Cross-platform RSA & EC keypair generation, signing and verification - suitable for JWT, JOSE, and asymmetric cryptography.
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
 
 
AJ ONeal 88a0b05c2f update usage example il y a 3 ans
cmd/keypairs update usage example il y a 3 ans
examples update documented import path il y a 4 ans
fixtures friendlier error reporting il y a 5 ans
keyfetch transitioning to go1.15 PublicKey interface il y a 3 ans
keyserve transitioning to go1.15 PublicKey interface il y a 3 ans
.gitignore fix flag parsing il y a 4 ans
.goreleaser.yml add goreleaser il y a 3 ans
AUTHORS update doc links and author info il y a 4 ans
LICENSE add MIT license il y a 5 ans
README.md doc: update README and help il y a 3 ans
cli_test.sh add verify subcommand il y a 4 ans
doc.go update canonical import path il y a 4 ans
generate.go add verify subcommand il y a 4 ans
go.mod update canonical import path il y a 4 ans
jwk.go add verify subcommand il y a 4 ans
jws.go add verify subcommand il y a 4 ans
keypairs.go transitioning to go1.15 PublicKey interface il y a 3 ans
keypairs_test.go friendlier error reporting il y a 5 ans
marshal.go transitioning to go1.15 PublicKey interface il y a 3 ans
mock.go add verify subcommand il y a 4 ans
sign.go transitioning to go1.15 PublicKey interface il y a 3 ans
verify.go transitioning to go1.15 PublicKey interface il y a 3 ans

README.md

keypairs

A cross-platform Command Line Tool and Golang Library that works with RSA, ECDSA, PEM, DER, JWK, and the JOSE suite.

Keypairs CLI

Generates, signs, and verifies with NIST-strength asymmetric keys.

# Generate JSON Web Keys (JWKs)
keypairs gen > key.jwk.json 2> pub.jwk.json

# Generate PEM (or DER) Keys, by extension
keypairs gen --key key.pem --pub pub.pem

# Sign a payload
keypairs sign key.jwk.json --exp 1h '{ "sub": "me@example.com" }' > token.jwt 2> sig.jws

# Verify a signature
keypairs verify pub.jwk.json token.jwt

Cheat Sheet at https://webinstall.dev/keypairs.

Install

Mac, Linux:

curl -sS https://webinstall.dev/keypairs | bash

Windows 10:

curl.exe -A MS https://webinstall.dev/keypairs | powershell

Keypairs Go Library

JSON Web Key (JWK) support and type safety lightly placed over top of Go's crypto/ecdsa and crypto/rsa

Useful for JWT, JOSE, etc.

key, err := keypairs.ParsePrivateKey(bytesForJWKOrPEMOrDER)

pub, err := keypairs.ParsePublicKey(bytesForJWKOrPEMOrDER)

jwk, err := keypairs.MarshalJWKPublicKey(pub, time.Now().Add(2 * time.Day))

kid, err := keypairs.ThumbprintPublicKey(pub)

GoDoc API Documentation

See https://pkg.go.dev/git.rootprojects.org/root/keypairs

Philosophy

Go's standard library is great.

Go has excellent crytography support and provides wonderful primitives for dealing with them.

I prefer to stay as close to Go's crypto package as possible, just adding a light touch for JWT support and type safety.

Type Safety

crypto.PublicKey is a "marker interface", meaning that it is not typesafe!

go-keypairs defines type keypairs.PrivateKey interface { Public() crypto.PublicKey }, which is implemented by crypto/rsa and crypto/ecdsa (but not crypto/dsa, which we really don't care that much about).

Go1.15 will add [PublicKey.Equal(crypto.PublicKey)](https://github.com/golang/go/issues/21704), which will make it possible to remove the additional wrapper over PublicKey and use an interface instead.

Since there are no common methods between rsa.PublicKey and ecdsa.PublicKey, go-keypairs lightly wraps each to implement Thumbprint() string (part of the JOSE/JWK spec).

JSON Web Key (JWK) as a "codec"

Although there are many, many ways that JWKs could be interpreted (possibly why they haven't made it into the standard library), go-keypairs follows the basic pattern of encoding/x509 to Parse and Marshal only the most basic and most meaningful parts of a key.

I highly recommend that you use Thumbprint() for KeyID you also get the benefit of not losing information when encoding and decoding between the ASN.1, x509, PEM, and JWK formats.

LICENSE

Copyright (c) 2020-present AJ ONeal
Copyright (c) 2018-2019 Big Squid, Inc.

This work is licensed under the terms of the MIT license.
For a copy, see https://opensource.org/licenses/MIT.