jwscore

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2024 License: MIT Imports: 11 Imported by: 0

README

JWS

import "github.com/a-novel-kit/jwt-core/jws"

Signature algorithms for JWT.

Verify

Verification algorithms take an unsigned payload and a signature, both base64 url-encoded, along with public key data. It ensures the signature is valid for the payload, using the provided public key.

ok, err := jws.Verify(payload, signature, publicKey)

If the payload cannot be validated by the signature, jws.ErrInvalidSignature is always returned.

The following algorithms are supported:

Algorithm Method
HMAC with SHA-2 VerifyHMAC(unsigned string, signature string, key []byte, hash crypto.Hash) error
RSASSA-PKCS1-v1_5 ⚠️ VerifyRSA(unsigned string, signature string, key *rsa.PublicKey, hash crypto.Hash) error
ECDSA VerifyEC(unsigned string, signature string, key *ecdsa.PublicKey) error
RSASSA-PSS VerifyRSAPSS(unsigned string, signature string, key *rsa.PublicKey, hash crypto.Hash) error
EdDSA (x25519) VerifyED25519(unsigned string, signature string, key ed25519.PublicKey) error

Sign

Signature algorithms take an unsigned payload and a private key, and return a base64 url-encoded signature.

signature, err := jws.Sign(payload, privateKey)

The following algorithms are supported:

Algorithm Method
HMAC with SHA-2 SignHMAC(unsigned string, key []byte, hash crypto.Hash) (string, error)
RSASSA-PKCS1-v1_5 ⚠️ SignRSA(unsigned string, key *rsa.PrivateKey, hash crypto.Hash) (string, error)
ECDSA SignEC(unsigned string, key *ecdsa.PrivateKey) (string, error)
RSASSA-PSS SignRSAPSS(unsigned string, key *rsa.PrivateKey, hash crypto.Hash) (string, error)
EdDSA (x255219) SignED25519(unsigned string, key ed25519.PrivateKey) string

Deprecation on RSA1_5 algorithms

RSASSA PKCS #1 v1.5 has been deprecated by the standards, and is only included for backwards compatibility.

Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5. Although no attacks are known against RSASSA-PKCS1-v1_5, in the interest of increased robustness, RSASSA-PSS is REQUIRED in new applications. RSASSA-PKCS1-v1_5 is included only for compatibility with existing applications.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrHashUnavailable  = errors.New("hash unavailable")
	ErrInvalidSignature = errors.New("invalid signature")
)
View Source
var ErrUnsupportedCurve = errors.New("unsupported curve")

Functions

func SignEC

func SignEC(unsigned string, key *ecdsa.PrivateKey) (string, error)

SignEC signs the payload using the Elliptic Curve algorithm.

func SignED25519

func SignED25519(unsigned string, key ed25519.PrivateKey) string

SignED25519 signs the payload using the EdDSA algorithm with Ed25519 curve.

func SignHMAC

func SignHMAC(unsigned string, key []byte, hash crypto.Hash) (string, error)

SignHMAC signs the unsigned string using the HMAC algorithm.

func SignRSA deprecated

func SignRSA(unsigned string, key *rsa.PrivateKey, hash crypto.Hash) (string, error)

SignRSA signs a string using RSA PKCS1 v1.5 and returns the signature.

Deprecated: RSASSA PKCS #1 v1.5 has been deprecated by the standards, and is only included for backwards compatibility. Use SignRSAPSS instead.

https://www.rfc-editor.org/rfc/rfc8017#section-8

func SignRSAPSS

func SignRSAPSS(unsigned string, key *rsa.PrivateKey, hash crypto.Hash) (string, error)

SignRSAPSS signs the payload using the RSA-PSS algorithm.

func VerifyEC

func VerifyEC(unsigned string, signature string, key *ecdsa.PublicKey) error

VerifyEC verifies the signature of the payload using the Elliptic Curve algorithm.

func VerifyED25519

func VerifyED25519(unsigned string, signature string, key ed25519.PublicKey) error

VerifyED25519 verifies the signature of the payload using the EdDSA algorithm with Ed25519 curve.

func VerifyHMAC

func VerifyHMAC(unsigned string, signature string, key []byte, hash crypto.Hash) error

VerifyHMAC verifies the signature of the unsigned string using the HMAC algorithm.

func VerifyRSA deprecated

func VerifyRSA(unsigned string, signature string, key *rsa.PublicKey, hash crypto.Hash) error

VerifyRSA verifies a signature against a string using RSA PKCS1 v1.5.

Deprecated: RSASSA PKCS #1 v1.5 has been deprecated by the standards, and is only included for backwards compatibility. Use VerifyRSAPSS instead.

https://www.rfc-editor.org/rfc/rfc8017#section-8

func VerifyRSAPSS

func VerifyRSAPSS(unsigned string, signature string, key *rsa.PublicKey, hash crypto.Hash) error

VerifyRSAPSS verifies the signature of the payload using the RSA-PSS algorithm.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL