The fernet package

[Tags:lgpl, library, test]

Originally designed for use within OpenStack clusters, Fernet is intended to be fast and light-weight, with non-persistent tokens. Fernet tokens are signed with a SHA256 HMAC and their contents encrypted with AES128 in CBC mode.

[Skip to Readme]


Change log
Dependencies base (==4.9.*), binary (>= && <0.10), byteable (>=0.1.1 && <0.2), bytestring (>=0.10.8 && <0.11), cryptonite (>=0.21 && <0.23), fernet, memory (>=0.14.1 && <0.15), optparse-applicative (>=0.12 && <0.15), time (>=1.6.0 && <1.7), unix (>= && <2.8) [details]
License LGPL-3
Copyright 2017 Rodney Lorrimar
Author Rodney Lorrimar
Category Web, Authentication
Home page
Bug tracker
Source repository head: git clone
Uploaded Wed Mar 22 23:39:55 UTC 2017 by rvl
Distributions NixOS:
Downloads 26 total (9 in the last 30 days)
0 []
Status Docs available [build log]
Last success reported on 2017-03-22 [all 1 reports]




cliBuild the example applicationEnabledAutomatic

Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info


Maintainer's Corner

For package maintainers and hackage trustees

Readme for fernet

Readme for fernet-

Fernet Haskell Implementation

Build Status Hackage

Fernet generates and verifies HMAC-based authentication tokens.

Originally designed for use within OpenStack clusters, it was intended to be fast and light-weight, with non-persistent tokens. Integrity and confidentiality of the token contents are implemented with HMAC SHA256 and AES128 CBC.

See the Fernet Spec for a little more information.


To encrypt a token:

>>> import Network.Fernet
>>> k <- generateKey
>>> keyToBase64 k
>>> token <- encrypt k "secret text"
>>> print token

The resulting token can be distributed to clients. To check and decrypt the token, use the same key:

>>> decrypt k 60 token
Right "secret text"

Do read the Network.Fernet module documentation for further information.

Command-line tool

This package also includes a command-line tool for encrypting and decrypting tokens.

Fernet Utility

Usage: fernet (((-k|--key STRING) | --key-file FILENAME) ([-e|--encrypt] |
              [-d|--decrypt]) [--ttl SECONDS] | (-g|--gen-key))
  Encrypts/decrypts Fernet tokens. One token written to stdout for each line
  read from stdin. Use --gen-key to make a key.

Available options:
  -h,--help                Show this help text
  -k,--key STRING          Base64-urlsafe-encoded 32 byte encryption key
  --key-file FILENAME      File containing the encryption key
  -e,--encrypt             Encryption mode (default: autodetect)
  -d,--decrypt             Decryption mode (default: autodetect)
  --ttl SECONDS            Token lifetime in seconds (default: 1 minute)
  -g,--gen-key             Generate a key from the password on standard input


Building with Stack

stack build

Building with Nix

nix-shell -p cabal2nix --command "cabal2nix --shell . > default.nix"
nix-shell --command "cabal configure"
cabal build

Better & Cooler Stuff

You might also be interested in hsoz.