diff --git a/README.md b/README.md index bf0f98a..0921c62 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Furthermore, this library uses HKDF (RFC 5869) to derive the key from the secret Additionally, from my research and understanding, the key will be hashed with the hash function provided if the key is longer than the block size of the hash function. -On other hand, if the key is shorter than the block size of the hash function, it will be padded with zeros or `0x00` to match the block size. +On the other hand, if the key is shorter than the block size of the hash function, it will be padded with zeros or `0x00` to match the block size. Although it is not really a concern due to how HMAC works, it does reduce the effort needed to brute-force the key if it is padded with zeros. @@ -51,7 +51,8 @@ HMACHashAlgorithm hashFunction = HMACHashAlgorithm.SHA1; var serialiser = new Serialiser(key, salt, hashFunction); object data = new { Name = "John Doe", Age = 25 }; -string token = serialiser.Dumps(data); // eyJOYW1lIjoiSm9obiBEb2UiLCJBZ2UiOjI1fQ.m4km5yvsgL1V3fzPrEg/Ay9eX0c +string token = serialiser.Dumps(data); +// eyJOYW1lIjoiSm9obiBEb2UiLCJBZ2UiOjI1fQ.m4km5yvsgL1V3fzPrEg/Ay9eX0c try { @@ -68,7 +69,7 @@ string name = payload.Get("Name"); int age = payload.Get("Age"); ``` -Signing and verifying a token with a string payload with 1 hour a time limit; +Signing and verifying a token with a string payload with 1 hour time limit; ```csharp string key = "secret"; @@ -78,12 +79,13 @@ HMACHashAlgorithm hashFunction = HMACHashAlgorithm.SHA256; int maxAge = 3600; // 1 hour in seconds var serialiser = new TimedSerialiser(key, salt, maxAge, hashFunction); string data = "Message that should not tampered with!"; -string token = serialiser.Dumps(data); // TWVzc2FnZSB0aGF0IHNob3VsZCBub3QgdGFtcGVyZWQgd2l0aCE.MTcwNzI3OTk4Nw.dTOD5GbC/V46IAKKMpIFJQF7kG+7wKjq3aoZWbB9cDE +string token = serialiser.Dumps(data); +// TWVzc2FnZSB0aGF0IHNob3VsZCBub3QgdGFtcGVyZWQgd2l0aCE.MTcwNzI3OTk4Nw.dTOD5GbC/V46IAKKMpIFJQF7kG+7wKjq3aoZWbB9cDE try { string message = serialiser.LoadsString(token); - Assert.Equal(data, message); + Assert.AreEqual(data, message); } catch (BadTokenException) { @@ -101,12 +103,13 @@ HMACHashAlgorithm hashFunction = HMACHashAlgorithm.SHA384; var serialiser = new URLSafeSerialiser(key, salt, hashFunction, info); string data = "Note that this message can be still read by users by base64 decoding it!"; -string token = serialiser.Dumps(data); // Tm90ZSB0aGF0IHRoaXMgbWVzc2FnZSBjYW4gYmUgc3RpbGwgcmVhZCBieSB1c2VycyBieSBiYXNlNjQgZGVjb2RpbmcgaXQh.zNYNQ2Uq3OayBPRn6ItYRUzSmCmb5vHbTAfgJPK9GzEHxdrFQen5yLR2HZo7q-Kn +string token = serialiser.Dumps(data); +// Tm90ZSB0aGF0IHRoaXMgbWVzc2FnZSBjYW4gYmUgc3RpbGwgcmVhZCBieSB1c2VycyBieSBiYXNlNjQgZGVjb2RpbmcgaXQh.zNYNQ2Uq3OayBPRn6ItYRUzSmCmb5vHbTAfgJPK9GzEHxdrFQen5yLR2HZo7q-Kn try { string message = serialiser.LoadsString(token); - Assert.Equal(data, message); + Assert.AreEqual(data, message); } catch (BadTokenException) { @@ -132,12 +135,13 @@ HMACHashAlgorithm hashFunction = HMACHashAlgorithm.SHA512; var serialiser = new TimedURLSafeSerialiser(key, salt, maxAge, hashFunction, sep: "!"); string data = "nurture"; -string token = serialiser.Dumps(data); // bnVydHVyZQ!MTcwNzI4MDA0Mw!8StFXyv9pg6mwvCU7-gef3tgs-QyqeSbZRipryKu7PUyG3DNOhsyjVDKcH3-kFCEvDpQI4DxSleOsm9mV4VW9w +string token = serialiser.Dumps(data); +// bnVydHVyZQ!MTcwNzI4MDA0Mw!8StFXyv9pg6mwvCU7-gef3tgs-QyqeSbZRipryKu7PUyG3DNOhsyjVDKcH3-kFCEvDpQI4DxSleOsm9mV4VW9w try { string message = serialiser.LoadsString(token); - Assert.Equal(data, message); + Assert.AreEqual(data, message); } catch (BadTokenException) { @@ -147,7 +151,7 @@ catch (BadTokenException) Also, you can use the included base64 encoders: -However, in my implementation, I have removed the padding `=` from the base64 encoded string to slightly reduce the length of the token. +However, in my implementation, I have removed the padding `=` from the base64 encoded string to reduce the length of the token slightly. ```csharp using HMACSerialiser.Base64Encoders; @@ -155,12 +159,12 @@ using HMACSerialiser.Base64Encoders; string data = "~~~https://github.com/KJHJason/HMACSerialiser~~~"; string base64Data = Base64Encoder.Encode(data); -Assert.Equal("fn5+aHR0cHM6Ly9naXRodWIuY29tL0tKSEphc29uL0hNQUNTZXJpYWxpc2Vyfn5+", base64Data); +Assert.AreEqual("fn5+aHR0cHM6Ly9naXRodWIuY29tL0tKSEphc29uL0hNQUNTZXJpYWxpc2Vyfn5+", base64Data); string decodedString = Base64Encoder.DecodeToString(base64); -Assert.Equal("~~~https://github.com/KJHJason/HMACSerialiser~~~", decodedString); +Assert.AreEqual("~~~https://github.com/KJHJason/HMACSerialiser~~~", decodedString); string urlSafeBase64Data = URLSafeBase64Encoder.Encode(data); -Assert.Equal("fn5-aHR0cHM6Ly9naXRodWIuY29tL0tKSEphc29uL0hNQUNTZXJpYWxpc2Vyfn5-", urlSafeDecodedString); +Assert.AreEqual("fn5-aHR0cHM6Ly9naXRodWIuY29tL0tKSEphc29uL0hNQUNTZXJpYWxpc2Vyfn5-", urlSafeDecodedString); string urlSafeDecodedString = URLSafeBase64Encoder.DecodeToString(urlSafeBase64Data); -Assert.Equal("~~~https://github.com/KJHJason/HMACSerialiser~~~", urlSafeBase64Data); +Assert.AreEqual("~~~https://github.com/KJHJason/HMACSerialiser~~~", urlSafeBase64Data); ```