Categorygithub.com/square/go-jose
modulepackage
2.6.0+incompatible
Repository: https://github.com/square/go-jose.git
Documentation: pkg.go.dev
Versions
2
Dependencies
31
Dependents
203
Files
3.7k SLOC

# README

Go JOSE

godoc godoc license build coverage

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. This includes support for JSON Web Encryption, JSON Web Signature, and JSON Web Token standards.

Disclaimer: This library contains encryption software that is subject to the U.S. Export Administration Regulations. You may not export, re-export, transfer or download this code or any part of it in violation of any United States law, directive or regulation. In particular this software may not be exported or re-exported in any form or on any media to Iran, North Sudan, Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any US maintained blocked list.

Overview

The implementation follows the JSON Web Encryption (RFC 7516), JSON Web Signature (RFC 7515), and JSON Web Token (RFC 7519). Tables of supported algorithms are shown below. The library supports both the compact and full serialization formats, and has optional support for multiple recipients. It also comes with a small command-line utility (jose-util) for dealing with JOSE messages in a shell.

Note: We use a forked version of the encoding/json package from the Go standard library which uses case-sensitive matching for member names (instead of case-insensitive matching). This is to avoid differences in interpretation of messages between go-jose and libraries in other languages.

Versions

We use gopkg.in for versioning.

Version 2 (branch, doc) is the current version:

import "gopkg.in/square/go-jose.v2"

The old v1 branch (go-jose.v1) will still receive backported bug fixes and security fixes, but otherwise development is frozen. All new feature development takes place on the v2 branch. Version 2 also contains additional sub-packages such as the jwt implementation contributed by @shaxbee.

Supported algorithms

See below for a table of supported algorithms. Algorithm identifiers match the names in the JSON Web Algorithms standard where possible. The Godoc reference has a list of constants.

Key encryptionAlgorithm identifier(s)
RSA-PKCS#1v1.5RSA1_5
RSA-OAEPRSA-OAEP, RSA-OAEP-256
AES key wrapA128KW, A192KW, A256KW
AES-GCM key wrapA128GCMKW, A192GCMKW, A256GCMKW
ECDH-ES + AES key wrapECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW
ECDH-ES (direct)ECDH-ES1
Direct encryptiondir1

1. Not supported in multi-recipient mode

Signing / MACAlgorithm identifier(s)
RSASSA-PKCS#1v1.5RS256, RS384, RS512
RSASSA-PSSPS256, PS384, PS512
HMACHS256, HS384, HS512
ECDSAES256, ES384, ES512
Ed25519EdDSA2

2. Only available in version 2 of the package

Content encryptionAlgorithm identifier(s)
AES-CBC+HMACA128CBC-HS256, A192CBC-HS384, A256CBC-HS512
AES-GCMA128GCM, A192GCM, A256GCM
CompressionAlgorithm identifiers(s)
DEFLATE (RFC 1951)DEF

Supported key types

See below for a table of supported key types. These are understood by the library, and can be passed to corresponding functions such as NewEncrypter or NewSigner. Each of these keys can also be wrapped in a JWK if desired, which allows attaching a key id.

Algorithm(s)Corresponding types
RSA*rsa.PublicKey, *rsa.PrivateKey
ECDH, ECDSA*ecdsa.PublicKey, *ecdsa.PrivateKey
EdDSA1ed25519.PublicKey, ed25519.PrivateKey
AES, HMAC[]byte

1. Only available in version 2 of the package

Examples

godoc godoc

Examples can be found in the Godoc reference for this package. The jose-util subdirectory also contains a small command-line utility which might be useful as an example.

# Packages

Package cryptosigner implements an OpaqueSigner that wraps a "crypto".Signer https://godoc.org/crypto#Signer.
Package json implements encoding and decoding of JSON objects as defined in RFC 4627.
Package jwt provides an implementation of the JSON Web Token standard.

# Functions

NewEncrypter creates an appropriate encrypter based on the key type.
NewMultiEncrypter creates a multi-encrypter based on the given parameters.
NewMultiSigner creates a signer for multiple recipients.
NewSigner creates an appropriate signer based on the key type.
ParseDetached parses a signed message in compact serialization format with detached payload.
ParseEncrypted parses an encrypted message in compact or full serialization format.
ParseSigned parses a signed message in compact or full serialization format.

# Constants

AES-CBC + HMAC-SHA256 (128).
AES-GCM (128).
AES-GCM key wrap (128).
AES key wrap (128).
AES-CBC + HMAC-SHA384 (192).
AES-GCM (192).
AES-GCM key wrap (192).
AES key wrap (192).
AES-CBC + HMAC-SHA512 (256).
AES-GCM (256).
AES-GCM key wrap (256).
AES key wrap (256).
DEFLATE (RFC 1951).
Direct encryption.
ECDH-ES.
ECDH-ES + AES key wrap (128).
ECDH-ES + AES key wrap (192).
ECDH-ES + AES key wrap (256).
Key management algorithms.
Signature algorithms.
ECDSA using P-256 and SHA-256.
ECDSA using P-384 and SHA-384.
ECDSA using P-521 and SHA-512.
string.
string.
HMAC using SHA-256.
HMAC using SHA-384.
HMAC using SHA-512.
No compression.
PBES2 + HMAC-SHA256 + AES key wrap (128).
PBES2 + HMAC-SHA384 + AES key wrap (192).
PBES2 + HMAC-SHA512 + AES key wrap (256).
RSASSA-PSS using SHA256 and MGF1-SHA256.
RSASSA-PSS using SHA384 and MGF1-SHA384.
RSASSA-PSS using SHA512 and MGF1-SHA512.
RSASSA-PKCS-v1.5 using SHA-256.
RSASSA-PKCS-v1.5 using SHA-384.
RSASSA-PKCS-v1.5 using SHA-512.
RSA-OAEP-SHA1.
RSA-OAEP-SHA256.
RSA-PKCS1v1.5.

# Variables

ErrCryptoFailure represents an error in cryptographic primitive.
ErrInvalidKeySize indicates that the given key is not the correct size for the selected algorithm.
ErrNotSupported serialization of object is not supported.
ErrUnprotectedNonce indicates that while parsing a JWS or JWE object, a nonce header parameter was included in an unprotected header object.
ErrUnsupportedAlgorithm indicates that a selected algorithm is not supported.
ErrUnsupportedKeyType indicates that the given key type/format is not supported.
Random reader (stubbed out in tests).

# Structs

EncrypterOptions represents options that can be set on new encrypters.
Header represents the read-only JOSE header for JWE/JWS objects.
JSONWebEncryption represents an encrypted JWE object after parsing.
JSONWebKey represents a public or private key in JWK format.
JSONWebKeySet represents a JWK Set object.
JSONWebSignature represents a signed JWS object after parsing.
Recipient represents an algorithm/key to encrypt messages to.
Signature represents a single signature over the JWS payload and protected header.
SignerOptions represents options that can be set when creating signers.
SigningKey represents an algorithm/key used to sign a message.

# Interfaces

Encrypter represents an encrypter which produces an encrypted JWE object.
NonceSource represents a source of random nonces to go into JWS objects.
OpaqueKeyDecrypter is an interface that supports decrypting keys with an opaque key.
OpaqueKeyEncrypter is an interface that supports encrypting keys with an opaque key.
OpaqueSigner is an interface that supports signing payloads with opaque private key(s).
OpaqueVerifier is an interface that supports verifying payloads with opaque public key(s).
Signer represents a signer which takes a payload and produces a signed JWS object.

# Type aliases

CompressionAlgorithm represents an algorithm used for plaintext compression.
ContentEncryption represents a content encryption algorithm.
ContentType represents type of the contained data.
A key in the protected header of a JWS object.
KeyAlgorithm represents a key management algorithm.
SignatureAlgorithm represents a signature (or MAC) algorithm.