README
¶
jwe
A go (or 'golang' for search engine friendliness) implementation of JSON Web Encryption. This is a companion package to https://github.com/golang-jwt/jwt. A common use-case is to encrypt the contents of a JWT using JWE.
Disclaimer
The public API of this package is highly unstable and we are nowhere near any
stable v1.0 version, so expect a number of breaking changes as we develop it.
Currently, this package is considered mostly a pet project, so please be aware
that the golang-jwt maintainers can only spent a limited time on this.
Therefore, any response to a pull request review might take some time. On the
other hand, we might be a little more lax with regards to API breaking pull
requests, as long as we are still in the v0.x version range.
Usage
In order to build a new JWE, which encrypts a certain payload the function
NewJWE should be used.
import "github.com/golang-jwt/jwe"
func main() {
originalText := []byte("The true sign of intelligence is not knowledge but imagination.")
token, err := jwe.NewJWE(jwe.KeyAlgorithmRSAOAEP, pk, jwe.EncryptionTypeA256GCM, originalText)
if err != nil {
panic(err)
return
}
compact, err := token.CompactSerialize()
if err != nil {
panic(err)
return
}
}
Documentation
¶
Index ¶
- Constants
- Variables
- func NewJWE(alg KeyAlgorithm, key interface{}, method EncryptionType, plaintext []byte) (*jwe, error)
- func ParseEncrypted(input string) (*jwe, error)
- func ParseRSAPrivateKeyFromPEM(key []byte) (*rsa.PrivateKey, error)
- func ParseRSAPublicKeyFromPEM(key []byte) (*rsa.PublicKey, error)
- type EncryptionType
- type KeyAlgorithm
Constants ¶
const TagSizeAESGCM = 16
Variables ¶
var ( ErrInvalidKeySize = errors.New("invalid key size") ErrInvalidTagSize = errors.New("invalid tag size") ErrInvalidNonceSize = errors.New("invalid nonce size") ErrUnsupportedEncryptionType = errors.New("unsupported encryption type") )
var ( ErrMissingEncHeader = errors.New("missing \"enc\" header") ErrMissingAlgHeader = errors.New("missing \"alg\" header") )
var ( ErrUnsupportedKeyType = errors.New("unsupported key type") ErrUnsupportedKeyAlgorithm = errors.New("unsupported key algorithm") )
var ( ErrKeyMustBePEMEncoded = errors.New("invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key") ErrNotRSAPrivateKey = errors.New("key is not a valid RSA private key") ErrNotRSAPublicKey = errors.New("key is not a valid RSA public key") )
var EncryptionTypeA256GCM = EncryptionType("A256GCM")
var KeyAlgorithmRSAOAEP = KeyAlgorithm("RSA-OAEP")
var RandReader = rand.Reader
Functions ¶
func NewJWE ¶
func NewJWE(alg KeyAlgorithm, key interface{}, method EncryptionType, plaintext []byte) (*jwe, error)
NewJWE creates a new JWE token. The plaintext will be encrypted with the method using a Content Encryption Key (cek). The cek will be encrypted with the alg using the key.
func ParseEncrypted ¶
func ParseRSAPrivateKeyFromPEM ¶
func ParseRSAPrivateKeyFromPEM(key []byte) (*rsa.PrivateKey, error)
ParseRSAPrivateKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 private key
Types ¶
type EncryptionType ¶
type EncryptionType string
type KeyAlgorithm ¶
type KeyAlgorithm string
Source Files