Cross-platform RSA & EC keypair generation, signing and verification - suitable for JWT, JOSE, and asymmetric cryptography.
Go to file
AJ ONeal d823672eb4 add /pem 2019-03-06 15:59:11 -07:00
fixtures test rsa private keys 2019-02-07 20:05:26 +00:00
keyfetch add tests for implicit issuer 2019-03-06 14:59:25 -07:00
keyserve add /pem 2019-03-06 15:59:11 -07:00
README.md add README.md 2019-02-11 18:48:18 +00:00
doc.go doc cleanup 2019-02-21 00:14:28 +00:00
go.mod move fetch to own package 2019-02-20 19:59:22 +00:00
keypairs.go add generic http handler for JWKs URL 2019-02-28 15:31:10 -07:00
keypairs_test.go test rsa private keys 2019-02-07 20:05:26 +00:00

README.md

go-keypairs

The lightest touch over top of Go's crypto/ecdsa and crypto/rsa to make them typesafe and to provide JSON Web Key (JWK) support.

Documentation

Use the source, Luke!

https://godoc.org/github.com/big-squid/go-keypairs

Philosophy

Always remember:

Don't roll your own crypto.

But also remember:

Just because you don't know someone doesn't make them smart.

Don't get the two mixed up!

(furthermore, just because you do know someone doesn't make them not smart)

Although I would not want to invent my own cryptographic algorithm, I've read enough source code to know that, for standards I know well, I feel much more confident in the security, extensibility, and documentation of tooling that I've write myself.

Type Safety

Go has excellent crytography support and provides wonderful primitives for dealing with them. Its Achilles' heel is they're not typesafe!

As of Go 1.11.5 crypto.PublicKey and crypto.PrivateKey are "marker interfaces" or, in other words, empty interfaces that only serve to document intent without actually providing a constraint to the type system.

go-keypairs defines type keypairs.PrivateKey interface { Public() crypto.PublicKey }, which is implemented by crypto/rsa and crypto/ecdsa (but not crypto/dsa, which we really don't care that much about).

Since there are no common methods between rsa.PublicKey and ecdsa.PublicKey, go-keypairs lightly wraps each to implement Thumbprint() string (part of the JOSE/JWK spec).

JSON Web Key "codec"

Although there are many, many ways that JWKs could be interpreted (possibly why they haven't made it into the standard library), go-keypairs follows the basic pattern of encoding/x509 to Parse and Marshal only the most basic and most meaningful parts of a key.

I highly recommend that you use Thumbprint() for KeyID you also get the benefit of not losing information when encoding and decoding between the ASN.1, x509, PEM, and JWK formats.