Documentation ¶
Overview ¶
Package crypto implements "SigningMethods" and "EncryptionMethods"; that is, ways to sign and encrypt JWS and JWEs, respectively, as well as JWTs.
Index ¶
- Variables
- func ParseECPrivateKeyFromPEM(key []byte) (*ecdsa.PrivateKey, error)
- func ParseECPublicKeyFromPEM(key []byte) (*ecdsa.PublicKey, error)
- func ParseRSAPrivateKeyFromPEM(key []byte) (*rsa.PrivateKey, error)
- func ParseRSAPublicKeyFromPEM(key []byte) (*rsa.PublicKey, error)
- type ECPoint
- type Signature
- type SigningMethod
- type SigningMethodECDSA
- func (m *SigningMethodECDSA) Alg() string
- func (m *SigningMethodECDSA) Hasher() crypto.Hash
- func (m *SigningMethodECDSA) MarshalJSON() ([]byte, error)
- func (m *SigningMethodECDSA) Sign(data []byte, key interface{}) (Signature, error)
- func (m *SigningMethodECDSA) Verify(raw []byte, signature Signature, key interface{}) error
- type SigningMethodHMAC
- func (m *SigningMethodHMAC) Alg() string
- func (m *SigningMethodHMAC) Hasher() crypto.Hash
- func (m *SigningMethodHMAC) MarshalJSON() ([]byte, error)
- func (m *SigningMethodHMAC) Sign(data []byte, key interface{}) (Signature, error)
- func (m *SigningMethodHMAC) Verify(raw []byte, signature Signature, key interface{}) error
- type SigningMethodNone
- func (m *SigningMethodNone) Alg() string
- func (m *SigningMethodNone) Hasher() crypto.Hash
- func (m *SigningMethodNone) MarshalJSON() ([]byte, error)
- func (_ *SigningMethodNone) Sign(_ []byte, _ interface{}) (Signature, error)
- func (_ *SigningMethodNone) Verify(_ []byte, _ Signature, _ interface{}) error
- type SigningMethodRSA
- func (m *SigningMethodRSA) Alg() string
- func (m *SigningMethodRSA) Hasher() crypto.Hash
- func (m *SigningMethodRSA) MarshalJSON() ([]byte, error)
- func (m *SigningMethodRSA) Sign(data []byte, key interface{}) (Signature, error)
- func (m *SigningMethodRSA) Verify(raw []byte, sig Signature, key interface{}) error
- type SigningMethodRSAPSS
Constants ¶
This section is empty.
Variables ¶
var ( // SigningMethodES256 implements ES256. SigningMethodES256 = &SigningMethodECDSA{ Name: "ES256", Hash: crypto.SHA256, } // SigningMethodES384 implements ES384. SigningMethodES384 = &SigningMethodECDSA{ Name: "ES384", Hash: crypto.SHA384, } // SigningMethodES512 implements ES512. SigningMethodES512 = &SigningMethodECDSA{ Name: "ES512", Hash: crypto.SHA512, } )
Specific instances of EC SigningMethods.
var ( ErrNotECPublicKey = errors.New("Key is not a valid ECDSA public key") ErrNotECPrivateKey = errors.New("Key is not a valid ECDSA private key") )
ECDSA parsing errors.
var ( // SigningMethodHS256 implements HS256. SigningMethodHS256 = &SigningMethodHMAC{ Name: "HS256", Hash: crypto.SHA256, } // SigningMethodHS384 implements HS384. SigningMethodHS384 = &SigningMethodHMAC{ Name: "HS384", Hash: crypto.SHA384, } // SigningMethodHS512 implements HS512. SigningMethodHS512 = &SigningMethodHMAC{ Name: "HS512", Hash: crypto.SHA512, } // ErrSignatureInvalid is returned when the provided signature is found // to be invalid. ErrSignatureInvalid = errors.New("signature is invalid") )
Specific instances of HMAC-SHA SigningMethods.
var ( // SigningMethodRS256 implements RS256. SigningMethodRS256 = &SigningMethodRSA{ Name: "RS256", Hash: crypto.SHA256, } // SigningMethodRS384 implements RS384. SigningMethodRS384 = &SigningMethodRSA{ Name: "RS384", Hash: crypto.SHA384, } // SigningMethodRS512 implements RS512. SigningMethodRS512 = &SigningMethodRSA{ Name: "RS512", Hash: crypto.SHA512, } )
Specific instances of RSA SigningMethods.
var ( // SigningMethodPS256 implements PS256. SigningMethodPS256 = &SigningMethodRSAPSS{ &SigningMethodRSA{ Name: "PS256", Hash: crypto.SHA256, }, &rsa.PSSOptions{ SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA256, }, } // SigningMethodPS384 implements PS384. SigningMethodPS384 = &SigningMethodRSAPSS{ &SigningMethodRSA{ Name: "PS384", Hash: crypto.SHA384, }, &rsa.PSSOptions{ SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA384, }, } // SigningMethodPS512 implements PS512. SigningMethodPS512 = &SigningMethodRSAPSS{ &SigningMethodRSA{ Name: "PS512", Hash: crypto.SHA512, }, &rsa.PSSOptions{ SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA512, }, } )
Specific instances for RS/PS SigningMethods.
var ( ErrKeyMustBePEMEncoded = errors.New("invalid key: Key must be PEM encoded PKCS1 or PKCS8 private key") ErrNotRSAPrivateKey = errors.New("key is not a valid RSA private key") ErrNotRSAPublicKey = errors.New("key is not a valid RSA public key") )
Errors specific to rsa_utils.
var ErrECDSAVerification = errors.New("crypto/ecdsa: verification error")
ErrECDSAVerification is missing from crypto/ecdsa compared to crypto/rsa
var ( // ErrInvalidKey means the key argument passed to SigningMethod.Verify // was not the correct type. ErrInvalidKey = errors.New("key is invalid") )
var Unsecured = &SigningMethodNone{ Name: "none", Hash: crypto.Hash(0), }
Unsecured is the default "none" algorithm.
Functions ¶
func ParseECPrivateKeyFromPEM ¶
func ParseECPrivateKeyFromPEM(key []byte) (*ecdsa.PrivateKey, error)
ParseECPrivateKeyFromPEM will parse a PEM encoded EC Private Key Structure.
func ParseECPublicKeyFromPEM ¶
ParseECPublicKeyFromPEM will parse a PEM encoded PKCS1 or PKCS8 public key
func ParseRSAPrivateKeyFromPEM ¶
func ParseRSAPrivateKeyFromPEM(key []byte) (*rsa.PrivateKey, error)
ParseRSAPrivateKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 private key.
Types ¶
type Signature ¶
type Signature []byte
Signature is a JWS signature.
func (Signature) MarshalJSON ¶
MarshalJSON implements json.Marshaler for a signature.
func (*Signature) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler for signature.
type SigningMethod ¶
type SigningMethod interface { // Alg describes the signing algorithm, and is used to uniquely // describe the specific crypto.SigningMethod. Alg() string // Verify accepts the raw content, the signature, and the key used // to sign the raw content, and returns any errors found while validating // the signature and content. Verify(raw []byte, sig Signature, key interface{}) error // Sign returns a Signature for the raw bytes, as well as any errors // that occurred during the signing. Sign(raw []byte, key interface{}) (Signature, error) // Used to cause quick panics when a crypto.SigningMethod whose form of hashing // isn't linked in the binary when you register a crypto.SigningMethod. // To spoof this, see "crypto.SigningMethodNone". Hasher() crypto.Hash }
SigningMethod is an interface that provides a way to sign JWS tokens.
type SigningMethodECDSA ¶
type SigningMethodECDSA struct { Name string Hash crypto.Hash // contains filtered or unexported fields }
SigningMethodECDSA implements the ECDSA family of signing methods signing methods
func (*SigningMethodECDSA) Alg ¶
func (m *SigningMethodECDSA) Alg() string
Alg returns the name of the SigningMethodECDSA instance.
func (*SigningMethodECDSA) Hasher ¶
func (m *SigningMethodECDSA) Hasher() crypto.Hash
Hasher implements the Hasher method from SigningMethod.
func (*SigningMethodECDSA) MarshalJSON ¶
func (m *SigningMethodECDSA) MarshalJSON() ([]byte, error)
MarshalJSON is in case somebody decides to place SigningMethodECDSA inside the Header, presumably because they (wrongly) decided it was a good idea to use the SigningMethod itself instead of the SigningMethod's Alg method. In order to keep things sane, marshalling this will simply return the JSON-compatible representation of m.Alg().
type SigningMethodHMAC ¶
type SigningMethodHMAC struct { Name string Hash crypto.Hash // contains filtered or unexported fields }
SigningMethodHMAC implements the HMAC-SHA family of SigningMethods.
func (*SigningMethodHMAC) Alg ¶
func (m *SigningMethodHMAC) Alg() string
Alg implements the SigningMethod interface.
func (*SigningMethodHMAC) Hasher ¶
func (m *SigningMethodHMAC) Hasher() crypto.Hash
Hasher implements the SigningMethod interface.
func (*SigningMethodHMAC) MarshalJSON ¶
func (m *SigningMethodHMAC) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler. See SigningMethodECDSA.MarshalJSON() for information.
type SigningMethodNone ¶
type SigningMethodNone struct { Name string Hash crypto.Hash // contains filtered or unexported fields }
SigningMethodNone is the default "none" algorithm.
func (*SigningMethodNone) Alg ¶
func (m *SigningMethodNone) Alg() string
Alg helps implement the SigningMethod interface.
func (*SigningMethodNone) Hasher ¶
func (m *SigningMethodNone) Hasher() crypto.Hash
Hasher helps implement the SigningMethod interface.
func (*SigningMethodNone) MarshalJSON ¶
func (m *SigningMethodNone) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler. See SigningMethodECDSA.MarshalJSON() for information.
type SigningMethodRSA ¶
type SigningMethodRSA struct { Name string Hash crypto.Hash // contains filtered or unexported fields }
SigningMethodRSA implements the RSA family of SigningMethods.
func (*SigningMethodRSA) Alg ¶
func (m *SigningMethodRSA) Alg() string
Alg implements the SigningMethod interface.
func (*SigningMethodRSA) Hasher ¶
func (m *SigningMethodRSA) Hasher() crypto.Hash
Hasher implements the SigningMethod interface.
func (*SigningMethodRSA) MarshalJSON ¶
func (m *SigningMethodRSA) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler. See SigningMethodECDSA.MarshalJSON() for information.
type SigningMethodRSAPSS ¶
type SigningMethodRSAPSS struct { *SigningMethodRSA Options *rsa.PSSOptions }
SigningMethodRSAPSS implements the RSAPSS family of SigningMethods.
func (*SigningMethodRSAPSS) Hasher ¶
func (m *SigningMethodRSAPSS) Hasher() crypto.Hash
Hasher implements the Hasher method from SigningMethod.
func (*SigningMethodRSAPSS) MarshalJSON ¶
func (m *SigningMethodRSAPSS) MarshalJSON() ([]byte, error)
MarshalJSON implements json.Marshaler. See SigningMethodECDSA.MarshalJSON() for information.