jose-jwt-0.7: JSON Object Signing and Encryption Library

Safe HaskellNone
LanguageHaskell2010

Jose.Jwe

Description

JWE RSA encrypted token support.

Example usage:

>>> import Jose.Jwe
>>> import Jose.Jwa
>>> import Crypto.Random
>>> g <- drgNew
>>> import Crypto.PubKey.RSA
>>> let ((kPub, kPr), g') = withDRG g (generate 512 65537)
>>> let (Right (Jwt jwt), g'') = withDRG g' (rsaEncode RSA_OAEP A128GCM kPub "secret claims")
>>> fst $ withDRG g'' (rsaDecode kPr jwt)
Right (JweHeader {jweAlg = RSA_OAEP, jweEnc = A128GCM, jweTyp = Nothing, jweCty = Nothing, jweZip = Nothing, jweKid = Nothing},"secret claims")

Synopsis

Documentation

jwkEncode Source

Arguments

:: MonadRandom m 
=> JweAlg

Algorithm to use for key encryption

-> Enc

Content encryption algorithm

-> Jwk

The key to use to encrypt the content key

-> Payload

The token content (claims or nested JWT)

-> m (Either JwtError Jwt)

The encoded JWE if successful

Create a JWE using a JWK. The key and algorithms must be consistent or an error will be returned.

jwkDecode :: MonadRandom m => Jwk -> ByteString -> m (Either JwtError JwtContent) Source

Try to decode a JWE using a JWK. If the key type does not match the content encoding algorithm, an error will be returned.

rsaEncode Source

Arguments

:: MonadRandom m 
=> JweAlg

RSA algorithm to use (RSA_OAEP or RSA1_5)

-> Enc

Content encryption algorithm

-> PublicKey

RSA key to encrypt with

-> ByteString

The JWT claims (content)

-> m (Either JwtError Jwt)

The encoded JWE

Creates a JWE with the content key encoded using RSA.

rsaDecode Source

Arguments

:: MonadRandom m 
=> PrivateKey

Decryption key

-> ByteString

The encoded JWE

-> m (Either JwtError Jwe)

The decoded JWT, unless an error occurs

Decrypts a JWE.