Created
March 6, 2017 21:44
-
-
Save aaronpk/3746e3acdf880acf384d9be3f501fde7 to your computer and use it in GitHub Desktop.
Prototype of two-factor authentication using email and a password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'jwe' | |
# Set your password and email address | |
key = Digest::SHA256.digest('p455w0rd!') | |
payload = 'aaron@parecki.com' | |
# Create the JWE string | |
encrypted = JWE.encrypt(payload, key, alg:'dir') | |
# Put the resulting string on your website: | |
# <link rel="???" href="emailauth:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4R0NNIn0..BikmXTFB7Fcg_hhZ.Y0jDbweNGq8V3zY8gdeUFME.9i6NAgyBTHyw9P2Au55YMg"> | |
######## | |
# Now when a website wants to email you a challenge, in order to find the | |
# email address to send to, you have to provide the encryption key to | |
# allow it to decrypt the email | |
plaintext = JWE.decrypt encrypted, key | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment