jwkUtils

package

v1.0.8 Latest Latest Go to latest Published: Sep 10, 2023 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation ¶

Index ¶

Constants
Variables
func CalculateThumbprintJWK(jwk *JWK) string
type BaseThumbprintJWK
type JWK
type JWKeySet
- func CreateJWKeySet(jwKeys *[]JWK) *JWKeySet
- func (jwks *JWKeySet) SearchJWKeyByAlg(searchStr string) *[]JWK
type PublicJWK

Constants ¶

const JWKeyEncType = "enc"

View Source

const JWKeySignType = "sig"

Variables ¶

View Source

var ErrUnsupportedKey = errors.New("unsupported key")

View Source

var JWAlgorithmToJWKCrvAndHashType = map[string]map[string]string{
	"ES256": {jwk.ECDSACrvKey: "P-256", "hash": "SHA256", jwk.KeyTypeKey: "EC", jwk.KeyUsageKey: JWKeySignType},
	"ES384": {jwk.ECDSACrvKey: "P-384", "hash": "SHA384", jwk.KeyTypeKey: "EC", jwk.KeyUsageKey: JWKeySignType},
	"ES512": {jwk.ECDSACrvKey: "P-521", "hash": "SHA512", jwk.KeyTypeKey: "EC", jwk.KeyUsageKey: JWKeySignType},
}

Functions ¶

func CalculateThumbprintJWK ¶

func CalculateThumbprintJWK(jwk *JWK) string

CalculateThumbprintJWK returns the SHA-256 hash Base64Url encoded or empty string ("") if error.

Types ¶

type BaseThumbprintJWK ¶

type BaseThumbprintJWK struct {
	Alg  string  `json:"alg,omitempty"` // for Crystals-Dilithium and Crystals-Kyber
	Crv  *string `json:"crv,omitempty"` // for non-PQC Elliptic Curve keys
	Kty  string  `json:"kty,omitempty"`
	Pset *string `json:"pset,omitempty"` // for Crystals-Dilithium
	X    string  `json:"x,omitempty"`    // for public Dilithium, Kyber and Elliptic Curve keys
	Y    *string `json:"y,omitempty"`    // for public Elliptic Curve keys
}

BaseThumbprintJWK is to calculate the Thumbprint of a public key.

type JWK ¶

type JWK struct {
	Alg  string  `json:"alg,omitempty" bson:"alg,omitempty"`   // for Crystals-Dilithium and Crystals-Kyber
	Crv  *string `json:"crv,omitempty" bson:"crv,omitempty"`   // for non-PQC Elliptic Curve keys
	H    *string `json:"h,omitempty" bson:"h,omitempty"`       // Crystals-Kyber SHA3-256 of public key bytes: H(pk)
	Kid  string  `json:"kid,omitempty" bson:"kid,omitempty"`   // the JWK Thumbprint id the keyID (kid) as per RFC
	Kty  string  `json:"kty,omitempty" bson:"kty,omitempty"`   // "EC", "PQK"
	Pset *string `json:"pset,omitempty" bson:"pset,omitempty"` // for Crystals-Dilithium
	X    string  `json:"x,omitempty" bson:"x,omitempty"`       // for public Dilithium, Kyber and Elliptic Curve keys
	Xs   *string `json:"xs,omitempty" bson:"xs,omitempty"`     // for Dilithium: shake256 of the public key (not the JWK) encoded in raw base64url [RFC4648]
	Y    *string `json:"y,omitempty" bson:"y,omitempty"`       // for public Elliptic Curve keys
	Use  *string `json:"use,omitempty" bson:"use,omitempty"`   // 'enc' or 'sig'
	D    *string `json:"d,omitempty" bson:"d,omitempty"`       // for Crystals-Dilithium, Crystals-Kyber and Elliptic Curve keys
	Ds   *string `json:"ds,omitempty" bson:"ds,omitempty"`     // for Dilithium: shake256 of the private key (not the JWK) encoded in raw base64url [RFC4648]
	// N *string `json:"n,omitempty" bson:"n,omitempty"`       // for RSA keys
	// E *string `json:"e,omitempty" bson:"e,omitempty"`       // for RSA keys
	K *string `json:"k,omitempty" bson:"k,omitempty"` // for Symmetric Keys

}

All possible properties including the private key "d" (RSA not supported for now)

func ExportPublicJWK ¶

func ExportPublicJWK(jwk *JWK) (publicJWK JWK)

ExportPublicJWK copies the private key and removes the private data.

func GetPublicJWK ¶

func GetPublicJWK(jwk *JWK) (publicJWK *JWK)

GetPublicJWK returns only the public data of a JWK.

func SetPrivateKeyBase64Url ¶

func SetPrivateKeyBase64Url(jwk *JWK, privateKeyBase64Url *string) JWK

func SetPrivateKeyBytes ¶

func SetPrivateKeyBytes(publicJWK *JWK, privateKeyBytesASN1 *[]byte) (privateJWK *JWK)

type JWKeySet ¶

type JWKeySet struct {
	Keys []JWK `json:"keys"`
}

JWKeySet is a JWK Set data structure that represents a set of public JWKs for signature verification and / or data encryption. See: https://datatracker.ietf.org/doc/html/rfc7517

func CreateJWKeySet ¶

func CreateJWKeySet(jwKeys *[]JWK) *JWKeySet

CreateJWKeySet returns a JWK Set data structure that represents a set of public JWKs for signature verification and / or data encryption. See: https://datatracker.ietf.org/doc/html/rfc7517

func (*JWKeySet) SearchJWKeyByAlg ¶

func (jwks *JWKeySet) SearchJWKeyByAlg(searchStr string) *[]JWK

it returns an array of keys containing the given string in the alg property or nil. E.g. looking for "kyber" can return "kyber-768-r3" amd "kyber-1024-r3" keys if both exist.

type PublicJWK ¶

type PublicJWK struct {
	Alg  string  `json:"alg,omitempty" bson:"alg,omitempty"`   // for Crystals-Dilithium and Crystals-Kyber
	Crv  *string `json:"crv,omitempty" bson:"crv,omitempty"`   // for non-PQC Elliptic Curve keys
	H    *string `json:"h,omitempty" bson:"h,omitempty"`       // hashed public key (32 bytes). Kyber uses SHA3-256 as H by default
	Kid  string  `json:"kid,omitempty" bson:"kid,omitempty"`   // the JWK Thumbprint id the keyID (kid) as per RFC
	Kty  string  `json:"kty,omitempty" bson:"kty,omitempty"`   // "EC", "PQK"
	Pset *string `json:"pset,omitempty" bson:"pset,omitempty"` // for Crystals-Dilithium
	X    string  `json:"x,omitempty" bson:"x,omitempty"`       // for public Dilithium, Kyber and Elliptic Curve keys
	Xs   *string `json:"xs,omitempty" bson:"xs,omitempty"`     // for Dilithium: shake256 of the public key (not the JWK) encoded in raw base64url [RFC4648]
	Y    *string `json:"y,omitempty" bson:"y,omitempty"`       // for public Elliptic Curve keys
	Use  *string `json:"use,omitempty" bson:"use,omitempty"`   // 'enc' or 'sig'
}

Extends BaseThumbprintJWK with "kid" and hash of "x" such as "h" (hpk) or "xs".

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL