Documentation ¶
Overview ¶
Package jwk handles JSON Web Key defined in RFC 7517.
Index ¶
- type Key
- func (key *Key) Algorithm() jwa.KeyAlgorithm
- func (key *Key) KeyID() string
- func (key *Key) KeyOperations() []jwktypes.KeyOp
- func (key *Key) KeyType() jwa.KeyType
- func (key *Key) MarshalJSON() ([]byte, error)
- func (key *Key) PrivateKey() crypto.PrivateKey
- func (key *Key) PublicKey() crypto.PublicKey
- func (key *Key) PublicKeyUse() jwktypes.KeyUse
- func (key *Key) SetAlgorithm(alg jwa.KeyAlgorithm)
- func (key *Key) SetKeyID(kid string)
- func (key *Key) SetKeyOperation(keyOps []jwktypes.KeyOp)
- func (key *Key) SetPrivateKey(priv crypto.PrivateKey)
- func (key *Key) SetPublicKey(pub crypto.PublicKey)
- func (key *Key) SetPublicKeyUse(use jwktypes.KeyUse)
- func (key *Key) SetX509CertificateChain(x5c []*x509.Certificate)
- func (key *Key) SetX509CertificateSHA1(x5t []byte)
- func (key *Key) SetX509CertificateSHA256(x5tS256 []byte)
- func (key *Key) SetX509URL(x5u *url.URL)
- func (key *Key) Thumbprint(h hash.Hash) ([]byte, error)
- func (key *Key) UnmarshalJSON(data []byte) error
- func (key *Key) X509CertificateChain() []*x509.Certificate
- func (key *Key) X509CertificateSHA1() []byte
- func (key *Key) X509CertificateSHA256() []byte
- func (key *Key) X509URL() *url.URL
- type Set
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Key ¶
type Key struct { // Raw is the raw data of JSON-decoded JWK. // JSON numbers are decoded as json.Number to avoid data loss. Raw map[string]any // contains filtered or unexported fields }
Key is a JSON Web Key.
func DecodePEM ¶ added in v0.0.2
DecodePEM decodes the PEM data encoded keys.
Example ¶
package main import ( "crypto/ed25519" "fmt" "log" "github.com/shogo82148/goat/jwk" ) func main() { ed25519PrivateKey := `-----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEIKwAUfUUia9rBpRD+sgNlTI5n5RhwMNDaaWFN5Kl3tiF -----END PRIVATE KEY----- and some more` key, _, err := jwk.DecodePEM([]byte(ed25519PrivateKey)) if err != nil { log.Fatal(err) } priv := key.PrivateKey().(ed25519.PrivateKey) fmt.Printf("%064x", priv.Seed()) }
Output: ac0051f51489af6b069443fac80d9532399f9461c0c34369a5853792a5ded885
func NewPrivateKey ¶ added in v0.0.2
func NewPrivateKey(key crypto.PrivateKey) (*Key, error)
NewPrivateKey returns a new JWK from the private key.
key must be one of *crypto/ecdsa.PrivateKey, *crypto/rsa.PrivateKey, crypto/ed25519.PrivateKey, *crypto/ecdh.PrivateKey, x25519.PrivateKey, ed448.PrivateKey, x448.PrivateKey or []byte.
Example ¶
package main import ( "crypto/ed25519" "encoding/hex" "fmt" "log" "github.com/shogo82148/goat/jwk" ) func main() { // generate a new private key of Ed25519. seed, err := hex.DecodeString("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60") if err != nil { log.Fatal(err) } priv := ed25519.NewKeyFromSeed(seed) // generate a new JWK from ed25519.PrivateKey. key, err := jwk.NewPrivateKey(priv) if err != nil { log.Fatal(err) } data, err := key.MarshalJSON() if err != nil { log.Fatal(err) } fmt.Println(string(data)) }
Output: {"crv":"Ed25519","d":"nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A","kty":"OKP","x":"11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo"}
func NewPublicKey ¶ added in v0.0.2
NewPublicKey returns a new JWK from the public key.
key must be one of *crypto/ecdsa.PublicKey, *crypto/rsa.PublicKey, crypto/ed25519.PublicKey, *crypto/ecdh.PublicKey, x25519.PublicKey, ed448.PublicKey, x448.PublicKey.
Example ¶
package main import ( "crypto/ed25519" "encoding/hex" "fmt" "log" "github.com/shogo82148/goat/jwk" ) func main() { // generate a new private key of Ed25519. seed, err := hex.DecodeString("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60") if err != nil { log.Fatal(err) } priv := ed25519.NewKeyFromSeed(seed) // generate a new JWK from ed25519.PublicKey. key, err := jwk.NewPublicKey(priv.Public()) if err != nil { log.Fatal(err) } data, err := key.MarshalJSON() if err != nil { log.Fatal(err) } fmt.Println(string(data)) }
Output: {"crv":"Ed25519","kty":"OKP","x":"11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo"}
func ParseKey ¶
ParseKey parses a JWK.
Example ¶
package main import ( "crypto/ed25519" "fmt" "log" "github.com/shogo82148/goat/jwk" ) func main() { raw := `{"kty":"OKP","crv":"Ed25519", "d":"nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A", "x":"11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo"}` key, err := jwk.ParseKey([]byte(raw)) if err != nil { log.Fatal(err) } priv := key.PrivateKey().(ed25519.PrivateKey) fmt.Printf("%064x", priv.Seed()) }
Output: 9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60
func ParseMap ¶
ParseMap parses a JWK that is decoded by the encoding/json package.
Example ¶
package main import ( "crypto/ed25519" "fmt" "log" "github.com/shogo82148/goat/jwk" ) func main() { raw := map[string]any{ "kty": "OKP", "crv": "Ed25519", "d": "nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A", "x": "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo", } key, err := jwk.ParseMap(raw) if err != nil { log.Fatal(err) } priv := key.PrivateKey().(ed25519.PrivateKey) fmt.Printf("%064x", priv.Seed()) }
Output: 9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60
func (*Key) Algorithm ¶
func (key *Key) Algorithm() jwa.KeyAlgorithm
Algorithm returns RFC 7517 Section 4.4. "alg" (Algorithm) Parameter.
func (*Key) KeyID ¶
KeyID is RFC 7517 Section 4.5. "kid" (Key ID) Parameter.
func (*Key) KeyOperations ¶
KeyOperations returns RFC 7517 Section 4.3. "key_ops" (Key Operations) Parameter.
func (*Key) KeyType ¶
KeyType returns RFC 7517 Section 4.1. "kty" (Key Type) Parameter.
func (*Key) MarshalJSON ¶
MarshalJSON implements encoding/json.Marshaler
func (*Key) PrivateKey ¶
func (key *Key) PrivateKey() crypto.PrivateKey
PrivateKey returns the private key. If the key doesn't contain any private key, it returns nil.
func (*Key) PublicKey ¶
PublicKey returns the public key. If the key doesn't contain any public key, it returns nil.
func (*Key) PublicKeyUse ¶
PublicKeyUse returns RFC 7517 Section 4.2. "use" (Public Key Use) Parameter.
func (*Key) SetAlgorithm ¶
func (key *Key) SetAlgorithm(alg jwa.KeyAlgorithm)
SetAlgorithm sets RFC 7517 Section 4.4. "alg" (Algorithm) Parameter.
func (*Key) SetKeyID ¶
SetKeyID sets RFC 7517 Section 4.5. "kid" (Key ID) Parameter.
func (*Key) SetKeyOperation ¶
SetKeyOperation sets RFC 7517 Section 4.3. "key_ops" (Key Operations) Parameter.
func (*Key) SetPrivateKey ¶
func (key *Key) SetPrivateKey(priv crypto.PrivateKey)
SetPrivateKey sets the private key. If priv has Public() method, it sets the public key as well.
func (*Key) SetPublicKey ¶
SetPublicKey sets the public key, and removes the private key.
func (*Key) SetPublicKeyUse ¶
SetPublicKeyUse sets RFC 7517 Section 4.2. "use" (Public Key Use) Parameter.
func (*Key) SetX509CertificateChain ¶
func (key *Key) SetX509CertificateChain(x5c []*x509.Certificate)
SetX509CertificateChain sets RFC 7517 Section 4.7. "x5c" (X.509 Certificate Chain) Parameter.
func (*Key) SetX509CertificateSHA1 ¶
SetX509CertificateSHA1 sets RFC 7517 Section 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter.
func (*Key) SetX509CertificateSHA256 ¶
SetX509CertificateSHA256 sets RFC 7517 Section 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter.
func (*Key) SetX509URL ¶
SetX509URL sets RFC 7517 Section 4.6. "x5u" (X.509 URL) Parameter.
func (*Key) Thumbprint ¶
Thumbprint computes the thumbprint of the key defined in RFC 7638.
func (*Key) UnmarshalJSON ¶
UnmarshalJSON implements encoding/json.Unmarshaler
func (*Key) X509CertificateChain ¶
func (key *Key) X509CertificateChain() []*x509.Certificate
X509CertificateChain is RFC 7517 Section 4.7. "x5c" (X.509 Certificate Chain) Parameter.
func (*Key) X509CertificateSHA1 ¶
X509CertificateSHA1 is RFC 7517 Section 4.8. "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter.
func (*Key) X509CertificateSHA256 ¶
X509CertificateSHA256 is RFC 7517 Section 4.9. "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter.
type Set ¶
type Set struct {
Keys []*Key
}
Set is a JWK Set.
func (*Set) MarshalJSON ¶
MarshalJSON implements encoding/json.Marshaler
func (*Set) UnmarshalJSON ¶
UnmarshalJSON implements encoding/json.Unmarshaler