Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



26 Commits

Repository files navigation


Jwice is a small and incomplete library for creating jws signatures. The main purpose of this library is to explore the logic behind creating these signatures.


You can either use the default header and change from there or create a new protected header from scratch by creating a new object of type jws.JwsProtectedHeader

To use the default just do:

// ...
// certificate 	-- x509.Certificate
// httpHeaders 	-- http.HttpHeader
// privateKey 	-- *rsa.PrivateKey
// ...

protectedHeader := jws.DefaultJwsProtectedHeader().WithCertificate(certificate)
signature, err := jws.GenerateSignature(protectedHeader, httpHeaders, privateKey)

The default header has the following properties set:

	B64:  false,
	Crit: []string{"sigT", "sigD", "b64"},
	Alg:  "RS256",
	SigT: time.Now().In(time.UTC).Format(time.RFC3339),
	SigD: SignedHeaders{
		Pars: []string{"(request-target)", "digest"},
		MId:  "",

When defining your protected header it is easy to chain multiple functions that mutate the header:

protectedHeader := jws.DefaultJwsProtectedHeader().
	WithClaimedTime(time.Now().Add(5 * time.Minute)).
	WithSignedHeaders([]string{"digest", "date", "content-type", "x-custom-something"})

Sugary bits

The library will do the following things for you:

  • When using *JwsProtectedHeader.WithClaimedTime(time time.Time) the function will transform your time to UTC and format it according to RFC3339.
  • When using *JwsProtectedHeader.WithSignedHeader(headers []string) you can specify which HTTP Headers you are going to include in this signature. The function will eliminate duplicates and format the resulting slice so each element is lowercase. NOTE: digest and (request-target) headers are mandatory.
  • Based on the Alg field set in the protected header, when generating the signature, Jwice will apply the correct hashing algorithm.