README
¶
AWS KMS adapter for golang-jwt/jwt-go library
This library provides an AWS KMS(Key Management Service) adapter to be used with the popular GoLang JWT library golang-jwt/jwt-go.
It will Sign a JWT token using an asymmetric key stored in AWS KMS.
Verification can be done both using KMS Verify method or locally with a cached public key (default).
Supported key types
| Signature Algorithm | JWT alg |
Note |
|---|---|---|
| ECC_NIST_P256 | ES256 | |
| ECC_NIST_P384 | ES384 | |
| ECC_NIST_P521 | ES512 | |
| ECC_SECG_P256K1 | - | secp256k1 is not supported by JWT |
| RSASSA_PKCS1_V1_5_SHA_256 | RS256 | |
| RSASSA_PKCS1_V1_5_SHA_384 | RS384 | |
| RSASSA_PKCS1_V1_5_SHA_512 | RS512 |
Usage example
See example.go
Special thanks
Shouting out to:
-
for the easy to extend GoLang JWT Library
-
for taking over the project from dgrijalva
-
AWS KMS ECC returns the signature in DER-encoded object as defined by ANS X9.62–2005 as mentioned here
-
for their DER to (R,S) and (R,S) to DER methods found here
-
for reviewing my code
-
for various contributions especially around the library's unit testability
Directories
¶
| Path | Synopsis |
|---|---|
|
Package jwtkms provides an AWS KMS(Key Management Service) adapter to be used with the popular GoLang JWT library
|
Package jwtkms provides an AWS KMS(Key Management Service) adapter to be used with the popular GoLang JWT library |
|
internal/mockkms
Package mockkms provides a partial implementation of AWS' KMS interface sufficient to satisfy the KMSClient interface.
|
Package mockkms provides a partial implementation of AWS' KMS interface sufficient to satisfy the KMSClient interface. |
Click to show internal directories.
Click to hide internal directories.