#verification #jwt #fernet

bundy

Bundy data signing and verification library

3 releases

0.1.2 Oct 1, 2021
0.1.1 May 24, 2021
0.1.0 May 21, 2021

#2046 in Cryptography

MPL-2.0 license

13KB
189 lines

Bundy

Bundy is a small library that allows verification and signatures of parcels of data. Unlike fernet which encrypts and creates opaque blobs, Bundy allows a client to inspect and see the data. It is transparent, and should NOT be used to store secrets.

Use cases are:

  • Signing cookies or tokens that a client should be able to read and parse, but not alter.
  • In place of JWT, but without many of the complications and issues that come with JWT.

Why is this named Bundy?

Fernet is named after an Italian spirit - Bundy is named after an Australian spirit.


lib.rs:

Bundy provides the ability to sign and verify pieces of serialisable data in a way that makes misusing it difficult. It is heavily inspired by Fernet. These transparent data can be then inspected by clients for their content, while a server may verify that they have not been tampered with.

Dependencies

~2.5–4MB
~85K SLoC