| Safe Haskell | None |
|---|---|
| Language | Haskell98 |
Crypto.JOSE.JWK
Description
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This module also defines a JSON Web Key Set (JWK Set) JSON data structure for representing a set of JWKs.
-- Generate RSA JWK and set "kid" param to -- base64url-encoded SHA-256 thumbprint of key. -- doGen :: IO JWK doGen = do jwk <-genJWK(RSAGenParam (4096 `div` 8)) let h = viewthumbprintjwk :: Digest SHA256 kid = view (re (base64url.digest) . utf8) h pure $ setjwkKid(Just kid) jwk
Synopsis
- genJWK :: MonadRandom m => KeyMaterialGenParam -> m JWK
- data KeyMaterialGenParam
- data Crv
- data OKPCrv
- data JWK
- class AsPublicKey k where
- asPublicKey :: Getter k (Maybe k)
- jwkMaterial :: Lens' JWK KeyMaterial
- jwkUse :: Lens' JWK (Maybe KeyUse)
- data KeyUse
- jwkKeyOps :: Lens' JWK (Maybe [KeyOp])
- data KeyOp
- jwkAlg :: Lens' JWK (Maybe JWKAlg)
- data JWKAlg
- jwkKid :: Lens' JWK (Maybe Text)
- jwkX5u :: Lens' JWK (Maybe URI)
- jwkX5c :: Getter JWK (Maybe (NonEmpty SignedCertificate))
- setJWKX5c :: Maybe (NonEmpty SignedCertificate) -> JWK -> Maybe JWK
- jwkX5t :: Lens' JWK (Maybe Base64SHA1)
- jwkX5tS256 :: Lens' JWK (Maybe Base64SHA256)
- fromKeyMaterial :: KeyMaterial -> JWK
- fromRSA :: PrivateKey -> JWK
- fromOctets :: Cons s s Word8 Word8 => s -> JWK
- fromX509Certificate :: (AsError e, MonadError e m) => SignedCertificate -> m JWK
- thumbprint :: HashAlgorithm a => Getter JWK (Digest a)
- digest :: HashAlgorithm a => Prism' ByteString (Digest a)
- base64url :: (AsEmpty s1, AsEmpty s2, Cons s1 s1 Word8 Word8, Cons s2 s2 Word8 Word8) => Prism' s1 s2
- module Crypto.Hash
- newtype JWKSet = JWKSet [JWK]
- bestJWSAlg :: (MonadError e m, AsError e) => JWK -> m Alg
- module Crypto.JOSE.JWA.JWK
JWK generation
genJWK :: MonadRandom m => KeyMaterialGenParam -> m JWK #
Generate a JWK. Apart from key parameters, no other parameters are set.
data KeyMaterialGenParam #
Keygen parameters.
Constructors
| ECGenParam Crv | Generate an EC key with specified curve. |
| RSAGenParam Int | Generate an RSA key with specified size in bytes. |
| OctGenParam Int | Generate a symmetric key with specified size in bytes. |
| OKPGenParam OKPCrv | Generate an EdDSA or Edwards ECDH key with specified curve. |
Instances
| Eq KeyMaterialGenParam # | |
Defined in Crypto.JOSE.JWA.JWK Methods (==) :: KeyMaterialGenParam -> KeyMaterialGenParam -> Bool # (/=) :: KeyMaterialGenParam -> KeyMaterialGenParam -> Bool # | |
| Show KeyMaterialGenParam # | |
Defined in Crypto.JOSE.JWA.JWK Methods showsPrec :: Int -> KeyMaterialGenParam -> ShowS # show :: KeyMaterialGenParam -> String # showList :: [KeyMaterialGenParam] -> ShowS # | |
| Arbitrary KeyMaterialGenParam # | |
Defined in Crypto.JOSE.JWA.JWK Methods | |
"crv" (Curve) Parameter
RFC 7517 §4. JSON Web Key (JWK) Format
Instances
| Eq JWK # | |
| Show JWK # | |
| Arbitrary JWK # | |
| ToJSON JWK # | |
Defined in Crypto.JOSE.JWK | |
| FromJSON JWK # | |
| AsPublicKey JWK # | |
Defined in Crypto.JOSE.JWK | |
| Applicative m => VerificationKeyStore m h s JWK # | Use a |
Defined in Crypto.JOSE.JWK.Store Methods getVerificationKeys :: h -> s -> JWK -> m [JWK] # | |
class AsPublicKey k where #
Keys that may have have public material
Instances
| AsPublicKey RSAKeyParameters # | |
Defined in Crypto.JOSE.JWA.JWK Methods asPublicKey :: Getter RSAKeyParameters (Maybe RSAKeyParameters) # | |
| AsPublicKey ECKeyParameters # | |
Defined in Crypto.JOSE.JWA.JWK Methods asPublicKey :: Getter ECKeyParameters (Maybe ECKeyParameters) # | |
| AsPublicKey KeyMaterial # | |
Defined in Crypto.JOSE.JWA.JWK Methods | |
| AsPublicKey OKPKeyParameters # | |
Defined in Crypto.JOSE.JWA.JWK Methods asPublicKey :: Getter OKPKeyParameters (Maybe OKPKeyParameters) # | |
| AsPublicKey JWK # | |
Defined in Crypto.JOSE.JWK | |
Parts of a JWK
RFC 7517 §4.2. "use" (Public Key Use) Parameter
RFC 7517 §4.3. "key_ops" (Key Operations) Parameter
RFC 7517 §4.4. "alg" (Algorithm) Parameter
See also RFC 7518 §6.4. which states that for "oct" keys, an "alg" member SHOULD be present to identify the algorithm intended to be used with the key, unless the application uses another means or convention to determine the algorithm used.
jwkX5c :: Getter JWK (Maybe (NonEmpty SignedCertificate)) #
Get the certificate chain. Not a lens, because the key of the first
certificate in the chain must correspond be the public key of the JWK.
To set the certificate chain use setJWKX5c.
setJWKX5c :: Maybe (NonEmpty SignedCertificate) -> JWK -> Maybe JWK #
Set the "x5c" Certificate Chain parameter. If setting the list,
checks that the key in the first certificate matches the JWK; returns
Nothing if it does not.
jwkX5tS256 :: Lens' JWK (Maybe Base64SHA256) #
Converting from other key formats
fromKeyMaterial :: KeyMaterial -> JWK #
fromRSA :: PrivateKey -> JWK #
Convert RSA private key into a JWK
fromX509Certificate :: (AsError e, MonadError e m) => SignedCertificate -> m JWK #
Convert an X.509 certificate into a JWK.
Only RSA keys are supported. Other key types will throw
KeyMismatch.
The "x5c" field of the resulting JWK contains the certificate.
JWK Thumbprint
thumbprint :: HashAlgorithm a => Getter JWK (Digest a) #
Compute the JWK Thumbprint of a JWK
digest :: HashAlgorithm a => Prism' ByteString (Digest a) #
Prism from ByteString to HashAlgorithm a => Digest a.
Use re digest
base64url :: (AsEmpty s1, AsEmpty s2, Cons s1 s1 Word8 Word8, Cons s2 s2 Word8 Word8) => Prism' s1 s2 #
module Crypto.Hash
JWK Set
RFC 7517 §5. JWK Set Format
Instances
| Eq JWKSet # | |
| Show JWKSet # | |
| ToJSON JWKSet # | |
Defined in Crypto.JOSE.JWK | |
| FromJSON JWKSet # | |
| Applicative m => VerificationKeyStore m h s JWKSet # | Use a |
Defined in Crypto.JOSE.JWK.Store Methods getVerificationKeys :: h -> s -> JWKSet -> m [JWK] # | |
bestJWSAlg :: (MonadError e m, AsError e) => JWK -> m Alg #
Choose the cryptographically strongest JWS algorithm for a given key. The JWK "alg" algorithm parameter is ignored.
module Crypto.JOSE.JWA.JWK