jwscore

package

v0.1.4 Latest Latest Go to latest Published: Dec 11, 2024 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/a-novel-kit/jwt-core

Links

Open Source Insights

README ¶

JWS

import "github.com/a-novel-kit/jwt-core/jws"

Signature algorithms for JWT.

Verify
Sign
Deprecation on RSA1_5 algorithms

Verify

Verification algorithms take an unsigned payload and a signature, both base64 url-encoded, along with public key data. It ensures the signature is valid for the payload, using the provided public key.

ok, err := jws.Verify(payload, signature, publicKey)

If the payload cannot be validated by the signature, jws.ErrInvalidSignature is always returned.

The following algorithms are supported:

Algorithm	Method
HMAC with SHA-2	`VerifyHMAC(unsigned string, signature string, key []byte, hash crypto.Hash) error`
RSASSA-PKCS1-v1_5 ⚠️	`VerifyRSA(unsigned string, signature string, key *rsa.PublicKey, hash crypto.Hash) error`
ECDSA	`VerifyEC(unsigned string, signature string, key *ecdsa.PublicKey) error`
RSASSA-PSS	`VerifyRSAPSS(unsigned string, signature string, key *rsa.PublicKey, hash crypto.Hash) error`
EdDSA (x25519)	`VerifyED25519(unsigned string, signature string, key ed25519.PublicKey) error`

Sign

Signature algorithms take an unsigned payload and a private key, and return a base64 url-encoded signature.

signature, err := jws.Sign(payload, privateKey)

The following algorithms are supported:

Algorithm	Method
HMAC with SHA-2	`SignHMAC(unsigned string, key []byte, hash crypto.Hash) (string, error)`
RSASSA-PKCS1-v1_5 ⚠️	`SignRSA(unsigned string, key *rsa.PrivateKey, hash crypto.Hash) (string, error)`
ECDSA	`SignEC(unsigned string, key *ecdsa.PrivateKey) (string, error)`
RSASSA-PSS	`SignRSAPSS(unsigned string, key *rsa.PrivateKey, hash crypto.Hash) (string, error)`
EdDSA (x255219)	`SignED25519(unsigned string, key ed25519.PrivateKey) string`

Deprecation on RSA1_5 algorithms

RSASSA PKCS #1 v1.5 has been deprecated by the standards, and is only included for backwards compatibility.

Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5. Although no attacks are known against RSASSA-PKCS1-v1_5, in the interest of increased robustness, RSASSA-PSS is REQUIRED in new applications. RSASSA-PKCS1-v1_5 is included only for compatibility with existing applications.

Documentation ¶

Index ¶

Variables
func SignEC(unsigned string, key *ecdsa.PrivateKey) (string, error)
func SignED25519(unsigned string, key ed25519.PrivateKey) string
func SignHMAC(unsigned string, key []byte, hash crypto.Hash) (string, error)
func SignRSA(unsigned string, key *rsa.PrivateKey, hash crypto.Hash) (string, error)deprecated
func SignRSAPSS(unsigned string, key *rsa.PrivateKey, hash crypto.Hash) (string, error)
func VerifyEC(unsigned string, signature string, key *ecdsa.PublicKey) error
func VerifyED25519(unsigned string, signature string, key ed25519.PublicKey) error
func VerifyHMAC(unsigned string, signature string, key []byte, hash crypto.Hash) error
func VerifyRSA(unsigned string, signature string, key *rsa.PublicKey, hash crypto.Hash) errordeprecated
func VerifyRSAPSS(unsigned string, signature string, key *rsa.PublicKey, hash crypto.Hash) error

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrHashUnavailable  = errors.New("hash unavailable")
	ErrInvalidSignature = errors.New("invalid signature")
)

View Source

var ErrUnsupportedCurve = errors.New("unsupported curve")

Functions ¶

func SignEC ¶

func SignEC(unsigned string, key *ecdsa.PrivateKey) (string, error)

SignEC signs the payload using the Elliptic Curve algorithm.

func SignED25519 ¶

func SignED25519(unsigned string, key ed25519.PrivateKey) string

SignED25519 signs the payload using the EdDSA algorithm with Ed25519 curve.

func SignHMAC ¶

func SignHMAC(unsigned string, key []byte, hash crypto.Hash) (string, error)

SignHMAC signs the unsigned string using the HMAC algorithm.

func SignRSA deprecated

func SignRSA(unsigned string, key *rsa.PrivateKey, hash crypto.Hash) (string, error)

SignRSA signs a string using RSA PKCS1 v1.5 and returns the signature.

Deprecated: RSASSA PKCS #1 v1.5 has been deprecated by the standards, and is only included for backwards compatibility. Use SignRSAPSS instead.

https://www.rfc-editor.org/rfc/rfc8017#section-8

func SignRSAPSS ¶

func SignRSAPSS(unsigned string, key *rsa.PrivateKey, hash crypto.Hash) (string, error)

SignRSAPSS signs the payload using the RSA-PSS algorithm.

func VerifyEC ¶

func VerifyEC(unsigned string, signature string, key *ecdsa.PublicKey) error

VerifyEC verifies the signature of the payload using the Elliptic Curve algorithm.

func VerifyED25519 ¶

func VerifyED25519(unsigned string, signature string, key ed25519.PublicKey) error

VerifyED25519 verifies the signature of the payload using the EdDSA algorithm with Ed25519 curve.

func VerifyHMAC ¶

func VerifyHMAC(unsigned string, signature string, key []byte, hash crypto.Hash) error

VerifyHMAC verifies the signature of the unsigned string using the HMAC algorithm.

func VerifyRSA deprecated

func VerifyRSA(unsigned string, signature string, key *rsa.PublicKey, hash crypto.Hash) error

VerifyRSA verifies a signature against a string using RSA PKCS1 v1.5.

Deprecated: RSASSA PKCS #1 v1.5 has been deprecated by the standards, and is only included for backwards compatibility. Use VerifyRSAPSS instead.

https://www.rfc-editor.org/rfc/rfc8017#section-8

func VerifyRSAPSS ¶

func VerifyRSAPSS(unsigned string, signature string, key *rsa.PublicKey, hash crypto.Hash) error

VerifyRSAPSS verifies the signature of the payload using the RSA-PSS algorithm.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL