Module: Usps::JwtAuth::Fingerprint

Defined in:

lib/usps/jwt_auth/fingerprint.rb

Overview

OpenSSH-style SHA256 key fingerprint: base64url(SHA256(ssh-rsa wire blob)), i.e. the value ‘ssh-keygen -lf` prints as `SHA256:…`. This is the identifier used for key filenames and the JWT `key` claim, and it is content-addressed: a given fingerprint maps to exactly one public key, forever. Encode stamps it onto tokens; Decode uses it to verify a fetched key really is the key the token names.

Class Method Summary

• .for(public_key) ⇒ Object

Class Method Details

.for(public_key) ⇒ Object

# File 'lib/usps/jwt_auth/fingerprint.rb', line 14

def for(public_key)
  digest = OpenSSL::Digest::SHA256.digest(ssh_public_blob(public_key))
  [digest].pack('m0').tr('+/', '-_').delete('=')
end