jwk

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 5, 2025 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	A128CBC = AESPreset{
		Alg: jwa.Alg(jwa.A128CBC),
		KeyOps: []jwa.KeyOp{
			jwa.KeyOpEncrypt,
			jwa.KeyOpDecrypt,
		},
		KeySize: 32,
	}
	A192CBC = AESPreset{
		Alg: jwa.Alg(jwa.A192CBC),
		KeyOps: []jwa.KeyOp{
			jwa.KeyOpEncrypt,
			jwa.KeyOpDecrypt,
		},
		KeySize: 48,
	}
	A256CBC = AESPreset{
		Alg: jwa.Alg(jwa.A256CBC),
		KeyOps: []jwa.KeyOp{
			jwa.KeyOpEncrypt,
			jwa.KeyOpDecrypt,
		},
		KeySize: 64,
	}

	A128GCM = AESPreset{
		Alg: jwa.Alg(jwa.A128GCM),
		KeyOps: []jwa.KeyOp{
			jwa.KeyOpEncrypt,
			jwa.KeyOpDecrypt,
		},
		KeySize: 16,
	}
	A192GCM = AESPreset{
		Alg: jwa.Alg(jwa.A192GCM),
		KeyOps: []jwa.KeyOp{
			jwa.KeyOpEncrypt,
			jwa.KeyOpDecrypt,
		},
		KeySize: 24,
	}
	A256GCM = AESPreset{
		Alg: jwa.Alg(jwa.A256GCM),
		KeyOps: []jwa.KeyOp{
			jwa.KeyOpEncrypt,
			jwa.KeyOpDecrypt,
		},
		KeySize: 32,
	}
)

Content-Encryption Keys (CEK).

View Source 
var (
	A128KW = AESPreset{
		Alg: jwa.A128KW,
		KeyOps: []jwa.KeyOp{
			jwa.KeyOpWrapKey,
			jwa.KeyOpUnwrapKey,
		},
		KeySize: 16,
	}
	A192KW = AESPreset{
		Alg: jwa.A192KW,
		KeyOps: []jwa.KeyOp{
			jwa.KeyOpWrapKey,
			jwa.KeyOpUnwrapKey,
		},
		KeySize: 24,
	}
	A256KW = AESPreset{
		Alg: jwa.A256KW,
		KeyOps: []jwa.KeyOp{
			jwa.KeyOpWrapKey,
			jwa.KeyOpUnwrapKey,
		},
		KeySize: 32,
	}

	A128GCMKW = AESPreset{
		Alg: jwa.A128GCMKW,
		KeyOps: []jwa.KeyOp{
			jwa.KeyOpWrapKey,
			jwa.KeyOpUnwrapKey,
		},
		KeySize: 16,
	}
	A192GCMKW = AESPreset{
		Alg: jwa.A192GCMKW,
		KeyOps: []jwa.KeyOp{
			jwa.KeyOpWrapKey,
			jwa.KeyOpUnwrapKey,
		},
		KeySize: 24,
	}
	A256GCMKW = AESPreset{
		Alg: jwa.A256GCMKW,
		KeyOps: []jwa.KeyOp{
			jwa.KeyOpWrapKey,
			jwa.KeyOpUnwrapKey,
		},
		KeySize: 32,
	}
)

Key-Encryption Keys (KEK).

View Source 
var (
	ES256 = ECDSAPreset{
		Alg:   jwa.ES256,
		Curve: elliptic.P256(),
	}
	ES384 = ECDSAPreset{
		Alg:   jwa.ES384,
		Curve: elliptic.P384(),
	}
	ES512 = ECDSAPreset{
		Alg:   jwa.ES512,
		Curve: elliptic.P521(),
	}
)
View Source 
var (
	HS256 = HMACPreset{
		Alg: jwa.HS256,

		KeySize: 64,
	}
	HS384 = HMACPreset{
		Alg: jwa.HS384,

		KeySize: 128,
	}
	HS512 = HMACPreset{
		Alg: jwa.HS512,

		KeySize: 128,
	}
)
View Source 
var (
	RS256 = RSAPreset{
		Alg:           jwa.RS256,
		Use:           jwa.UseSig,
		PrivateKeyOps: []jwa.KeyOp{jwa.KeyOpSign},
		PublicKeyOps:  []jwa.KeyOp{jwa.KeyOpVerify},

		KeySize: 2048,
	}
	RS384 = RSAPreset{
		Alg:           jwa.RS384,
		Use:           jwa.UseSig,
		PrivateKeyOps: []jwa.KeyOp{jwa.KeyOpSign},
		PublicKeyOps:  []jwa.KeyOp{jwa.KeyOpVerify},

		KeySize: 3072,
	}
	RS512 = RSAPreset{
		Alg:           jwa.RS512,
		Use:           jwa.UseSig,
		PrivateKeyOps: []jwa.KeyOp{jwa.KeyOpSign},
		PublicKeyOps:  []jwa.KeyOp{jwa.KeyOpVerify},

		KeySize: 4096,
	}

	PS256 = RSAPreset{
		Alg:           jwa.PS256,
		Use:           jwa.UseSig,
		PrivateKeyOps: []jwa.KeyOp{jwa.KeyOpSign},
		PublicKeyOps:  []jwa.KeyOp{jwa.KeyOpVerify},

		KeySize: 2048,
	}
	PS384 = RSAPreset{
		Alg:           jwa.PS384,
		Use:           jwa.UseSig,
		PrivateKeyOps: []jwa.KeyOp{jwa.KeyOpSign},
		PublicKeyOps:  []jwa.KeyOp{jwa.KeyOpVerify},

		KeySize: 3072,
	}
	PS512 = RSAPreset{
		Alg:           jwa.PS512,
		Use:           jwa.UseSig,
		PrivateKeyOps: []jwa.KeyOp{jwa.KeyOpSign},
		PublicKeyOps:  []jwa.KeyOp{jwa.KeyOpVerify},

		KeySize: 4096,
	}
)

Signature algorithms.

View Source 
var (
	RSAOAEP = RSAPreset{
		Alg:           jwa.RSAOAEP,
		Use:           jwa.UseEnc,
		PrivateKeyOps: []jwa.KeyOp{jwa.KeyOpEncrypt},
		PublicKeyOps:  []jwa.KeyOp{jwa.KeyOpDecrypt},
		KeySize:       4096,
	}
	RSAOAEP256 = RSAPreset{
		Alg:           jwa.RSAOAEP256,
		Use:           jwa.UseEnc,
		PrivateKeyOps: []jwa.KeyOp{jwa.KeyOpEncrypt},
		PublicKeyOps:  []jwa.KeyOp{jwa.KeyOpDecrypt},
		KeySize:       4096,
	}
)

Key management algorithms.

View Source 
var ErrJWKMismatch = errors.New("jwk and key mismatch")
View Source 
var ErrKeyNotFound = errors.New("key not found")

Functions

func ConsumeECDH 

func ConsumeECDH(source *jwa.JWK) (*Key[*ecdh.PrivateKey], *Key[*ecdh.PublicKey], error)

ConsumeECDH consumes a JSON Web Key and returns the secret key for ECDH encryption algorithms.

If the JSON Web Key does not represent the ECDH key, ErrJWKMismatch is returned.

If the key represents a public key only, the private key will be nil.

func ConsumeECDSA 

func ConsumeECDSA(source *jwa.JWK, preset ECDSAPreset) (*Key[*ecdsa.PrivateKey], *Key[*ecdsa.PublicKey], error)

ConsumeECDSA consumes a JSON Web Key and returns the secret key for ECDSA encryption algorithms.

If the JSON Web Key does not represent the ECDSA key described by the preset, ErrJWKMismatch is returned.

If the key represents a public key only, the private key will be nil.

Available presets are:

  • ES256
  • ES384
  • ES512

func ConsumeED25519 

func ConsumeED25519(source *jwa.JWK) (*Key[ed25519.PrivateKey], *Key[ed25519.PublicKey], error)

ConsumeED25519 consumes a JSON Web Key and returns the secret key for ED25519 signature algorithms.

If the JSON Web Key does not represent the ED25519 key, ErrJWKMismatch is returned.

If the key represents a public key only, the private key will be nil.

func ConsumeRSA 

func ConsumeRSA(source *jwa.JWK, preset RSAPreset) (*Key[*rsa.PrivateKey], *Key[*rsa.PublicKey], error)

ConsumeRSA consumes a JSON Web Key and returns the secret key for RSA signature and encryption algorithms.

If the JSON Web Key does not represent the RSA key described by the preset, ErrJWKMismatch is returned.

If the key represents a public key only, the private key will be nil.

Available presets for signature algorithms are:

  • RS256
  • RS384
  • RS512
  • PS256
  • PS384
  • PS512

Available presets for key management algorithms are:

  • RSAOAEP
  • RSAOAEP256

func GenerateECDH 

func GenerateECDH() (*Key[*ecdh.PrivateKey], *Key[*ecdh.PublicKey], error)

GenerateECDH generates a new ECDH key pair.

You can either retrieve the secret key directly (using res.Key()), or marshal the result into a JSON Web Key, using json.Marshal.

func GenerateECDSA 

func GenerateECDSA(preset ECDSAPreset) (*Key[*ecdsa.PrivateKey], *Key[*ecdsa.PublicKey], error)

GenerateECDSa generates a new ECDSA key pair.

You can either retrieve the secret key directly (using res.Key()), or marshal the result into a JSON Web Key, using json.Marshal.

Available presets are:

  • ES256
  • ES384
  • ES512

func GenerateED25519 

func GenerateED25519() (*Key[ed25519.PrivateKey], *Key[ed25519.PublicKey], error)

GenerateED25519 generates a new ED25519 key pair.

You can either retrieve the secret key directly (using res.Key()), or marshal the result into a JSON Web Key, using json.Marshal.

func GenerateRSA 

func GenerateRSA(preset RSAPreset) (*Key[*rsa.PrivateKey], *Key[*rsa.PublicKey], error)

GenerateRSA generates a new RSA public/private key pair.

You can either retrieve the secret key directly (using res.Key()), or marshal the result into a JSON Web Key, using json.Marshal.

Available presets for signature algorithms are:

  • RS256
  • RS384
  • RS512
  • PS256
  • PS384
  • PS512

Available presets for key management algorithms are:

  • RSAOAEP
  • RSAOAEP256

Types

type AESPreset 

type AESPreset struct {
	Alg     jwa.Alg
	KeyOps  []jwa.KeyOp
	KeySize int
}

type ECDSAPreset 

type ECDSAPreset struct {
	Alg   jwa.Alg
	Curve elliptic.Curve
}

type HMACPreset 

type HMACPreset struct {
	Alg     jwa.Alg
	KeySize int
}

type Key 

type Key[K any] struct {
	*jwa.JWK
	// contains filtered or unexported fields
}

func ConsumeAES 

func ConsumeAES(source *jwa.JWK, preset AESPreset) (*Key[[]byte], error)

ConsumeAES consumes a JSON Web Key and returns the secret key for AES encryption algorithms.

If the JSON Web Key does not represent the AES key described by the preset, ErrJWKMismatch is returned.

Available presets for CEK keys are:

  • A128CBC
  • A192CBC
  • A256CBC
  • A128GCM
  • A192GCM
  • A256GCM

Available presets for KEK keys are:

  • A128KW
  • A192KW
  • A256KW
  • A128GCMKW
  • A192GCMKW
  • A256GCMKW

func ConsumeHMAC 

func ConsumeHMAC(source *jwa.JWK, preset HMACPreset) (*Key[[]byte], error)

ConsumeHMAC consumes a JSON Web Key and returns the secret key for HMAC signature algorithms.

If the JSON Web Key does not represent the HMAC key described by the preset, ErrJWKMismatch is returned.

Available presets are:

  • HS256
  • HS384
  • HS512

func GenerateAES 

func GenerateAES(preset AESPreset) (*Key[[]byte], error)

GenerateAES generates a new secret key for AES encryption algorithms.

You can either retrieve the secret key directly (using res.Key()), or marshal the result into a JSON Web Key, using json.Marshal.

Available presets for CEK keys are:

  • A128CBC
  • A192CBC
  • A256CBC
  • A128GCM
  • A192GCM
  • A256GCM

Available presets for KEK keys are:

  • A128KW
  • A192KW
  • A256KW
  • A128GCMKW
  • A192GCMKW
  • A256GCMKW

func GenerateHMAC 

func GenerateHMAC(preset HMACPreset) (*Key[[]byte], error)

GenerateHMAC generates a new secret key for HMAC signature algorithms.

You can either retrieve the secret key directly (using res.Key()), or marshal the result into a JSON Web Key, using json.Marshal.

Available presets are:

  • HS256
  • HS384
  • HS512

func NewKey 

func NewKey[K any](jwk *jwa.JWK, parsed K) *Key[K]

func (*Key[K]) Key 

func (key *Key[K]) Key() K

type KeyParser 

type KeyParser[K any] func(ctx context.Context, jwk *jwa.JWK) (*Key[K], error)

KeyParser decodes keys from a source into a consumable format.

type KeysFetcher 

type KeysFetcher func(ctx context.Context) ([]*jwa.JWK, error)

KeysFetcher is a function that fetches keys from a source. The keys MUST be sorted by priority, with top-most keys being the most important.

type RSAPreset 

type RSAPreset struct {
	Alg           jwa.Alg
	Use           jwa.Use
	PrivateKeyOps []jwa.KeyOp
	PublicKeyOps  []jwa.KeyOp
	KeySize       int
}

type Source 

type Source[K any] struct {
	// contains filtered or unexported fields
}

func NewAESSource 

func NewAESSource(config SourceConfig, preset AESPreset) *Source[[]byte]

func NewECDHPrivateSource 

func NewECDHPrivateSource(config SourceConfig) *Source[*ecdh.PrivateKey]

func NewECDHPublicSource 

func NewECDHPublicSource(config SourceConfig) *Source[*ecdh.PublicKey]

func NewECDSAPrivateSource 

func NewECDSAPrivateSource(config SourceConfig, preset ECDSAPreset) *Source[*ecdsa.PrivateKey]

func NewECDSAPublicSource 

func NewECDSAPublicSource(config SourceConfig, preset ECDSAPreset) *Source[*ecdsa.PublicKey]

func NewED25519PrivateSource 

func NewED25519PrivateSource(config SourceConfig) *Source[ed25519.PrivateKey]

func NewED25519PublicSource 

func NewED25519PublicSource(config SourceConfig) *Source[ed25519.PublicKey]

func NewGenericSource 

func NewGenericSource[K any](config SourceConfig, parser KeyParser[K]) *Source[K]

func NewHMACSource 

func NewHMACSource(config SourceConfig, preset HMACPreset) *Source[[]byte]

func NewRSAPrivateSource 

func NewRSAPrivateSource(config SourceConfig, preset RSAPreset) *Source[*rsa.PrivateKey]

func NewRSAPublicSource 

func NewRSAPublicSource(config SourceConfig, preset RSAPreset) *Source[*rsa.PublicKey]

func (*Source[K]) Get 

func (source *Source[K]) Get(ctx context.Context, kid string) (*Key[K], error)

Get a key using a specific ID. If the KID parameter is empty, the first key available will be returned.

func (*Source[K]) List 

func (source *Source[K]) List(ctx context.Context) ([]*Key[K], error)

List every key available.

type SourceConfig 

type SourceConfig struct {
	// How long keys are cached before being refreshed.
	CacheDuration time.Duration
	// Method used to refresh keys.
	Fetch KeysFetcher
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.