README
¶
Content encryption
import "github.com/a-novel-kit/jwt-core/jwe/enc"
Handlers for the content encryption of JSON Web Encryption.
Decrypt
Decrypt takes JWE claims, and decode them using a symmetric key. It returns the decrypted payload.
rawData, err := enc.Decrypt(claims, additionalData, key)
The following algorithms are supported:
| Algorithm | Method |
|---|---|
| AES CBC | DecryptAESCBC(data *AESPayload, additionalData []byte, key *AESKey) ([]byte, error) |
| AES GCM | DecryptAESGCM(data *AESPayload, additionalData []byte, key *AESKey) ([]byte, error) |
Encrypt
Encrypt takes a payload and a symmetric key, and returns JWE claims.
claims, err := enc.Encrypt(payload, additionalData, key)
The returned claims contain the following data:
| Field | Description |
|---|---|
E []byte |
The encrypted message. |
T []byte |
The authentication tag. |
The following algorithms are supported:
| Algorithm | Method |
|---|---|
| AES CBC | EncryptAESCBC(payload, additionalData []byte, key *AESKey) (*AESPayload, error) |
| AES GCM | EncryptAESGCM(payload, additionalData []byte, key *AESKey) (*AESPayload, error) |
Keygen
AES key must follow strict constraints when generated. This packages provides some helpers to generate them.
key, err := enc.GenerateKey(symmetric.KeySize)
All key generators take a key size as argument, that helps switch between the available key sizes. It returns a key with 2 fields:
| Field | Description |
|---|---|
CEK []byte |
The content encryption key. |
IV []byte |
The initialization vector. |
The following algorithms are supported:
| Algorithm | Method |
|---|---|
| AES CBC | GenerateAESKey(keySize CBCKeySize) (*AESKey, error) |
| AES GCM | GenerateAESGCMKey(keySize GCMKeySize) (*AESKey, error) |
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrCEKMismatch = errors.New("invalid CEK size: must match the sum of the encryption and MAC key sizes") ErrInvalidCipherText = errors.New("invalid ciphertext") )
Functions ¶
func DecryptAESCBC ¶
DecryptAESCBC decrypts the payload using AES-CBC with the given parameters. It returns the decrypted payload.
func DecryptAESGCM ¶
DecryptAESGCM decrypts the payload using AES-GCM. It returns the decrypted payload.
Types ¶
type AESPayload ¶
type AESPayload struct {
// E is the encrypted data.
E []byte
// T is the authentication tag.
T []byte
}
AESPayload represents the result of an AES encryption.
func EncryptAESCBC ¶
func EncryptAESCBC(payload, additionalData []byte, key *jwkcore.AESKeySet) (*AESPayload, error)
EncryptAESCBC encrypts the payload using AES-CBC with the given parameters. It returns (in order) the encrypted payload and the authentication tag.
Additional data is an optional parameter that can be used to pass unencrypted data to the payload.
func EncryptAESGCM ¶
func EncryptAESGCM(payload, additionalData []byte, key *jwkcore.AESKeySet) (*AESPayload, error)
EncryptAESGCM encrypts the payload using AES-GCM. It returns (in order) the encrypted payload and the authentication tag.
Additional data is an optional parameter that can be used to pass unencrypted data to the payload.
Source Files