jwt

package module

v0.0.2 Latest Latest Go to latest Published: Jun 29, 2021 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/stellirin/go-jwt-verify

README ¶

JWT Verify

A simple package to verify JWT tokens signed with the RSA and ECDSA algorithms.

Not for Oauth2 tokens

This library was inspired by the jwt-go library and has a very limited scope; to verify the signature of a JWT. It does not decode the Payload to validate its content. It does parse the encoded Header to retrieve the signing method algorithm.

Use case

Dependencies within the crypto/rsa and crypto/x509 stdlib packages prevent more feature rich libraries such as jwt-go from compiling to WebAssembly via TinyGo. A few functions from those packages have been copied here to work around this issue.

The crypto/x509 functions were also tweaked to use crypto.PublicKey instead of raw interface{}.

Test tokens

Test tokens were generated with the cmd at github.com/form3tech-oss/jwt-go/cmd/jwt

./jwt -key test/keys/id_rsa.pem -alg RS256 -sign - <<< {\"foo\":\"bar\"}
./jwt -key test/keys/id_rsa.pem -alg RS384 -sign - <<< {\"foo\":\"bar\"}
./jwt -key test/keys/id_rsa.pem -alg RS512 -sign - <<< {\"foo\":\"bar\"}

./jwt -key test/keys/id_ecdsa-256.pem -alg ES256 -sign - <<< {\"foo\":\"bar\"}
./jwt -key test/keys/id_ecdsa-384.pem -alg ES384 -sign - <<< {\"foo\":\"bar\"}
./jwt -key test/keys/id_ecdsa-521.pem -alg ES512 -sign - <<< {\"foo\":\"bar\"}

Documentation ¶

Index ¶

Variables
func ParsePublicKeyFromPEM(key []byte) (interface{}, error)
type SigningMethod
- func GetSigningMethod(header string) SigningMethod
type SigningMethodECDSA
- func (m SigningMethodECDSA) Verify(signingString string, signature string, key crypto.PublicKey) error
type SigningMethodRSA
- func (m SigningMethodRSA) Verify(signingString string, signature string, key crypto.PublicKey) error

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// Sadly this is missing from crypto/ecdsa compared to crypto/rsa
	ErrECDSAVerification = errors.New("crypto/ecdsa: verification error")
	ErrNotECPublicKey    = errors.New("key is not a valid ECDSA public key")
)

View Source

var (
	SigningMethodES256 = SigningMethodECDSA{"ES256", crypto.SHA256, 32, 256}
	SigningMethodES384 = SigningMethodECDSA{"ES384", crypto.SHA384, 48, 384}
	SigningMethodES512 = SigningMethodECDSA{"ES512", crypto.SHA512, 66, 521}
)

View Source

var (
	SigningMethodRS256 = SigningMethodRSA{"RS256", crypto.SHA256}
	SigningMethodRS384 = SigningMethodRSA{"RS384", crypto.SHA384}
	SigningMethodRS512 = SigningMethodRSA{"RS512", crypto.SHA512}
)

View Source

var (
	ErrKeyMustBePEMEncoded = errors.New("key must be a PEM encoded PKCS1 key")
)

View Source

var (
	ErrNotRSAPublicKey = errors.New("key is not a valid RSA public key")
)

Functions ¶

func ParsePublicKeyFromPEM ¶

func ParsePublicKeyFromPEM(key []byte) (interface{}, error)

Parse PEM encoded PKCS1 public key

Types ¶

type SigningMethod ¶

type SigningMethod interface {
	// Returns nil if signature is valid
	Verify(signingString, signature string, key crypto.PublicKey) error
}

Implement SigningMethod to add new methods for signing or verifying tokens.

func GetSigningMethod ¶

func GetSigningMethod(header string) SigningMethod

GetSigningMethod returns a signing method from an encoded JWT header.

type SigningMethodECDSA ¶

type SigningMethodECDSA struct {
	Name      string
	Hash      crypto.Hash
	KeySize   int
	CurveBits int
}

Implements the ECDSA family of signing methods signing methods Expects *ecdsa.PrivateKey for signing and *ecdsa.PublicKey for verification

func (SigningMethodECDSA) Verify ¶

func (m SigningMethodECDSA) Verify(signingString string, signature string, key crypto.PublicKey) error

Verify implements the Verify method from SigningMethod. For this verify method, key must be an *ecdsa.PublicKey struct.

type SigningMethodRSA ¶

type SigningMethodRSA struct {
	Name string
	Hash crypto.Hash
}

Implements the RSA family of signing methods signing methods Expects *rsa.PrivateKey for signing and *rsa.PublicKey for validation

func (SigningMethodRSA) Verify ¶

func (m SigningMethodRSA) Verify(signingString string, signature string, key crypto.PublicKey) error

Verify implements the Verify method from SigningMethod For this verify method, key must be an *rsa.PublicKey struct.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
crypto/rsa
crypto/x509 Package x509 parses X.509-encoded keys and certificates.	Package x509 parses X.509-encoded keys and certificates.
crypto/x509/pkix Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP.	Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP.
encoding/asn1 Package asn1 implements parsing of DER-encoded ASN.1 data structures, as defined in ITU-T Rec X.690.	Package asn1 implements parsing of DER-encoded ASN.1 data structures, as defined in ITU-T Rec X.690.
math/big

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL