| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Jose.Internal.Crypto
Description
Internal functions for encrypting and signing / decrypting and verifying JWT content.
- hmacSign :: JwsAlg -> ByteString -> ByteString -> ByteString
- hmacVerify :: JwsAlg -> ByteString -> ByteString -> ByteString -> Bool
- rsaSign :: JwsAlg -> PrivateKey -> ByteString -> ByteString
- rsaVerify :: JwsAlg -> PublicKey -> ByteString -> ByteString -> Bool
- rsaEncrypt :: CPRG g => g -> JweAlg -> PublicKey -> ByteString -> (ByteString, g)
- rsaDecrypt :: JweAlg -> PrivateKey -> ByteString -> Either JwtError ByteString
- encryptPayload :: Enc -> ByteString -> ByteString -> ByteString -> ByteString -> (ByteString, AuthTag)
- decryptPayload :: Enc -> ByteString -> ByteString -> ByteString -> ByteString -> ByteString -> Either JwtError ByteString
- generateCmkAndIV :: CPRG g => g -> Enc -> (ByteString, ByteString, g)
Documentation
Arguments
| :: JwsAlg | HMAC algorithm to use |
| -> ByteString | Key |
| -> ByteString | The message/content |
| -> ByteString | HMAC output |
Sign a message with an HMAC key.
Arguments
| :: JwsAlg | HMAC Algorithm to use |
| -> ByteString | Key |
| -> ByteString | The message/content |
| -> ByteString | The signature to check |
| -> Bool | Whether the signature is correct |
Verify the HMAC for a given message.
Returns false if the MAC is incorrect or the Alg is not an HMAC.
Arguments
| :: JwsAlg | Algorithm to use. Must be one of |
| -> PrivateKey | Private key to sign with |
| -> ByteString | Message to sign |
| -> ByteString | The signature |
Sign a message using an RSA private key.
Arguments
| :: JwsAlg | The signature algorithm. Used to obtain the hash function. |
| -> PublicKey | The key to check the signature with |
| -> ByteString | The message/content |
| -> ByteString | The signature to check |
| -> Bool | Whether the signature is correct |
Verify the signature for a message using an RSA public key.
Returns false if the check fails or if the Alg value is not
an RSA signature algorithm.
Arguments
| :: CPRG g | |
| => g | Random number generator |
| -> JweAlg | The algorithm (either |
| -> PublicKey | The encryption key |
| -> ByteString | The message to encrypt |
| -> (ByteString, g) | The encrypted messaged and new generator |
Encrypts a message (typically a symmetric key) using RSA.
Arguments
| :: JweAlg | The RSA algorithm to use |
| -> PrivateKey | The decryption key |
| -> ByteString | The encrypted content |
| -> Either JwtError ByteString | The decrypted key |
Decrypts an RSA encrypted message.
Arguments
| :: Enc | Encryption algorithm |
| -> ByteString | Content management key |
| -> ByteString | IV |
| -> ByteString | Additional authenticated data |
| -> ByteString | The message/JWT claims |
| -> (ByteString, AuthTag) | Ciphertext claims and signature tag |
Encrypt a message using AES.
Arguments
| :: Enc | Encryption algorithm |
| -> ByteString | Content management key |
| -> ByteString | IV |
| -> ByteString | Additional authentication data |
| -> ByteString | The integrity protection value to be checked |
| -> ByteString | The encrypted JWT payload |
| -> Either JwtError ByteString |
Decrypt an AES encrypted message.
Arguments
| :: CPRG g | |
| => g | The random number generator |
| -> Enc | The encryption algorithm to be used |
| -> (ByteString, ByteString, g) | The key, IV and generator |
Generates the symmetric key (content management key) and IV used to encrypt a message.