keyenc

package

v0.1.4 Latest Latest Go to latest Published: Dec 11, 2024 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

README ¶

Key encryption

import "github.com/a-novel-kit/jwt-core/jwe/keyenc"

Handlers for the key encryption of JSON Web Encryption.

Decrypt
Encrypt
Deprecation on RSA1_5 algorithms

Decrypt

Decrypt takes an encrypted content encryption key (CEK) and a private asymmetric key, and returns the decrypted CEK.

cek, err := keyenc.Decrypt(encryptedKey, privateKey)

The following algorithms are supported:

Algorithm	Method
RSA1_5 ⚠️	`DecryptRSAESPKCS1V15(key *rsa.PrivateKey, encrypted []byte) ([]byte, error)`
RSA-OAEP RSA-OAEP-256	`DecryptRSAESOAEP(key *rsa.PrivateKey, keyHash hash.Hash, encrypted []byte) ([]byte, error)`

Encrypt

Encrypt takes a content encryption key (CEK) and a public asymmetric key, and returns the encrypted CEK.

encryptedKey, err := keyenc.Encrypt(cek, publicKey)

The following algorithms are supported:

Algorithm	Method
RSA1_5 ⚠️	`EncryptRSAESPKCS1V15(key *rsa.PublicKey, cek []byte) ([]byte, error)`
RSA-OAEP RSA-OAEP-256	`EncryptRSAESOAEP(key *rsa.PublicKey, keyHash hash.Hash, cek []byte) ([]byte, error)`

Deprecation on RSA1_5 algorithms

RSASSA PKCS #1 v1.5 has been deprecated by the standards, and is only included for backwards compatibility.

Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5. Although no attacks are known against RSASSA-PKCS1-v1_5, in the interest of increased robustness, RSASSA-PSS is REQUIRED in new applications. RSASSA-PKCS1-v1_5 is included only for compatibility with existing applications.

Documentation ¶

Index ¶

Variables
func DecryptRSAESOAEP(key *rsa.PrivateKey, keyHash hash.Hash, encrypted []byte) ([]byte, error)
func DecryptRSAESPKCS1V15(key *rsa.PrivateKey, encrypted []byte) ([]byte, error)deprecated
func DerivePBES2(hash crypto.Hash, salt, password []byte, iterations int) ([]byte, error)
func EncryptRSAESOAEP(key *rsa.PublicKey, keyHash hash.Hash, cek []byte) ([]byte, error)
func EncryptRSAESPKCS1V15(key *rsa.PublicKey, cek []byte) ([]byte, error)deprecated

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrUnsupportedHash = errors.New("unsupported hash")

Functions ¶

func DecryptRSAESOAEP ¶

func DecryptRSAESOAEP(key *rsa.PrivateKey, keyHash hash.Hash, encrypted []byte) ([]byte, error)

DecryptRSAESOAEP decrypts the CEK using RSAES-OAEP algorithm.

func DecryptRSAESPKCS1V15 deprecated

func DecryptRSAESPKCS1V15(key *rsa.PrivateKey, encrypted []byte) ([]byte, error)

DecryptRSAESPKCS1V15 decrypts the CEK using RSAES-PKCS1-v1.5 algorithm.

Deprecated: RSASSA PKCS #1 v1.5 has been deprecated by the standards, and is only included for backwards compatibility. Use DecryptRSAESOAEP instead.

https://www.rfc-editor.org/rfc/rfc8017#section-8

func DerivePBES2 ¶

func DerivePBES2(hash crypto.Hash, salt, password []byte, iterations int) ([]byte, error)

DerivePBES2 derives a Key Wrapping Key (KWK) from a password using PBES2.

func EncryptRSAESOAEP ¶

func EncryptRSAESOAEP(key *rsa.PublicKey, keyHash hash.Hash, cek []byte) ([]byte, error)

EncryptRSAESOAEP encrypts the CEK using RSAES-OAEP algorithm.

func EncryptRSAESPKCS1V15 deprecated

func EncryptRSAESPKCS1V15(key *rsa.PublicKey, cek []byte) ([]byte, error)

EncryptRSAESPKCS1V15 encrypts the CEK using RSAES-PKCS1-v1.5 algorithm.

Deprecated: RSASSA PKCS #1 v1.5 has been deprecated by the standards, and is only included for backwards compatibility. Use EncryptRSAESOAEP instead.

https://www.rfc-editor.org/rfc/rfc8017#section-8

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL