Documentation ¶
Index ¶
- Constants
- type JWK
- type KeySpec
- func (k *KeySpec) Clone() *KeySpec
- func (k *KeySpec) IsKeyType(expectedKty string) bool
- func (k *KeySpec) IsPublic() bool
- func (k *KeySpec) KeyType() (kty string, curve string, private bool)
- func (k *KeySpec) MarshalJSON() ([]byte, error)
- func (k *KeySpec) MarshalPublicJSON() ([]byte, error)
- func (k *KeySpec) Normalize(settings NormalizationSettings) error
- func (k *KeySpec) PublicOnly() (*KeySpec, error)
- func (k *KeySpec) Thumbprint() ([]byte, error)
- func (k *KeySpec) ThumbprintUsing(h hash.Hash) ([]byte, error)
- func (k *KeySpec) ToJWK() (*JWK, error)
- func (k *KeySpec) UnmarshalJSON(data []byte) error
- type KeySpecSet
- func (ks KeySpecSet) Filter(filter func(key *KeySpec) bool) KeySpecSet
- func (ks *KeySpecSet) MarshalPublicJSON() ([]byte, error)
- func (ks KeySpecSet) OnlyKeyTypes(keyTypes ...string) KeySpecSet
- func (ks KeySpecSet) PrimaryCurveOKP(curve string) (*KeySpec, okp.CurveOctetKeyPair)
- func (ks KeySpecSet) PrimaryECDSAPrivate() (*KeySpec, *ecdsa.PrivateKey)
- func (ks KeySpecSet) PrimaryKey(keyType string) *KeySpec
- type NormalizationSettings
Constants ¶
const ( SHASizeStr = "256" AESSizeStr = "128" // SHA-1 is probably safe with OAEP, even if collisions become very easy to compute, // but let's throw it away to be on the safe side. // Using bloated RSA for encryption is a waste anyway. RSAPadding = "-OAEP-256" UseKeyWrapForECDH = true // Default Signature Algorithms: DefaultECSignAlg = "ES" + SHASizeStr DefaultRSASignAlg = "RS" + SHASizeStr DefaultHMACSignAlg = "HS" + SHASizeStr // Default Content Encryption Algorithms: DefaultContentEncryptionAlgorithm = "A" + AESSizeStr + "GCM" // Default Key Management Algorithms: DefaultAESKeyAlg = "A" + AESSizeStr + "KW" DefaultRSAKeyAlg = "RSA" + RSAPadding DefaultECKeyAlg = "ECDH-ES" DefaultECKeyAlgWithKeyWrap = "ECDH-ES+" + DefaultAESKeyAlg )
This package contains some default security settings that determine encryption strength
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type JWK ¶
type JWK struct { Kid string `json:"kid,omitempty"` Kty string `json:"kty,omitempty"` Alg string `json:"alg,omitempty"` Crv string `json:"crv,omitempty"` Use string `json:"use,omitempty"` // Public Fields X *keyBytes `json:"x,omitempty"` Y *keyBytes `json:"y,omitempty"` N *keyBytes `json:"n,omitempty"` E *keyBytes `json:"e,omitempty"` // Private Fields D *keyBytes `json:"d,omitempty"` P *keyBytes `json:"p,omitempty"` Q *keyBytes `json:"q,omitempty"` Dp *keyBytes `json:"dp,omitempty"` Dq *keyBytes `json:"dq,omitempty"` Qi *keyBytes `json:"qi,omitempty"` // Symmetric Keys K *keyBytes `json:"k,omitempty"` }
JWK represents an unparsed JSON Web Key (JWK) in its wire format.
func (*JWK) MarshalJSON ¶
func (*JWK) ParseKeySpec ¶
ParseKeySpec parses JWK fields into a key that can be used by Go crypto libraries. The following key type conversions are supported:
kty = "oct" -> []byte kty = "OKP" -> okp.OctetKeyPair (Ed25519 or X25519 keys for x/crypto libraries) kty = "RSA" -> rsa.PrivateKey / rsa.PublicKey kty = "EC" -> ecdsa.PrivateKey / ecdsa.PublicKey
type KeySpec ¶
KeySpec contains a cryptographic key accompanied by JWK metadata. This structure is used to contain information from parsed JSON Web Keys.
func MustParseBytes ¶
MustParseBytes parses JWK bytes into a KeySpec, panicking on error
func NewSpec ¶
func NewSpec(key interface{}) *KeySpec
NewSpec directly creates a KeySpec from a concrete key object.
Key object types supported: rsa.PrivateKey, rsa.PublicKey, ecdsa.PrivateKey, ecdsa.PublicKey, okp.OctetKeyPair, []byte
func NewSpecWithID ¶
NewSpecWithID directly creates a KeySpec from a concrete key object and a Key ID.
Key object types supported: rsa.PrivateKey, rsa.PublicKey, ecdsa.PrivateKey, ecdsa.PublicKey, okp.OctetKeyPair, []byte
func ParseBytes ¶
ParseBytes parses JWK bytes into a KeySpec
func (*KeySpec) IsKeyType ¶
IsKeyType returns true if KeySpec has expected key type and curve.
If expectedKty contains a slash, then it will be parsed as a pair of key type ('kty') and curve ('crv'), in the following format: 'kty/crv', and the KeySpec will match if both its key type and curve match. Otherwise, only the key type will be checked.
func (*KeySpec) IsPublic ¶
IsPublic checks whether the key in KeySpec is a public key or not. In case the key is symmetric, this function returns false.
func (*KeySpec) MarshalJSON ¶
MarshalJSON serializes the KeySpec to JSON.
func (*KeySpec) MarshalPublicJSON ¶
MarshalPublicJSON serializes only the public fields of the KeySpec to JSON. For public keys this gives exactly the same result as MarshalJSON()
func (*KeySpec) Normalize ¶
func (k *KeySpec) Normalize(settings NormalizationSettings) error
Normalize attempts to put some uniformity on the metadata fields attached to the JSON Web Key The normalization is influenced by the settings parameter.
func (*KeySpec) PublicOnly ¶
PublicOnly removes all private components from a KeySpec (if they exists) and returns a key which can be safely published as a public key.
func (*KeySpec) Thumbprint ¶
Thumbprint returns the KeySpec's RFC 7638 thumbprint using SHA-256.
func (*KeySpec) ThumbprintUsing ¶
ThumbprintUsing returns the KeySpec's RFC 7638 thumbprint using the specified hash function.
func (*KeySpec) UnmarshalJSON ¶
UnmarshalJSON deserializes a KeySpec from the given JSON.
type KeySpecSet ¶
type KeySpecSet struct {
Keys []KeySpec `json:"keys"`
}
KeySpecSet represents a set of parsed JSON Web Keys
func (KeySpecSet) Filter ¶
func (ks KeySpecSet) Filter(filter func(key *KeySpec) bool) KeySpecSet
Filter filters the specified KeySpecSet with a filter function
filter is a predicate that accepts a KeySpec and returns a boolean value.
func (*KeySpecSet) MarshalPublicJSON ¶
func (ks *KeySpecSet) MarshalPublicJSON() ([]byte, error)
MarshalPublicJSON serializes only the public fields of the keys inside the KeySpecSet to JSON (as JWKS). For public keys this gives exactly the same result as MarshalJSON()
func (KeySpecSet) OnlyKeyTypes ¶
func (ks KeySpecSet) OnlyKeyTypes(keyTypes ...string) KeySpecSet
OnlyKeyTypes filters the KeySpecSet and returns only KeySpecs which match the specified key type and curve.
If keyType contains a slash, then it will be parsed as a pair of key type ('kty') and curve ('crv'), in the following format: 'kty/crv', and the KeySpec will match if both its key type and curve match. Otherwise, only the key type will be checked.
func (KeySpecSet) PrimaryCurveOKP ¶
func (ks KeySpecSet) PrimaryCurveOKP(curve string) (*KeySpec, okp.CurveOctetKeyPair)
PrimaryCurveOKP returns the first CurveOctetKeyPair in the KeySpecSet which matches the specified curve name.
If keyType contains a slash, then it will be parsed as a pair of key type ('kty') and curve ('crv'), in the following format: 'kty/crv', and the KeySpec will match if both its key type and curve match. Otherwise, only the key type will be checked.
func (KeySpecSet) PrimaryECDSAPrivate ¶
func (ks KeySpecSet) PrimaryECDSAPrivate() (*KeySpec, *ecdsa.PrivateKey)
PrimaryECDSAPrivate returns the first ECDSA PrivateKey in the KeySpecSet which matches the specified curve name.
func (KeySpecSet) PrimaryKey ¶
func (ks KeySpecSet) PrimaryKey(keyType string) *KeySpec
PrimaryKey returns the first KeySpec in the KeySpecSet which matches the specified key type and curve.
If keyType contains a slash, then it will be parsed as a pair of key type ('kty') and curve ('crv'), in the following format: 'kty/crv', and the KeySpec will match if both its key type and curve match. Otherwise, only the key type will be checked.
type NormalizationSettings ¶
type NormalizationSettings struct { // Use tells KeySpec.Normalize() to set the 'use' field to the specified string Use string // RequireKeyID tells KeySpec.Normalize() to attempt to auto-generate 'kid' if it // is missing and fail if it couldn't generate it automatically. // Automatic generation is done by creating a SHA-256 thumbprint of the key. RequireKeyID bool // RequireAlgorithm requires 'alg' to be specified. RequireAlgorithm bool // ThumbprintHashFunc specifies the hash function to use for the thumbprint ThumbprintHashFunc hash.Hash }
NormalizationSettings contains settings for the normalization preformed by KeySpec.Normalize()