CMS (Compact Message Signing)

CMS is a high influence by django’s cryptographic library and json web signature/encryption signing algorithm with focus on have a compact representation. It’s build on top of fantastic ptaoussanis/nippy serialization library.

In order to use this you shall include the concrete nippy library because buddy-sign does not have a hardcoded dependency to it:

;; project.clj
[com.taoensso/nippy "3.1.1"]

;; deps.edn
com.taoensso/nippy {:mvn/version "3.1.1"}

In the same way as JWS, it support a great number of different signing algorithms that can be used for sign your messages:

Algorithm name Hash algorithms Keywords Priv/Pub Key?
Elliptic Curve DSA sha256, sha512 :es256, :es512 Yes
RSASSA PSS sha256, sha512 :ps256, :ps512 Yes
RSASSA PKCS1 v1_5 sha256, sha512 :rs256, :rs512 Yes
Poly1305 aes, twofish, serpent :poly1305-aes, :poly1305-serpent, :poly1305-twofish No
HMAC sha256*, sha512 :hs256, :hs512 No

In difference with jwt, this implementation is not limited to hash-map like objects, and you can sign any clojure valid type.

Let’s see an example:

(require '[buddy.sign.compact :as cms])

(def data (cms/sign #{:foo :bar} "secret")

(cms/unsign data "secret")
;; => #{:foo :bar}

Then, you also will be able validate the signed message based on its age:

(cm/unsign data "secret" {:max-age (* 15 60)})
;; => ExceptionInfo: "Token is older than 1427836475"

NOTE: Only :max-age validation is bundled all other validation is delegated to the user code.