Documentation ¶
Overview ¶
Package jose provides high level functions for producing (signing, encrypting and compressing) or consuming (decoding) Json Web Tokens using Java Object Signing and Encryption spec
Index ¶
- Constants
- func Compress(payload string, alg string, enc string, zip string, key interface{}) (token string, err error)
- func Decode(token string, key interface{}, checkAlg string) (string, map[string]interface{}, error)
- func DecodeBytes(token string, key interface{}, checkAlg string) ([]byte, map[string]interface{}, error)
- func Encrypt(payload string, alg string, enc string, key interface{}, ...) (token string, err error)
- func EncryptBytes(payload []byte, alg string, enc string, key interface{}, ...) (token string, err error)
- func Header(name string, value interface{}) func(cfg *JoseConfig)
- func Headers(headers map[string]interface{}) func(cfg *JoseConfig)
- func RegisterJwa(alg JwaAlgorithm)
- func RegisterJwc(alg JwcAlgorithm)
- func RegisterJwe(alg JweEncryption)
- func RegisterJws(alg JwsAlgorithm)
- func Sign(payload string, signingAlg string, key interface{}, ...) (token string, err error)
- func SignBytes(payload []byte, signingAlg string, key interface{}, ...) (token string, err error)
- func Zip(alg string) func(cfg *JoseConfig)
- type AesCbcHmac
- func (alg *AesCbcHmac) Decrypt(aad, cek, iv, cipherText, authTag []byte) (plainText []byte, err error)
- func (alg *AesCbcHmac) Encrypt(aad, plainText, cek []byte) (iv, cipherText, authTag []byte, err error)
- func (alg *AesCbcHmac) KeySizeBits() int
- func (alg *AesCbcHmac) Name() string
- func (alg *AesCbcHmac) SetKeySizeBits(bits int)
- type AesGcm
- type AesGcmKW
- type AesKW
- type Deflate
- type Direct
- type Ecdh
- type EcdhAesKW
- type EcdsaUsingSha
- type HmacUsingSha
- type JoseConfig
- type JwaAlgorithm
- type JwcAlgorithm
- type JweEncryption
- type JwsAlgorithm
- type Pbse2HmacAesKW
- func (alg *Pbse2HmacAesKW) Name() string
- func (alg *Pbse2HmacAesKW) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, ...) (cek []byte, err error)
- func (alg *Pbse2HmacAesKW) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)
- type Plaintext
- type RsaOaep
- type RsaPkcs1v15
- type RsaPssUsingSha
- type RsaUsingSha
Constants ¶
const ( NONE = "none" //plaintext (unprotected) without signature / encryption HS256 = "HS256" //HMAC using SHA-256 hash HS384 = "HS384" //HMAC using SHA-384 hash HS512 = "HS512" //HMAC using SHA-512 hash RS256 = "RS256" //RSASSA-PKCS-v1_5 using SHA-256 hash RS384 = "RS384" //RSASSA-PKCS-v1_5 using SHA-384 hash RS512 = "RS512" //RSASSA-PKCS-v1_5 using SHA-512 hash PS256 = "PS256" //RSASSA-PSS using SHA-256 hash PS384 = "PS384" //RSASSA-PSS using SHA-384 hash PS512 = "PS512" //RSASSA-PSS using SHA-512 hash ES256 = "ES256" //ECDSA using P-256 curve and SHA-256 hash ES384 = "ES384" //ECDSA using P-384 curve and SHA-384 hash ES512 = "ES512" //ECDSA using P-521 curve and SHA-512 hash A128CBC_HS256 = "A128CBC-HS256" //AES in CBC mode with PKCS #5 (NIST.800-38A) padding with HMAC using 256 bit key A192CBC_HS384 = "A192CBC-HS384" //AES in CBC mode with PKCS #5 (NIST.800-38A) padding with HMAC using 384 bit key A256CBC_HS512 = "A256CBC-HS512" //AES in CBC mode with PKCS #5 (NIST.800-38A) padding with HMAC using 512 bit key A128GCM = "A128GCM" //AES in GCM mode with 128 bit key A192GCM = "A192GCM" //AES in GCM mode with 192 bit key A256GCM = "A256GCM" //AES in GCM mode with 256 bit key DIR = "dir" //Direct use of pre-shared symmetric key RSA1_5 = "RSA1_5" //RSAES with PKCS #1 v1.5 padding, RFC 3447 RSA_OAEP = "RSA-OAEP" //RSAES using Optimal Assymetric Encryption Padding, RFC 3447 RSA_OAEP_256 = "RSA-OAEP-256" //RSAES using Optimal Assymetric Encryption Padding with SHA-256, RFC 3447 A128KW = "A128KW" //AES Key Wrap Algorithm using 128 bit keys, RFC 3394 A192KW = "A192KW" //AES Key Wrap Algorithm using 192 bit keys, RFC 3394 A256KW = "A256KW" //AES Key Wrap Algorithm using 256 bit keys, RFC 3394 A128GCMKW = "A128GCMKW" //AES GCM Key Wrap Algorithm using 128 bit keys A192GCMKW = "A192GCMKW" //AES GCM Key Wrap Algorithm using 192 bit keys A256GCMKW = "A256GCMKW" //AES GCM Key Wrap Algorithm using 256 bit keys PBES2_HS256_A128KW = "PBES2-HS256+A128KW" //Password Based Encryption using PBES2 schemes with HMAC-SHA and AES Key Wrap using 128 bit key PBES2_HS384_A192KW = "PBES2-HS384+A192KW" //Password Based Encryption using PBES2 schemes with HMAC-SHA and AES Key Wrap using 192 bit key PBES2_HS512_A256KW = "PBES2-HS512+A256KW" //Password Based Encryption using PBES2 schemes with HMAC-SHA and AES Key Wrap using 256 bit key ECDH_ES = "ECDH-ES" //Elliptic Curve Diffie Hellman key agreement ECDH_ES_A128KW = "ECDH-ES+A128KW" //Elliptic Curve Diffie Hellman key agreement with AES Key Wrap using 128 bit key ECDH_ES_A192KW = "ECDH-ES+A192KW" //Elliptic Curve Diffie Hellman key agreement with AES Key Wrap using 192 bit key ECDH_ES_A256KW = "ECDH-ES+A256KW" //Elliptic Curve Diffie Hellman key agreement with AES Key Wrap using 256 bit key DEF = "DEF" //DEFLATE compression, RFC 1951 )
Variables ¶
This section is empty.
Functions ¶
func Compress ¶
func Compress(payload string, alg string, enc string, zip string, key interface{}) (token string, err error)
This method is DEPRICATED and subject to be removed in next version. Use Encrypt(..) with Zip option instead.
Compress produces encrypted & comressed JWT token given arbitrary payload, key management , encryption and compression algorithms to use (see constants for list of supported algs) and management key. Management key is of different type for different key management alg, see specific key management alg implementation documentation.
It returns 5 parts encrypted & compressed JWT token as string and not nil error if something went wrong.
func Decode ¶
Decode verifies, decrypts and decompresses given JWT token using management key. Management key is of different type for different key management or signing algorithms, see specific alg implementation documentation.
Returns decoded payload as a string, headers and not nil error if something went wrong.
func DecodeBytes ¶
func DecodeBytes(token string, key interface{}, checkAlg string) ([]byte, map[string]interface{}, error)
Decode verifies, decrypts and decompresses given JWT token using management key. Management key is of different type for different key management or signing algorithms, see specific alg implementation documentation.
Returns decoded payload as a raw bytes, headers and not nil error if something went wrong.
func Encrypt ¶
func Encrypt(payload string, alg string, enc string, key interface{}, options ...func(*JoseConfig)) (token string, err error)
Encrypt produces encrypted JWT token given arbitrary string payload, key management and encryption algorithms to use (see constants for list of supported algs) and management key. Management key is of different type for different key management alg, see specific key management alg implementation documentation.
It returns 5 parts encrypted JWT token as string and not nil error if something went wrong.
func EncryptBytes ¶
func EncryptBytes(payload []byte, alg string, enc string, key interface{}, options ...func(*JoseConfig)) (token string, err error)
Encrypt produces encrypted JWT token given arbitrary binary payload, key management and encryption algorithms to use (see constants for list of supported algs) and management key. Management key is of different type for different key management alg, see specific key management alg implementation documentation.
It returns 5 parts encrypted JWT token as string and not nil error if something went wrong.
func Header ¶
func Header(name string, value interface{}) func(cfg *JoseConfig)
func Headers ¶
func Headers(headers map[string]interface{}) func(cfg *JoseConfig)
func RegisterJwa ¶
func RegisterJwa(alg JwaAlgorithm)
RegisterJwa register new key management algorithm
func RegisterJwc ¶
func RegisterJwc(alg JwcAlgorithm)
RegisterJwc register new compression algorithm
func RegisterJwe ¶
func RegisterJwe(alg JweEncryption)
RegisterJwe register new encryption algorithm
func Sign ¶
func Sign(payload string, signingAlg string, key interface{}, options ...func(*JoseConfig)) (token string, err error)
Sign produces signed JWT token given arbitrary string payload, signature algorithm to use (see constants for list of supported algs), signing key and extra options (see option functions) Signing key is of different type for different signing alg, see specific signing alg implementation documentation.
It returns 3 parts signed JWT token as string and not nil error if something went wrong.
func SignBytes ¶
func SignBytes(payload []byte, signingAlg string, key interface{}, options ...func(*JoseConfig)) (token string, err error)
Sign produces signed JWT token given arbitrary binary payload, signature algorithm to use (see constants for list of supported algs), signing key and extra options (see option functions) Signing key is of different type for different signing alg, see specific signing alg implementation documentation.
It returns 3 parts signed JWT token as string and not nil error if something went wrong.
func Zip ¶
func Zip(alg string) func(cfg *JoseConfig)
Types ¶
type AesCbcHmac ¶
type AesCbcHmac struct {
// contains filtered or unexported fields
}
AES CBC with HMAC authenticated encryption algorithm implementation
func (*AesCbcHmac) Decrypt ¶
func (alg *AesCbcHmac) Decrypt(aad, cek, iv, cipherText, authTag []byte) (plainText []byte, err error)
func (*AesCbcHmac) Encrypt ¶
func (alg *AesCbcHmac) Encrypt(aad, plainText, cek []byte) (iv, cipherText, authTag []byte, err error)
func (*AesCbcHmac) KeySizeBits ¶
func (alg *AesCbcHmac) KeySizeBits() int
func (*AesCbcHmac) Name ¶
func (alg *AesCbcHmac) Name() string
func (*AesCbcHmac) SetKeySizeBits ¶
func (alg *AesCbcHmac) SetKeySizeBits(bits int)
type AesGcm ¶
type AesGcm struct {
// contains filtered or unexported fields
}
AES GCM authenticated encryption algorithm implementation
func (*AesGcm) KeySizeBits ¶
type AesGcmKW ¶
type AesGcmKW struct {
// contains filtered or unexported fields
}
AES GCM Key Wrap key management algorithm implementation
type AesKW ¶
type AesKW struct {
// contains filtered or unexported fields
}
AES Key Wrap key management algorithm implementation
type Deflate ¶
type Deflate struct{}
Deflate compression algorithm implementation
func (*Deflate) Decompress ¶
type Direct ¶
type Direct struct { }
Direct (pre-shared) key management algorithm implementation
type Ecdh ¶
type Ecdh struct {
// contains filtered or unexported fields
}
Elliptic curve Diffie–Hellman key management (key agreement) algorithm implementation
type EcdhAesKW ¶
type EcdhAesKW struct {
// contains filtered or unexported fields
}
Elliptic curve Diffie–Hellman with AES Key Wrap key management algorithm implementation
type EcdsaUsingSha ¶
type EcdsaUsingSha struct {
// contains filtered or unexported fields
}
ECDSA signing algorithm implementation
func (*EcdsaUsingSha) Name ¶
func (alg *EcdsaUsingSha) Name() string
func (*EcdsaUsingSha) Sign ¶
func (alg *EcdsaUsingSha) Sign(securedInput []byte, key interface{}) (signature []byte, err error)
func (*EcdsaUsingSha) Verify ¶
func (alg *EcdsaUsingSha) Verify(securedInput, signature []byte, key interface{}) error
type HmacUsingSha ¶
type HmacUsingSha struct {
// contains filtered or unexported fields
}
HMAC with SHA signing algorithm implementation
func (*HmacUsingSha) Name ¶
func (alg *HmacUsingSha) Name() string
func (*HmacUsingSha) Sign ¶
func (alg *HmacUsingSha) Sign(securedInput []byte, key interface{}) (signature []byte, err error)
func (*HmacUsingSha) Verify ¶
func (alg *HmacUsingSha) Verify(securedInput, signature []byte, key interface{}) error
type JoseConfig ¶
type JwaAlgorithm ¶
type JwaAlgorithm interface { WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error) Name() string }
JwaAlgorithm is a contract for implementing key management algorithm
type JwcAlgorithm ¶
type JwcAlgorithm interface { Compress(plainText []byte) []byte Decompress(compressedText []byte) []byte Name() string }
JwcAlgorithm is a contract for implementing compression algorithm
type JweEncryption ¶
type JweEncryption interface { Encrypt(aad, plainText, cek []byte) (iv, cipherText, authTag []byte, err error) Decrypt(aad, cek, iv, cipherText, authTag []byte) (plainText []byte, err error) KeySizeBits() int Name() string }
JweEncryption is a contract for implementing encryption algorithm
type JwsAlgorithm ¶
type JwsAlgorithm interface { Verify(securedInput, signature []byte, key interface{}) error Sign(securedInput []byte, key interface{}) (signature []byte, err error) Name() string }
JwsAlgorithm is a contract for implementing signing algorithm
type Pbse2HmacAesKW ¶
type Pbse2HmacAesKW struct {
// contains filtered or unexported fields
}
PBSE2 with HMAC key management algorithm implementation
func (*Pbse2HmacAesKW) Name ¶
func (alg *Pbse2HmacAesKW) Name() string
func (*Pbse2HmacAesKW) WrapNewKey ¶
type Plaintext ¶
type Plaintext struct{}
Plaintext (no signing) signing algorithm implementation
type RsaOaep ¶
type RsaOaep struct {
// contains filtered or unexported fields
}
type RsaPkcs1v15 ¶
type RsaPkcs1v15 struct { }
RS-AES using PKCS #1 v1.5 padding key management algorithm implementation
func (*RsaPkcs1v15) Name ¶
func (alg *RsaPkcs1v15) Name() string
func (*RsaPkcs1v15) WrapNewKey ¶
type RsaPssUsingSha ¶
type RsaPssUsingSha struct {
// contains filtered or unexported fields
}
RSA with PSS using SHA signing algorithm implementation
func (*RsaPssUsingSha) Name ¶
func (alg *RsaPssUsingSha) Name() string
func (*RsaPssUsingSha) Sign ¶
func (alg *RsaPssUsingSha) Sign(securedInput []byte, key interface{}) (signature []byte, err error)
func (*RsaPssUsingSha) Verify ¶
func (alg *RsaPssUsingSha) Verify(securedInput, signature []byte, key interface{}) error
type RsaUsingSha ¶
type RsaUsingSha struct {
// contains filtered or unexported fields
}
RSA using SHA signature algorithm implementation
func (*RsaUsingSha) Name ¶
func (alg *RsaUsingSha) Name() string
func (*RsaUsingSha) Sign ¶
func (alg *RsaUsingSha) Sign(securedInput []byte, key interface{}) (signature []byte, err error)
func (*RsaUsingSha) Verify ¶
func (alg *RsaUsingSha) Verify(securedInput, signature []byte, key interface{}) error
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package aes contains provides AES Key Wrap and ECB mode implementations
|
Package aes contains provides AES Key Wrap and ECB mode implementations |
Package arrays provides various byte array utilities
|
Package arrays provides various byte array utilities |
package base64url provides base64url encoding/decoding support
|
package base64url provides base64url encoding/decoding support |
package compact provides function to work with json compact serialization format
|
package compact provides function to work with json compact serialization format |
package kdf contains implementations of various key derivation functions
|
package kdf contains implementations of various key derivation functions |
keys
|
|
ecc
package ecc provides helpers for creating elliptic curve leys
|
package ecc provides helpers for creating elliptic curve leys |
rsa
package Rsa provides helpers for creating rsa leys
|
package Rsa provides helpers for creating rsa leys |
package padding provides various padding algorithms
|
package padding provides various padding algorithms |