z_crypto (zotonic_core v1.0.0-rc.17)
Crypto related functions for checksums and signatures.
Summary
Functions
Hash a value for authentication. This is used for signing payload data in user authentication flows. The data is signed using the concatenation of the Site secret and the user secret. Changing any of those will invalidate all signed data (cookies, autologon secrets etc.) for the user.
Calculate a checksum for the given data using the sign_key_simple of the site.
Assert that the checksum is correct. Throws an exception of class error with reason checksum_invalid if the checksum is not valid. The sign_key_simple if used for the checksum calculation.
Decode a value. Crash if the checksum is invalid.
Decode a value using a checksum, check date to check for expiration. Crashes if the checksum is invalid.
Decode pickled base64url data. If the data checksum is invalid then an exception of class error with reason checksum_invalid is thrown. The site's sign_key is used as the secret.
Encode value to a binary with a checksum, for use in cookies.
Encode a value using a checksum, add a date to check for expiration.
Hash256 data and encode into a hex string safe for filenames and texts.
Calculate the hash of a file by incrementally reading it.
Hash data and encode into a hex string safe for filenames and texts.
Encode an arbitrary to a binary. A checksum is added to prevent decoding erlang terms not originating from this server. An Nonce is added so that identical terms vary in their checksum. The encoded value is safe to use in URLs (base64url). The site's sign_key is used as the secret.
Functions
-spec auth_hash(SiteSecret, UserSecret, Data) -> Hash when SiteSecret :: binary(), UserSecret :: binary(), Data :: iodata(), Hash :: binary().
Hash a value for authentication. This is used for signing payload data in user authentication flows. The data is signed using the concatenation of the Site secret and the user secret. Changing any of those will invalidate all signed data (cookies, autologon secrets etc.) for the user.
-spec checksum(Data, Context) -> Checksum when Data :: iodata(), Context :: z:context(), Checksum :: binary().
Calculate a checksum for the given data using the sign_key_simple of the site.
-spec checksum_assert(Data, Checksum, Context) -> ok | no_return() when Data :: iodata(), Checksum :: binary() | string(), Context :: z:context().
Assert that the checksum is correct. Throws an exception of class error with reason checksum_invalid if the checksum is not valid. The sign_key_simple if used for the checksum calculation.
Decode a value. Crash if the checksum is invalid.
-spec decode_value_expire(Encoded, Context) -> {ok, Value} | {error, expired} when Encoded :: binary(), Value :: term(), Context :: z:context().
Decode a value using a checksum, check date to check for expiration. Crashes if the checksum is invalid.
-spec depickle(Data, Context) -> Term | no_return() when Data :: binary(), Context :: z:context(), Term :: term().
Decode pickled base64url data. If the data checksum is invalid then an exception of class error with reason checksum_invalid is thrown. The site's sign_key is used as the secret.
Encode value to a binary with a checksum, for use in cookies.
-spec encode_value_expire(Value, Date, Context) -> Encoded when Value :: term(), Date :: calendar:datetime(), Context :: z:context(), Encoded :: binary().
Encode a value using a checksum, add a date to check for expiration.
Hash256 data and encode into a hex string safe for filenames and texts.
-spec hex_sha2_file(File) -> {ok, Hash} | {error, Reason} when File :: file:filename_all(), Hash :: binary(), Reason :: file:posix() | term().
Calculate the hash of a file by incrementally reading it.
Hash data and encode into a hex string safe for filenames and texts.
Encode an arbitrary to a binary. A checksum is added to prevent decoding erlang terms not originating from this server. An Nonce is added so that identical terms vary in their checksum. The encoded value is safe to use in URLs (base64url). The site's sign_key is used as the secret.