Documentation
¶
Index ¶
- Variables
- type AESGCMKWDecoder
- type AESGCMKWDecoderConfig
- type AESGCMKWManager
- type AESGCMKWManagerConfig
- type AESGCMKWPreset
- type AESKWDecoder
- type AESKWDecoderConfig
- type AESKWManager
- type AESKWManagerConfig
- type AESKWPreset
- type DirectKeyDecoder
- type DirectKeyDecoderConfig
- type DirectKeyManager
- type ECDHKeyAgrDecoder
- type ECDHKeyAgrDecoderConfig
- type ECDHKeyAgrKWDecoder
- type ECDHKeyAgrKWDecoderConfig
- type ECDHKeyAgrKWManager
- func (manager *ECDHKeyAgrKWManager) ComputeCEK(_ context.Context, _ *jwa.JWH) ([]byte, error)
- func (manager *ECDHKeyAgrKWManager) EncryptCEK(_ context.Context, header *jwa.JWH, cek []byte) ([]byte, error)
- func (manager *ECDHKeyAgrKWManager) SetHeader(_ context.Context, header *jwa.JWH) (*jwa.JWH, error)
- type ECDHKeyAgrKWManagerConfig
- type ECDHKeyAgrKWPreset
- type ECDHKeyAgrManager
- type ECDHKeyAgrManagerConfig
- type ECDHKeyAgrPreset
- type PBES2KeyEncKWConfig
- func (manager *PBES2KeyEncKWConfig) ComputeCEK(_ context.Context, _ *jwa.JWH) ([]byte, error)
- func (manager *PBES2KeyEncKWConfig) EncryptCEK(_ context.Context, header *jwa.JWH, cek []byte) ([]byte, error)
- func (manager *PBES2KeyEncKWConfig) SetHeader(_ context.Context, header *jwa.JWH) (*jwa.JWH, error)
- type PBES2KeyEncKWDecoder
- type PBES2KeyEncKWDecoderConfig
- type PBES2KeyEncKWManagerConfig
- type PBES2KeyEncKWPreset
- type RSAOAEPKeyEncDecoder
- type RSAOAEPKeyEncDecoderConfig
- type RSAOAEPKeyEncManager
- func (manager *RSAOAEPKeyEncManager) ComputeCEK(_ context.Context, _ *jwa.JWH) ([]byte, error)
- func (manager *RSAOAEPKeyEncManager) EncryptCEK(_ context.Context, _ *jwa.JWH, cek []byte) ([]byte, error)
- func (manager *RSAOAEPKeyEncManager) SetHeader(_ context.Context, header *jwa.JWH) (*jwa.JWH, error)
- type RSAOAEPKeyEncManagerConfig
- type RSAOAEPKeyEncPreset
Constants ¶
This section is empty.
Variables ¶
View Source
var ( A128GCMKW = AESGCMKWPreset{ Alg: jwa.A128GCMKW, KeyLen: 16, } A192GCMKW = AESGCMKWPreset{ Alg: jwa.A192GCMKW, KeyLen: 24, } A256GCMKW = AESGCMKWPreset{ Alg: jwa.A256GCMKW, KeyLen: 32, } )
View Source
var ( A128KW = AESKWPreset{ Alg: jwa.A128KW, KeyLen: 16, } A192KW = AESKWPreset{ Alg: jwa.A192KW, KeyLen: 24, } A256KW = AESKWPreset{ Alg: jwa.A256KW, KeyLen: 32, } )
View Source
var ( ECDHESA128CBC = ECDHKeyAgrPreset{ Enc: jwa.A128CBC, KeyLen: 32, } ECDHESA192CBC = ECDHKeyAgrPreset{ Enc: jwa.A192CBC, KeyLen: 48, } ECDHESA256CBC = ECDHKeyAgrPreset{ Enc: jwa.A256CBC, KeyLen: 64, } ECDHESA128GCM = ECDHKeyAgrPreset{ Enc: jwa.A128GCM, KeyLen: 16, } ECDHESA192GCM = ECDHKeyAgrPreset{ Enc: jwa.A192GCM, KeyLen: 24, } ECDHESA256GCM = ECDHKeyAgrPreset{ Enc: jwa.A256GCM, KeyLen: 32, } )
View Source
var ( ECDHESA128KW = ECDHKeyAgrKWPreset{ Alg: jwa.ECDHESA128KW, KeyLen: 16, } ECDHESA192KW = ECDHKeyAgrKWPreset{ Alg: jwa.ECDHESA192KW, KeyLen: 24, } ECDHESA256KW = ECDHKeyAgrKWPreset{ Alg: jwa.ECDHESA256KW, KeyLen: 32, } )
View Source
var ( PBES2A128KW = PBES2KeyEncKWPreset{ Alg: jwa.PBES2HS256A128KW, Hash: crypto.SHA256, KeySize: 16, } PBES2A192KW = PBES2KeyEncKWPreset{ Alg: jwa.PBES2HS384A192KW, Hash: crypto.SHA384, KeySize: 24, } PBES2A256KW = PBES2KeyEncKWPreset{ Alg: jwa.PBES2HS512A256KW, Hash: crypto.SHA512, KeySize: 32, } )
View Source
var ( // Deprecated: this preset uses the broken SHA-1 hash function. Use RSAOAEP256 instead. RSAOAEP = RSAOAEPKeyEncPreset{ Alg: jwa.RSAOAEP, Hash: sha1.New(), } RSAOAEP256 = RSAOAEPKeyEncPreset{ Alg: jwa.RSAOAEP256, Hash: sha256.New(), } )
Functions ¶
This section is empty.
Types ¶
type AESGCMKWDecoder ¶
type AESGCMKWDecoder struct {
// contains filtered or unexported fields
}
func NewAESGCMKWDecoder ¶
func NewAESGCMKWDecoder(config *AESGCMKWDecoderConfig, preset AESGCMKWPreset) *AESGCMKWDecoder
NewAESGCMKWDecoder creates a new jwe.CEKDecoder for a key derived using AES GCM Key Wrap.
Use any of the AESGCMKWPreset constants to set the algorithm and key length.
- A128GCMKW: 16 bytes key length
- A192GCMKW: 24 bytes key length
- A256GCMKW: 32 bytes key length
func (*AESGCMKWDecoder) ComputeCEK ¶
type AESGCMKWDecoderConfig ¶
type AESGCMKWDecoderConfig struct {
WrapKey []byte
}
type AESGCMKWManager ¶
type AESGCMKWManager struct {
// contains filtered or unexported fields
}
func NewAESGCMKWManager ¶
func NewAESGCMKWManager( config *AESGCMKWManagerConfig, preset AESGCMKWPreset, ) *AESGCMKWManager
NewAESGCMKWManager creates a new jwe.CEKManager for a key derived using AES GCM Key Wrap.
Use any of the AESGCMKWPreset constants to set the algorithm and key length.
- A128GCMKW: 16 bytes key length
- A192GCMKW: 24 bytes key length
- A256GCMKW: 32 bytes key length
func (*AESGCMKWManager) ComputeCEK ¶
func (*AESGCMKWManager) EncryptCEK ¶
type AESGCMKWManagerConfig ¶
type AESGCMKWPreset ¶
type AESKWDecoder ¶
type AESKWDecoder struct {
// contains filtered or unexported fields
}
func NewAESKWDecoder ¶
func NewAESKWDecoder(secret *AESKWDecoderConfig, preset AESKWPreset) *AESKWDecoder
NewAESKWDecoder creates a new jwe.CEKDecoder for a key derived using AES Key Wrap.
Use any of the AESKWPreset constants to set the algorithm and key length.
- A128KW: 16 bytes key length
- A192KW: 24 bytes key length
- A256KW: 32 bytes key length
func (*AESKWDecoder) ComputeCEK ¶
type AESKWDecoderConfig ¶
type AESKWDecoderConfig struct {
WrapKey []byte
}
type AESKWManager ¶
type AESKWManager struct {
// contains filtered or unexported fields
}
func NewAESKWManager ¶
func NewAESKWManager(config *AESKWManagerConfig, preset AESKWPreset) *AESKWManager
NewAESKWManager creates a new jwe.CEKManager for a key derived using AES Key Wrap.
Use any of the AESKWPreset constants to set the algorithm and key length.
- A128KW: 16 bytes key length
- A192KW: 24 bytes key length
- A256KW: 32 bytes key length
func (*AESKWManager) ComputeCEK ¶
func (*AESKWManager) EncryptCEK ¶
type AESKWManagerConfig ¶
type AESKWPreset ¶
type DirectKeyDecoder ¶
type DirectKeyDecoder struct {
// contains filtered or unexported fields
}
func NewDirectKeyDecoder ¶
func NewDirectKeyDecoder(config *DirectKeyDecoderConfig) *DirectKeyDecoder
NewDirectKeyDecoder creates a new instance of DirectKeyDecoder.
func (*DirectKeyDecoder) ComputeCEK ¶
type DirectKeyDecoderConfig ¶
type DirectKeyDecoderConfig struct {
CEK []byte
}
type DirectKeyManager ¶
type DirectKeyManager struct {
// contains filtered or unexported fields
}
func NewDirectKeyManager ¶
func NewDirectKeyManager(cek []byte) *DirectKeyManager
NewDirectKeyManager creates a new instance of DirectKeyManager.
func (*DirectKeyManager) ComputeCEK ¶
func (*DirectKeyManager) EncryptCEK ¶
type ECDHKeyAgrDecoder ¶
type ECDHKeyAgrDecoder struct {
// contains filtered or unexported fields
}
func NewECDHKeyAgrDecoder ¶
func NewECDHKeyAgrDecoder(config *ECDHKeyAgrDecoderConfig, preset ECDHKeyAgrPreset) *ECDHKeyAgrDecoder
NewECDHKeyAgrDecoder creates a new jwe.CEKDecoder factory for a key derivation using ECDH.
Use any of the ECDHKeyAgrPreset constants to set the algorithm and key length.
- ECDHESA128CBC: ECDH-ES using Concat KDF and CEK length of 128 bits
- ECDHESA192CBC: ECDH-ES using Concat KDF and CEK length of 192 bits
- ECDHESA256CBC: ECDH-ES using Concat KDF and CEK length of 256 bits
- ECDHESA128GCM: ECDH-ES using Concat KDF and CEK length of 128 bits
- ECDHESA192GCM: ECDH-ES using Concat KDF and CEK length of 192 bits
- ECDHESA256GCM: ECDH-ES using Concat KDF and CEK length of 256 bits
This manager is NOT encryption agnostic.
- ECDHESA128CBC requires jwe.A128CBCHS256 encryption
- ECDHESA192CBC requires jwe.A192CBCHS384 encryption
- ECDHESA256CBC requires jwe.A256CBCHS512 encryption
- ECDHESA128GCM requires jwe.A128GCM encryption
- ECDHESA192GCM requires jwe.A192GCM encryption
- ECDHESA256GCM requires jwe.A256GCM encryption
func (*ECDHKeyAgrDecoder) ComputeCEK ¶
type ECDHKeyAgrDecoderConfig ¶
type ECDHKeyAgrDecoderConfig struct {
RecipientKey *ecdh.PrivateKey
}
type ECDHKeyAgrKWDecoder ¶
type ECDHKeyAgrKWDecoder struct {
// contains filtered or unexported fields
}
func NewECDHKeyAgrKWDecoder ¶
func NewECDHKeyAgrKWDecoder(config *ECDHKeyAgrKWDecoderConfig, preset ECDHKeyAgrKWPreset) *ECDHKeyAgrKWDecoder
NewECDHKeyAgrKWDecoder creates a new jwe.CEKDecoder factory for a key derivation using ECDH and AES Key Wrap.
Use any of the ECDHKeyAgrKWPreset constants to set the algorithm and key length.
- ECDHESA128KW: ECDH-ES using Concat KDF and AES Key Wrap with AES-CBC-HMAC-SHA2
- ECDHESA192KW: ECDH-ES using Concat KDF and AES Key Wrap with AES-CBC-HMAC-SHA2
- ECDHESA256KW: ECDH-ES using Concat KDF and AES Key Wrap with AES-CBC-HMAC-SHA2
func (*ECDHKeyAgrKWDecoder) ComputeCEK ¶
type ECDHKeyAgrKWDecoderConfig ¶
type ECDHKeyAgrKWDecoderConfig struct {
RecipientKey *ecdh.PrivateKey
}
type ECDHKeyAgrKWManager ¶
type ECDHKeyAgrKWManager struct {
// contains filtered or unexported fields
}
func NewECDHKeyAgrKWManager ¶
func NewECDHKeyAgrKWManager( config *ECDHKeyAgrKWManagerConfig, preset ECDHKeyAgrKWPreset, ) *ECDHKeyAgrKWManager
NewECDHKeyAgrKWManager creates a new jwe.CEKManager for a key derivation using ECDH and AES Key Wrap.
Use any of the ECDHKeyAgrKWPreset constants to set the algorithm and key length.
- ECDHESA128KW: ECDH-ES using Concat KDF and AES Key Wrap with AES-CBC-HMAC-SHA2
- ECDHESA192KW: ECDH-ES using Concat KDF and AES Key Wrap with AES-CBC-HMAC-SHA2
- ECDHESA256KW: ECDH-ES using Concat KDF and AES Key Wrap with AES-CBC-HMAC-SHA2
func (*ECDHKeyAgrKWManager) ComputeCEK ¶
func (*ECDHKeyAgrKWManager) EncryptCEK ¶
type ECDHKeyAgrKWPreset ¶
type ECDHKeyAgrManager ¶
type ECDHKeyAgrManager struct {
// contains filtered or unexported fields
}
func NewECDHKeyAgrManager ¶
func NewECDHKeyAgrManager(config *ECDHKeyAgrManagerConfig, preset ECDHKeyAgrPreset) *ECDHKeyAgrManager
NewECDHKeyAgrManager creates a new jwe.CEKManager factory for a key derivation using ECDH.
Use any of the ECDHKeyAgrPreset constants to set the algorithm and key length.
- ECDHESA128CBC: ECDH-ES using Concat KDF and CEK length of 128 bits
- ECDHESA192CBC: ECDH-ES using Concat KDF and CEK length of 192 bits
- ECDHESA256CBC: ECDH-ES using Concat KDF and CEK length of 256 bits
- ECDHESA128GCM: ECDH-ES using Concat KDF and CEK length of 128 bits
- ECDHESA192GCM: ECDH-ES using Concat KDF and CEK length of 192 bits
- ECDHESA256GCM: ECDH-ES using Concat KDF and CEK length of 256 bits
This manager is NOT encryption agnostic.
- ECDHESA128CBC requires jwe.A128CBCHS256 encryption
- ECDHESA192CBC requires jwe.A192CBCHS384 encryption
- ECDHESA256CBC requires jwe.A256CBCHS512 encryption
- ECDHESA128GCM requires jwe.A128GCM encryption
- ECDHESA192GCM requires jwe.A192GCM encryption
- ECDHESA256GCM requires jwe.A256GCM encryption
func (*ECDHKeyAgrManager) ComputeCEK ¶
func (*ECDHKeyAgrManager) EncryptCEK ¶
type ECDHKeyAgrManagerConfig ¶
type PBES2KeyEncKWConfig ¶
type PBES2KeyEncKWConfig struct {
// contains filtered or unexported fields
}
func NewPBES2KeyEncKWManager ¶
func NewPBES2KeyEncKWManager(config *PBES2KeyEncKWManagerConfig, preset PBES2KeyEncKWPreset) *PBES2KeyEncKWConfig
NewPBES2KeyEncKWManager creates a new jwe.CEKManager for a key derived using PBES2.
Use any of the PBES2KeyEncKWPreset constants to set the algorithm and key length.
- PBES2A128KW: PBES2 using HMAC with SHA-256 and a key size of 128 bits
- PBES2A192KW: PBES2 using HMAC with SHA-384 and a key size of 192 bits
- PBES2A256KW: PBES2 using HMAC with SHA-512 and a key size of 256 bits
func (*PBES2KeyEncKWConfig) ComputeCEK ¶
func (*PBES2KeyEncKWConfig) EncryptCEK ¶
type PBES2KeyEncKWDecoder ¶
type PBES2KeyEncKWDecoder struct {
// contains filtered or unexported fields
}
func NewPBES2KeyEncKWDecoder ¶
func NewPBES2KeyEncKWDecoder(config *PBES2KeyEncKWDecoderConfig, preset PBES2KeyEncKWPreset) *PBES2KeyEncKWDecoder
NewPBES2KeyEncKWDecoder creates a new jwe.CEKDecoder for a key derived using PBES2.
Use any of the PBES2KeyEncKWPreset constants to set the algorithm and key length.
- PBES2A128KW: PBES2 using HMAC with SHA-256 and a key size of 128 bits
- PBES2A192KW: PBES2 using HMAC with SHA-384 and a key size of 192 bits
- PBES2A256KW: PBES2 using HMAC with SHA-512 and a key size of 256 bits
func (*PBES2KeyEncKWDecoder) ComputeCEK ¶
type PBES2KeyEncKWDecoderConfig ¶
type PBES2KeyEncKWDecoderConfig struct {
// Secret used to decrypt the CEK.
Secret string
}
type PBES2KeyEncKWManagerConfig ¶
type PBES2KeyEncKWManagerConfig struct {
// The iteration count adds computational expense, ideally compounded by
// the possible range of keys introduced by the salt. A minimum
// iteration count of 1000 is RECOMMENDED.
Iterations int
// The salt size is the size of the salt in bytes. It is RECOMMENDED to
// use a salt size of 128 bits or more.
SaltSize int
// CEK will be encrypted using the Secret.
CEK []byte
// Secret used to encrypt the CEK. The recipient will need to know this in order to decrypt the token.
Secret string
}
type PBES2KeyEncKWPreset ¶
type RSAOAEPKeyEncDecoder ¶
type RSAOAEPKeyEncDecoder struct {
// contains filtered or unexported fields
}
func NewRSAOAEPKeyEncDecoder ¶
func NewRSAOAEPKeyEncDecoder( config *RSAOAEPKeyEncDecoderConfig, preset RSAOAEPKeyEncPreset, ) *RSAOAEPKeyEncDecoder
NewRSAOAEPKeyEncDecoder creates a new jwe.CEKDecoder for a key encrypted using RSAES-OAEP.
Use any of the RSAOAEPKeyEncPreset to set the algorithm and hash function.
- RSAOAEP: RSAES-OAEP using SHA-1 and MGF1 with SHA-1.
- RSAOAEP256: RSAES-OAEP using SHA-256 and MGF1 with SHA-256.
func (*RSAOAEPKeyEncDecoder) ComputeCEK ¶
type RSAOAEPKeyEncDecoderConfig ¶
type RSAOAEPKeyEncDecoderConfig struct {
EncKey *rsa.PrivateKey
}
type RSAOAEPKeyEncManager ¶
type RSAOAEPKeyEncManager struct {
// contains filtered or unexported fields
}
func NewRSAOAEPKeyEncManager ¶
func NewRSAOAEPKeyEncManager( config *RSAOAEPKeyEncManagerConfig, preset RSAOAEPKeyEncPreset, ) *RSAOAEPKeyEncManager
NewRSAOAEPKeyEncManager creates a new jwe.CEKManager for a key encrypted using RSAES-OAEP.
Use any of the RSAOAEPKeyEncPreset to set the algorithm and hash function.
- RSAOAEP: RSAES-OAEP using SHA-1 and MGF1 with SHA-1.
- RSAOAEP256: RSAES-OAEP using SHA-256 and MGF1 with SHA-256.
func (*RSAOAEPKeyEncManager) ComputeCEK ¶
func (*RSAOAEPKeyEncManager) EncryptCEK ¶
Source Files
Click to show internal directories.
Click to hide internal directories.