jose2go: github.com/dvsekhvalnov/jose2go Index | Files | Directories

package jose

import "github.com/dvsekhvalnov/jose2go"

Package jose provides high level functions for producing (signing, encrypting and compressing) or consuming (decoding) Json Web Tokens using Java Object Signing and Encryption spec

Index

Package Files

aes_cbc_hmac.go aes_gcm.go aes_gcm_kw.go aeskw.go deflate.go direct.go ecdh.go ecdh_aeskw.go ecdsa_using_sha.go hmac.go hmac_using_sha.go jose.go pbse2_hmac_aeskw.go plaintext.go rsa_oaep.go rsa_pkcs1v15.go rsa_using_sha.go rsapss_using_sha.go sha.go

Constants

const (
    NONE = "none" //plaintext (unprotected) without signature / encryption

    HS256 = "HS256" //HMAC using SHA-256 hash
    HS384 = "HS384" //HMAC using SHA-384 hash
    HS512 = "HS512" //HMAC using SHA-512 hash
    RS256 = "RS256" //RSASSA-PKCS-v1_5 using SHA-256 hash
    RS384 = "RS384" //RSASSA-PKCS-v1_5 using SHA-384 hash
    RS512 = "RS512" //RSASSA-PKCS-v1_5 using SHA-512 hash
    PS256 = "PS256" //RSASSA-PSS using SHA-256 hash
    PS384 = "PS384" //RSASSA-PSS using SHA-384 hash
    PS512 = "PS512" //RSASSA-PSS using SHA-512 hash
    ES256 = "ES256" //ECDSA using P-256 curve and SHA-256 hash
    ES384 = "ES384" //ECDSA using P-384 curve and SHA-384 hash
    ES512 = "ES512" //ECDSA using P-521 curve and SHA-512 hash

    A128CBC_HS256 = "A128CBC-HS256" //AES in CBC mode with PKCS #5 (NIST.800-38A) padding with HMAC using 256 bit key
    A192CBC_HS384 = "A192CBC-HS384" //AES in CBC mode with PKCS #5 (NIST.800-38A) padding with HMAC using 384 bit key
    A256CBC_HS512 = "A256CBC-HS512" //AES in CBC mode with PKCS #5 (NIST.800-38A) padding with HMAC using 512 bit key
    A128GCM       = "A128GCM"       //AES in GCM mode with 128 bit key
    A192GCM       = "A192GCM"       //AES in GCM mode with 192 bit key
    A256GCM       = "A256GCM"       //AES in GCM mode with 256 bit key

    DIR                = "dir"                //Direct use of pre-shared symmetric key
    RSA1_5             = "RSA1_5"             //RSAES with PKCS #1 v1.5 padding, RFC 3447
    RSA_OAEP           = "RSA-OAEP"           //RSAES using Optimal Assymetric Encryption Padding, RFC 3447
    RSA_OAEP_256       = "RSA-OAEP-256"       //RSAES using Optimal Assymetric Encryption Padding with SHA-256, RFC 3447
    A128KW             = "A128KW"             //AES Key Wrap Algorithm using 128 bit keys, RFC 3394
    A192KW             = "A192KW"             //AES Key Wrap Algorithm using 192 bit keys, RFC 3394
    A256KW             = "A256KW"             //AES Key Wrap Algorithm using 256 bit keys, RFC 3394
    A128GCMKW          = "A128GCMKW"          //AES GCM Key Wrap Algorithm using 128 bit keys
    A192GCMKW          = "A192GCMKW"          //AES GCM Key Wrap Algorithm using 192 bit keys
    A256GCMKW          = "A256GCMKW"          //AES GCM Key Wrap Algorithm using 256 bit keys
    PBES2_HS256_A128KW = "PBES2-HS256+A128KW" //Password Based Encryption using PBES2 schemes with HMAC-SHA and AES Key Wrap using 128 bit key
    PBES2_HS384_A192KW = "PBES2-HS384+A192KW" //Password Based Encryption using PBES2 schemes with HMAC-SHA and AES Key Wrap using 192 bit key
    PBES2_HS512_A256KW = "PBES2-HS512+A256KW" //Password Based Encryption using PBES2 schemes with HMAC-SHA and AES Key Wrap using 256 bit key
    ECDH_ES            = "ECDH-ES"            //Elliptic Curve Diffie Hellman key agreement
    ECDH_ES_A128KW     = "ECDH-ES+A128KW"     //Elliptic Curve Diffie Hellman key agreement with AES Key Wrap using 128 bit key
    ECDH_ES_A192KW     = "ECDH-ES+A192KW"     //Elliptic Curve Diffie Hellman key agreement with AES Key Wrap using 192 bit key
    ECDH_ES_A256KW     = "ECDH-ES+A256KW"     //Elliptic Curve Diffie Hellman key agreement with AES Key Wrap using 256 bit key

    DEF = "DEF" //DEFLATE compression, RFC 1951
)

func Compress Uses

func Compress(payload string, alg string, enc string, zip string, key interface{}) (token string, err error)

This method is DEPRICATED and subject to be removed in next version. Use Encrypt(..) with Zip option instead.

Compress produces encrypted & comressed JWT token given arbitrary payload, key management , encryption and compression algorithms to use (see constants for list of supported algs) and management key. Management key is of different type for different key management alg, see specific key management alg implementation documentation.

It returns 5 parts encrypted & compressed JWT token as string and not nil error if something went wrong.

func Decode Uses

func Decode(token string, key interface{}) (string, map[string]interface{}, error)

Decode verifies, decrypts and decompresses given JWT token using management key. Management key is of different type for different key management or signing algorithms, see specific alg implementation documentation.

Returns decoded payload as a string, headers and not nil error if something went wrong.

func DecodeBytes Uses

func DecodeBytes(token string, key interface{}) ([]byte, map[string]interface{}, error)

Decode verifies, decrypts and decompresses given JWT token using management key. Management key is of different type for different key management or signing algorithms, see specific alg implementation documentation.

Returns decoded payload as a raw bytes, headers and not nil error if something went wrong.

func Encrypt Uses

func Encrypt(payload string, alg string, enc string, key interface{}, options ...func(*JoseConfig)) (token string, err error)

Encrypt produces encrypted JWT token given arbitrary string payload, key management and encryption algorithms to use (see constants for list of supported algs) and management key. Management key is of different type for different key management alg, see specific key management alg implementation documentation.

It returns 5 parts encrypted JWT token as string and not nil error if something went wrong.

func EncryptBytes Uses

func EncryptBytes(payload []byte, alg string, enc string, key interface{}, options ...func(*JoseConfig)) (token string, err error)

Encrypt produces encrypted JWT token given arbitrary binary payload, key management and encryption algorithms to use (see constants for list of supported algs) and management key. Management key is of different type for different key management alg, see specific key management alg implementation documentation.

It returns 5 parts encrypted JWT token as string and not nil error if something went wrong.

func Header(name string, value interface{}) func(cfg *JoseConfig)

func Headers Uses

func Headers(headers map[string]interface{}) func(cfg *JoseConfig)

func RegisterJwa Uses

func RegisterJwa(alg JwaAlgorithm)

RegisterJwa register new key management algorithm

func RegisterJwc Uses

func RegisterJwc(alg JwcAlgorithm)

RegisterJwc register new compression algorithm

func RegisterJwe Uses

func RegisterJwe(alg JweEncryption)

RegisterJwe register new encryption algorithm

func RegisterJws Uses

func RegisterJws(alg JwsAlgorithm)

RegisterJws register new signing algorithm

func Sign Uses

func Sign(payload string, signingAlg string, key interface{}, options ...func(*JoseConfig)) (token string, err error)

Sign produces signed JWT token given arbitrary string payload, signature algorithm to use (see constants for list of supported algs), signing key and extra options (see option functions) Signing key is of different type for different signing alg, see specific signing alg implementation documentation.

It returns 3 parts signed JWT token as string and not nil error if something went wrong.

func SignBytes Uses

func SignBytes(payload []byte, signingAlg string, key interface{}, options ...func(*JoseConfig)) (token string, err error)

Sign produces signed JWT token given arbitrary binary payload, signature algorithm to use (see constants for list of supported algs), signing key and extra options (see option functions) Signing key is of different type for different signing alg, see specific signing alg implementation documentation.

It returns 3 parts signed JWT token as string and not nil error if something went wrong.

func Zip Uses

func Zip(alg string) func(cfg *JoseConfig)

type AesCbcHmac Uses

type AesCbcHmac struct {
    // contains filtered or unexported fields
}

AES CBC with HMAC authenticated encryption algorithm implementation

func (*AesCbcHmac) Decrypt Uses

func (alg *AesCbcHmac) Decrypt(aad, cek, iv, cipherText, authTag []byte) (plainText []byte, err error)

func (*AesCbcHmac) Encrypt Uses

func (alg *AesCbcHmac) Encrypt(aad, plainText, cek []byte) (iv, cipherText, authTag []byte, err error)

func (*AesCbcHmac) KeySizeBits Uses

func (alg *AesCbcHmac) KeySizeBits() int

func (*AesCbcHmac) Name Uses

func (alg *AesCbcHmac) Name() string

func (*AesCbcHmac) SetKeySizeBits Uses

func (alg *AesCbcHmac) SetKeySizeBits(bits int)

type AesGcm Uses

type AesGcm struct {
    // contains filtered or unexported fields
}

AES GCM authenticated encryption algorithm implementation

func (*AesGcm) Decrypt Uses

func (alg *AesGcm) Decrypt(aad, cek, iv, cipherText, authTag []byte) (plainText []byte, err error)

func (*AesGcm) Encrypt Uses

func (alg *AesGcm) Encrypt(aad, plainText, cek []byte) (iv, cipherText, authTag []byte, err error)

func (*AesGcm) KeySizeBits Uses

func (alg *AesGcm) KeySizeBits() int

func (*AesGcm) Name Uses

func (alg *AesGcm) Name() string

type AesGcmKW Uses

type AesGcmKW struct {
    // contains filtered or unexported fields
}

AES GCM Key Wrap key management algorithm implementation

func (*AesGcmKW) Name Uses

func (alg *AesGcmKW) Name() string

func (*AesGcmKW) Unwrap Uses

func (alg *AesGcmKW) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*AesGcmKW) WrapNewKey Uses

func (alg *AesGcmKW) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type AesKW Uses

type AesKW struct {
    // contains filtered or unexported fields
}

AES Key Wrap key management algorithm implementation

func (*AesKW) Name Uses

func (alg *AesKW) Name() string

func (*AesKW) Unwrap Uses

func (alg *AesKW) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*AesKW) WrapNewKey Uses

func (alg *AesKW) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type Deflate Uses

type Deflate struct{}

Deflate compression algorithm implementation

func (*Deflate) Compress Uses

func (alg *Deflate) Compress(plainText []byte) []byte

func (*Deflate) Decompress Uses

func (alg *Deflate) Decompress(compressedText []byte) []byte

func (*Deflate) Name Uses

func (alg *Deflate) Name() string

type Direct Uses

type Direct struct {
}

Direct (pre-shared) key management algorithm implementation

func (*Direct) Name Uses

func (alg *Direct) Name() string

func (*Direct) Unwrap Uses

func (alg *Direct) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*Direct) WrapNewKey Uses

func (alg *Direct) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type Ecdh Uses

type Ecdh struct {
    // contains filtered or unexported fields
}

Elliptic curve Diffie–Hellman key management (key agreement) algorithm implementation

func (*Ecdh) Name Uses

func (alg *Ecdh) Name() string

func (*Ecdh) Unwrap Uses

func (alg *Ecdh) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*Ecdh) WrapNewKey Uses

func (alg *Ecdh) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type EcdhAesKW Uses

type EcdhAesKW struct {
    // contains filtered or unexported fields
}

Elliptic curve Diffie–Hellman with AES Key Wrap key management algorithm implementation

func (*EcdhAesKW) Name Uses

func (alg *EcdhAesKW) Name() string

func (*EcdhAesKW) Unwrap Uses

func (alg *EcdhAesKW) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*EcdhAesKW) WrapNewKey Uses

func (alg *EcdhAesKW) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type EcdsaUsingSha Uses

type EcdsaUsingSha struct {
    // contains filtered or unexported fields
}

ECDSA signing algorithm implementation

func (*EcdsaUsingSha) Name Uses

func (alg *EcdsaUsingSha) Name() string

func (*EcdsaUsingSha) Sign Uses

func (alg *EcdsaUsingSha) Sign(securedInput []byte, key interface{}) (signature []byte, err error)

func (*EcdsaUsingSha) Verify Uses

func (alg *EcdsaUsingSha) Verify(securedInput, signature []byte, key interface{}) error

type HmacUsingSha Uses

type HmacUsingSha struct {
    // contains filtered or unexported fields
}

HMAC with SHA signing algorithm implementation

func (*HmacUsingSha) Name Uses

func (alg *HmacUsingSha) Name() string

func (*HmacUsingSha) Sign Uses

func (alg *HmacUsingSha) Sign(securedInput []byte, key interface{}) (signature []byte, err error)

func (*HmacUsingSha) Verify Uses

func (alg *HmacUsingSha) Verify(securedInput, signature []byte, key interface{}) error

type JoseConfig Uses

type JoseConfig struct {
    CompressionAlg string
    Headers        map[string]interface{}
}

type JwaAlgorithm Uses

type JwaAlgorithm interface {
    WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)
    Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)
    Name() string
}

JwaAlgorithm is a contract for implementing key management algorithm

type JwcAlgorithm Uses

type JwcAlgorithm interface {
    Compress(plainText []byte) []byte
    Decompress(compressedText []byte) []byte
    Name() string
}

JwcAlgorithm is a contract for implementing compression algorithm

type JweEncryption Uses

type JweEncryption interface {
    Encrypt(aad, plainText, cek []byte) (iv, cipherText, authTag []byte, err error)
    Decrypt(aad, cek, iv, cipherText, authTag []byte) (plainText []byte, err error)
    KeySizeBits() int
    Name() string
}

JweEncryption is a contract for implementing encryption algorithm

type JwsAlgorithm Uses

type JwsAlgorithm interface {
    Verify(securedInput, signature []byte, key interface{}) error
    Sign(securedInput []byte, key interface{}) (signature []byte, err error)
    Name() string
}

JwsAlgorithm is a contract for implementing signing algorithm

type Pbse2HmacAesKW Uses

type Pbse2HmacAesKW struct {
    // contains filtered or unexported fields
}

PBSE2 with HMAC key management algorithm implementation

func (*Pbse2HmacAesKW) Name Uses

func (alg *Pbse2HmacAesKW) Name() string

func (*Pbse2HmacAesKW) Unwrap Uses

func (alg *Pbse2HmacAesKW) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*Pbse2HmacAesKW) WrapNewKey Uses

func (alg *Pbse2HmacAesKW) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type Plaintext Uses

type Plaintext struct{}

Plaintext (no signing) signing algorithm implementation

func (*Plaintext) Name Uses

func (alg *Plaintext) Name() string

func (*Plaintext) Sign Uses

func (alg *Plaintext) Sign(securedInput []byte, key interface{}) (signature []byte, err error)

func (*Plaintext) Verify Uses

func (alg *Plaintext) Verify(securedInput []byte, signature []byte, key interface{}) error

type RsaOaep Uses

type RsaOaep struct {
    // contains filtered or unexported fields
}

func (*RsaOaep) Name Uses

func (alg *RsaOaep) Name() string

func (*RsaOaep) Unwrap Uses

func (alg *RsaOaep) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*RsaOaep) WrapNewKey Uses

func (alg *RsaOaep) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type RsaPkcs1v15 Uses

type RsaPkcs1v15 struct {
}

RS-AES using PKCS #1 v1.5 padding key management algorithm implementation

func (*RsaPkcs1v15) Name Uses

func (alg *RsaPkcs1v15) Name() string

func (*RsaPkcs1v15) Unwrap Uses

func (alg *RsaPkcs1v15) Unwrap(encryptedCek []byte, key interface{}, cekSizeBits int, header map[string]interface{}) (cek []byte, err error)

func (*RsaPkcs1v15) WrapNewKey Uses

func (alg *RsaPkcs1v15) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error)

type RsaPssUsingSha Uses

type RsaPssUsingSha struct {
    // contains filtered or unexported fields
}

RSA with PSS using SHA signing algorithm implementation

func (*RsaPssUsingSha) Name Uses

func (alg *RsaPssUsingSha) Name() string

func (*RsaPssUsingSha) Sign Uses

func (alg *RsaPssUsingSha) Sign(securedInput []byte, key interface{}) (signature []byte, err error)

func (*RsaPssUsingSha) Verify Uses

func (alg *RsaPssUsingSha) Verify(securedInput, signature []byte, key interface{}) error

type RsaUsingSha Uses

type RsaUsingSha struct {
    // contains filtered or unexported fields
}

RSA using SHA signature algorithm implementation

func (*RsaUsingSha) Name Uses

func (alg *RsaUsingSha) Name() string

func (*RsaUsingSha) Sign Uses

func (alg *RsaUsingSha) Sign(securedInput []byte, key interface{}) (signature []byte, err error)

func (*RsaUsingSha) Verify Uses

func (alg *RsaUsingSha) Verify(securedInput, signature []byte, key interface{}) error

Directories

PathSynopsis
aesPackage aes contains provides AES Key Wrap and ECB mode implementations
arraysPackage arrays provides various byte array utilities
base64urlpackage base64url provides base64url encoding/decoding support
compactpackage compact provides function to work with json compact serialization format
kdfpackage kdf contains implementations of various key derivation functions
keys/eccpackage ecc provides helpers for creating elliptic curve leys
keys/rsapackage Rsa provides helpers for creating rsa leys
paddingpackage padding provides various padding algorithms

Package jose imports 26 packages (graph) and is imported by 27 packages. Updated 2018-10-16. Refresh now. Tools for package owners.