JOSE标准在Golang中的实现:Go JOSE
jopen
9年前
jose 项目旨在提供实现了 JavaScript 对象签名和加密标准集。主要用于 JSON Web 加密和 JSON Web 签名方面。
目前支持的算法包括:
| Key encryption | Algorithm identifier(s) |
|---|---|
| RSA-PKCS#1v1.5 | RSA1_5 |
| RSA-OAEP | RSA-OAEP, RSA-OAEP-256 |
| AES key wrap | A128KW, A192KW, A256KW |
| AES-GCM key wrap | A128GCMKW, A192GCMKW, A256GCMKW |
| ECDH-ES + AES key wrap | ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW |
| ECDH-ES (direct) | ECDH-ES1 |
| Direct encryption | dir |
| Signing / MAC | Algorithm identifier(s) |
|---|---|
| RSASSA-PKCS#1v1.5 | RS256, RS384, RS512 |
| RSASSA-PSS | PS256, PS384, PS512 |
| HMAC | HS256, HS384, HS512 |
| ECDSA | ES256, ES384, ES512 |
| Content encryption | Algorithm identifier(s) |
|---|---|
| AES-CBC+HMAC | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 |
| AES-GCM | A128GCM, A192GCM, A256GCM |
| Compression | Algorithm identifiers(s) |
|---|---|
| DEFLATE (RFC 1951) | DEF |
使用 RSA 加密和解密示例:
// Generate a public/private key pair to use for this example. The library // also provides two utility functions (LoadPublicKey and LoadPrivateKey) // that can be used to load keys from PEM/DER-encoded data. privateKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { panic(err) } // Instantiate an encrypter using RSA-OAEP with AES128-GCM. An error would // indicate that the selected algorithm(s) are not currently supported. publicKey := &privateKey.PublicKey encrypter, err := NewEncrypter(RSA_OAEP, A128GCM, publicKey) if err != nil { panic(err) } // Encrypt a sample plaintext. Calling the encrypter returns an encrypted // JWE object, which can then be serialized for output afterwards. An error // would indicate a problem in an underlying cryptographic primitive. var plaintext = []byte("Lorem ipsum dolor sit amet") object, err := encrypter.Encrypt(plaintext) if err != nil { panic(err) } // Serialize the encrypted object using the full serialization format. // Alternatively you can also use the compact format here by calling // object.CompactSerialize() instead. serialized, err := object.FullSerialize() // Now let's instantiate a decrypter so we can get back the plaintext. decrypter, err := NewDecrypter(privateKey) if err != nil { panic(err) } // Parse the serialized, encrypted JWE object. An error would indicate that // the given input did not represent a valid message. object, err = Parse(serialized) if err != nil { panic(err) } // Now we can decrypt and get back our original plaintext. An error here // would indicate the the message failed to decrypt, e.g. because the auth // tag was broken and the message was tampered with. decrypted, err := decrypter.Decrypt(object) if err != nil { panic(err) } fmt.Printf(string(decrypted)) // output: Lorem ipsum dolor sit amet