Categorygithub.com/letsencrypt/go-jose

modulepackage

0.0.0-20151120001403-45b0afee83c9

Repository: https://github.com/letsencrypt/go-jose.git

Documentation: pkg.go.dev

# README

Go JOSE

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. For the moment, it mainly focuses on encryption and signing based on the JSON Web Encryption and JSON Web Signature standards.

Disclaimer: This library contains encryption software that is subject to the U.S. Export Administration Regulations. You may not export, re-export, transfer or download this code or any part of it in violation of any United States law, directive or regulation. In particular this software may not be exported or re-exported in any form or on any media to Iran, North Sudan, Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any US maintained blocked list.

Overview

The implementation follows the JSON Web Encryption standard (RFC 7516) and JSON Web Signature standard (RFC 7515). Tables of supported algorithms are shown below. The library supports both the compact and full serialization formats, and has optional support for multiple recipients. It also comes with a small command-line utility (jose-util) for encrypting/decrypting JWE messages in a shell.

Supported algorithms

See below for a table of supported algorithms. Algorithm identifiers match the names in the JSON Web Algorithms standard where possible. The Godoc reference has a list of constants.

Key encryption	Algorithm identifier(s)
RSA-PKCS#1v1.5	RSA1_5
RSA-OAEP	RSA-OAEP, RSA-OAEP-256
AES key wrap	A128KW, A192KW, A256KW
AES-GCM key wrap	A128GCMKW, A192GCMKW, A256GCMKW
ECDH-ES + AES key wrap	ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW
ECDH-ES (direct)	ECDH-ES¹
Direct encryption	dir¹

^{1. Not supported in multi-recipient mode}

Signing / MAC	Algorithm identifier(s)
RSASSA-PKCS#1v1.5	RS256, RS384, RS512
RSASSA-PSS	PS256, PS384, PS512
HMAC	HS256, HS384, HS512
ECDSA	ES256, ES384, ES512

Content encryption	Algorithm identifier(s)
AES-CBC+HMAC	A128CBC-HS256, A192CBC-HS384, A256CBC-HS512
AES-GCM	A128GCM, A192GCM, A256GCM

Compression	Algorithm identifiers(s)
DEFLATE (RFC 1951)	DEF

Supported key types

See below for a table of supported key types. These are understood by the library, and can be passed to corresponding functions such as NewEncrypter or NewSigner. Note that if you are creating a new encrypter or signer with a JsonWebKey, the key id of the JsonWebKey (if present) will be added to any resulting messages.

Algorithm(s)	Corresponding types
RSA	rsa.PublicKey, rsa.PrivateKey, *jose.JsonWebKey
ECDH, ECDSA	ecdsa.PublicKey, ecdsa.PrivateKey, *jose.JsonWebKey
AES, HMAC	[]byte, *jose.JsonWebKey

Examples

Encryption/decryption example using RSA:

// Generate a public/private key pair to use for this example. The library
// also provides two utility functions (LoadPublicKey and LoadPrivateKey)
// that can be used to load keys from PEM/DER-encoded data.
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
	panic(err)
}

// Instantiate an encrypter using RSA-OAEP with AES128-GCM. An error would
// indicate that the selected algorithm(s) are not currently supported.
publicKey := &privateKey.PublicKey
encrypter, err := NewEncrypter(RSA_OAEP, A128GCM, publicKey)
if err != nil {
	panic(err)
}

// Encrypt a sample plaintext. Calling the encrypter returns an encrypted
// JWE object, which can then be serialized for output afterwards. An error
// would indicate a problem in an underlying cryptographic primitive.
var plaintext = []byte("Lorem ipsum dolor sit amet")
object, err := encrypter.Encrypt(plaintext)
if err != nil {
	panic(err)
}

// Serialize the encrypted object using the full serialization format.
// Alternatively you can also use the compact format here by calling
// object.CompactSerialize() instead.
serialized := object.FullSerialize()

// Parse the serialized, encrypted JWE object. An error would indicate that
// the given input did not represent a valid message.
object, err = ParseEncrypted(serialized)
if err != nil {
	panic(err)
}

// Now we can decrypt and get back our original plaintext. An error here
// would indicate the the message failed to decrypt, e.g. because the auth
// tag was broken or the message was tampered with.
decrypted, err := object.Decrypt(privateKey)
if err != nil {
	panic(err)
}

fmt.Printf(string(decrypted))
// output: Lorem ipsum dolor sit amet

Signing/verification example using RSA:

// Generate a public/private key pair to use for this example. The library
// also provides two utility functions (LoadPublicKey and LoadPrivateKey)
// that can be used to load keys from PEM/DER-encoded data.
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
	panic(err)
}

// Instantiate a signer using RSASSA-PSS (SHA512) with the given private key.
signer, err := NewSigner(PS512, privateKey)
if err != nil {
	panic(err)
}

// Sign a sample payload. Calling the signer returns a protected JWS object,
// which can then be serialized for output afterwards. An error would
// indicate a problem in an underlying cryptographic primitive.
var payload = []byte("Lorem ipsum dolor sit amet")
object, err := signer.Sign(payload)
if err != nil {
	panic(err)
}

// Serialize the encrypted object using the full serialization format.
// Alternatively you can also use the compact format here by calling
// object.CompactSerialize() instead.
serialized := object.FullSerialize()

// Parse the serialized, protected JWS object. An error would indicate that
// the given input did not represent a valid message.
object, err = ParseSigned(serialized)
if err != nil {
	panic(err)
}

// Now we can verify the signature on the payload. An error here would
// indicate the the message failed to verify, e.g. because the signature was
// broken or the message was tampered with.
output, err := object.Verify(&privateKey.PublicKey)
if err != nil {
	panic(err)
}

fmt.Printf(string(output))
// output: Lorem ipsum dolor sit amet

More examples can be found in the Godoc reference for this package. The jose-util subdirectory also contains a small command-line utility for encrypting/decrypting JWE messages which might be useful as an example.

# Packages

cipher

No description provided by the author

jose-util

No description provided by the author

# Functions

LoadPrivateKey

LoadPrivateKey loads a private key from PEM/DER-encoded data.

LoadPublicKey

LoadPublicKey loads a public key from PEM/DER-encoded data.

NewEncrypter

NewEncrypter creates an appropriate encrypter based on the key type.

NewMultiEncrypter

NewMultiEncrypter creates a multi-encrypter based on the given parameters.

NewMultiSigner

NewMultiSigner creates a signer for multiple recipients.

NewSigner

NewSigner creates an appropriate signer based on the key type.

ParseEncrypted

ParseEncrypted parses an encrypted message in compact or full serialization format.

ParseSigned

ParseSigned parses an encrypted message in compact or full serialization format.

# Constants

A128CBC_HS256

AES-CBC + HMAC-SHA256 (128).

A128GCM

AES-GCM (128).

A128GCMKW

AES-GCM key wrap (128).

A128KW

AES key wrap (128).

A192CBC_HS384

AES-CBC + HMAC-SHA384 (192).

A192GCM

AES-GCM (192).

A192GCMKW

AES-GCM key wrap (192).

A192KW

AES key wrap (192).

A256CBC_HS512

AES-CBC + HMAC-SHA512 (256).

A256GCM

AES-GCM (256).

A256GCMKW

AES-GCM key wrap (256).

AES key wrap (256).

DEFLATE (RFC 1951).

Direct encryption.

ECDH-ES.

ECDH-ES + AES key wrap (128).

ECDH_ES_A192KW

ECDH-ES + AES key wrap (192).

ECDH_ES_A256KW

ECDH-ES + AES key wrap (256).

ES256

ECDSA using P-256 and SHA-256.

ES384

ECDSA using P-384 and SHA-384.

ES512

ECDSA using P-521 and SHA-512.

HMAC using SHA-256.

HMAC using SHA-384.

HMAC using SHA-512.

No compression.

PBES2 + HMAC-SHA256 + AES key wrap (128).

PBES2_HS384_A192KW

PBES2 + HMAC-SHA384 + AES key wrap (192).

PBES2_HS512_A256KW

PBES2 + HMAC-SHA512 + AES key wrap (256).

PS256

RSASSA-PSS using SHA256 and MGF1-SHA256.

PS384

RSASSA-PSS using SHA384 and MGF1-SHA384.

PS512

RSASSA-PSS using SHA512 and MGF1-SHA512.

RS256

RSASSA-PKCS-v1.5 using SHA-256.

RS384

RSASSA-PKCS-v1.5 using SHA-384.

RS512

RSASSA-PKCS-v1.5 using SHA-512.

RSA_OAEP

RSA-OAEP-SHA1.

RSA_OAEP_256

RSA-OAEP-SHA256.

RSA1_5

RSA-PKCS1v1.5.

# Variables

ErrCryptoFailure

ErrCryptoFailure represents an error in cryptographic primitive.

ErrNotSupported

ErrNotSupported serialization of object is not supported.

ErrUnprotectedNonce

ErrUnprotectedNonce indicates that while parsing a JWS or JWE object, a nonce header parameter was included in an unprotected header object.

ErrUnsupportedAlgorithm

ErrUnsupportedAlgorithm indicates that a selected algorithm is not supported.

ErrUnsupportedKeyType

ErrUnsupportedKeyType indicates that the given key type/format is not supported.

# Structs

JoseHeader

JoseHeader represents the read-only JOSE header for JWE/JWS objects.

JsonWebEncryption

JsonWebEncryption represents an encrypted JWE object after parsing.

JsonWebKey

JsonWebKey represents a public or private key in JWK format.

JsonWebKeySet

JsonWebKeySet represents a JWK Set object.

JsonWebSignature

JsonWebSignature represents a signed JWS object after parsing.

Signature

Signature represents a single signature over the JWS payload and protected header.

# Interfaces

Encrypter

Encrypter represents an encrypter which produces an encrypted JWE object.

MultiEncrypter

MultiEncrypter represents an encrypter which supports multiple recipients.

MultiSigner

MultiSigner represents a signer which supports multiple recipients.

NonceSource

NonceSource represents a source of random nonces to go into JWS objects.

Signer

Signer represents a signer which takes a payload and produces a signed JWS object.

# Type aliases

CompressionAlgorithm

CompressionAlgorithm represents an algorithm used for plaintext compression.

ContentEncryption

ContentEncryption represents a content encryption algorithm.

KeyAlgorithm

KeyAlgorithm represents a key management algorithm.

SignatureAlgorithm

SignatureAlgorithm represents a signature (or MAC) algorithm.