Documentation ¶
Overview ¶
from gopkg.in/square/go-jose.v1
from gopkg.in/square/go-jose.v1
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. For the moment, it mainly focuses on encryption and signing based on the JSON Web Encryption and JSON Web Signature standards. The library supports both the compact and full serialization formats, and has optional support for multiple recipients.
from gopkg.in/square/go-jose.v1
from gopkg.in/square/go-jose.v1
from gopkg.in/square/go-jose.v1
from gopkg.in/square/go-jose.v1
from gopkg.in/square/go-jose.v1
from gopkg.in/square/go-jose.v1
from gopkg.in/square/go-jose.v1
from gopkg.in/square/go-jose.v1
from gopkg.in/square/go-jose.v1
Index ¶
- Constants
- Variables
- func LoadPrivateKey(data []byte) (interface{}, error)
- func LoadPublicKey(data []byte) (interface{}, error)
- type CompressionAlgorithm
- type ContentEncryption
- type Encrypter
- type JoseHeader
- type JsonWebEncryption
- type JsonWebKey
- type JsonWebKeySet
- type JsonWebSignature
- type KeyAlgorithm
- type MultiEncrypter
- type MultiSigner
- type NonceSource
- type Signature
- type SignatureAlgorithm
- type Signer
Constants ¶
const ( RSA1_5 = KeyAlgorithm("RSA1_5") // RSA-PKCS1v1.5 RSA_OAEP = KeyAlgorithm("RSA-OAEP") // RSA-OAEP-SHA1 RSA_OAEP_256 = KeyAlgorithm("RSA-OAEP-256") // RSA-OAEP-SHA256 A128KW = KeyAlgorithm("A128KW") // AES key wrap (128) A192KW = KeyAlgorithm("A192KW") // AES key wrap (192) A256KW = KeyAlgorithm("A256KW") // AES key wrap (256) DIRECT = KeyAlgorithm("dir") // Direct encryption ECDH_ES = KeyAlgorithm("ECDH-ES") // ECDH-ES ECDH_ES_A128KW = KeyAlgorithm("ECDH-ES+A128KW") // ECDH-ES + AES key wrap (128) ECDH_ES_A192KW = KeyAlgorithm("ECDH-ES+A192KW") // ECDH-ES + AES key wrap (192) ECDH_ES_A256KW = KeyAlgorithm("ECDH-ES+A256KW") // ECDH-ES + AES key wrap (256) A128GCMKW = KeyAlgorithm("A128GCMKW") // AES-GCM key wrap (128) A192GCMKW = KeyAlgorithm("A192GCMKW") // AES-GCM key wrap (192) A256GCMKW = KeyAlgorithm("A256GCMKW") // AES-GCM key wrap (256) PBES2_HS256_A128KW = KeyAlgorithm("PBES2-HS256+A128KW") // PBES2 + HMAC-SHA256 + AES key wrap (128) PBES2_HS384_A192KW = KeyAlgorithm("PBES2-HS384+A192KW") // PBES2 + HMAC-SHA384 + AES key wrap (192) PBES2_HS512_A256KW = KeyAlgorithm("PBES2-HS512+A256KW") // PBES2 + HMAC-SHA512 + AES key wrap (256) )
Key management algorithms
const ( HS256 = SignatureAlgorithm("HS256") // HMAC using SHA-256 HS384 = SignatureAlgorithm("HS384") // HMAC using SHA-384 HS512 = SignatureAlgorithm("HS512") // HMAC using SHA-512 RS256 = SignatureAlgorithm("RS256") // RSASSA-PKCS-v1.5 using SHA-256 RS384 = SignatureAlgorithm("RS384") // RSASSA-PKCS-v1.5 using SHA-384 RS512 = SignatureAlgorithm("RS512") // RSASSA-PKCS-v1.5 using SHA-512 ES256 = SignatureAlgorithm("ES256") // ECDSA using P-256 and SHA-256 ES384 = SignatureAlgorithm("ES384") // ECDSA using P-384 and SHA-384 ES512 = SignatureAlgorithm("ES512") // ECDSA using P-521 and SHA-512 PS256 = SignatureAlgorithm("PS256") // RSASSA-PSS using SHA256 and MGF1-SHA256 PS384 = SignatureAlgorithm("PS384") // RSASSA-PSS using SHA384 and MGF1-SHA384 PS512 = SignatureAlgorithm("PS512") // RSASSA-PSS using SHA512 and MGF1-SHA512 )
Signature algorithms
const ( A128CBC_HS256 = ContentEncryption("A128CBC-HS256") // AES-CBC + HMAC-SHA256 (128) A192CBC_HS384 = ContentEncryption("A192CBC-HS384") // AES-CBC + HMAC-SHA384 (192) A256CBC_HS512 = ContentEncryption("A256CBC-HS512") // AES-CBC + HMAC-SHA512 (256) A128GCM = ContentEncryption("A128GCM") // AES-GCM (128) A192GCM = ContentEncryption("A192GCM") // AES-GCM (192) A256GCM = ContentEncryption("A256GCM") // AES-GCM (256) )
Content encryption algorithms
const ( NONE = CompressionAlgorithm("") // No compression DEFLATE = CompressionAlgorithm("DEF") // DEFLATE (RFC 1951) )
Compression algorithms
Variables ¶
var ( // ErrCryptoFailure represents an error in cryptographic primitive. This // occurs when, for example, a message had an invalid authentication tag or // could not be decrypted. ErrCryptoFailure = errors.New("square/go-jose: error in cryptographic primitive") // ErrUnsupportedAlgorithm indicates that a selected algorithm is not // supported. This occurs when trying to instantiate an encrypter for an // algorithm that is not yet implemented. ErrUnsupportedAlgorithm = errors.New("square/go-jose: unknown/unsupported algorithm") // ErrUnsupportedKeyType indicates that the given key type/format is not // supported. This occurs when trying to instantiate an encrypter and passing // it a key of an unrecognized type or with unsupported parameters, such as // an RSA private key with more than two primes. ErrUnsupportedKeyType = errors.New("square/go-jose: unsupported key type/format") // ErrNotSupported serialization of object is not supported. This occurs when // trying to compact-serialize an object which can't be represented in // compact form. ErrNotSupported = errors.New("square/go-jose: compact serialization not supported for object") // ErrUnprotectedNonce indicates that while parsing a JWS or JWE object, a // nonce header parameter was included in an unprotected header object. ErrUnprotectedNonce = errors.New("square/go-jose: Nonce parameter included in unprotected header") )
Functions ¶
func LoadPrivateKey ¶
LoadPrivateKey loads a private key from PEM/DER-encoded data.
func LoadPublicKey ¶
LoadPublicKey loads a public key from PEM/DER-encoded data.
Types ¶
type CompressionAlgorithm ¶
type CompressionAlgorithm string
CompressionAlgorithm represents an algorithm used for plaintext compression.
type ContentEncryption ¶
type ContentEncryption string
ContentEncryption represents a content encryption algorithm.
type Encrypter ¶
type Encrypter interface { Encrypt(plaintext []byte) (*JsonWebEncryption, error) EncryptWithAuthData(plaintext []byte, aad []byte) (*JsonWebEncryption, error) SetCompression(alg CompressionAlgorithm) }
Encrypter represents an encrypter which produces an encrypted JWE object.
func NewEncrypter ¶
func NewEncrypter(alg KeyAlgorithm, enc ContentEncryption, encryptionKey interface{}) (Encrypter, error)
NewEncrypter creates an appropriate encrypter based on the key type
type JoseHeader ¶
type JoseHeader struct { KeyID string JsonWebKey *JsonWebKey Algorithm string Nonce string }
JoseHeader represents the read-only JOSE header for JWE/JWS objects.
type JsonWebEncryption ¶
type JsonWebEncryption struct { Header JoseHeader // contains filtered or unexported fields }
JsonWebEncryption represents an encrypted JWE object after parsing.
func ParseEncrypted ¶
func ParseEncrypted(input string) (*JsonWebEncryption, error)
ParseEncrypted parses an encrypted message in compact or full serialization format.
func (JsonWebEncryption) CompactSerialize ¶
func (obj JsonWebEncryption) CompactSerialize() (string, error)
CompactSerialize serializes an object using the compact serialization format.
func (JsonWebEncryption) Decrypt ¶
func (obj JsonWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error)
Decrypt and validate the object and return the plaintext.
func (JsonWebEncryption) FullSerialize ¶
func (obj JsonWebEncryption) FullSerialize() string
FullSerialize serializes an object using the full JSON serialization format.
func (JsonWebEncryption) GetAuthData ¶
func (obj JsonWebEncryption) GetAuthData() []byte
GetAuthData retrieves the (optional) authenticated data attached to the object.
type JsonWebKey ¶
type JsonWebKey struct { Key interface{} Certificates []*x509.Certificate KeyID string Algorithm string Use string }
JsonWebKey represents a public or private key in JWK format.
func (JsonWebKey) MarshalJSON ¶
func (k JsonWebKey) MarshalJSON() ([]byte, error)
MarshalJSON serializes the given key to its JSON representation.
func (*JsonWebKey) Thumbprint ¶
func (k *JsonWebKey) Thumbprint(hash crypto.Hash) ([]byte, error)
Thumbprint computes the JWK Thumbprint of a key using the indicated hash algorithm.
func (*JsonWebKey) UnmarshalJSON ¶
func (k *JsonWebKey) UnmarshalJSON(data []byte) (err error)
UnmarshalJSON reads a key from its JSON representation.
func (*JsonWebKey) Valid ¶
func (k *JsonWebKey) Valid() bool
Valid checks that the key contains the expected parameters
type JsonWebKeySet ¶
type JsonWebKeySet struct {
Keys []JsonWebKey `json:"keys"`
}
JsonWebKeySet represents a JWK Set object.
func (*JsonWebKeySet) Key ¶
func (s *JsonWebKeySet) Key(kid string) []JsonWebKey
Key convenience method returns keys by key ID. Specification states that a JWK Set "SHOULD" use distinct key IDs, but allows for some cases where they are not distinct. Hence method returns a slice of JsonWebKeys.
type JsonWebSignature ¶
type JsonWebSignature struct { Signatures []Signature // contains filtered or unexported fields }
JsonWebSignature represents a signed JWS object after parsing.
func ParseSigned ¶
func ParseSigned(input string) (*JsonWebSignature, error)
ParseSigned parses a signed message in compact or full serialization format.
func (JsonWebSignature) CompactSerialize ¶
func (obj JsonWebSignature) CompactSerialize() (string, error)
CompactSerialize serializes an object using the compact serialization format.
func (JsonWebSignature) FullSerialize ¶
func (obj JsonWebSignature) FullSerialize() string
FullSerialize serializes an object using the full JSON serialization format.
func (JsonWebSignature) Verify ¶
func (obj JsonWebSignature) Verify(verificationKey interface{}) ([]byte, error)
Verify validates the signature on the object and returns the payload.
type MultiEncrypter ¶
type MultiEncrypter interface { Encrypt(plaintext []byte) (*JsonWebEncryption, error) EncryptWithAuthData(plaintext []byte, aad []byte) (*JsonWebEncryption, error) SetCompression(alg CompressionAlgorithm) AddRecipient(alg KeyAlgorithm, encryptionKey interface{}) error }
MultiEncrypter represents an encrypter which supports multiple recipients.
func NewMultiEncrypter ¶
func NewMultiEncrypter(enc ContentEncryption) (MultiEncrypter, error)
NewMultiEncrypter creates a multi-encrypter based on the given parameters
type MultiSigner ¶
type MultiSigner interface { Sign(payload []byte) (*JsonWebSignature, error) SetNonceSource(source NonceSource) SetEmbedJwk(embed bool) AddRecipient(alg SignatureAlgorithm, signingKey interface{}) error }
MultiSigner represents a signer which supports multiple recipients.
func NewMultiSigner ¶
func NewMultiSigner() MultiSigner
NewMultiSigner creates a signer for multiple recipients
type NonceSource ¶
NonceSource represents a source of random nonces to go into JWS objects
type Signature ¶
type Signature struct { // Header fields, such as the signature algorithm Header JoseHeader // The actual signature value Signature []byte // contains filtered or unexported fields }
Signature represents a single signature over the JWS payload and protected header.
type SignatureAlgorithm ¶
type SignatureAlgorithm string
SignatureAlgorithm represents a signature (or MAC) algorithm.
type Signer ¶
type Signer interface { Sign(payload []byte) (*JsonWebSignature, error) SetNonceSource(source NonceSource) SetEmbedJwk(embed bool) }
Signer represents a signer which takes a payload and produces a signed JWS object.
func NewSigner ¶
func NewSigner(alg SignatureAlgorithm, signingKey interface{}) (Signer, error)
NewSigner creates an appropriate signer based on the key type