#json #jwk #jsonwebkey

jsonwebkey

JSON Web Key (JWK) (de)serialization, generation, and conversion

9 releases

0.3.4 Jul 28, 2021
0.3.2 Apr 28, 2021
0.3.1 Jan 26, 2021
0.2.0 Jul 17, 2020
0.0.3 Jul 13, 2020

#23 in Authentication

Download history 452/week @ 2021-10-03 865/week @ 2021-10-10 1374/week @ 2021-10-17 1117/week @ 2021-10-24 2047/week @ 2021-10-31 1485/week @ 2021-11-07 943/week @ 2021-11-14 662/week @ 2021-11-21 759/week @ 2021-11-28 850/week @ 2021-12-05 534/week @ 2021-12-12 401/week @ 2021-12-19 369/week @ 2021-12-26 609/week @ 2022-01-02 674/week @ 2022-01-09 550/week @ 2022-01-16

2,212 downloads per month
Used in 8 crates (5 directly)

MIT license

52KB
1K SLoC

jsonwebkey

crates.io docs.rs codecov

JSON Web Key (JWK) (de)serialization, generation, and conversion.

Goals

tl;dr: get keys into a format that can be used by other crates; be as safe as possible while doing so.

  • Serialization and deserialization of Required and Recommended key types (HS256, RS256, ES256)
  • Conversion to PEM for interop with existing JWT libraries (e.g., jsonwebtoken)
  • Key generation (particularly useful for testing)

Non-goals

  • be a fully-featured JOSE framework

Examples

Deserializing from JSON

extern crate jsonwebkey as jwk;
// Generated using https://mkjwk.org/.
let jwt_str = r#"{
   "kty": "oct",
   "use": "sig",
   "kid": "my signing key",
   "k": "Wpj30SfkzM_m0Sa_B2NqNw",
   "alg": "HS256"
}"#;
let the_jwk: jwk::JsonWebKey = jwt_str.parse().unwrap();
println!("{:#?}", the_jwk); // looks like `jwt_str` but with reordered fields.

Using with other crates

#[cfg(all(feature = "generate", feature = "jwt-convert"))] {
extern crate jsonwebtoken as jwt;
extern crate jsonwebkey as jwk;

#[derive(serde::Serialize, serde::Deserialize)]
struct TokenClaims {}

let mut my_jwk = jwk::JsonWebKey::new(jwk::Key::generate_p256());
my_jwk.set_algorithm(jwk::Algorithm::ES256);

let alg: jwt::Algorithm = my_jwk.algorithm.unwrap().into();
let token = jwt::encode(
    &jwt::Header::new(alg),
    &TokenClaims {},
    &my_jwk.key.to_encoding_key(),
).unwrap();

let mut validation = jwt::Validation::new(alg);
validation.validate_exp = false;
jwt::decode::<TokenClaims>(&token, &my_jwk.key.to_decoding_key(), &validation).unwrap();
}

Features

  • pkcs-convert - enables Key::{to_der, to_pem}. This pulls in the yasna crate.
  • generate - enables Key::{generate_p256, generate_symmetric}. This pulls in the p256 and rand crates.
  • jwt-convert - enables conversions to types in the jsonwebtoken crate.

Dependencies

~1.2–4.5MB
~104K SLoC

a