jose-jwt-0.7: JSON Object Signing and Encryption Library

Safe HaskellNone
LanguageHaskell2010

Jose.Internal.Crypto

Description

Internal functions for encrypting and signing / decrypting and verifying JWT content.

Synopsis

Documentation

hmacSign Source

Arguments

:: JwsAlg

HMAC algorithm to use

-> ByteString

Key

-> ByteString

The message/content

-> Either JwtError ByteString

HMAC output

Sign a message with an HMAC key.

hmacVerify Source

Arguments

:: JwsAlg

HMAC Algorithm to use

-> ByteString

Key

-> ByteString

The message/content

-> ByteString

The signature to check

-> Bool

Whether the signature is correct

Verify the HMAC for a given message. Returns false if the MAC is incorrect or the Alg is not an HMAC.

rsaSign Source

Arguments

:: Maybe Blinder

RSA blinder

-> JwsAlg

Algorithm to use. Must be one of RSA256, RSA384 or RSA512

-> PrivateKey

Private key to sign with

-> ByteString

Message to sign

-> Either JwtError ByteString

The signature

Sign a message using an RSA private key.

The failure condition should only occur if the algorithm is not an RSA algorithm, or the RSA key is too small, causing the padding of the signature to fail. With real-world RSA keys this shouldn't happen in practice.

rsaVerify Source

Arguments

:: JwsAlg

The signature algorithm. Used to obtain the hash function.

-> PublicKey

The key to check the signature with

-> ByteString

The message/content

-> ByteString

The signature to check

-> Bool

Whether the signature is correct

Verify the signature for a message using an RSA public key.

Returns false if the check fails or if the Alg value is not an RSA signature algorithm.

rsaEncrypt Source

Arguments

:: MonadRandom m 
=> PublicKey

The encryption key

-> JweAlg

The algorithm (either RSA1_5 or RSA_OAEP)

-> ByteString

The message to encrypt

-> m (Either JwtError ByteString)

The encrypted message

Encrypts a message (typically a symmetric key) using RSA.

rsaDecrypt Source

Arguments

:: Maybe Blinder 
-> PrivateKey

The decryption key

-> JweAlg

The RSA algorithm to use

-> ByteString

The encrypted content

-> Either JwtError ByteString

The decrypted key

Decrypts an RSA encrypted message.

ecVerify Source

Arguments

:: JwsAlg

The signature algorithm. Used to obtain the hash function.

-> PublicKey

The key to check the signature with

-> ByteString

The message/content

-> ByteString

The signature to check

-> Bool

Whether the signature is correct

Verify the signature for a message using an EC public key.

Returns false if the check fails or if the Alg value is not an EC signature algorithm.

encryptPayload Source

Arguments

:: Enc

Encryption algorithm

-> ByteString

Content management key

-> ByteString

IV

-> ByteString

Additional authenticated data

-> ByteString

The message/JWT claims

-> Maybe (AuthTag, ByteString)

Ciphertext claims and signature tag

Encrypt a message using AES.

decryptPayload Source

Arguments

:: Enc

Encryption algorithm

-> ByteString

Content management key

-> ByteString

IV

-> ByteString

Additional authentication data

-> AuthTag

The integrity protection value to be checked

-> ByteString

The encrypted JWT payload

-> Maybe ByteString 

Decrypt an AES encrypted message.

generateCmkAndIV Source

Arguments

:: MonadRandom m 
=> Enc

The encryption algorithm to be used

-> m (ByteString, ByteString)

The key, IV

Generates the symmetric key (content management key) and IV

Used to encrypt a message.

keyWrap :: JweAlg -> ByteString -> ByteString -> Either JwtError ByteString Source

https://tools.ietf.org/html/rfc3394#section-2.2.1