Crate amora_rs

Source
Expand description

Amora is a secure token inspired by JWT and Branca, but enhanced a bit in some areas.

Key features:

  • Can contain any type of payload: JSON, msgpack, cbor and so on…
  • Always encrypted and authenticated using XChaCha20-Poly1305 algorithm.
  • There are two versions of Amora:
    • Amora zero: encrypted with a 32-byte symmetric key.
    • Amora one: encrypted with a 32-byte asymmetric key.
  • Encoded using url-safe base64.
  • Always contain token generation time and TTL.

§Amora structure

  • header (4 bytes for Amora zero; 36 bytes for Amora one):
    • version marker: 0xa0 or 0xa1 (1 byte)
    • TTL (3 bytes; little-endian)
    • randomly generated public key (32 bytes; Amora one only)
  • nonce (24 bytes)
    • token generation time (first 4 bytes; little-endian)
    • randomly generated 20 bytes
  • payload (any length)
  • message authentication code (4 bytes)

§Token generation time (TGT) + TTL

TGT is an unsigned 32-bit int. It’s a number of seconds starting from the Unix epoch on January 1, 1970 UTC. This means that Amora tokens will work correctly until the year 2106.

TTL is an unsigned 24-bits int. It means that each token can be valid for a maximum of 194 days.

§Asymmetric encryption

The shared key is computed using the X25519 function. It requires two pairs of priv/pub keys. The first pair must be known. The second pair is randomly generated for each token.

Structs§

Amora
AmoraMeta

Enums§

AmoraErr
AmoraVer