README
¶
JWT Verify
A simple package to verify JWT tokens signed with the RSA and ECDSA algorithms.
Not for Oauth2 tokens
This library was inspired by the jwt-go library and has a very limited scope; to verify the signature of a JWT. It does not decode the Payload to validate its content. It does parse the encoded Header to retrieve the signing method algorithm.
Use case
Dependencies within the crypto/rsa and crypto/x509 stdlib packages prevent more feature rich libraries such as jwt-go from compiling to WebAssembly via TinyGo. A few functions from those packages have been copied here to work around this issue.
The crypto/x509 functions were also tweaked to use crypto.PublicKey instead of raw interface{}.
Test tokens
Test tokens were generated with the cmd at github.com/form3tech-oss/jwt-go/cmd/jwt
./jwt -key test/keys/id_rsa.pem -alg RS256 -sign - <<< {\"foo\":\"bar\"}
./jwt -key test/keys/id_rsa.pem -alg RS384 -sign - <<< {\"foo\":\"bar\"}
./jwt -key test/keys/id_rsa.pem -alg RS512 -sign - <<< {\"foo\":\"bar\"}
./jwt -key test/keys/id_ecdsa-256.pem -alg ES256 -sign - <<< {\"foo\":\"bar\"}
./jwt -key test/keys/id_ecdsa-384.pem -alg ES384 -sign - <<< {\"foo\":\"bar\"}
./jwt -key test/keys/id_ecdsa-521.pem -alg ES512 -sign - <<< {\"foo\":\"bar\"}
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // Sadly this is missing from crypto/ecdsa compared to crypto/rsa ErrECDSAVerification = errors.New("crypto/ecdsa: verification error") ErrNotECPublicKey = errors.New("key is not a valid ECDSA public key") )
var ( SigningMethodES256 = SigningMethodECDSA{"ES256", crypto.SHA256, 32, 256} SigningMethodES384 = SigningMethodECDSA{"ES384", crypto.SHA384, 48, 384} SigningMethodES512 = SigningMethodECDSA{"ES512", crypto.SHA512, 66, 521} )
var ( SigningMethodRS256 = SigningMethodRSA{"RS256", crypto.SHA256} SigningMethodRS384 = SigningMethodRSA{"RS384", crypto.SHA384} SigningMethodRS512 = SigningMethodRSA{"RS512", crypto.SHA512} )
var (
ErrKeyMustBePEMEncoded = errors.New("key must be a PEM encoded PKCS1 key")
)
var (
ErrNotRSAPublicKey = errors.New("key is not a valid RSA public key")
)
Functions ¶
func ParsePublicKeyFromPEM ¶
Parse PEM encoded PKCS1 public key
Types ¶
type SigningMethod ¶
type SigningMethod interface {
// Returns nil if signature is valid
Verify(signingString, signature string, key crypto.PublicKey) error
}
Implement SigningMethod to add new methods for signing or verifying tokens.
func GetSigningMethod ¶
func GetSigningMethod(header string) SigningMethod
GetSigningMethod returns a signing method from an encoded JWT header.
type SigningMethodECDSA ¶
Implements the ECDSA family of signing methods signing methods Expects *ecdsa.PrivateKey for signing and *ecdsa.PublicKey for verification
type SigningMethodRSA ¶
Implements the RSA family of signing methods signing methods Expects *rsa.PrivateKey for signing and *rsa.PublicKey for validation
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
crypto/x509
Package x509 parses X.509-encoded keys and certificates.
|
Package x509 parses X.509-encoded keys and certificates. |
|
crypto/x509/pkix
Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP.
|
Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP. |
|
encoding/asn1
Package asn1 implements parsing of DER-encoded ASN.1 data structures, as defined in ITU-T Rec X.690.
|
Package asn1 implements parsing of DER-encoded ASN.1 data structures, as defined in ITU-T Rec X.690. |