gose

package module
v0.7.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 12, 2019 License: MIT Imports: 29 Imported by: 1

README

Build Status

GOSE - JOSE and friends for the Go developer

Overview

GOSE is JOSE/JWT/JWK/JWS/JWKS implemented in Go with Helpers, and examples.

It contains implementations of the JOSE suite of types and helpers for many different use cases.

Mission

  • Simple
  • Compliant
  • Safe
  • Efficient
  • Extensible

Examples

Examples are provided under the /examples folder to illustrate correct use of this package.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidKey               = errors.New("invalid jwk")
	ErrInvalidKeyType           = errors.New("invalid jwk type")
	ErrUnsupportedKeyType       = errors.New("unsupported jwk type")
	ErrInvalidSigningKeyURL     = errors.New("invalid signing jwk url")
	ErrInvalidOperations        = errors.New("the jwk is invalid in this context")
	ErrInvalidCertificateHeader = errors.New("invalid certificate header")
	ErrUnknownKey               = errors.New("unknown jwk")
	ErrInvalidSignature         = errors.New("invalid signature")
	ErrInconsistentKeyValues    = errors.New("inconsistent jwk values")
	ErrInvalidKeyLength         = errors.New("invalid jwk length")
	ErrHashUnavailable          = errors.New("hash unavailable")

	// RSA errors
	ErrInvalidExponentEncoding error = &InvalidFormat{"invalid exponent encoding"}
	ErrInvalidExponent               = errors.New("invalid exponent value")
	ErrInvalidModulusEncoding  error = &InvalidFormat{"invalid modulus encoding"}

	//EC errors
	ErrInvalidXEncoding error = &InvalidFormat{("Invalid X encoding")}
	ErrInvalidYEncoding error = &InvalidFormat{("Invalid Y encoding")}

	//GCM errors
	ErrInvalidNonce = errors.New("invalid nonce")

	// JOSE errors
	ErrInvalidJwsCompactEncoding         error = &InvalidFormat{"invalid jws compact encoding"}
	ErrInvalidJwsBase64HeaderEncoding    error = &InvalidFormat{"invalid base64 jws header encoding"}
	ErrInvalidJwsHeaderEncoding          error = &InvalidFormat{"invalid jws header"}
	ErrInvalidJwsBase64BodyEncoding      error = &InvalidFormat{"invalid base64 jws body encoding"}
	ErrInvalidJwsBase64SignatureEncoding error = &InvalidFormat{"invalid base64 jws signature encoding"}
	ErrInvalidJwkEncoding                error = &InvalidFormat{"invalid jwk encoding"}
	ErrInvalidJwtEncoding                error = &InvalidFormat{"invalid jwt encoding"}
	ErrInvalidJwtTimeframe               error = &InvalidFormat{"invalid jwt time frame"}
	ErrInvalidKid                        error = &InvalidFormat{"invalid key ID"}
	ErrNoExpectedAudience                error = &InvalidFormat{"no expected audience"}
	ErrInvalidDelegateEncoding           error = &InvalidFormat{"invalid delegate encoding"}
	ErrInvalidManifestEncoding           error = &InvalidFormat{"invalid manifest encoding"}
	ErrInvalidKeySize                    error = &InvalidFormat{"invalid jwk size"}
	ErrInvalidAlgorithm                  error = &InvalidFormat{"invalid algorithm"}
	ErrInvalidEncryption                 error = &InvalidFormat{"invalid encryption"}
	ErrZipCompressionNotSupported        error = &InvalidFormat{"zip compression not supported"}
)

Errors.

Functions

func CalculateKeyID 

func CalculateKeyID(jwk jose.Jwk) (string, error)

CalculateKeyID deterministically calculates the ID for the given jwk

func JwkFromPrivateKey 

func JwkFromPrivateKey(privateKey crypto.Signer, operations []jose.KeyOps, certs []*x509.Certificate) (jose.Jwk, error)

JwkFromPrivateKey builds JWK, from a crypto.Signer, with certificates, and scoped to certain operations, or errors

func JwkFromPublicKey 

func JwkFromPublicKey(publicKey crypto.PublicKey, operations []jose.KeyOps, certs []*x509.Certificate) (jose.Jwk, error)

JwkFromPublicKey builds public JWK, from a crypto.Signer, with certificates, and scoped to certain operations, or errors

func JwkFromSymmetric 

func JwkFromSymmetric(key []byte, alg jose.Alg) (jwk jose.Jwk, err error)

JwkFromSymmetric converts a byte string to a jose.Jwk, given a particular JWK algorithm.

func JwkToString 

func JwkToString(jwk jose.Jwk) (string, error)

JwkToString return JWK as string

func LoadJwk 

func LoadJwk(reader io.ReadSeeker, required []jose.KeyOps) (jwk jose.Jwk, err error)

LoadJwk load io.ReadSeeker as a JWK or error

func LoadJwkFromFile 

func LoadJwkFromFile(file string, required []jose.KeyOps) (jose.Jwk, error)

LoadJwkFromFile loads file as JWK or error

func LoadJws 

func LoadJws(jws string) (protectedHeader *jose.JwsHeader, header []byte, data []byte, payload []byte, signature []byte, err error)

LoadJws loads signature, or errors

func LoadPrivateKey 

func LoadPrivateKey(jwk jose.Jwk, required []jose.KeyOps) (crypto.Signer, error)

LoadPrivateKey loads the jwk into a crypto.Signer for performing signing operations

func LoadPublicKey 

func LoadPublicKey(jwk jose.Jwk, required []jose.KeyOps) (crypto.PublicKey, error)

LoadPublicKey loads jwk as a public key for cryptographic verification operations.

func LoadSymmetricAEAD 

func LoadSymmetricAEAD(jwk jose.Jwk, required []jose.KeyOps) (a cipher.AEAD, err error)

LoadSymmetricAEAD returns a cipher.AEAD for a jwk.

func PublicFromPrivate 

func PublicFromPrivate(in jose.Jwk) (jose.Jwk, error)

PublicFromPrivate extracts public jwk from private jwk in JWK format

Types

type AesGcmCryptor 

type AesGcmCryptor struct {
	// contains filtered or unexported fields
}

AesGcmCryptor provides AES GCM encryption and decryption functions.

func (*AesGcmCryptor) Algorithm 

func (cryptor *AesGcmCryptor) Algorithm() jose.Alg

Algorithm the supported algorithm

func (*AesGcmCryptor) GenerateNonce 

func (cryptor *AesGcmCryptor) GenerateNonce() ([]byte, error)

GenerateNonce generate a nonce of the correct size for use with GCM encryption/decryption from a random source.

func (*AesGcmCryptor) Kid 

func (cryptor *AesGcmCryptor) Kid() string

Kid the key identity

func (*AesGcmCryptor) Open 

func (cryptor *AesGcmCryptor) Open(operation jose.KeyOps, nonce, ciphertext, aad, tag []byte) (plaintext []byte, err error)

Open decrypt a previously encrypted ciphertext.

func (*AesGcmCryptor) Seal 

func (cryptor *AesGcmCryptor) Seal(operation jose.KeyOps, nonce, plaintext, aad []byte) (ciphertext, tag []byte, err error)

Seal encrypt a supplied plaintext and AAD.

type Algorithmed 

type Algorithmed interface {
	Algorithm() jose.Alg
}

Algorithmed is an interface that exposes which algorithm a type can be used with.

type AuthenticatedEncryptionKey 

type AuthenticatedEncryptionKey interface {
	Key
	Algorithmed
	// GenerateNonce generates a nonce of the correct size for use in Sealinging operations.
	GenerateNonce() ([]byte, error)
	// Seal the given plaintext returning ciphertext and authentication tag.
	Seal(operation jose.KeyOps, nonce, plaintext, aad []byte) (ciphertext, tag []byte, err error)
	// Open and validate the given ciphertext and tag returning the plaintext.
	Open(operation jose.KeyOps, nonce, ciphertext, aad, tag []byte) (plaintext []byte, err error)
}

AuthenticatedEncryptionKey implements authenticated encryption and decryption.

func NewAesGcmCryptor 

func NewAesGcmCryptor(aead cipher.AEAD, rng io.Reader, kid string, alg jose.Alg, opeartions []jose.KeyOps) (AuthenticatedEncryptionKey, error)

NewAesGcmCryptor create a new instance of an AesGCmCryptor from the supplied parameters.

func NewAesGcmCryptorFromJwk 

func NewAesGcmCryptorFromJwk(jwk jose.Jwk, required []jose.KeyOps) (AuthenticatedEncryptionKey, error)

NewAesGcmCryptorFromJwk create a new instance of an AesGCmCryptor from a JWK.

type AuthenticatedEncryptionKeyGenerator 

type AuthenticatedEncryptionKeyGenerator struct{}

AuthenticatedEncryptionKeyGenerator can be used to create AuthenticatedEncryptionKeys.

func (*AuthenticatedEncryptionKeyGenerator) Generate 

func (g *AuthenticatedEncryptionKeyGenerator) Generate(alg jose.Alg, operations []jose.KeyOps) (AuthenticatedEncryptionKey, jose.Jwk, error)

Generate generate a Generate and JWK representation.

type CertifiableKey 

type CertifiableKey interface {
	// MarshalPem marshals a key to it's PEM representation.
	MarshalPem() (string, error)
	// Certificates returns the certificate chain for the given key.
	Certificates() []*x509.Certificate
}

CertifiableKey is an interface representing a key that can have an associated certificate and PEM representation.

type ECDSAOptions 

type ECDSAOptions struct {
	Hash crypto.Hash
	// contains filtered or unexported fields
}

ECDSAOptions Implements crypto.SignerOpts

func (*ECDSAOptions) HashFunc 

func (opts *ECDSAOptions) HashFunc() crypto.Hash

HashFunc returns the crypto.Hash

type ECDSASigningKey 

type ECDSASigningKey struct {
	// contains filtered or unexported fields
}

ECDSASigningKey implements ECDSA crypto.SigningKey

func (ECDSASigningKey) Algorithm 

func (signer ECDSASigningKey) Algorithm() jose.Alg

Algorithm returns the jose.Alg for this key

func (*ECDSASigningKey) Certificates 

func (signer *ECDSASigningKey) Certificates() []*x509.Certificate

Certificates returns certificate chain of this key

func (*ECDSASigningKey) Jwk 

func (signer *ECDSASigningKey) Jwk() (jose.Jwk, error)

Jwk returns key as a jose.JWK type, or errors

func (*ECDSASigningKey) Key 

func (signer *ECDSASigningKey) Key() crypto.Signer

Key returns the underlying key used to sign

func (*ECDSASigningKey) Kid 

func (signer *ECDSASigningKey) Kid() string

Kid returns the kid string value

func (*ECDSASigningKey) Marshal 

func (signer *ECDSASigningKey) Marshal() (string, error)

Marshal marshals the key into a compact JWK representation or error

func (*ECDSASigningKey) MarshalPem 

func (signer *ECDSASigningKey) MarshalPem() (p string, err error)

MarshalPem marshals the key into a PEM string or error

func (*ECDSASigningKey) Sign 

func (signer *ECDSASigningKey) Sign(requested jose.KeyOps, data []byte) (signature []byte, err error)

Sign digest and sign the given data. The output signature is encoded as r || s which is different to the standard go crypto interface specification. The serialization format is chosen instead to match that defined in the JSON Web Signature spec https://tools.ietf.org/html/rfc7515#appendix-A.3.1.

func (*ECDSASigningKey) Verifier 

func (signer *ECDSASigningKey) Verifier() (VerificationKey, error)

Verifier get the matching verification key.

type ECDSASigningKeyGenerator 

type ECDSASigningKeyGenerator struct {
}

ECDSASigningKeyGenerator handles generating an ECDSA signing key

func (*ECDSASigningKeyGenerator) Generate 

func (g *ECDSASigningKeyGenerator) Generate(alg jose.Alg, operations []jose.KeyOps) (SigningKey, error)

Generate an ECDSA key using a given algorithm, and scoped to certain jwk operations.

type ECVerificationKeyImpl 

type ECVerificationKeyImpl struct {
	// contains filtered or unexported fields
}

ECVerificationKeyImpl implements the ECDSA Verification Logic

func (*ECVerificationKeyImpl) Algorithm 

func (verifier *ECVerificationKeyImpl) Algorithm() jose.Alg

Algorithm return algorithm

func (*ECVerificationKeyImpl) Certificates 

func (verifier *ECVerificationKeyImpl) Certificates() []*x509.Certificate

Certificates returns the certs for this key

func (*ECVerificationKeyImpl) Jwk 

func (verifier *ECVerificationKeyImpl) Jwk() (jose.Jwk, error)

Jwk returns the key as a jose.JWK type, or error

func (*ECVerificationKeyImpl) Kid 

func (verifier *ECVerificationKeyImpl) Kid() string

Kid returns the key's id

func (*ECVerificationKeyImpl) Marshal 

func (verifier *ECVerificationKeyImpl) Marshal() (string, error)

Marshal marshals the key into a compact JWK string, or error

func (*ECVerificationKeyImpl) MarshalPem 

func (verifier *ECVerificationKeyImpl) MarshalPem() (string, error)

MarshalPem marshals the key as a PEM formatted string, or error

func (*ECVerificationKeyImpl) Verify 

func (verifier *ECVerificationKeyImpl) Verify(operation jose.KeyOps, data []byte, signature []byte) bool

Verify signed data matches signature and jwk The input signature is encoded as r || s which is different to the standard go crypto interface specification. The serialization format is chosen instead to match that defined in the JSON Web Signature spec https://tools.ietf.org/html/rfc7515#appendix-A.3.1.

type InvalidFormat 

type InvalidFormat struct {
	// contains filtered or unexported fields
}

InvalidFormat is an interface for handling invalid format errors

func (*InvalidFormat) Error 

func (err *InvalidFormat) Error() string

type JweDecryptor 

type JweDecryptor interface {
	Decrypt(jwe string) (plaintext, aad []byte, err error)
}

JweDecryptor implements decryption and verification of a given ciphertext and aad to a plaintext as defined by https://tools.ietf.org/html/rfc7516.

type JweDirectDecryptorImpl 

type JweDirectDecryptorImpl struct {
	// contains filtered or unexported fields
}

JweDirectDecryptorImpl is a concrete implementation of the JweDirectDecryptor interface.

func NewJweDirectDecryptorImpl 

func NewJweDirectDecryptorImpl(keys []AuthenticatedEncryptionKey) *JweDirectDecryptorImpl

NewJweDirectDecryptorImpl create a new instance of a JweDirectDecryptorImpl.

func (*JweDirectDecryptorImpl) Decrypt 

func (decryptor *JweDirectDecryptorImpl) Decrypt(jwe string) (plaintext, aad []byte, err error)

Decrypt and verify the given JWE returning both the plaintext and AAD.

type JweDirectEncryptionEncryptorImpl 

type JweDirectEncryptionEncryptorImpl struct {
	// contains filtered or unexported fields
}

JweDirectEncryptionEncryptorImpl implementation of JweDirectEncryptionEncryptor interface.

func NewJweDirectEncryptorImpl 

func NewJweDirectEncryptorImpl(key AuthenticatedEncryptionKey) *JweDirectEncryptionEncryptorImpl

NewJweDirectEncryptorImpl construct an instance of a JweDirectEncryptionEncryptorImpl.

func (*JweDirectEncryptionEncryptorImpl) Encrypt 

func (encryptor *JweDirectEncryptionEncryptorImpl) Encrypt(plaintext, aad []byte) (string, error)

Encrypt encrypt and authenticate the given plaintext and AAD returning a compact JWE.

type JweEncryptor 

type JweEncryptor interface {
	Encrypt(plaintext, add []byte) (string, error)
}

JweEncryptor implements encryption of arbitary plaintext into a compact JWE as defined by https://tools.ietf.org/html/rfc7516.

type JwksTrustStore 

type JwksTrustStore struct {
	// contains filtered or unexported fields
}

JwksTrustStore is an implementation of the TrustStore interface and can be used for accessing VerificationKeys.

func NewJwksKeyStore 

func NewJwksKeyStore(issuer, url string) *JwksTrustStore

NewJwksKeyStore creates a new instance of a TrustStore and can be used to load verification keys.

func (*JwksTrustStore) Add 

func (store *JwksTrustStore) Add(issuer string, jwk jose.Jwk) error

Add this method is not supported on a JwksTrustStore instance and will always return an error.

func (*JwksTrustStore) Get 

func (store *JwksTrustStore) Get(issuer, kid string) VerificationKey

Get returns a verification key for the given issuer and key id. If no key is found nil is returned.

func (*JwksTrustStore) Remove 

func (store *JwksTrustStore) Remove(issuer, kid string) bool

Remove this method is not supported on a JwksTrustStore instance and will always return false.

type JwtSigner 

type JwtSigner interface {
	// Issuer returns the identity of the issuing authority
	Issuer() string
	// Sign signs a set of claims returning a serialized JWT.
	Sign(claims *jose.SettableJwtClaims, untyped map[string]interface{}) (string, error)
}

JwtSigner implements generation of signed compact JWTs as defined by https://tools.ietf.org/html/rfc7519.

type JwtSignerImpl 

type JwtSignerImpl struct {
	// contains filtered or unexported fields
}

JwtSignerImpl JWT implementation

func NewJwtSigner 

func NewJwtSigner(issuer string, key SigningKey) *JwtSignerImpl

NewJwtSigner returns a JWT Signer for a issuer and jwk

func (*JwtSignerImpl) Issuer 

func (signer *JwtSignerImpl) Issuer() string

Issuer returns issuer of JWT

func (*JwtSignerImpl) Sign 

func (signer *JwtSignerImpl) Sign(claims *jose.SettableJwtClaims, untyped map[string]interface{}) (string, error)

Sign claims to a JWT string

type JwtVerifier 

type JwtVerifier interface {
	// Verify verifies a JWT is a valid jwt where the caller can specify a number of allowable audiences.
	Verify(jwt string, audience []string) (kid string, claims *jose.JwtClaims, err error)
}

JwtVerifier implements verification of signed compact JWTs as defined by https://tools.ietf.org/html/rfc7519.

type JwtVerifierImpl 

type JwtVerifierImpl struct {
	// contains filtered or unexported fields
}

JwtVerifierImpl implements the JWT Verification API

func NewJwtVerifier 

func NewJwtVerifier(ks TrustStore) *JwtVerifierImpl

NewJwtVerifier creates a JWT Verifier for a given truststore

func (*JwtVerifierImpl) Verify 

func (verifier *JwtVerifierImpl) Verify(jwt string, audience []string) (kid string, claims *jose.JwtClaims, err error)

Verify the jwt and audience is valid

type Key 

type Key interface {
	// Kid returns the identity of the key.
	Kid() string
}

Key is an interface representing a cryptographic key.

type MarshalableKey 

type MarshalableKey interface {
	// Jwk returns the Key as a JSON Web Key.
	Jwk() (jose.Jwk, error)
	// Marshal marshals a key to it's compact JWK string representation.
	Marshal() (string, error)
}

MarshalableKey is an interface representing a key that can be marshaled into a JWK.

type RsaSigningKeyGenerator 

type RsaSigningKeyGenerator struct {
}

RsaSigningKeyGenerator handles generating a RSA signing key

func (*RsaSigningKeyGenerator) Generate 

func (generator *RsaSigningKeyGenerator) Generate(alg jose.Alg, bitLen int, operations []jose.KeyOps) (SigningKey, error)

Generate an RSA key using a given algorithm, length, and scope to certain jwk operations.

type RsaVerificationKeyImpl 

type RsaVerificationKeyImpl struct {
	// contains filtered or unexported fields
}

RsaVerificationKeyImpl implements RSA verification API

func (*RsaVerificationKeyImpl) Algorithm 

func (verifier *RsaVerificationKeyImpl) Algorithm() jose.Alg

Algorithm returns algorithm

func (*RsaVerificationKeyImpl) Certificates 

func (verifier *RsaVerificationKeyImpl) Certificates() []*x509.Certificate

Certificates for verification key

func (*RsaVerificationKeyImpl) Jwk 

func (verifier *RsaVerificationKeyImpl) Jwk() (jose.Jwk, error)

Jwk returns the public JWK

func (*RsaVerificationKeyImpl) Kid 

func (verifier *RsaVerificationKeyImpl) Kid() string

Kid returns the key's id

func (*RsaVerificationKeyImpl) Marshal 

func (verifier *RsaVerificationKeyImpl) Marshal() (string, error)

Marshal returns the key marshalled to a JWK string, or error

func (*RsaVerificationKeyImpl) MarshalPem 

func (verifier *RsaVerificationKeyImpl) MarshalPem() (string, error)

MarshalPem returns the key marshalled to a PEM string, or error

func (*RsaVerificationKeyImpl) Verify 

func (verifier *RsaVerificationKeyImpl) Verify(operation jose.KeyOps, data []byte, signature []byte) bool

Verify data matches signature

type SigningKey 

type SigningKey interface {
	Key
	MarshalableKey
	CertifiableKey
	Algorithmed
	// Key returns the underlying key used to sign
	Key() crypto.Signer
	// Sign digest and sign the given data.
	Sign(jose.KeyOps, []byte) ([]byte, error)
	// Verifier get the matching verification key.
	Verifier() (VerificationKey, error)
}

SigningKey interface implementers both digest and signing of data.

func NewSigningKey 

func NewSigningKey(jwk jose.Jwk, required []jose.KeyOps) (SigningKey, error)

NewSigningKey returns a SignignKey for a jose.JWK with required jwk operations

type SigningKeyImpl 

type SigningKeyImpl struct {
	// contains filtered or unexported fields
}

SigningKeyImpl implements a RSA signing key

func (*SigningKeyImpl) Algorithm 

func (signer *SigningKeyImpl) Algorithm() jose.Alg

Algorithm returns the Algorithm

func (*SigningKeyImpl) Certificates 

func (signer *SigningKeyImpl) Certificates() []*x509.Certificate

Certificates of signing key

func (*SigningKeyImpl) Jwk 

func (signer *SigningKeyImpl) Jwk() (jose.Jwk, error)

Jwk returns the JWK

func (*SigningKeyImpl) Key 

func (signer *SigningKeyImpl) Key() crypto.Signer

Key returns the crypto.Signer

func (*SigningKeyImpl) Kid 

func (signer *SigningKeyImpl) Kid() string

Kid returns the jwk id

func (*SigningKeyImpl) Marshal 

func (signer *SigningKeyImpl) Marshal() (string, error)

Marshal marshal the key to a JWK string, or error

func (*SigningKeyImpl) MarshalPem 

func (signer *SigningKeyImpl) MarshalPem() (string, error)

MarshalPem marshal the key to a PEM string, or error

func (*SigningKeyImpl) Operations 

func (signer *SigningKeyImpl) Operations() []jose.KeyOps

Operations returns the allowed operations for the SigningKey

func (*SigningKeyImpl) Sign 

func (signer *SigningKeyImpl) Sign(requested jose.KeyOps, data []byte) ([]byte, error)

Sign perform signing operations on data, or error

func (*SigningKeyImpl) Verifier 

func (signer *SigningKeyImpl) Verifier() (VerificationKey, error)

Verifier verification key for signing jwk

type TrustKeyStoreImpl 

type TrustKeyStoreImpl struct {
	// contains filtered or unexported fields
}

TrustKeyStoreImpl implements the Trust Store API

func NewTrustKeyStore 

func NewTrustKeyStore(rootData map[string]jose.Jwk) (store *TrustKeyStoreImpl, err error)

NewTrustKeyStore loads truststore for map of jose.JWK

func NewTrustKeyStoreFromFile 

func NewTrustKeyStoreFromFile(root string) (store *TrustKeyStoreImpl, err error)

NewTrustKeyStoreFromFile loads truststore for a

func (*TrustKeyStoreImpl) Add 

func (store *TrustKeyStoreImpl) Add(issuer string, jwk jose.Jwk) error

Add add an issuer and JWK to the truststore

func (*TrustKeyStoreImpl) Get 

func (store *TrustKeyStoreImpl) Get(issuer, kid string) VerificationKey

Get get verification jwk for issuer and jwk id

func (*TrustKeyStoreImpl) Remove 

func (store *TrustKeyStoreImpl) Remove(issuer, kid string) bool

Remove remove JWK for issuer and jwk id

type TrustStore 

type TrustStore interface {
	Add(issuer string, jwk jose.Jwk) error
	Remove(issuer, kid string) bool
	Get(issuer, kid string) VerificationKey
}

TrustStore provides the ability to manage trusted root public keys for use when verifying cryptographic signatures.

type VerificationKey 

type VerificationKey interface {
	Key
	MarshalableKey
	CertifiableKey
	Algorithmed
	// Verify verifies the operation being performed is supported and
	// that the signature is derived from the data.
	Verify(operation jose.KeyOps, data []byte, signature []byte) bool
}

VerificationKey implements verification of a cryptographic signature.

func NewVerificationKey 

func NewVerificationKey(jwk jose.Jwk) (VerificationKey, error)

NewVerificationKey for jwk or error

Source Files

View all Source files

Directories

Path Synopsis
examples
jwe
jwt

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.