jose项目旨在提供实现了JavaScript对象签名和加密的标准方法。主要用于JSONWeb加密和JSONWeb签名方面。
注意:该库包含加密软件,受到美国出口管理条例的限制。你不可以出口、再出口、转让或下载任何部分违反美国法律、任何指令或法规的代码。特别是这个软件不可以以任何形式或任何媒体出口或再出口到伊朗,北苏丹、叙利亚、古巴、朝鲜,以及任何我们屏蔽名单中的个人或者实体。
目前支持的算法包括:
KeyencryptionAlgorithmidentifier(s)RSA-PKCS#1v1.5RSA1_5RSA-OAEPRSA-OAEP,RSA-OAEP-256AESkeywrapA128KW,A192KW,A256KWAES-GCMkeywrapA128GCMKW,A192GCMKW,A256GCMKWECDH-ES+AESkeywrapECDH-ES+A128KW,ECDH-ES+A192KW,ECDH-ES+A256KWECDH-ES(direct)ECDH-ES1DirectencryptiondirSigning/MACAlgorithmidentifier(s)RSASSA-PKCS#1v1.5RS256,RS384,RS512RSASSA-PSSPS256,PS384,PS512HMACHS256,HS384,HS512ECDSAES256,ES384,ES512ContentencryptionAlgorithmidentifier(s)AES-CBC+HMACA128CBC-HS256,A192CBC-HS384,A256CBC-HS512AES-GCMA128GCM,A192GCM,A256GCMCompressionAlgorithmidentifiers(s)DEFLATE(RFC1951)DEF使用RSA加密和解密示例:
// Generate a public/private key pair to use for this example. The library// also provides two utility functions (LoadPublicKey and LoadPrivateKey)// that can be used to load keys from PEM/DER-encoded data.privateKey, err := rsa.GenerateKey(rand.Reader, 2048)if err != nil { panic(err)}// Instantiate an encrypter using RSA-OAEP with AES128-GCM. An error would// indicate that the selected algorithm(s) are not currently supported.publicKey := &privateKey.PublicKeyencrypter, err := NewEncrypter(RSA_OAEP, A128GCM, publicKey)if err != nil { panic(err)}// Encrypt a sample plaintext. Calling the encrypter returns an encrypted// JWE object, which can then be serialized for output afterwards. An error// would indicate a problem in an underlying cryptographic primitive.var plaintext = []byte("Lorem ipsum dolor sit amet")object, err := encrypter.Encrypt(plaintext)if err != nil { panic(err)}// Serialize the encrypted object using the full serialization format.// Alternatively you can also use the compact format here by calling// object.CompactSerialize() instead.serialized, err := object.FullSerialize()// Now let's instantiate a decrypter so we can get back the plaintext.decrypter, err := NewDecrypter(privateKey)if err != nil { panic(err)}// Parse the serialized, encrypted JWE object. An error would indicate that// the given input did not represent a valid message.object, err = Parse(serialized)if err != nil { panic(err)}// Now we can decrypt and get back our original plaintext. An error here// would indicate the the message failed to decrypt, e.g. because the auth// tag was broken and the message was tampered with.decrypted, err := decrypter.Decrypt(object)if err != nil { panic(err)}fmt.Printf(string(decrypted))// output: Lorem ipsum dolor sit amet
评论