempe/session-keys-js

Installation

Add this line to your application's Gemfile:

gem 'session_keys'

And then execute:

$ bundle

Or install it yourself as:

$ gem install session_keys

Usage

require 'session_keys'

SessionKeys.generate('[email protected]', 'my strong passphrase')

{
  id: '...',
  byte_keys: [...],
  hex_keys: [...],
  nacl_encryption_key_pairs: [...],
  nacl_encryption_key_pairs_base64: [...],
  nacl_signing_key_pairs: [...],
  nacl_signing_key_pairs_base64: [...],
  process_time: 250
}

Security Note : Each Array will contain eight values. Since each value at a particular Array index is derived from the same key material it is recommended to choose the different key types you need from different Array indexes. This ensures that each key type was not derived from the same value.

# uuid : array index 0
output.hex_keys[0]

# encryption keypair : array index 1
output.nacl_encryption_key_pairs[1]

# signing keypair : array index 2
output.nacl_signing_key_pairs[2]

Installation Security : Signed Git Commits

Most, if not all, of the commits and tags to the repository for this code are signed with my PGP/GPG code signing key. I have uploaded my code signing public keys to GitHub and you can now verify those signatures with the GitHub UI. See this list of commits and look for the Verified tag next to each commit. You can click on that tag for additional information.

You can also clone the repository and verify the signatures locally using your own GnuPG installation. You can find my certificates and read about how to conduct this verification at https://www.rempe.us/keys/.

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/grempe/session-keys-rb. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

Legal

Copyright

License

The gem is available as open source under the terms of the MIT License.

Warranty

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the LICENSE.txt file for the specific language governing permissions and limitations under the License.

*Note that all licence references and agreements mentioned in the sessionKeys README section above are relevant to that project's source code only.

sessionKeys

A tool for the deterministic generation of unique user IDs, and NaCl cryptographic keys from a single username and high entropy passphrase.