/usr/share/doc/libghc-clientsession-doc/html/clientsession.txt is in libghc-clientsession-doc 0.9.0.3-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 | -- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/
-- | Securely store session data in a client-side cookie.
--
-- Achieves security through AES-CTR encryption and Skein-MAC-512-256
-- authentication. Uses Base64 encoding to avoid any issues with
-- characters.
@package clientsession
@version 0.9.0.3
-- | Stores session data in a client cookie. In order to do so, we:
--
-- <ul>
-- <li>Encrypt the cookie data using AES in CTR mode. This allows you to
-- store sensitive information on the client side without worrying about
-- eavesdropping.</li>
-- <li>Authenticate the encrypted cookie data using Skein-MAC-512-256.
-- Besides detecting potential errors in storage or transmission of the
-- cookies (integrity), the MAC also avoids malicious modifications of
-- the cookie data by assuring you that the cookie data really was
-- generated by this server (authenticity).</li>
-- <li>Encode everything using Base64. Thus we avoid problems with
-- non-printable characters by giving the browser a simple string.</li>
-- </ul>
--
-- Simple usage of the library involves just calling <a>getDefaultKey</a>
-- on the startup of your server, <a>encryptIO</a> when serializing
-- cookies and <a>decrypt</a> when parsing then back.
module Web.ClientSession
-- | The keys used to store the cookies. We have an AES key used to encrypt
-- the cookie and a Skein-MAC-512-256 key used verify the authencity and
-- integrity of the cookie. The AES key needs to have exactly 32 bytes
-- (256 bits) while Skein-MAC-512-256 should have 64 bytes (512 bits).
--
-- See also <a>getDefaultKey</a> and <a>initKey</a>.
data Key
-- | The initialization vector used by AES. Should be exactly 16 bytes
-- long.
data IV
-- | Randomly construct a fresh initialization vector. You <i>should
-- not</i> reuse initialization vectors.
randomIV :: IO IV
-- | Construct an initialization vector from a <a>ByteString</a>. Fails if
-- there isn't exactly 16 bytes.
mkIV :: ByteString -> Maybe IV
-- | Get a key from the given text file.
--
-- If the file does not exist or is corrupted a random key will be
-- generated and stored in that file.
getKey :: FilePath -> IO Key
-- | The default key file.
defaultKeyFile :: FilePath
-- | Simply calls <a>getKey</a> <a>defaultKeyFile</a>.
getDefaultKey :: IO Key
-- | Initializes a <a>Key</a> from a random <a>ByteString</a>. Fails if
-- there isn't exactly 96 bytes (256 bits for AES and 512 bits for
-- Skein-MAC-512-512).
initKey :: ByteString -> Either String Key
-- | Generate a random <a>Key</a>. Besides the <a>Key</a>, the
-- <tt>ByteString</tt> passed to <a>initKey</a> is returned so that it
-- can be saved for later use.
randomKey :: IO (ByteString, Key)
-- | Encrypt (AES-CTR), authenticate (Skein-MAC-512-256) and encode
-- (Base64) the given cookie data. The returned byte string is ready to
-- be used in a response header.
encrypt :: Key -> IV -> ByteString -> ByteString
-- | Same as <a>encrypt</a>, however randomly generates the initialization
-- vector for you.
encryptIO :: Key -> ByteString -> IO ByteString
-- | Decode (Base64), verify the integrity and authenticity
-- (Skein-MAC-512-256) and decrypt (AES-CTR) the given encoded cookie
-- data. Returns the original serialized cookie data. Fails if the data
-- is corrupted.
decrypt :: Key -> ByteString -> Maybe ByteString
instance Serialize IV
instance Show IV
instance Ord IV
instance Eq IV
instance Show Key
instance Serialize Key
instance Eq Key
|