Documentation
¶
Overview ¶
Package jwk implements JWK as described in https://tools.ietf.org/html/rfc7517
Example ¶
set, err := FetchHTTP("https://foobar.domain/json")
if err != nil {
log.Printf("failed to parse JWK: %s", err)
return
}
// If you KNOW you have exactly one key, you can just
// use set.Keys[0]
keys := set.LookupKeyID("mykey")
if len(keys) == 0 {
log.Printf("failed to lookup key: %s", err)
return
}
key, err := keys[0].Materialize()
if err != nil {
log.Printf("failed to generate public key: %s", err)
return
}
// Use key for jws.Verify() or whatever
_ = key
Output:
Index ¶
Examples ¶
Constants ¶
const ( KeyOpSign KeyOperation = "sign" // (compute digital signature or MAC) KeyOpVerify = "verify" // (verify digital signature or MAC) KeyOpEncrypt = "encrypt" // (encrypt content) KeyOpDecrypt = "decrypt" // (decrypt content and validate decryption, if applicable) KeyOpWrapKey = "wrapKey" // (encrypt key) KeyOpUnwrapKey = "unwrapKey" // (decrypt key and validate decryption, if applicable) KeyOpDeriveKey = "deriveKey" // (derive key) KeyOpDeriveBits = "deriveBits" // (derive bits not to be used as a key) )
Variables ¶
var ( ErrInvalidHeaderName = errors.New("invalid header name") ErrInvalidHeaderValue = errors.New("invalid value for header key") ErrUnsupportedKty = errors.New("unsupported kty") ErrUnsupportedCurve = errors.New("unsupported curve") )
Errors related to JWK
Functions ¶
This section is empty.
Types ¶
type EcdhesPublicKey ¶
type EcdhesPublicKey struct {
KeyEncryption jwa.KeyEncryptionAlgorithm `json:"alg"`
ContentEncryption jwa.ContentEncryptionAlgorithm `json:"enc"`
PublicKey Key `json:"epk"`
UInfo buffer.Buffer `json:"apu,omitempty"`
VInfo buffer.Buffer `json:"apv,omitempty"`
}
EcdhesPublicKey is a type of JWK generated from ECDH-ES public keys
func NewEcdhesPublicKey ¶
func NewEcdhesPublicKey(key *ecdsa.PublicKey, keyalg jwa.KeyEncryptionAlgorithm, contentalg jwa.ContentEncryptionAlgorithm, agvars ...[]byte) *EcdhesPublicKey
NewEcdhesPublicKey creates a new JWK from a ECDH-ES public key
type EcdsaPrivateKey ¶
type EcdsaPrivateKey struct {
*EcdsaPublicKey
D buffer.Buffer `json:"d"`
}
EcdsaPrivateKey is a type of JWK generated from ECDH-ES private keys
func NewEcdsaPrivateKey ¶
func NewEcdsaPrivateKey(pk *ecdsa.PrivateKey) *EcdsaPrivateKey
NewEcdsaPrivateKey creates a new JWK from a EC-DSA private key
func (*EcdsaPrivateKey) Materialize ¶
func (k *EcdsaPrivateKey) Materialize() (interface{}, error)
Materialize returns the EC-DSA private key represented by this JWK
func (*EcdsaPrivateKey) PrivateKey ¶
func (k *EcdsaPrivateKey) PrivateKey() (*ecdsa.PrivateKey, error)
PrivateKey returns the EC-DSA private key represented by this JWK
type EcdsaPublicKey ¶
type EcdsaPublicKey struct {
*EssentialHeader
Curve jwa.EllipticCurveAlgorithm `json:"crv"`
X buffer.Buffer `json:"x"`
Y buffer.Buffer `json:"y"`
}
EcdsaPublicKey is a type of JWK generated from ECDSA public keys
func NewEcdsaPublicKey ¶
func NewEcdsaPublicKey(pk *ecdsa.PublicKey) *EcdsaPublicKey
NewEcdsaPublicKey creates a new JWK from a EC-DSA public key
func (*EcdsaPublicKey) Materialize ¶
func (k *EcdsaPublicKey) Materialize() (interface{}, error)
Materialize returns the EC-DSA public key represented by this JWK
func (*EcdsaPublicKey) PublicKey ¶
func (k *EcdsaPublicKey) PublicKey() (*ecdsa.PublicKey, error)
PublicKey returns the EC-DSA public key represented by this JWK
func (EcdsaPublicKey) Thumbprint ¶
func (k EcdsaPublicKey) Thumbprint(hash crypto.Hash) ([]byte, error)
Thumbprint returns the JWK thumbprint using the indicated hashing algorithm, according to RFC 7638
type EssentialHeader ¶
type EssentialHeader struct {
// Algorithm might be any of jwa.SignatureAlgorithm or jwa.KeyEncryptionAlgorithm
// so it stays as string
Algorithm string `json:"alg,omitempty"`
KeyID string `json:"kid,omitempty"`
KeyOps []KeyOperation `json:"key_ops,omitempty"`
KeyType jwa.KeyType `json:"kty,omitempty"`
KeyUsage string `json:"use,omitempty"`
X509Url *url.URL `json:"x5u,omitempty"`
X509CertChain []string `json:"x5c,omitempty"`
X509CertThumbprint string `json:"x5t,omitempty"`
X509CertThumbprintS256 string `json:"x5t#S256,omitempty"`
}
EssentialHeader defines the common data that any Key may carry with it.
func (EssentialHeader) Alg ¶
func (e EssentialHeader) Alg() string
Alg returns the algorithm in the header
func (*EssentialHeader) Get ¶
func (h *EssentialHeader) Get(key string) (interface{}, error)
Get returns the value of the corresponding header. `key` should be the same as the JSON key name (e.g. `alg`, `kid`, etc)
func (EssentialHeader) Kid ¶
func (e EssentialHeader) Kid() string
Kid returns the key ID in the header
func (EssentialHeader) Kty ¶
func (e EssentialHeader) Kty() jwa.KeyType
Kty returns the key type in the header
func (*EssentialHeader) Set ¶
func (h *EssentialHeader) Set(key string, value interface{}) error
Set sets the value of the corresponding header. `key` should be the same as the JSON key name (e.g. `alg`, `kid`, etc)
func (EssentialHeader) Use ¶
func (e EssentialHeader) Use() string
Use returns the key use in the header
type Key ¶
type Key interface {
Alg() string
Kid() string
Kty() jwa.KeyType
Use() string
// Set sets a value in the JWK
Set(string, interface{}) error
// Get retrieves the value from the JWK
Get(string) (interface{}, error)
// Materialize creates the corresponding key. For example,
// RSA types would create *rsa.PublicKey or *rsa.PrivateKey,
// EC types would create *ecdsa.PublicKey or *ecdsa.PrivateKey,
// and OctetSeq types create a []byte key.
Materialize() (interface{}, error)
// Thumbprint returns the JWK thumbprint using the indicated
// hashing algorithm, according to RFC 7638
Thumbprint(crypto.Hash) ([]byte, error)
}
Key defines the minimal interface for each of the key types. Their use and implementation differ significantly between each key types, so you should use type assertions to perform more specific tasks with each key
type KeyOperation ¶
type KeyOperation string
type KeyUsageType ¶
type KeyUsageType string
KeyUsageType is used to denote what this key should be used for
const ( // ForSignature is the value used in the headers to indicate that // this key should be used for signatures ForSignature KeyUsageType = "sig" // ForEncryption is the value used in the headers to indicate that // this key should be used for encryptiong ForEncryption KeyUsageType = "enc" )
type RsaPrivateKey ¶
type RsaPrivateKey struct {
*RsaPublicKey
D buffer.Buffer `json:"d"`
P buffer.Buffer `json:"p"`
Q buffer.Buffer `json:"q"`
Dp buffer.Buffer `json:"dp,omitempty"`
Dq buffer.Buffer `json:"dq,omitempty"`
Qi buffer.Buffer `json:"qi,omitempty"`
}
RsaPrivateKey is a type of JWK generated from RSA private keys
func NewRsaPrivateKey ¶
func NewRsaPrivateKey(pk *rsa.PrivateKey) (*RsaPrivateKey, error)
NewRsaPrivateKey creates a new JWK using the given key
func (*RsaPrivateKey) Materialize ¶
func (k *RsaPrivateKey) Materialize() (interface{}, error)
Materialize returns the RSA private key represented by this JWK
func (*RsaPrivateKey) PrivateKey ¶
func (k *RsaPrivateKey) PrivateKey() (*rsa.PrivateKey, error)
PrivateKey creates a new rsa.PrivateKey from the data given in the JWK
type RsaPublicKey ¶
type RsaPublicKey struct {
*EssentialHeader
E buffer.Buffer `json:"e"`
N buffer.Buffer `json:"n"`
}
RsaPublicKey is a type of JWK generated from RSA public keys
func NewRsaPublicKey ¶
func NewRsaPublicKey(pk *rsa.PublicKey) (*RsaPublicKey, error)
NewRsaPublicKey creates a new JWK using the given key
func (*RsaPublicKey) Materialize ¶
func (k *RsaPublicKey) Materialize() (interface{}, error)
Materialize returns the RSA public key represented by this JWK
func (*RsaPublicKey) PublicKey ¶
func (k *RsaPublicKey) PublicKey() (*rsa.PublicKey, error)
PublicKey creates a new rsa.PublicKey from the data given in the JWK
func (RsaPublicKey) Thumbprint ¶
func (k RsaPublicKey) Thumbprint(hash crypto.Hash) ([]byte, error)
Thumbprint returns the JWK thumbprint using the indicated hashing algorithm, according to RFC 7638
type Set ¶
type Set struct {
Keys []Key `json:"keys"`
}
Set is a convenience struct to allow generating and parsing JWK sets as opposed to single JWKs
func ParseString ¶
ParseString parses JWK from the incoming string.
func (Set) LookupKeyID ¶
LookupKeyID looks for keys matching the given key id. Note that the Set *may* contain multiple keys with the same key id
type SymmetricKey ¶
type SymmetricKey struct {
*EssentialHeader
Key buffer.Buffer `json:"k"`
}
SymmetricKey is a type of JWK generated from symmetric keys
func (SymmetricKey) Materialize ¶
func (s SymmetricKey) Materialize() (interface{}, error)
Materialize returns the octets for this symmetric key. Since this is a symmetric key, this just calls Octets
func (SymmetricKey) Octets ¶
func (s SymmetricKey) Octets() []byte
Octets returns the octets in the key
func (SymmetricKey) Thumbprint ¶
func (s SymmetricKey) Thumbprint(hash crypto.Hash) ([]byte, error)
Thumbprint returns the JWK thumbprint using the indicated hashing algorithm, according to RFC 7638
Source Files