Lib.rs

Cryptography
#jwt #jws #tbtl

bh-jws-utils

TBTL's library for handling JSON Web Signatures (JWS)

Owned by tbtldevops.

7 releases (breaking)

0.6.0 Nov 4, 2025
0.5.1 Sep 12, 2025
0.4.0 Sep 3, 2025
0.3.0 Apr 22, 2025
0.1.0 Apr 1, 2025

#1743 in Cryptography

Download history 12/week @ 2025-08-01 86/week @ 2025-08-08 36/week @ 2025-08-15 51/week @ 2025-08-22 247/week @ 2025-08-29 393/week @ 2025-09-05 314/week @ 2025-09-12 101/week @ 2025-09-19 179/week @ 2025-09-26 176/week @ 2025-10-03 272/week @ 2025-10-10 124/week @ 2025-10-17 100/week @ 2025-10-24 154/week @ 2025-10-31 121/week @ 2025-11-07 52/week @ 2025-11-14

439 downloads per month
Used in 3 crates

Custom license

170KB
2.5K SLoC

This crate provides functions and types for working with JSON Web Signatures (JWS).

Details

The primary way to use this library is via the JwtSigner and JwtVerifier traits, which provide functionality for signing JWTs and verifying signed JWTs. A default openssl backed implementation of these traits is available by using the openssl_impl::Es256Signer and openssl_impl::Es256Verifier structs which implement JwtSigner and JwtVerifier respectively. These implementations are available under the default feature openssl which can be disabled and replaced by a custom implementation.

A custom implementation must implement the Signer trait for signing JWKs, SignatureVerifier trait for verifying signatures and optionally the HasJwkKid trait if you need to access the JWK key id. The JwtSigner and JwtVerifier traits are implemented automatically for the custom implementation if the custom implementation implements the Signer and SignatureVerifier traits respectively.

Examples

Sign and verify a JWT

use bh_jws_utils::{json_object, Es256Signer, Es256Verifier, JwtSigner, JwtVerifier};

// Construct a new signer
let signer = Es256Signer::generate("dummy-kid".to_string()).unwrap();

// Construct a JWT
let dummy_jwt = json_object!({
   "sub": "1234567890",
   "name": "John Doe",
   "iat": 1516239022
});

// Sign the JWT
let signed_jwt = signer.sign_jwt(dummy_jwt).unwrap();

// Get the public JWK for verification
let public_jwk = signer.public_jwk().unwrap();

// Verify the JWT
let token: serde_json::Value = Es256Verifier
    .verify_jwt_signature(signed_jwt.as_str(), &public_jwk)
    .unwrap();

bh-jws-utils

This library provides functionality for working with JSON Web Signatures (JWS) for use in other The Blockhouse Technology Limited (TBTL) projects.

Details

The primary way to use this library is via the JwtSigner and JwtVerifier traits, which provide functionality for signing JWTs and verifying signed JWTs. A default openssl backed implementation of these traits is available by using the openssl_impl::Es256Signer and openssl:impl:Es256Verifier structs which implement JwtSigner and JwtVerifier respectively.

For additional documentation & examples, take a look at the crate documentation.

Changelog

The changelog can be found here.

License

Licensed under GNU Affero General Public License, Version 3.

Dependencies

~8MB
~167K SLoC