Safe Haskell | None |
---|---|
Language | Haskell2010 |
Internal functions for encrypting and signing / decrypting and verifying JWT content.
- hmacSign :: JwsAlg -> ByteString -> ByteString -> ByteString
- hmacVerify :: JwsAlg -> ByteString -> ByteString -> ByteString -> Bool
- rsaSign :: JwsAlg -> PrivateKey -> ByteString -> ByteString
- rsaVerify :: JwsAlg -> PublicKey -> ByteString -> ByteString -> Bool
- rsaEncrypt :: CPRG g => g -> JweAlg -> PublicKey -> ByteString -> (ByteString, g)
- rsaDecrypt :: JweAlg -> PrivateKey -> ByteString -> Either JwtError ByteString
- encryptPayload :: Enc -> ByteString -> ByteString -> ByteString -> ByteString -> (ByteString, AuthTag)
- decryptPayload :: Enc -> ByteString -> ByteString -> ByteString -> ByteString -> ByteString -> Either JwtError ByteString
- generateCmkAndIV :: CPRG g => g -> Enc -> (ByteString, ByteString, g)
Documentation
:: JwsAlg | HMAC algorithm to use |
-> ByteString | Key |
-> ByteString | The message/content |
-> ByteString | HMAC output |
Sign a message with an HMAC key.
:: JwsAlg | HMAC Algorithm to use |
-> ByteString | Key |
-> ByteString | The message/content |
-> ByteString | The signature to check |
-> Bool | Whether the signature is correct |
Verify the HMAC for a given message.
Returns false if the MAC is incorrect or the Alg
is not an HMAC.
:: JwsAlg | Algorithm to use. Must be one of |
-> PrivateKey | Private key to sign with |
-> ByteString | Message to sign |
-> ByteString | The signature |
Sign a message using an RSA private key.
:: JwsAlg | The signature algorithm. Used to obtain the hash function. |
-> PublicKey | The key to check the signature with |
-> ByteString | The message/content |
-> ByteString | The signature to check |
-> Bool | Whether the signature is correct |
Verify the signature for a message using an RSA public key.
Returns false if the check fails or if the Alg
value is not
an RSA signature algorithm.
:: CPRG g | |
=> g | Random number generator |
-> JweAlg | The algorithm (either |
-> PublicKey | The encryption key |
-> ByteString | The message to encrypt |
-> (ByteString, g) | The encrypted messaged and new generator |
Encrypts a message (typically a symmetric key) using RSA.
:: JweAlg | The RSA algorithm to use |
-> PrivateKey | The decryption key |
-> ByteString | The encrypted content |
-> Either JwtError ByteString | The decrypted key |
Decrypts an RSA encrypted message.
:: Enc | Encryption algorithm |
-> ByteString | Content management key |
-> ByteString | IV |
-> ByteString | Additional authenticated data |
-> ByteString | The message/JWT claims |
-> (ByteString, AuthTag) | Ciphertext claims and signature tag |
Encrypt a message using AES.
:: Enc | Encryption algorithm |
-> ByteString | Content management key |
-> ByteString | IV |
-> ByteString | Additional authentication data |
-> ByteString | The integrity protection value to be checked |
-> ByteString | The encrypted JWT payload |
-> Either JwtError ByteString |
Decrypt an AES encrypted message.
:: CPRG g | |
=> g | The random number generator |
-> Enc | The encryption algorithm to be used |
-> (ByteString, ByteString, g) | The key, IV and generator |
Generates the symmetric key (content management key) and IV used to encrypt a message.