jose

package
v0.0.0-...-288c2a5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 15, 2022 License: MIT, Apache-2.0 Imports: 28 Imported by: 0

Documentation

Overview

from gopkg.in/square/go-jose.v1

from gopkg.in/square/go-jose.v1

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. For the moment, it mainly focuses on encryption and signing based on the JSON Web Encryption and JSON Web Signature standards. The library supports both the compact and full serialization formats, and has optional support for multiple recipients.

from gopkg.in/square/go-jose.v1

from gopkg.in/square/go-jose.v1

from gopkg.in/square/go-jose.v1

from gopkg.in/square/go-jose.v1

from gopkg.in/square/go-jose.v1

from gopkg.in/square/go-jose.v1

from gopkg.in/square/go-jose.v1

from gopkg.in/square/go-jose.v1

from gopkg.in/square/go-jose.v1

Index

Constants

View Source
const (
	RSA1_5             = KeyAlgorithm("RSA1_5")             // RSA-PKCS1v1.5
	RSA_OAEP           = KeyAlgorithm("RSA-OAEP")           // RSA-OAEP-SHA1
	RSA_OAEP_256       = KeyAlgorithm("RSA-OAEP-256")       // RSA-OAEP-SHA256
	A128KW             = KeyAlgorithm("A128KW")             // AES key wrap (128)
	A192KW             = KeyAlgorithm("A192KW")             // AES key wrap (192)
	A256KW             = KeyAlgorithm("A256KW")             // AES key wrap (256)
	DIRECT             = KeyAlgorithm("dir")                // Direct encryption
	ECDH_ES            = KeyAlgorithm("ECDH-ES")            // ECDH-ES
	ECDH_ES_A128KW     = KeyAlgorithm("ECDH-ES+A128KW")     // ECDH-ES + AES key wrap (128)
	ECDH_ES_A192KW     = KeyAlgorithm("ECDH-ES+A192KW")     // ECDH-ES + AES key wrap (192)
	ECDH_ES_A256KW     = KeyAlgorithm("ECDH-ES+A256KW")     // ECDH-ES + AES key wrap (256)
	A128GCMKW          = KeyAlgorithm("A128GCMKW")          // AES-GCM key wrap (128)
	A192GCMKW          = KeyAlgorithm("A192GCMKW")          // AES-GCM key wrap (192)
	A256GCMKW          = KeyAlgorithm("A256GCMKW")          // AES-GCM key wrap (256)
	PBES2_HS256_A128KW = KeyAlgorithm("PBES2-HS256+A128KW") // PBES2 + HMAC-SHA256 + AES key wrap (128)
	PBES2_HS384_A192KW = KeyAlgorithm("PBES2-HS384+A192KW") // PBES2 + HMAC-SHA384 + AES key wrap (192)
	PBES2_HS512_A256KW = KeyAlgorithm("PBES2-HS512+A256KW") // PBES2 + HMAC-SHA512 + AES key wrap (256)
)

Key management algorithms

View Source
const (
	HS256 = SignatureAlgorithm("HS256") // HMAC using SHA-256
	HS384 = SignatureAlgorithm("HS384") // HMAC using SHA-384
	HS512 = SignatureAlgorithm("HS512") // HMAC using SHA-512
	RS256 = SignatureAlgorithm("RS256") // RSASSA-PKCS-v1.5 using SHA-256
	RS384 = SignatureAlgorithm("RS384") // RSASSA-PKCS-v1.5 using SHA-384
	RS512 = SignatureAlgorithm("RS512") // RSASSA-PKCS-v1.5 using SHA-512
	ES256 = SignatureAlgorithm("ES256") // ECDSA using P-256 and SHA-256
	ES384 = SignatureAlgorithm("ES384") // ECDSA using P-384 and SHA-384
	ES512 = SignatureAlgorithm("ES512") // ECDSA using P-521 and SHA-512
	PS256 = SignatureAlgorithm("PS256") // RSASSA-PSS using SHA256 and MGF1-SHA256
	PS384 = SignatureAlgorithm("PS384") // RSASSA-PSS using SHA384 and MGF1-SHA384
	PS512 = SignatureAlgorithm("PS512") // RSASSA-PSS using SHA512 and MGF1-SHA512
)

Signature algorithms

View Source
const (
	A128CBC_HS256 = ContentEncryption("A128CBC-HS256") // AES-CBC + HMAC-SHA256 (128)
	A192CBC_HS384 = ContentEncryption("A192CBC-HS384") // AES-CBC + HMAC-SHA384 (192)
	A256CBC_HS512 = ContentEncryption("A256CBC-HS512") // AES-CBC + HMAC-SHA512 (256)
	A128GCM       = ContentEncryption("A128GCM")       // AES-GCM (128)
	A192GCM       = ContentEncryption("A192GCM")       // AES-GCM (192)
	A256GCM       = ContentEncryption("A256GCM")       // AES-GCM (256)
)

Content encryption algorithms

View Source
const (
	NONE    = CompressionAlgorithm("")    // No compression
	DEFLATE = CompressionAlgorithm("DEF") // DEFLATE (RFC 1951)
)

Compression algorithms

Variables

View Source
var (
	// ErrCryptoFailure represents an error in cryptographic primitive. This
	// occurs when, for example, a message had an invalid authentication tag or
	// could not be decrypted.
	ErrCryptoFailure = errors.New("square/go-jose: error in cryptographic primitive")

	// ErrUnsupportedAlgorithm indicates that a selected algorithm is not
	// supported. This occurs when trying to instantiate an encrypter for an
	// algorithm that is not yet implemented.
	ErrUnsupportedAlgorithm = errors.New("square/go-jose: unknown/unsupported algorithm")

	// ErrUnsupportedKeyType indicates that the given key type/format is not
	// supported. This occurs when trying to instantiate an encrypter and passing
	// it a key of an unrecognized type or with unsupported parameters, such as
	// an RSA private key with more than two primes.
	ErrUnsupportedKeyType = errors.New("square/go-jose: unsupported key type/format")

	// ErrNotSupported serialization of object is not supported. This occurs when
	// trying to compact-serialize an object which can't be represented in
	// compact form.
	ErrNotSupported = errors.New("square/go-jose: compact serialization not supported for object")

	// ErrUnprotectedNonce indicates that while parsing a JWS or JWE object, a
	// nonce header parameter was included in an unprotected header object.
	ErrUnprotectedNonce = errors.New("square/go-jose: Nonce parameter included in unprotected header")
)

Functions

func LoadPrivateKey

func LoadPrivateKey(data []byte) (interface{}, error)

LoadPrivateKey loads a private key from PEM/DER-encoded data.

func LoadPublicKey

func LoadPublicKey(data []byte) (interface{}, error)

LoadPublicKey loads a public key from PEM/DER-encoded data.

Types

type CompressionAlgorithm

type CompressionAlgorithm string

CompressionAlgorithm represents an algorithm used for plaintext compression.

type ContentEncryption

type ContentEncryption string

ContentEncryption represents a content encryption algorithm.

type Encrypter

type Encrypter interface {
	Encrypt(plaintext []byte) (*JsonWebEncryption, error)
	EncryptWithAuthData(plaintext []byte, aad []byte) (*JsonWebEncryption, error)
	SetCompression(alg CompressionAlgorithm)
}

Encrypter represents an encrypter which produces an encrypted JWE object.

func NewEncrypter

func NewEncrypter(alg KeyAlgorithm, enc ContentEncryption, encryptionKey interface{}) (Encrypter, error)

NewEncrypter creates an appropriate encrypter based on the key type

type JoseHeader

type JoseHeader struct {
	KeyID      string
	JsonWebKey *JsonWebKey
	Algorithm  string
	Nonce      string
}

JoseHeader represents the read-only JOSE header for JWE/JWS objects.

type JsonWebEncryption

type JsonWebEncryption struct {
	Header JoseHeader
	// contains filtered or unexported fields
}

JsonWebEncryption represents an encrypted JWE object after parsing.

func ParseEncrypted

func ParseEncrypted(input string) (*JsonWebEncryption, error)

ParseEncrypted parses an encrypted message in compact or full serialization format.

func (JsonWebEncryption) CompactSerialize

func (obj JsonWebEncryption) CompactSerialize() (string, error)

CompactSerialize serializes an object using the compact serialization format.

func (JsonWebEncryption) Decrypt

func (obj JsonWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error)

Decrypt and validate the object and return the plaintext.

func (JsonWebEncryption) FullSerialize

func (obj JsonWebEncryption) FullSerialize() string

FullSerialize serializes an object using the full JSON serialization format.

func (JsonWebEncryption) GetAuthData

func (obj JsonWebEncryption) GetAuthData() []byte

GetAuthData retrieves the (optional) authenticated data attached to the object.

type JsonWebKey

type JsonWebKey struct {
	Key          interface{}
	Certificates []*x509.Certificate
	KeyID        string
	Algorithm    string
	Use          string
}

JsonWebKey represents a public or private key in JWK format.

func (JsonWebKey) MarshalJSON

func (k JsonWebKey) MarshalJSON() ([]byte, error)

MarshalJSON serializes the given key to its JSON representation.

func (*JsonWebKey) Thumbprint

func (k *JsonWebKey) Thumbprint(hash crypto.Hash) ([]byte, error)

Thumbprint computes the JWK Thumbprint of a key using the indicated hash algorithm.

func (*JsonWebKey) UnmarshalJSON

func (k *JsonWebKey) UnmarshalJSON(data []byte) (err error)

UnmarshalJSON reads a key from its JSON representation.

func (*JsonWebKey) Valid

func (k *JsonWebKey) Valid() bool

Valid checks that the key contains the expected parameters

type JsonWebKeySet

type JsonWebKeySet struct {
	Keys []JsonWebKey `json:"keys"`
}

JsonWebKeySet represents a JWK Set object.

func (*JsonWebKeySet) Key

func (s *JsonWebKeySet) Key(kid string) []JsonWebKey

Key convenience method returns keys by key ID. Specification states that a JWK Set "SHOULD" use distinct key IDs, but allows for some cases where they are not distinct. Hence method returns a slice of JsonWebKeys.

type JsonWebSignature

type JsonWebSignature struct {
	Signatures []Signature
	// contains filtered or unexported fields
}

JsonWebSignature represents a signed JWS object after parsing.

func ParseSigned

func ParseSigned(input string) (*JsonWebSignature, error)

ParseSigned parses a signed message in compact or full serialization format.

func (JsonWebSignature) CompactSerialize

func (obj JsonWebSignature) CompactSerialize() (string, error)

CompactSerialize serializes an object using the compact serialization format.

func (JsonWebSignature) FullSerialize

func (obj JsonWebSignature) FullSerialize() string

FullSerialize serializes an object using the full JSON serialization format.

func (JsonWebSignature) Verify

func (obj JsonWebSignature) Verify(verificationKey interface{}) ([]byte, error)

Verify validates the signature on the object and returns the payload.

type KeyAlgorithm

type KeyAlgorithm string

KeyAlgorithm represents a key management algorithm.

type MultiEncrypter

type MultiEncrypter interface {
	Encrypt(plaintext []byte) (*JsonWebEncryption, error)
	EncryptWithAuthData(plaintext []byte, aad []byte) (*JsonWebEncryption, error)
	SetCompression(alg CompressionAlgorithm)
	AddRecipient(alg KeyAlgorithm, encryptionKey interface{}) error
}

MultiEncrypter represents an encrypter which supports multiple recipients.

func NewMultiEncrypter

func NewMultiEncrypter(enc ContentEncryption) (MultiEncrypter, error)

NewMultiEncrypter creates a multi-encrypter based on the given parameters

type MultiSigner

type MultiSigner interface {
	Sign(payload []byte) (*JsonWebSignature, error)
	SetNonceSource(source NonceSource)
	SetEmbedJwk(embed bool)
	AddRecipient(alg SignatureAlgorithm, signingKey interface{}) error
}

MultiSigner represents a signer which supports multiple recipients.

func NewMultiSigner

func NewMultiSigner() MultiSigner

NewMultiSigner creates a signer for multiple recipients

type NonceSource

type NonceSource interface {
	Nonce() (string, error)
}

NonceSource represents a source of random nonces to go into JWS objects

type Signature

type Signature struct {
	// Header fields, such as the signature algorithm
	Header JoseHeader

	// The actual signature value
	Signature []byte
	// contains filtered or unexported fields
}

Signature represents a single signature over the JWS payload and protected header.

type SignatureAlgorithm

type SignatureAlgorithm string

SignatureAlgorithm represents a signature (or MAC) algorithm.

type Signer

type Signer interface {
	Sign(payload []byte) (*JsonWebSignature, error)
	SetNonceSource(source NonceSource)
	SetEmbedJwk(embed bool)
}

Signer represents a signer which takes a payload and produces a signed JWS object.

func NewSigner

func NewSigner(alg SignatureAlgorithm, signingKey interface{}) (Signer, error)

NewSigner creates an appropriate signer based on the key type

Directories

Path Synopsis
from gopkg.in/square/go-jose.v1/cipher
from gopkg.in/square/go-jose.v1/cipher

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL