| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Crypto.JOSE.JWK
Description
A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. This module also defines a JSON Web Key Set (JWK Set) JSON data structure for representing a set of JWKs.
-- Generate RSA JWK and set "kid" param to -- base64url-encoded SHA-256 thumbprint of key. -- doGen :: IO JWK doGen = do jwk <-genJWK(RSAGenParam (4096 `div` 8)) let h = viewthumbprintjwk :: Digest SHA256 kid = view (re (base64url.digest) . utf8) h pure $ setjwkKid(Just kid) jwk
Synopsis
- genJWK :: MonadRandom m => KeyMaterialGenParam -> m JWK
- data KeyMaterialGenParam
- = ECGenParam Crv
- | RSAGenParam Int
- | OctGenParam Int
- | OKPGenParam OKPCrv
- data Crv
- data OKPCrv
- data JWK
- class AsPublicKey k where
- asPublicKey :: Getter k (Maybe k)
- jwkMaterial :: Lens' JWK KeyMaterial
- jwkUse :: Lens' JWK (Maybe KeyUse)
- data KeyUse
- jwkKeyOps :: Lens' JWK (Maybe [KeyOp])
- data KeyOp
- jwkAlg :: Lens' JWK (Maybe JWKAlg)
- data JWKAlg
- jwkKid :: Lens' JWK (Maybe Text)
- jwkX5u :: Lens' JWK (Maybe URI)
- jwkX5c :: Getter JWK (Maybe (NonEmpty SignedCertificate))
- setJWKX5c :: Maybe (NonEmpty SignedCertificate) -> JWK -> Maybe JWK
- jwkX5t :: Lens' JWK (Maybe Base64SHA1)
- jwkX5tS256 :: Lens' JWK (Maybe Base64SHA256)
- fromKeyMaterial :: KeyMaterial -> JWK
- fromRSA :: PrivateKey -> JWK
- fromOctets :: Cons s s Word8 Word8 => s -> JWK
- fromX509Certificate :: (AsError e, MonadError e m) => SignedCertificate -> m JWK
- thumbprint :: HashAlgorithm a => Getter JWK (Digest a)
- digest :: HashAlgorithm a => Prism' ByteString (Digest a)
- base64url :: (AsEmpty s1, AsEmpty s2, Cons s1 s1 Word8 Word8, Cons s2 s2 Word8 Word8) => Prism' s1 s2
- newtype JWKSet = JWKSet [JWK]
- bestJWSAlg :: (MonadError e m, AsError e) => JWK -> m Alg
- module Crypto.JOSE.JWA.JWK
JWK generation
genJWK :: MonadRandom m => KeyMaterialGenParam -> m JWK Source #
Generate a JWK. Apart from key parameters, no other parameters are set.
data KeyMaterialGenParam Source #
Keygen parameters.
Constructors
| ECGenParam Crv | Generate an EC key with specified curve. |
| RSAGenParam Int | Generate an RSA key with specified size in bytes. |
| OctGenParam Int | Generate a symmetric key with specified size in bytes. |
| OKPGenParam OKPCrv | Generate an EdDSA or Edwards ECDH key with specified curve. |
Instances
| Eq KeyMaterialGenParam Source # | |
Defined in Crypto.JOSE.JWA.JWK Methods (==) :: KeyMaterialGenParam -> KeyMaterialGenParam -> Bool (/=) :: KeyMaterialGenParam -> KeyMaterialGenParam -> Bool | |
| Show KeyMaterialGenParam Source # | |
Defined in Crypto.JOSE.JWA.JWK Methods showsPrec :: Int -> KeyMaterialGenParam -> ShowS show :: KeyMaterialGenParam -> String showList :: [KeyMaterialGenParam] -> ShowS | |
| Arbitrary KeyMaterialGenParam Source # | |
Defined in Crypto.JOSE.JWA.JWK | |
"crv" (Curve) Parameter
RFC 7517 §4. JSON Web Key (JWK) Format
Instances
| Eq JWK Source # | |
| Show JWK Source # | |
| FromJSON JWK Source # | |
Defined in Crypto.JOSE.JWK | |
| ToJSON JWK Source # | |
Defined in Crypto.JOSE.JWK | |
| Arbitrary JWK Source # | |
| AsPublicKey JWK Source # | |
Defined in Crypto.JOSE.JWK Methods asPublicKey :: Getter JWK (Maybe JWK) Source # | |
| Applicative m => VerificationKeyStore m h s JWK Source # | Use a |
Defined in Crypto.JOSE.JWK.Store Methods getVerificationKeys :: h -> s -> JWK -> m [JWK] Source # | |
class AsPublicKey k where Source #
Keys that may have have public material
Instances
| AsPublicKey RSAKeyParameters Source # | |
Defined in Crypto.JOSE.JWA.JWK Methods asPublicKey :: Getter RSAKeyParameters (Maybe RSAKeyParameters) Source # | |
| AsPublicKey ECKeyParameters Source # | |
Defined in Crypto.JOSE.JWA.JWK Methods asPublicKey :: Getter ECKeyParameters (Maybe ECKeyParameters) Source # | |
| AsPublicKey KeyMaterial Source # | |
Defined in Crypto.JOSE.JWA.JWK Methods asPublicKey :: Getter KeyMaterial (Maybe KeyMaterial) Source # | |
| AsPublicKey OKPKeyParameters Source # | |
Defined in Crypto.JOSE.JWA.JWK Methods asPublicKey :: Getter OKPKeyParameters (Maybe OKPKeyParameters) Source # | |
| AsPublicKey JWK Source # | |
Defined in Crypto.JOSE.JWK Methods asPublicKey :: Getter JWK (Maybe JWK) Source # | |
Parts of a JWK
jwkMaterial :: Lens' JWK KeyMaterial Source #
RFC 7517 §4.2. "use" (Public Key Use) Parameter
Instances
| Eq KeyUse Source # | |
| Ord KeyUse Source # | |
| Show KeyUse Source # | |
| FromJSON KeyUse Source # | |
Defined in Crypto.JOSE.JWK | |
| ToJSON KeyUse Source # | |
Defined in Crypto.JOSE.JWK Methods toEncoding :: KeyUse -> Encoding toJSONList :: [KeyUse] -> Value toEncodingList :: [KeyUse] -> Encoding | |
RFC 7517 §4.3. "key_ops" (Key Operations) Parameter
Instances
| Eq KeyOp Source # | |
| Ord KeyOp Source # | |
| Show KeyOp Source # | |
| FromJSON KeyOp Source # | |
Defined in Crypto.JOSE.JWK | |
| ToJSON KeyOp Source # | |
Defined in Crypto.JOSE.JWK Methods toEncoding :: KeyOp -> Encoding toJSONList :: [KeyOp] -> Value toEncodingList :: [KeyOp] -> Encoding | |
RFC 7517 §4.4. "alg" (Algorithm) Parameter
See also RFC 7518 §6.4. which states that for "oct" keys, an "alg" member SHOULD be present to identify the algorithm intended to be used with the key, unless the application uses another means or convention to determine the algorithm used.
Instances
| Eq JWKAlg Source # | |
| Show JWKAlg Source # | |
| FromJSON JWKAlg Source # | |
Defined in Crypto.JOSE.JWK | |
| ToJSON JWKAlg Source # | |
Defined in Crypto.JOSE.JWK Methods toEncoding :: JWKAlg -> Encoding toJSONList :: [JWKAlg] -> Value toEncodingList :: [JWKAlg] -> Encoding | |
jwkX5c :: Getter JWK (Maybe (NonEmpty SignedCertificate)) Source #
Get the certificate chain. Not a lens, because the key of the first
certificate in the chain must correspond be the public key of the JWK.
To set the certificate chain use setJWKX5c.
setJWKX5c :: Maybe (NonEmpty SignedCertificate) -> JWK -> Maybe JWK Source #
Set the "x5c" Certificate Chain parameter. If setting the list,
checks that the key in the first certificate matches the JWK; returns
Nothing if it does not.
jwkX5t :: Lens' JWK (Maybe Base64SHA1) Source #
jwkX5tS256 :: Lens' JWK (Maybe Base64SHA256) Source #
Converting from other key formats
fromKeyMaterial :: KeyMaterial -> JWK Source #
fromOctets :: Cons s s Word8 Word8 => s -> JWK Source #
Convert octet string into a JWK
fromX509Certificate :: (AsError e, MonadError e m) => SignedCertificate -> m JWK Source #
Convert an X.509 certificate into a JWK.
Only RSA keys are supported. Other key types will throw
KeyMismatch.
The "x5c" field of the resulting JWK contains the certificate.
JWK Thumbprint
thumbprint :: HashAlgorithm a => Getter JWK (Digest a) Source #
Compute the JWK Thumbprint of a JWK
digest :: HashAlgorithm a => Prism' ByteString (Digest a) Source #
Prism from ByteString to HashAlgorithm a => Digest a.
Use to view the bytes of a digestre digest
base64url :: (AsEmpty s1, AsEmpty s2, Cons s1 s1 Word8 Word8, Cons s2 s2 Word8 Word8) => Prism' s1 s2 Source #
Prism for encoding / decoding base64url.
To encode, .
To decode, review base64url.preview base64url
Works with any combinations of strict/lazy ByteString.
JWK Set
RFC 7517 §5. JWK Set Format
Instances
| Eq JWKSet Source # | |
| Show JWKSet Source # | |
| FromJSON JWKSet Source # | |
Defined in Crypto.JOSE.JWK | |
| ToJSON JWKSet Source # | |
Defined in Crypto.JOSE.JWK Methods toEncoding :: JWKSet -> Encoding toJSONList :: [JWKSet] -> Value toEncodingList :: [JWKSet] -> Encoding | |
| Applicative m => VerificationKeyStore m h s JWKSet Source # | Use a |
Defined in Crypto.JOSE.JWK.Store Methods getVerificationKeys :: h -> s -> JWKSet -> m [JWK] Source # | |
bestJWSAlg :: (MonadError e m, AsError e) => JWK -> m Alg Source #
Choose the cryptographically strongest JWS algorithm for a given key. The JWK "alg" algorithm parameter is ignored.
module Crypto.JOSE.JWA.JWK