keypairs/README.md

# [keypairs](https://git.rootprojects.org/root/keypairs)

A cross-platform Command Line Tool and Golang Library that works
with RSA, ECDSA, PEM, DER, JWK, and the JOSE suite.

# Keypairs CLI

Generates, signs, and verifies with NIST-strength asymmetric keys.

```bash
# Generate JSON Web Keys (JWKs)
keypairs gen > key.jwk.json 2> pub.jwk.json

# Generate PEM (or DER) Keys, by extension
keypairs gen --key key.pem --pub pub.pem

# Sign a payload
keypairs sign key.jwk.json --exp 1h '{ "sub": "me@example.com" }' > token.jwt 2> sig.jws

# Verify a signature
keypairs verify pub.jwk.json token.jwt
```

Cheat Sheet at <https://webinstall.dev/keypairs>.

### Install

**Mac**, **Linux**:

```bash
curl -sS https://webinstall.dev/keypairs | bash
```

**Windows 10**:

```bash
curl.exe -A MS https://webinstall.dev/keypairs | powershell
```

# Keypairs Go Library

JSON Web Key (JWK) support and type safety lightly placed over top of Go's `crypto/ecdsa` and `crypto/rsa`

Useful for JWT, JOSE, etc.

```go
key, err := keypairs.ParsePrivateKey(bytesForJWKOrPEMOrDER)

pub, err := keypairs.ParsePublicKey(bytesForJWKOrPEMOrDER)

jwk, err := keypairs.MarshalJWKPublicKey(pub, time.Now().Add(2 * time.Day))

kid, err := keypairs.ThumbprintPublicKey(pub)
```

# GoDoc API Documentation

See <https://pkg.go.dev/git.rootprojects.org/root/keypairs>

# Philosophy

Go's standard library is great.

Go has _excellent_ crytography support and provides wonderful
primitives for dealing with them.

I prefer to stay as close to Go's `crypto` package as possible,
just adding a light touch for JWT support and type safety.

# Type Safety

`crypto.PublicKey` is a "marker interface", meaning that it is **not typesafe**!

`go-keypairs` defines `type keypairs.PrivateKey interface { Public() crypto.PublicKey }`,
which is implemented by `crypto/rsa` and `crypto/ecdsa`
(but not `crypto/dsa`, which we really don't care that much about).

Go1.15 will add `[PublicKey.Equal(crypto.PublicKey)](https://github.com/golang/go/issues/21704)`,
which will make it possible to remove the additional wrapper over `PublicKey`
and use an interface instead.

Since there are no common methods between `rsa.PublicKey` and `ecdsa.PublicKey`,
go-keypairs lightly wraps each to implement `Thumbprint() string` (part of the JOSE/JWK spec).

## JSON Web Key (JWK) as a "codec"

Although there are many, many ways that JWKs could be interpreted
(possibly why they haven't made it into the standard library), `go-keypairs`
follows the basic pattern of `encoding/x509` to `Parse` and `Marshal`
only the most basic and most meaningful parts of a key.

I highly recommend that you use `Thumbprint()` for `KeyID` you also
get the benefit of not losing information when encoding and decoding
between the ASN.1, x509, PEM, and JWK formats.

# LICENSE

Copyright (c) 2020-present AJ ONeal \
Copyright (c) 2018-2019 Big Squid, Inc.

This work is licensed under the terms of the MIT license. \
For a copy, see <https://opensource.org/licenses/MIT>.
update doc links and author info 2020-10-02 05:58:33 +00:00			`# [keypairs](https://git.rootprojects.org/root/keypairs)`
add README.md 2019-02-11 18:48:18 +00:00
doc: update README and help 2020-10-21 10:26:53 +00:00			`A cross-platform Command Line Tool and Golang Library that works`
			`with RSA, ECDSA, PEM, DER, JWK, and the JOSE suite.`

			`# Keypairs CLI`

			`Generates, signs, and verifies with NIST-strength asymmetric keys.`

			```bash
			`# Generate JSON Web Keys (JWKs)`
			`keypairs gen > key.jwk.json 2> pub.jwk.json`

			`# Generate PEM (or DER) Keys, by extension`
			`keypairs gen --key key.pem --pub pub.pem`

			`# Sign a payload`
			`keypairs sign key.jwk.json --exp 1h '{ "sub": "me@example.com" }' > token.jwt 2> sig.jws`

			`# Verify a signature`
			`keypairs verify pub.jwk.json token.jwt`
			```

			`Cheat Sheet at <https://webinstall.dev/keypairs>.`

			`### Install`

			`Mac, Linux:`

			```bash
			`curl -sS https://webinstall.dev/keypairs \| bash`
			```

			`Windows 10:`

			```bash
			`curl.exe -A MS https://webinstall.dev/keypairs \| powershell`
			```

			`# Keypairs Go Library`

go lint and update docs 2020-04-10 17:59:44 +00:00			JSON Web Key (JWK) support and type safety lightly placed over top of Go's `crypto/ecdsa` and `crypto/rsa`
add README.md 2019-02-11 18:48:18 +00:00
go lint and update docs 2020-04-10 17:59:44 +00:00			`Useful for JWT, JOSE, etc.`
add README.md 2019-02-11 18:48:18 +00:00
go lint and update docs 2020-04-10 17:59:44 +00:00			```go
			`key, err := keypairs.ParsePrivateKey(bytesForJWKOrPEMOrDER)`
add README.md 2019-02-11 18:48:18 +00:00
go lint and update docs 2020-04-10 17:59:44 +00:00			`pub, err := keypairs.ParsePublicKey(bytesForJWKOrPEMOrDER)`
add README.md 2019-02-11 18:48:18 +00:00
go lint and update docs 2020-04-10 17:59:44 +00:00			`jwk, err := keypairs.MarshalJWKPublicKey(pub, time.Now().Add(2 * time.Day))`
add README.md 2019-02-11 18:48:18 +00:00
go lint and update docs 2020-04-10 17:59:44 +00:00			`kid, err := keypairs.ThumbprintPublicKey(pub)`
			```
add README.md 2019-02-11 18:48:18 +00:00
update doc links and author info 2020-10-02 05:58:33 +00:00			`# GoDoc API Documentation`
add README.md 2019-02-11 18:48:18 +00:00
update documented import path 2020-05-10 19:11:26 +00:00			`See <https://pkg.go.dev/git.rootprojects.org/root/keypairs>`
add README.md 2019-02-11 18:48:18 +00:00
go lint and update docs 2020-04-10 17:59:44 +00:00			`# Philosophy`
add README.md 2019-02-11 18:48:18 +00:00
go lint and update docs 2020-04-10 17:59:44 +00:00			`Go's standard library is great.`
add README.md 2019-02-11 18:48:18 +00:00
go lint and update docs 2020-04-10 17:59:44 +00:00			`Go has _excellent_ crytography support and provides wonderful`
			`primitives for dealing with them.`
add README.md 2019-02-11 18:48:18 +00:00
go lint and update docs 2020-04-10 17:59:44 +00:00			I prefer to stay as close to Go's `crypto` package as possible,
			`just adding a light touch for JWT support and type safety.`
add README.md 2019-02-11 18:48:18 +00:00
			`# Type Safety`

go lint and update docs 2020-04-10 17:59:44 +00:00			`crypto.PublicKey` is a "marker interface", meaning that it is not typesafe!
add README.md 2019-02-11 18:48:18 +00:00
go lint and update docs 2020-04-10 17:59:44 +00:00			`go-keypairs` defines `type keypairs.PrivateKey interface { Public() crypto.PublicKey }`,
add README.md 2019-02-11 18:48:18 +00:00			which is implemented by `crypto/rsa` and `crypto/ecdsa`
			(but not `crypto/dsa`, which we really don't care that much about).

go lint and update docs 2020-04-10 17:59:44 +00:00			Go1.15 will add `[PublicKey.Equal(crypto.PublicKey)](https://github.com/golang/go/issues/21704)`,
			which will make it possible to remove the additional wrapper over `PublicKey`
			`and use an interface instead.`

add README.md 2019-02-11 18:48:18 +00:00			Since there are no common methods between `rsa.PublicKey` and `ecdsa.PublicKey`,
			go-keypairs lightly wraps each to implement `Thumbprint() string` (part of the JOSE/JWK spec).

go lint and update docs 2020-04-10 17:59:44 +00:00			`## JSON Web Key (JWK) as a "codec"`
add README.md 2019-02-11 18:48:18 +00:00
			`Although there are many, many ways that JWKs could be interpreted`
go lint and update docs 2020-04-10 17:59:44 +00:00			(possibly why they haven't made it into the standard library), `go-keypairs`
			follows the basic pattern of `encoding/x509` to `Parse` and `Marshal`
add README.md 2019-02-11 18:48:18 +00:00			`only the most basic and most meaningful parts of a key.`

			I highly recommend that you use `Thumbprint()` for `KeyID` you also
			`get the benefit of not losing information when encoding and decoding`
			`between the ASN.1, x509, PEM, and JWK formats.`
add MIT license 2019-08-19 20:48:28 +00:00
			`# LICENSE`

whitespace 2020-10-02 05:59:41 +00:00			`Copyright (c) 2020-present AJ ONeal \`
add MIT license 2019-08-19 20:48:28 +00:00			`Copyright (c) 2018-2019 Big Squid, Inc.`

whitespace 2020-10-02 05:59:41 +00:00			`This work is licensed under the terms of the MIT license. \`
add MIT license 2019-08-19 20:48:28 +00:00			`For a copy, see <https://opensource.org/licenses/MIT>.`