Skip to content
An implementation of JOSE standards (JWE, JWS, JWT) in Go
Go Perl
Branch: master
Clone or download
mbyczkowski Merge pull request #265 from mandrean/patch-1
Add installation instructions
Latest commit 2c8b642 Oct 13, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
cipher Add comment explaining padding Jun 3, 2019
cryptosigner Update import paths for upcoming V3 release Jun 13, 2019
jose-util Add installation instructions Oct 9, 2019
json Third lint pass May 30, 2019
jwt Update import paths for upcoming V3 release Jun 13, 2019
.gitignore Code cleanup for jose-util May 24, 2019
.golangci.yml Third lint pass May 30, 2019
.travis.yml Make Travis happy May 30, 2019
BUG-BOUNTY.md Update bug bounty link Apr 11, 2018
CONTRIBUTING.md Fix CONTRIBUTING.md to remove old spreadsheet Jun 18, 2019
LICENSE Initial commit Dec 19, 2014
README.md Update README.md May 31, 2019
asymmetric.go Update import paths for upcoming V3 release Jun 13, 2019
asymmetric_test.go Second linter pass May 29, 2019
crypter.go Update import paths for upcoming V3 release Jun 13, 2019
crypter_test.go Keep RandReader public May 31, 2019
doc.go Add more documentation for jwt package May 30, 2017
doc_test.go First linter pass May 25, 2019
encoding.go Update import paths for upcoming V3 release Jun 13, 2019
encoding_test.go First linter pass May 25, 2019
go.mod Bump github.com/stretchr/testify from 1.3.0 to 1.4.0 Aug 16, 2019
go.sum Bump github.com/stretchr/testify from 1.3.0 to 1.4.0 Aug 16, 2019
jwe.go Update import paths for upcoming V3 release Jun 13, 2019
jwe_test.go Pad z value to proper size after P-521 scalar multiplication. May 31, 2019
jwk.go Fix error message for incorrect pubkey x/y length. Jun 26, 2019
jwk_test.go Update import paths for upcoming V3 release Jun 13, 2019
jws.go Update import paths for upcoming V3 release Jun 13, 2019
jws_test.go Merge pull request #242 from square/cs/x5u-x5t May 29, 2019
opaque.go allow signer to rotate keys underneath recipientSigInfo Apr 6, 2018
opaque_test.go Third lint pass May 30, 2019
shared.go Update import paths for upcoming V3 release Jun 13, 2019
signing.go Update import paths for upcoming V3 release Jun 13, 2019
signing_test.go Update import paths for upcoming V3 release Jun 13, 2019
symmetric.go Update import paths for upcoming V3 release Jun 13, 2019
symmetric_test.go Keep RandReader public May 31, 2019
utils_test.go

README.md

Go JOSE

godoc godoc license build coverage

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. This includes support for JSON Web Encryption, JSON Web Signature, and JSON Web Token standards.

Disclaimer: This library contains encryption software that is subject to the U.S. Export Administration Regulations. You may not export, re-export, transfer or download this code or any part of it in violation of any United States law, directive or regulation. In particular this software may not be exported or re-exported in any form or on any media to Iran, North Sudan, Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any US maintained blocked list.

Overview

The implementation follows the JSON Web Encryption (RFC 7516), JSON Web Signature (RFC 7515), and JSON Web Token (RFC 7519) specifications. Tables of supported algorithms are shown below. The library supports both the compact and full serialization formats, and has optional support for multiple recipients. It also comes with a small command-line utility (jose-util) for dealing with JOSE messages in a shell.

Note: We use a forked version of the encoding/json package from the Go standard library which uses case-sensitive matching for member names (instead of case-insensitive matching). This is to avoid differences in interpretation of messages between go-jose and libraries in other languages.

Versions

Version 2 (branch, doc) is the current stable version:

import "gopkg.in/square/go-jose.v2"

Version 3 (branch, doc) is the under development/unstable version (not released yet):

import "github.com/square/go-jose/v3"

All new feature development takes place on the master branch, which we are preparing to release as version 3 soon. Version 2 will continue to receive critical bug and security fixes. Note that starting with version 3 we are using Go modules for versioning instead of gopkg.in as before.

Version 1 (on the v1 branch) is frozen and not supported anymore.

Supported algorithms

See below for a table of supported algorithms. Algorithm identifiers match the names in the JSON Web Algorithms standard where possible. The Godoc reference has a list of constants.

Key encryption Algorithm identifier(s)
RSA-PKCS#1v1.5 RSA1_5
RSA-OAEP RSA-OAEP, RSA-OAEP-256
AES key wrap A128KW, A192KW, A256KW
AES-GCM key wrap A128GCMKW, A192GCMKW, A256GCMKW
ECDH-ES + AES key wrap ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW
ECDH-ES (direct) ECDH-ES1
Direct encryption dir1

1. Not supported in multi-recipient mode

Signing / MAC Algorithm identifier(s)
RSASSA-PKCS#1v1.5 RS256, RS384, RS512
RSASSA-PSS PS256, PS384, PS512
HMAC HS256, HS384, HS512
ECDSA ES256, ES384, ES512
Ed25519 EdDSA2

2. Only available in version 2 of the package

Content encryption Algorithm identifier(s)
AES-CBC+HMAC A128CBC-HS256, A192CBC-HS384, A256CBC-HS512
AES-GCM A128GCM, A192GCM, A256GCM
Compression Algorithm identifiers(s)
DEFLATE (RFC 1951) DEF

Supported key types

See below for a table of supported key types. These are understood by the library, and can be passed to corresponding functions such as NewEncrypter or NewSigner. Each of these keys can also be wrapped in a JWK if desired, which allows attaching a key id.

Algorithm(s) Corresponding types
RSA *rsa.PublicKey, *rsa.PrivateKey
ECDH, ECDSA *ecdsa.PublicKey, *ecdsa.PrivateKey
EdDSA1 ed25519.PublicKey, ed25519.PrivateKey
AES, HMAC []byte

1. Only available in version 2 or later of the package

Examples

godoc godoc

Examples can be found in the Godoc reference for this package. The jose-util subdirectory also contains a small command-line utility which might be useful as an example as well.

You can’t perform that action at this time.