jose2go – github.com/dvsekhvalnov/jose2go Index | Files | Directories

package jose

import "github.com/dvsekhvalnov/jose2go"

Package jose provides high level functions for producing (signing, encrypting and compressing) or consuming (decoding) Json Web Tokens using Java Object Signing and Encryption spec

Index

Constants 

const (
	NONE = "none" //plaintext (unprotected) without signature / encryption

	HS256 = "HS256" //HMAC using SHA-256 hash
	HS384 = "HS384" //HMAC using SHA-384 hash
	HS512 = "HS512" //HMAC using SHA-512 hash
	RS256 = "RS256" //RSASSA-PKCS-v1_5 using SHA-256 hash
	RS384 = "RS384" //RSASSA-PKCS-v1_5 using SHA-384 hash
	RS512 = "RS512" //RSASSA-PKCS-v1_5 using SHA-512 hash
	PS256 = "PS256" //RSASSA-PSS using SHA-256 hash
	PS384 = "PS384" //RSASSA-PSS using SHA-384 hash
	PS512 = "PS512" //RSASSA-PSS using SHA-512 hash
	ES256 = "ES256" //ECDSA using P-256 curve and SHA-256 hash
	ES384 = "ES384" //ECDSA using P-384 curve and SHA-384 hash
	ES512 = "ES512" //ECDSA using P-521 curve and SHA-512 hash

	A128CBC_HS256 = "A128CBC-HS256" //AES in CBC mode with PKCS #5 (NIST.800-38A) padding with HMAC using 256 bit key
	A192CBC_HS384 = "A192CBC-HS384" //AES in CBC mode with PKCS #5 (NIST.800-38A) padding with HMAC using 384 bit key
	A256CBC_HS512 = "A256CBC-HS512" //AES in CBC mode with PKCS #5 (NIST.800-38A) padding with HMAC using 512 bit key
	A128GCM       = "A128GCM"       //AES in GCM mode with 128 bit key
	A192GCM       = "A192GCM"       //AES in GCM mode with 192 bit key
	A256GCM       = "A256GCM"       //AES in GCM mode with 256 bit key

	DIR                = "dir"                //Direct use of pre-shared symmetric key
	RSA1_5             = "RSA1_5"             //RSAES with PKCS #1 v1.5 padding, RFC 3447
	RSA_OAEP           = "RSA-OAEP"           //RSAES using Optimal Assymetric Encryption Padding, RFC 3447
	RSA_OAEP_256       = "RSA-OAEP-256"       //RSAES using Optimal Assymetric Encryption Padding with SHA-256, RFC 3447
	RSA_OAEP_384       = "RSA-OAEP-384"       //RSAES using Optimal Assymetric Encryption Padding with SHA-384, RFC 3447
	RSA_OAEP_512       = "RSA-OAEP-512"       //RSAES using Optimal Assymetric Encryption Padding with SHA-512, RFC 3447
	A128KW             = "A128KW"             //AES Key Wrap Algorithm using 128 bit keys, RFC 3394
	A192KW             = "A192KW"             //AES Key Wrap Algorithm using 192 bit keys, RFC 3394
	A256KW             = "A256KW"             //AES Key Wrap Algorithm using 256 bit keys, RFC 3394
	A128GCMKW          = "A128GCMKW"          //AES GCM Key Wrap Algorithm using 128 bit keys
	A192GCMKW          = "A192GCMKW"          //AES GCM Key Wrap Algorithm using 192 bit keys
	A256GCMKW          = "A256GCMKW"          //AES GCM Key Wrap Algorithm using 256 bit keys
	PBES2_HS256_A128KW = "PBES2-HS256+A128KW" //Password Based Encryption using PBES2 schemes with HMAC-SHA and AES Key Wrap using 128 bit key
	PBES2_HS384_A192KW = "PBES2-HS384+A192KW" //Password Based Encryption using PBES2 schemes with HMAC-SHA and AES Key Wrap using 192 bit key
	PBES2_HS512_A256KW = "PBES2-HS512+A256KW" //Password Based Encryption using PBES2 schemes with HMAC-SHA and AES Key Wrap using 256 bit key
	ECDH_ES            = "ECDH-ES"            //Elliptic Curve Diffie Hellman key agreement
	ECDH_ES_A128KW     = "ECDH-ES+A128KW"     //Elliptic Curve Diffie Hellman key agreement with AES Key Wrap using 128 bit key
	ECDH_ES_A192KW     = "ECDH-ES+A192KW"     //Elliptic Curve Diffie Hellman key agreement with AES Key Wrap using 192 bit key
	ECDH_ES_A256KW     = "ECDH-ES+A256KW"     //Elliptic Curve Diffie Hellman key agreement with AES Key Wrap using 256 bit key

	DEF = "DEF" //DEFLATE compression, RFC 1951
)

Variables 

var ErrSizeExceeded = errors.New("Deflate stream size exceeded limit.")

Functions

func Alg 

func Alg(key interface{}, jws string) func(headers map[string]interface{}, payload string) interface{}

func Compress 

func Compress(payload string, alg string, enc string, zip string, key interface{}) (token string, err error)

This method is DEPRICATED and subject to be removed in next version. Use Encrypt(..) with Zip option instead.

Compress produces encrypted & comressed JWT token given arbitrary payload, key management , encryption and compression algorithms to use (see constants for list of supported algs) and management key. Management key is of different type for different key management alg, see specific key management alg implementation documentation.

It returns 5 parts encrypted & compressed JWT token as string and not nil error if something went wrong.

func Decode 

func Decode(token string, key interface{}) (string, map[string]interface{}, error)

Decode verifies, decrypts and decompresses given JWT token using management key. Management key is of different type for different key management or signing algorithms, see specific alg implementation documentation.

Returns decoded payload as a string, headers and not nil error if something went wrong.

func DecodeBytes 

func DecodeBytes(token string, key interface{}) ([]byte, map[string]interface{}, error)

Decode verifies, decrypts and decompresses given JWT token using management key. Management key is of different type for different key management or signing algorithms, see specific alg implementation documentation.

Returns decoded payload as a raw bytes, headers and not nil error if something went wrong.

func Enc 

func Enc(key interface{}, jwa string, jwe string) func(headers map[string]interface{}, payload string) interface{}

func Encrypt 

func Encrypt(payload string, alg string, enc string, key interface{}, options ...func(*JoseConfig)) (token string, err error)

Encrypt produces encrypted JWT token given arbitrary string payload, key management and encryption algorithms to use (see constants for list of supported algs) and management key. Management key is of different type for different key management alg, see specific key management alg implementation documentation.

It returns 5 parts encrypted JWT token as string and not nil error if something went wrong.

func EncryptBytes 

func EncryptBytes(payload []byte, alg string, enc string, key interface{}, options ...func(*JoseConfig)) (token string, err error)

Encrypt produces encrypted JWT token given arbitrary binary payload, key management and encryption algorithms to use (see constants for list of supported algs) and management key. Management key is of different type for different key management alg, see specific key management alg implementation documentation.

It returns 5 parts encrypted JWT token as string and not nil error if something went wrong. 

func Header(name string, value interface{}) func(cfg *JoseConfig)

func Headers 

func Headers(headers map[string]interface{}) func(cfg *JoseConfig)

func RegisterJwa 

func RegisterJwa(alg JwaAlgorithm)

RegisterJwa register new key management algorithm

func RegisterJwc 

func RegisterJwc(alg JwcAlgorithm)

RegisterJwc register new compression algorithm

func RegisterJwe 

func RegisterJwe(alg JweEncryption)

RegisterJwe register new encryption algorithm

func RegisterJws 

func RegisterJws(alg JwsAlgorithm)

RegisterJws register new signing algorithm

func Sign 

func Sign(payload string, signingAlg string, key interface{}, options ...func(*JoseConfig)) (token string, err error)

Sign produces signed JWT token given arbitrary string payload, signature algorithm to use (see constants for list of supported algs), signing key and extra options (see option functions) Signing key is of different type for different signing alg, see specific signing alg implementation documentation.

It returns 3 parts signed JWT token as string and not nil error if something went wrong.

func SignBytes 

func SignBytes(payload []byte, signingAlg string, key interface{}, options ...func(*JoseConfig)) (token string, err error)

Sign produces signed JWT token given arbitrary binary payload, signature algorithm to use (see constants for list of supported algs), signing key and extra options (see option functions) Signing key is of different type for different signing alg, see specific signing alg implementation documentation.

It returns 3 parts signed JWT token as string and not nil error if something went wrong.

func Zip 

func Zip(alg string) func(cfg *JoseConfig)

Types

type AesCbcHmac 

type AesCbcHmac struct {
	// contains filtered or unexported fields
}

AES CBC with HMAC authenticated encryption algorithm implementation

func (*AesCbcHmac) Decrypt 

func (alg *AesCbcHmac) Decrypt(aad, cek, iv, cipherText, authTag []byte) (plainText []byte, err error)

func (*AesCbcHmac) Encrypt 

func (alg *AesCbcHmac) Encrypt(aad, plainText, cek []byte) (iv, cipherText, authTag []byte, err error)

func (*AesCbcHmac) KeySizeBits 

func (alg *AesCbcHmac) KeySizeBits() int

func (*AesCbcHmac) Name 

func (alg *AesCbcHmac) Name() string

func (*AesCbcHmac) SetKeySizeBits 

func (alg *AesCbcHmac) SetKeySizeBits(bits int)

type AesGcm 

type AesGcm struct {
	// contains filtered or unexported fields
}

AES GCM authenticated encryption algorithm implementation

func (*AesGcm) Decrypt 

func (alg *AesGcm) Decrypt(aad, cek, iv, cipherText, authTag []byte) (plainText []byte, err error)

func (*AesGcm) Encrypt 

func (alg *AesGcm) Encrypt(aad, plainText, cek []byte) (iv, cipherText, authTag []byte, err error)

func (*AesGcm) KeySizeBits 

func (alg *AesGcm) KeySizeBits() int

func (*AesGcm) Name 

func (alg *AesGcm) Name() string

type AesGcmKW 

type AesGcmKW struct {
	// contains filtered or unexported fields
}

AES GCM Key Wrap key management algorithm implementation

func (*AesGcmKW) Name 

func (alg *AesGcmKW) Name() string

func (*AesGcmKW) Unwrap 

func (alg *AesGcmKW) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*AesGcmKW) WrapNewKey 

func (alg *AesGcmKW) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type AesKW 

type AesKW struct {
	// contains filtered or unexported fields
}

AES Key Wrap key management algorithm implementation

func (*AesKW) Name 

func (alg *AesKW) Name() string

func (*AesKW) Unwrap 

func (alg *AesKW) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*AesKW) WrapNewKey 

func (alg *AesKW) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type Deflate 

type Deflate struct {
	// contains filtered or unexported fields
}

Deflate compression algorithm implementation

func (*Deflate) Compress 

func (alg *Deflate) Compress(plainText []byte) []byte

func (*Deflate) Decompress 

func (alg *Deflate) Decompress(compressedText []byte) ([]byte, error)

func (*Deflate) Name 

func (alg *Deflate) Name() string

type Direct 

type Direct struct {
}

Direct (pre-shared) key management algorithm implementation

func (*Direct) Name 

func (alg *Direct) Name() string

func (*Direct) Unwrap 

func (alg *Direct) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*Direct) WrapNewKey 

func (alg *Direct) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type Ecdh 

type Ecdh struct {
	// contains filtered or unexported fields
}

Elliptic curve Diffie–Hellman key management (key agreement) algorithm implementation

func (*Ecdh) Name 

func (alg *Ecdh) Name() string

func (*Ecdh) Unwrap 

func (alg *Ecdh) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*Ecdh) WrapNewKey 

func (alg *Ecdh) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type EcdhAesKW 

type EcdhAesKW struct {
	// contains filtered or unexported fields
}

Elliptic curve Diffie–Hellman with AES Key Wrap key management algorithm implementation

func (*EcdhAesKW) Name 

func (alg *EcdhAesKW) Name() string

func (*EcdhAesKW) Unwrap 

func (alg *EcdhAesKW) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*EcdhAesKW) WrapNewKey 

func (alg *EcdhAesKW) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type EcdsaUsingSha 

type EcdsaUsingSha struct {
	// contains filtered or unexported fields
}

ECDSA signing algorithm implementation

func (*EcdsaUsingSha) Name 

func (alg *EcdsaUsingSha) Name() string

func (*EcdsaUsingSha) Sign 

func (alg *EcdsaUsingSha) Sign(securedInput []byte, key interface{}) (signature []byte, err error)

func (*EcdsaUsingSha) Verify 

func (alg *EcdsaUsingSha) Verify(securedInput, signature []byte, key interface{}) error

type HmacUsingSha 

type HmacUsingSha struct {
	// contains filtered or unexported fields
}

HMAC with SHA signing algorithm implementation

func (*HmacUsingSha) Name 

func (alg *HmacUsingSha) Name() string

func (*HmacUsingSha) Sign 

func (alg *HmacUsingSha) Sign(securedInput []byte, key interface{}) (signature []byte, err error)

func (*HmacUsingSha) Verify 

func (alg *HmacUsingSha) Verify(securedInput, signature []byte, key interface{}) error

type JoseConfig 

type JoseConfig struct {
	CompressionAlg string
	Headers        map[string]interface{}
}

type JwaAlgorithm 

type JwaAlgorithm interface {
	WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)
	Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)
	Name() string
}

JwaAlgorithm is a contract for implementing key management algorithm

func DeregisterJwa 

func DeregisterJwa(alg string) JwaAlgorithm

DeregisterJwa deregister existing key management algorithm

func NewPbse2HmacAesKWAlg 

func NewPbse2HmacAesKWAlg(keySize int, maxIters int64, minIters int64) JwaAlgorithm

type JwcAlgorithm 

type JwcAlgorithm interface {
	Compress(plainText []byte) []byte
	Decompress(compressedText []byte) ([]byte, error)
	Name() string
}

JwcAlgorithm is a contract for implementing compression algorithm

func DeregisterJwc 

func DeregisterJwc(alg string) JwcAlgorithm

DeregisterJwc deregister existing compression algorithm

func NewDeflate 

func NewDeflate(maxBufferSizeBytes int64) JwcAlgorithm

type JweEncryption 

type JweEncryption interface {
	Encrypt(aad, plainText, cek []byte) (iv, cipherText, authTag []byte, err error)
	Decrypt(aad, cek, iv, cipherText, authTag []byte) (plainText []byte, err error)
	KeySizeBits() int
	Name() string
}

JweEncryption is a contract for implementing encryption algorithm

func DeregisterJwe 

func DeregisterJwe(alg string) JweEncryption

DeregisterJws deregister existing encryption algorithm

type JwsAlgorithm 

type JwsAlgorithm interface {
	Verify(securedInput, signature []byte, key interface{}) error
	Sign(securedInput []byte, key interface{}) (signature []byte, err error)
	Name() string
}

JwsAlgorithm is a contract for implementing signing algorithm

func DeregisterJws 

func DeregisterJws(alg string) JwsAlgorithm

DeregisterJws deregister existing signing algorithm

type Pbse2HmacAesKW 

type Pbse2HmacAesKW struct {
	// contains filtered or unexported fields
}

PBSE2 with HMAC key management algorithm implementation

func (*Pbse2HmacAesKW) Name 

func (alg *Pbse2HmacAesKW) Name() string

func (*Pbse2HmacAesKW) Unwrap 

func (alg *Pbse2HmacAesKW) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*Pbse2HmacAesKW) WrapNewKey 

func (alg *Pbse2HmacAesKW) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type Plaintext 

type Plaintext struct{}

Plaintext (no signing) signing algorithm implementation

func (*Plaintext) Name 

func (alg *Plaintext) Name() string

func (*Plaintext) Sign 

func (alg *Plaintext) Sign(securedInput []byte, key interface{}) (signature []byte, err error)

func (*Plaintext) Verify 

func (alg *Plaintext) Verify(securedInput []byte, signature []byte, key interface{}) error

type RsaOaep 

type RsaOaep struct {
	// contains filtered or unexported fields
}

func (*RsaOaep) Name 

func (alg *RsaOaep) Name() string

func (*RsaOaep) Unwrap 

func (alg *RsaOaep) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*RsaOaep) WrapNewKey 

func (alg *RsaOaep) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type RsaPkcs1v15 

type RsaPkcs1v15 struct {
}

RS-AES using PKCS #1 v1.5 padding key management algorithm implementation

func (*RsaPkcs1v15) Name 

func (alg *RsaPkcs1v15) Name() string

func (*RsaPkcs1v15) Unwrap 

func (alg *RsaPkcs1v15) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*RsaPkcs1v15) WrapNewKey 

func (alg *RsaPkcs1v15) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type RsaPssUsingSha 

type RsaPssUsingSha struct {
	// contains filtered or unexported fields
}

RSA with PSS using SHA signing algorithm implementation

func (*RsaPssUsingSha) Name 

func (alg *RsaPssUsingSha) Name() string

func (*RsaPssUsingSha) Sign 

func (alg *RsaPssUsingSha) Sign(securedInput []byte, key interface{}) (signature []byte, err error)

func (*RsaPssUsingSha) Verify 

func (alg *RsaPssUsingSha) Verify(securedInput, signature []byte, key interface{}) error

type RsaUsingSha 

type RsaUsingSha struct {
	// contains filtered or unexported fields
}

RSA using SHA signature algorithm implementation

func (*RsaUsingSha) Name 

func (alg *RsaUsingSha) Name() string

func (*RsaUsingSha) Sign 

func (alg *RsaUsingSha) Sign(securedInput []byte, key interface{}) (signature []byte, err error)

func (*RsaUsingSha) Verify 

func (alg *RsaUsingSha) Verify(securedInput, signature []byte, key interface{}) error

Source Files

aes_cbc_hmac.go aes_gcm.go aes_gcm_kw.go aeskw.go deflate.go direct.go ecdh.go ecdh_aeskw.go ecdsa_using_sha.go hmac.go hmac_using_sha.go jose.go pbse2_hmac_aeskw.go plaintext.go rsa_oaep.go rsa_pkcs1v15.go rsa_using_sha.go rsapss_using_sha.go sha.go

Directories

PathSynopsis
aesPackage aes contains provides AES Key Wrap and ECB mode implementations
arraysPackage arrays provides various byte array utilities
base64urlpackage base64url provides base64url encoding/decoding support
compactpackage compact provides function to work with json compact serialization format
kdfpackage kdf contains implementations of various key derivation functions
keys
keys/eccpackage ecc provides helpers for creating elliptic curve leys
keys/rsapackage Rsa provides helpers for creating rsa leys
paddingpackage padding provides various padding algorithms
sec_test
Version
v1.8.0 (latest)
Published
Nov 12, 2024
Platform
linux/amd64
Imports
26 packages
Last checked
2 weeks ago

Tools for package owners.