Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This module also defines a JSON Web Key Set (JWK Set) JSON data structure for representing a set of JWKs.
-- Generate RSA JWK and set "kid" param to -- base64url-encoded SHA-256 thumbprint of key. -- doGen :: IO JWK doGen = do jwk <-genJWK
(RSAGenParam
(4096 `div` 8)) let h = viewthumbprint
jwk :: Digest SHA256 kid = view (re (base64url
.digest
) . utf8) h pure $ setjwkKid
(Just kid) jwk
Synopsis
- genJWK :: MonadRandom m => KeyMaterialGenParam -> m JWK
- data KeyMaterialGenParam
- data Crv
- data OKPCrv
- data JWK
- class AsPublicKey k where
- asPublicKey :: Getter k (Maybe k)
- jwkMaterial :: Lens' JWK KeyMaterial
- jwkUse :: Lens' JWK (Maybe KeyUse)
- data KeyUse
- jwkKeyOps :: Lens' JWK (Maybe [KeyOp])
- data KeyOp
- jwkAlg :: Lens' JWK (Maybe JWKAlg)
- data JWKAlg
- jwkKid :: Lens' JWK (Maybe Text)
- jwkX5u :: Lens' JWK (Maybe URI)
- jwkX5c :: Getter JWK (Maybe (NonEmpty SignedCertificate))
- setJWKX5c :: Maybe (NonEmpty SignedCertificate) -> JWK -> Maybe JWK
- jwkX5t :: Lens' JWK (Maybe Base64SHA1)
- jwkX5tS256 :: Lens' JWK (Maybe Base64SHA256)
- fromKeyMaterial :: KeyMaterial -> JWK
- fromRSA :: PrivateKey -> JWK
- fromOctets :: Cons s s Word8 Word8 => s -> JWK
- fromX509Certificate :: (AsError e, MonadError e m) => SignedCertificate -> m JWK
- thumbprint :: HashAlgorithm a => Getter JWK (Digest a)
- digest :: HashAlgorithm a => Prism' ByteString (Digest a)
- base64url :: (AsEmpty s1, AsEmpty s2, Cons s1 s1 Word8 Word8, Cons s2 s2 Word8 Word8) => Prism' s1 s2
- module Crypto.Hash
- newtype JWKSet = JWKSet [JWK]
- checkJWK :: (MonadError e m, AsError e) => JWK -> m ()
- bestJWSAlg :: (MonadError e m, AsError e) => JWK -> m Alg
- module Crypto.JOSE.JWA.JWK
JWK generation
genJWK :: MonadRandom m => KeyMaterialGenParam -> m JWK Source #
Generate a JWK. Apart from key parameters, no other parameters are set.
data KeyMaterialGenParam Source #
Keygen parameters.
ECGenParam Crv | Generate an EC key with specified curve. |
RSAGenParam Int | Generate an RSA key with specified size in bytes. |
OctGenParam Int | Generate a symmetric key with specified size in bytes. |
OKPGenParam OKPCrv | Generate an EdDSA or Edwards ECDH key with specified curve. |
Instances
Show KeyMaterialGenParam Source # | |
Defined in Crypto.JOSE.JWA.JWK showsPrec :: Int -> KeyMaterialGenParam -> ShowS # show :: KeyMaterialGenParam -> String # showList :: [KeyMaterialGenParam] -> ShowS # | |
Eq KeyMaterialGenParam Source # | |
Defined in Crypto.JOSE.JWA.JWK (==) :: KeyMaterialGenParam -> KeyMaterialGenParam -> Bool # (/=) :: KeyMaterialGenParam -> KeyMaterialGenParam -> Bool # |
"crv" (Curve) Parameter
RFC 7517 §4. JSON Web Key (JWK) Format
Instances
FromJSON JWK Source # | |
ToJSON JWK Source # | |
Defined in Crypto.JOSE.JWK | |
Show JWK Source # | |
Eq JWK Source # | |
AsPublicKey JWK Source # | |
Defined in Crypto.JOSE.JWK | |
Applicative m => VerificationKeyStore m h s JWK Source # | Use a |
Defined in Crypto.JOSE.JWK.Store getVerificationKeys :: h -> s -> JWK -> m [JWK] Source # |
class AsPublicKey k where Source #
Keys that may have have public material
asPublicKey :: Getter k (Maybe k) Source #
Get the public key
Instances
AsPublicKey ECKeyParameters Source # | |
Defined in Crypto.JOSE.JWA.JWK | |
AsPublicKey KeyMaterial Source # | |
Defined in Crypto.JOSE.JWA.JWK | |
AsPublicKey OKPKeyParameters Source # | |
Defined in Crypto.JOSE.JWA.JWK | |
AsPublicKey RSAKeyParameters Source # | |
Defined in Crypto.JOSE.JWA.JWK | |
AsPublicKey JWK Source # | |
Defined in Crypto.JOSE.JWK |
Parts of a JWK
RFC 7517 §4.2. "use" (Public Key Use) Parameter
RFC 7517 §4.3. "key_ops" (Key Operations) Parameter
RFC 7517 §4.4. "alg" (Algorithm) Parameter
See also RFC 7518 §6.4. which states that for "oct" keys, an "alg" member SHOULD be present to identify the algorithm intended to be used with the key, unless the application uses another means or convention to determine the algorithm used.
jwkX5c :: Getter JWK (Maybe (NonEmpty SignedCertificate)) Source #
Get the certificate chain. Not a lens, because the key of the first
certificate in the chain must correspond be the public key of the JWK.
To set the certificate chain use setJWKX5c
.
setJWKX5c :: Maybe (NonEmpty SignedCertificate) -> JWK -> Maybe JWK Source #
Set the "x5c"
Certificate Chain parameter. If setting the list,
checks that the key in the first certificate matches the JWK; returns
Nothing
if it does not.
jwkX5tS256 :: Lens' JWK (Maybe Base64SHA256) Source #
Converting from other key formats
fromKeyMaterial :: KeyMaterial -> JWK Source #
fromRSA :: PrivateKey -> JWK Source #
Convert RSA private key into a JWK
fromX509Certificate :: (AsError e, MonadError e m) => SignedCertificate -> m JWK Source #
Convert an X.509 certificate into a JWK.
Supports RSA and ECDSA (when the curve is supported). Other key types
will throw AlgorithmNotImplemented
.
The "x5c"
field of the resulting JWK contains the certificate.
JWK Thumbprint
thumbprint :: HashAlgorithm a => Getter JWK (Digest a) Source #
Compute the JWK Thumbprint of a JWK
digest :: HashAlgorithm a => Prism' ByteString (Digest a) Source #
Prism from ByteString to HashAlgorithm a => Digest a
.
Use
to view the bytes of a digestre
digest
base64url :: (AsEmpty s1, AsEmpty s2, Cons s1 s1 Word8 Word8, Cons s2 s2 Word8 Word8) => Prism' s1 s2 Source #
module Crypto.Hash
JWK Set
RFC 7517 §5. JWK Set Format
Instances
FromJSON JWKSet Source # | |
ToJSON JWKSet Source # | |
Defined in Crypto.JOSE.JWK | |
Show JWKSet Source # | |
Eq JWKSet Source # | |
Applicative m => VerificationKeyStore m h s JWKSet Source # | Use a |
Defined in Crypto.JOSE.JWK.Store getVerificationKeys :: h -> s -> JWKSet -> m [JWK] Source # |
checkJWK :: (MonadError e m, AsError e) => JWK -> m () Source #
Sanity-check a JWK.
Return an appropriate error if the key is size is too small to be used with any JOSE algorithm, or for other problems that mean the key cannot be used.
bestJWSAlg :: (MonadError e m, AsError e) => JWK -> m Alg Source #
Choose the cryptographically strongest JWS algorithm for a given key. The JWK "alg" algorithm parameter is ignored.
module Crypto.JOSE.JWA.JWK