README.md
1# Go JOSE
2
3[](https://godoc.org/gopkg.in/square/go-jose.v1) [](https://raw.githubusercontent.com/square/go-jose/master/LICENSE)
4[](https://github.com/square/go-jose/releases)
5[](https://travis-ci.org/square/go-jose)
6[](https://coveralls.io/r/square/go-jose)
7
8Package jose aims to provide an implementation of the Javascript Object Signing
9and Encryption set of standards. For the moment, it mainly focuses on encryption
10and signing based on the JSON Web Encryption and JSON Web Signature standards.
11
12**Disclaimer**: This library contains encryption software that is subject to
13the U.S. Export Administration Regulations. You may not export, re-export,
14transfer or download this code or any part of it in violation of any United
15States law, directive or regulation. In particular this software may not be
16exported or re-exported in any form or on any media to Iran, North Sudan,
17Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any
18US maintained blocked list.
19
20## Overview
21
22The implementation follows the
23[JSON Web Encryption](http://dx.doi.org/10.17487/RFC7516)
24standard (RFC 7516) and
25[JSON Web Signature](http://dx.doi.org/10.17487/RFC7515)
26standard (RFC 7515). Tables of supported algorithms are shown below.
27The library supports both the compact and full serialization formats, and has
28optional support for multiple recipients. It also comes with a small
29command-line utility
30([`jose-util`](https://github.com/square/go-jose/tree/master/jose-util))
31for dealing with JOSE messages in a shell.
32
33**Note**: We use a forked version of the `encoding/json` package from the Go
34standard library which uses case-sensitive matching for member names (instead
35of [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html)).
36This is to avoid differences in interpretation of messages between go-jose and
37libraries in other languages. If you do not like this behavior, you can use the
38`std_json` build tag to disable it (though we do not recommend doing so).
39
40### Versions
41
42We use [gopkg.in](https://gopkg.in) for versioning.
43
44[Version 1](https://gopkg.in/square/go-jose.v1) is the current stable version:
45
46 import "gopkg.in/square/go-jose.v1"
47
48The interface for [go-jose.v1](https://gopkg.in/square/go-jose.v1) will remain
49backwards compatible. We're currently sketching out ideas for a new version, to
50clean up the interface a bit. If you have ideas or feature requests [please let
51us know](https://github.com/square/go-jose/issues/64)!
52
53### Supported algorithms
54
55See below for a table of supported algorithms. Algorithm identifiers match
56the names in the
57[JSON Web Algorithms](http://dx.doi.org/10.17487/RFC7518)
58standard where possible. The
59[Godoc reference](https://godoc.org/github.com/square/go-jose#pkg-constants)
60has a list of constants.
61
62 Key encryption | Algorithm identifier(s)
63 :------------------------- | :------------------------------
64 RSA-PKCS#1v1.5 | RSA1_5
65 RSA-OAEP | RSA-OAEP, RSA-OAEP-256
66 AES key wrap | A128KW, A192KW, A256KW
67 AES-GCM key wrap | A128GCMKW, A192GCMKW, A256GCMKW
68 ECDH-ES + AES key wrap | ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW
69 ECDH-ES (direct) | ECDH-ES<sup>1</sup>
70 Direct encryption | dir<sup>1</sup>
71
72<sup>1. Not supported in multi-recipient mode</sup>
73
74 Signing / MAC | Algorithm identifier(s)
75 :------------------------- | :------------------------------
76 RSASSA-PKCS#1v1.5 | RS256, RS384, RS512
77 RSASSA-PSS | PS256, PS384, PS512
78 HMAC | HS256, HS384, HS512
79 ECDSA | ES256, ES384, ES512
80
81 Content encryption | Algorithm identifier(s)
82 :------------------------- | :------------------------------
83 AES-CBC+HMAC | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512
84 AES-GCM | A128GCM, A192GCM, A256GCM
85
86 Compression | Algorithm identifiers(s)
87 :------------------------- | -------------------------------
88 DEFLATE (RFC 1951) | DEF
89
90### Supported key types
91
92See below for a table of supported key types. These are understood by the
93library, and can be passed to corresponding functions such as `NewEncrypter` or
94`NewSigner`. Note that if you are creating a new encrypter or signer with a
95JsonWebKey, the key id of the JsonWebKey (if present) will be added to any
96resulting messages.
97
98 Algorithm(s) | Corresponding types
99 :------------------------- | -------------------------------
100 RSA | *[rsa.PublicKey](http://golang.org/pkg/crypto/rsa/#PublicKey), *[rsa.PrivateKey](http://golang.org/pkg/crypto/rsa/#PrivateKey), *[jose.JsonWebKey](https://godoc.org/github.com/square/go-jose#JsonWebKey)
101 ECDH, ECDSA | *[ecdsa.PublicKey](http://golang.org/pkg/crypto/ecdsa/#PublicKey), *[ecdsa.PrivateKey](http://golang.org/pkg/crypto/ecdsa/#PrivateKey), *[jose.JsonWebKey](https://godoc.org/github.com/square/go-jose#JsonWebKey)
102 AES, HMAC | []byte, *[jose.JsonWebKey](https://godoc.org/github.com/square/go-jose#JsonWebKey)
103
104## Examples
105
106Encryption/decryption example using RSA:
107
108```Go
109// Generate a public/private key pair to use for this example. The library
110// also provides two utility functions (LoadPublicKey and LoadPrivateKey)
111// that can be used to load keys from PEM/DER-encoded data.
112privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
113if err != nil {
114 panic(err)
115}
116
117// Instantiate an encrypter using RSA-OAEP with AES128-GCM. An error would
118// indicate that the selected algorithm(s) are not currently supported.
119publicKey := &privateKey.PublicKey
120encrypter, err := NewEncrypter(RSA_OAEP, A128GCM, publicKey)
121if err != nil {
122 panic(err)
123}
124
125// Encrypt a sample plaintext. Calling the encrypter returns an encrypted
126// JWE object, which can then be serialized for output afterwards. An error
127// would indicate a problem in an underlying cryptographic primitive.
128var plaintext = []byte("Lorem ipsum dolor sit amet")
129object, err := encrypter.Encrypt(plaintext)
130if err != nil {
131 panic(err)
132}
133
134// Serialize the encrypted object using the full serialization format.
135// Alternatively you can also use the compact format here by calling
136// object.CompactSerialize() instead.
137serialized := object.FullSerialize()
138
139// Parse the serialized, encrypted JWE object. An error would indicate that
140// the given input did not represent a valid message.
141object, err = ParseEncrypted(serialized)
142if err != nil {
143 panic(err)
144}
145
146// Now we can decrypt and get back our original plaintext. An error here
147// would indicate the the message failed to decrypt, e.g. because the auth
148// tag was broken or the message was tampered with.
149decrypted, err := object.Decrypt(privateKey)
150if err != nil {
151 panic(err)
152}
153
154fmt.Printf(string(decrypted))
155// output: Lorem ipsum dolor sit amet
156```
157
158Signing/verification example using RSA:
159
160```Go
161// Generate a public/private key pair to use for this example. The library
162// also provides two utility functions (LoadPublicKey and LoadPrivateKey)
163// that can be used to load keys from PEM/DER-encoded data.
164privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
165if err != nil {
166 panic(err)
167}
168
169// Instantiate a signer using RSASSA-PSS (SHA512) with the given private key.
170signer, err := NewSigner(PS512, privateKey)
171if err != nil {
172 panic(err)
173}
174
175// Sign a sample payload. Calling the signer returns a protected JWS object,
176// which can then be serialized for output afterwards. An error would
177// indicate a problem in an underlying cryptographic primitive.
178var payload = []byte("Lorem ipsum dolor sit amet")
179object, err := signer.Sign(payload)
180if err != nil {
181 panic(err)
182}
183
184// Serialize the encrypted object using the full serialization format.
185// Alternatively you can also use the compact format here by calling
186// object.CompactSerialize() instead.
187serialized := object.FullSerialize()
188
189// Parse the serialized, protected JWS object. An error would indicate that
190// the given input did not represent a valid message.
191object, err = ParseSigned(serialized)
192if err != nil {
193 panic(err)
194}
195
196// Now we can verify the signature on the payload. An error here would
197// indicate the the message failed to verify, e.g. because the signature was
198// broken or the message was tampered with.
199output, err := object.Verify(&privateKey.PublicKey)
200if err != nil {
201 panic(err)
202}
203
204fmt.Printf(string(output))
205// output: Lorem ipsum dolor sit amet
206```
207
208More examples can be found in the [Godoc
209reference](https://godoc.org/github.com/square/go-jose) for this package. The
210[`jose-util`](https://github.com/square/go-jose/tree/master/jose-util)
211subdirectory also contains a small command-line utility which might
212be useful as an example.
213
){kind=link}
){kind=link}
){kind=link}
){kind=link}
){kind=link}