jose-0.7.0.0: Javascript Object Signing and Encryption and JSON Web Token library

Safe HaskellNone
LanguageHaskell98

Crypto.JOSE.JWK

Contents

Description

A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This module also defines a JSON Web Key Set (JWK Set) JSON data structure for representing a set of JWKs.

-- Generate RSA JWK and set "kid" param to
-- base64url-encoded SHA-256 thumbprint of key.
--
doGen :: IO JWK
doGen = do
  jwk <- genJWK (RSAGenParam (4096 `div` 8))
  let
    h = view thumbprint jwk :: Digest SHA256
    kid = view (re (base64url . digest) . utf8) h
  pure $ set jwkKid (Just kid) jwk
Synopsis

JWK generation

genJWK :: MonadRandom m => KeyMaterialGenParam -> m JWK #

Generate a JWK. Apart from key parameters, no other parameters are set.

data KeyMaterialGenParam #

Keygen parameters.

Constructors

ECGenParam Crv

Generate an EC key with specified curve.

RSAGenParam Int

Generate an RSA key with specified size in bytes.

OctGenParam Int

Generate a symmetric key with specified size in bytes.

OKPGenParam OKPCrv

Generate an EdDSA or Edwards ECDH key with specified curve.

Instances
Eq KeyMaterialGenParam # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

(==) :: KeyMaterialGenParam -> KeyMaterialGenParam -> Bool #

(/=) :: KeyMaterialGenParam -> KeyMaterialGenParam -> Bool #

Show KeyMaterialGenParam # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

showsPrec :: Int -> KeyMaterialGenParam -> ShowS #

show :: KeyMaterialGenParam -> String #

showList :: [KeyMaterialGenParam] -> ShowS #

Arbitrary KeyMaterialGenParam # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

arbitrary :: Gen KeyMaterialGenParam #

shrink :: KeyMaterialGenParam -> [KeyMaterialGenParam] #

data Crv #

"crv" (Curve) Parameter

Constructors

P_256 
P_384 
P_521 
Instances
Eq Crv # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

(==) :: Crv -> Crv -> Bool #

(/=) :: Crv -> Crv -> Bool #

Ord Crv # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

compare :: Crv -> Crv -> Ordering #

(<) :: Crv -> Crv -> Bool #

(<=) :: Crv -> Crv -> Bool #

(>) :: Crv -> Crv -> Bool #

(>=) :: Crv -> Crv -> Bool #

max :: Crv -> Crv -> Crv #

min :: Crv -> Crv -> Crv #

Show Crv # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

showsPrec :: Int -> Crv -> ShowS #

show :: Crv -> String #

showList :: [Crv] -> ShowS #

Arbitrary Crv # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

arbitrary :: Gen Crv #

shrink :: Crv -> [Crv] #

ToJSON Crv # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

toJSON :: Crv -> Value #

toEncoding :: Crv -> Encoding #

toJSONList :: [Crv] -> Value #

toEncodingList :: [Crv] -> Encoding #

FromJSON Crv # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

parseJSON :: Value -> Parser Crv #

parseJSONList :: Value -> Parser [Crv] #

data OKPCrv #

Constructors

Ed25519 
X25519 
Instances
Eq OKPCrv # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

(==) :: OKPCrv -> OKPCrv -> Bool #

(/=) :: OKPCrv -> OKPCrv -> Bool #

Show OKPCrv # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

showsPrec :: Int -> OKPCrv -> ShowS #

show :: OKPCrv -> String #

showList :: [OKPCrv] -> ShowS #

Arbitrary OKPCrv # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

arbitrary :: Gen OKPCrv #

shrink :: OKPCrv -> [OKPCrv] #

data JWK #

RFC 7517 §4. JSON Web Key (JWK) Format

Instances
Eq JWK # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

(==) :: JWK -> JWK -> Bool #

(/=) :: JWK -> JWK -> Bool #

Show JWK # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

showsPrec :: Int -> JWK -> ShowS #

show :: JWK -> String #

showList :: [JWK] -> ShowS #

Arbitrary JWK # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

arbitrary :: Gen JWK #

shrink :: JWK -> [JWK] #

ToJSON JWK # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

toJSON :: JWK -> Value #

toEncoding :: JWK -> Encoding #

toJSONList :: [JWK] -> Value #

toEncodingList :: [JWK] -> Encoding #

FromJSON JWK # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

parseJSON :: Value -> Parser JWK #

parseJSONList :: Value -> Parser [JWK] #

AsPublicKey JWK # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

asPublicKey :: Getter JWK (Maybe JWK) #

JWKStore JWK # 
Instance details

Defined in Crypto.JOSE.JWK.Store

Methods

keys :: Fold JWK JWK #

keysFor :: (HasAlg h, HasJku h, HasJwk h, HasKid h, HasX5u h, HasX5c h, HasX5t h, HasX5tS256 h, HasTyp h, HasCty h) => KeyOp -> h p -> Fold JWK JWK #

class AsPublicKey k where #

Keys that may have have public material

Minimal complete definition

asPublicKey

Methods

asPublicKey :: Getter k (Maybe k) #

Get the public key

Instances
AsPublicKey RSAKeyParameters # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

asPublicKey :: Getter RSAKeyParameters (Maybe RSAKeyParameters) #

AsPublicKey ECKeyParameters # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

asPublicKey :: Getter ECKeyParameters (Maybe ECKeyParameters) #

AsPublicKey KeyMaterial # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

asPublicKey :: Getter KeyMaterial (Maybe KeyMaterial) #

AsPublicKey OKPKeyParameters # 
Instance details

Defined in Crypto.JOSE.JWA.JWK

Methods

asPublicKey :: Getter OKPKeyParameters (Maybe OKPKeyParameters) #

AsPublicKey JWK # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

asPublicKey :: Getter JWK (Maybe JWK) #

Parts of a JWK

jwkMaterial :: Lens' JWK KeyMaterial #

jwkUse :: Lens' JWK (Maybe KeyUse) #

data KeyUse #

RFC 7517 §4.2. "use" (Public Key Use) Parameter

Constructors

Sig 
Enc 
Instances
Eq KeyUse # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

(==) :: KeyUse -> KeyUse -> Bool #

(/=) :: KeyUse -> KeyUse -> Bool #

Ord KeyUse # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

compare :: KeyUse -> KeyUse -> Ordering #

(<) :: KeyUse -> KeyUse -> Bool #

(<=) :: KeyUse -> KeyUse -> Bool #

(>) :: KeyUse -> KeyUse -> Bool #

(>=) :: KeyUse -> KeyUse -> Bool #

max :: KeyUse -> KeyUse -> KeyUse #

min :: KeyUse -> KeyUse -> KeyUse #

Show KeyUse # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

showsPrec :: Int -> KeyUse -> ShowS #

show :: KeyUse -> String #

showList :: [KeyUse] -> ShowS #

ToJSON KeyUse # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

toJSON :: KeyUse -> Value #

toEncoding :: KeyUse -> Encoding #

toJSONList :: [KeyUse] -> Value #

toEncodingList :: [KeyUse] -> Encoding #

FromJSON KeyUse # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

parseJSON :: Value -> Parser KeyUse #

parseJSONList :: Value -> Parser [KeyUse] #

jwkKeyOps :: Lens' JWK (Maybe [KeyOp]) #

data KeyOp #

RFC 7517 §4.3. "key_ops" (Key Operations) Parameter

Constructors

Sign 
Verify 
Encrypt 
Decrypt 
WrapKey 
UnwrapKey 
DeriveKey 
DeriveBits 
Instances
Eq KeyOp # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

(==) :: KeyOp -> KeyOp -> Bool #

(/=) :: KeyOp -> KeyOp -> Bool #

Ord KeyOp # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

compare :: KeyOp -> KeyOp -> Ordering #

(<) :: KeyOp -> KeyOp -> Bool #

(<=) :: KeyOp -> KeyOp -> Bool #

(>) :: KeyOp -> KeyOp -> Bool #

(>=) :: KeyOp -> KeyOp -> Bool #

max :: KeyOp -> KeyOp -> KeyOp #

min :: KeyOp -> KeyOp -> KeyOp #

Show KeyOp # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

showsPrec :: Int -> KeyOp -> ShowS #

show :: KeyOp -> String #

showList :: [KeyOp] -> ShowS #

ToJSON KeyOp # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

toJSON :: KeyOp -> Value #

toEncoding :: KeyOp -> Encoding #

toJSONList :: [KeyOp] -> Value #

toEncodingList :: [KeyOp] -> Encoding #

FromJSON KeyOp # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

parseJSON :: Value -> Parser KeyOp #

parseJSONList :: Value -> Parser [KeyOp] #

jwkAlg :: Lens' JWK (Maybe JWKAlg) #

data JWKAlg #

RFC 7517 §4.4. "alg" (Algorithm) Parameter

See also RFC 7518 §6.4. which states that for "oct" keys, an "alg" member SHOULD be present to identify the algorithm intended to be used with the key, unless the application uses another means or convention to determine the algorithm used.

Constructors

JWSAlg Alg 
JWEAlg Alg 
Instances
Eq JWKAlg # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

(==) :: JWKAlg -> JWKAlg -> Bool #

(/=) :: JWKAlg -> JWKAlg -> Bool #

Show JWKAlg # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

showsPrec :: Int -> JWKAlg -> ShowS #

show :: JWKAlg -> String #

showList :: [JWKAlg] -> ShowS #

ToJSON JWKAlg # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

toJSON :: JWKAlg -> Value #

toEncoding :: JWKAlg -> Encoding #

toJSONList :: [JWKAlg] -> Value #

toEncodingList :: [JWKAlg] -> Encoding #

FromJSON JWKAlg # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

parseJSON :: Value -> Parser JWKAlg #

parseJSONList :: Value -> Parser [JWKAlg] #

jwkKid :: Lens' JWK (Maybe Text) #

jwkX5u :: Lens' JWK (Maybe URI) #

jwkX5c :: Lens' JWK (Maybe (NonEmpty Base64X509)) #

jwkX5t :: Lens' JWK (Maybe Base64SHA1) #

jwkX5tS256 :: Lens' JWK (Maybe Base64SHA256) #

Converting from other key formats

fromKeyMaterial :: KeyMaterial -> JWK #

fromRSA :: PrivateKey -> JWK #

Convert RSA private key into a JWK

fromOctets :: Cons s s Word8 Word8 => s -> JWK #

Convert octet string into a JWK

JWK Thumbprint

thumbprint :: HashAlgorithm a => Getter JWK (Digest a) #

Compute the JWK Thumbprint of a JWK

digest :: HashAlgorithm a => Prism' ByteString (Digest a) #

Prism from ByteString to HashAlgorithm a => Digest a.

Use re digest to view the bytes of a digest

base64url :: (AsEmpty s1, AsEmpty s2, Cons s1 s1 Word8 Word8, Cons s2 s2 Word8 Word8) => Prism' s1 s2 #

Prism for encoding / decoding base64url.

To encode, review base64url. To decode, preview base64url.

Works with any combinations of strict/lazy ByteString.

module Crypto.Hash

JWK Set

newtype JWKSet #

RFC 7517 §5. JWK Set Format

Constructors

JWKSet [JWK] 
Instances
Eq JWKSet # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

(==) :: JWKSet -> JWKSet -> Bool #

(/=) :: JWKSet -> JWKSet -> Bool #

Show JWKSet # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

showsPrec :: Int -> JWKSet -> ShowS #

show :: JWKSet -> String #

showList :: [JWKSet] -> ShowS #

ToJSON JWKSet # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

toJSON :: JWKSet -> Value #

toEncoding :: JWKSet -> Encoding #

toJSONList :: [JWKSet] -> Value #

toEncodingList :: [JWKSet] -> Encoding #

FromJSON JWKSet # 
Instance details

Defined in Crypto.JOSE.JWK

Methods

parseJSON :: Value -> Parser JWKSet #

parseJSONList :: Value -> Parser [JWKSet] #

JWKStore JWKSet # 
Instance details

Defined in Crypto.JOSE.JWK.Store

Methods

keys :: Fold JWKSet JWK #

keysFor :: (HasAlg h, HasJku h, HasJwk h, HasKid h, HasX5u h, HasX5c h, HasX5t h, HasX5tS256 h, HasTyp h, HasCty h) => KeyOp -> h p -> Fold JWKSet JWK #

bestJWSAlg :: (MonadError e m, AsError e) => JWK -> m Alg #

Choose the cryptographically strongest JWS algorithm for a given key. The JWK "alg" algorithm parameter is ignored.

module Crypto.JOSE.JWA.JWK