Go JOSE 介绍
jose 项目旨在提供实现了 JavaScript 对象签名和加密的标准方法。主要用于 JSON Web 加密和 JSON Web 签名方面。
注意:该库包含加密软件,受到美国出口管理条例的限制。你不可以出口、再出口、转让或下载任何部分违反美国法律、任何指令或法规的代码。特别是这个软件不可以以任何形式或任何媒体出口或再出口到伊朗,北苏丹、叙利亚、古巴、朝鲜,以及任何我们屏蔽名单中的个人或者实体。
| Key encryption | Algorithm identifier(s) |
|---|---|
| RSA-PKCS#1v1.5 | RSA1_5 |
| RSA-OAEP | RSA-OAEP, RSA-OAEP-256 |
| AES key wrap | A128KW, A192KW, A256KW |
| aes-gcm key wrap | A128GCMKW, A192GCMKW, A256GCMKW |
| ECDH-ES + AES key wrap | ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW |
| ECDH-ES (direct) | ECDH-ES1 |
| Direct encryption | dir |
|
Signing / MAC |
Algorithm identifier(s) |
|---|---|
|
RSASSA-PKCS#1v1.5 |
RS256, RS384, RS512 |
|
RSASSA-PSS |
PS256, ps384, PS512 |
|
HMAC |
HS256, HS384, HS512 |
|
ECDSA |
ES256, ES384, ES512 |
|
Content encryption |
Algorithm identifier(s) |
|---|---|
|
AES-CBC+HMAC |
A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 |
|
A128GCM, A192GCM, A256GCM |
|
Compression |
Algorithm identifiers(s) |
|---|---|
|
DEFLATE (RFC 1951) |
DEF |
使用 RSA 加密和解密示例:
// Generate a public/private key pair to use for this example. The library
// also provides two utility functions (LoadPublicKey and LoadPrivateKey)
// that can be used to load keys from PEM/DER-encoded data.
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
panic(err)
}
// Instantiate an encrypter using RSA-OAEP with AES128-GCM. An error would
// indicate that the selected algorithm(s) are not currently supported.
publicKey := &privateKey.PublicKey
encrypter, err := NewEncrypter(RSA_OAEP, A128GCM, publicKey)
if err != nil {
panic(err)
}
// Encrypt a sample plaintext. Calling the encrypter returns an encrypted
// JWE object, which can then be serialized for output afterwards. An error
// would indicate a problem in an underlying cryptographic primitive.
var plaintext = []byte("Lorem ipsum dolor sit amet")
object, err := encrypter.Encrypt(plaintext)
if err != nil {
panic(err)
}
// Serialize the encrypted object using the full serialization format.
// Alternatively you can also use the compact format here by calling
// object.CompactSerialize() instead.
serialized, err := object.FullSerialize()
// Now let's instantiate a decrypter so we can get back the plaintext.
decrypter, err := NewDecrypter(privateKey)
if err != nil {
panic(err)
}
// Parse the serialized, encrypted JWE object. An error would indicate that
// the given input did not represent a valid message.
object, err = Parse(serialized)
if err != nil {
panic(err)
}
// Now we can decrypt and get back our original plaintext. An error here
// would indicate the the message Failed to decrypt, e.g. because the auth
// tag was broken and the message was tampered with.
decrypted, err := decrypter.Decrypt(object)
if err != nil {
panic(err)
}
fmt.Printf(string(decrypted))
// output: Lorem ipsum dolor sit amet
Go JOSE 官网
https://github.com/square/go-jose
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
