3 unstable releases
new 0.2.0 | Jul 26, 2024 |
---|---|
0.1.1 | Sep 25, 2023 |
0.1.0 | Dec 15, 2022 |
#1515 in Cryptography
1,621 downloads per month
Used in 20 crates
(8 directly)
280KB
6K
SLoC
JSON Web Signature (JWS) implementation following RFC 7515 and RFC 7797 (Unencoded Payload Option).
Usage
Decoding & Verification
Use CompactJWS::verify
to decode a JWS.
use serde_json::json;
use ssi_jwk::JWK;
use ssi_jws::CompactJWSStr;
let jws = CompactJWSStr::new(b"eyJhbGciOiJFUzI1NiJ9.cGF5bG9hZA.LW6XkHmgfNnb2CA-2qdeMVGpekAoxRNsAHoeLpnton3QMaQ3dMj-5G9SlP8dHj7cHf2HtRPdy6-9LbxYKvumKw").unwrap();
let jwk: JWK = json!({
"kty": "EC",
"use": "sig",
"crv": "P-256",
"x": "dxdB360AJqJFYhdctoKZD_a_P6vLGAxtEVaCLnyraXQ",
"y": "iH6o0l5AECsfRuEw2Eghbrp-6Fob3j98-1Cbe1YOmwM",
"alg": "ES256"
}).try_into().unwrap();
assert!(jws.verify(&jwk).await.unwrap().is_ok());
Internally CompactJWS::verify
uses CompactJWS::to_decoded
to decode
the JWS, VerifiableClaims::into_verifiable
to separate the payload from
the signature then Verifiable::verify
to validate the signature.
let decoded_jws = jws.to_decoded().unwrap();
let verifiable_jws = decoded_jws.into_verifiable().await.unwrap();
assert_eq!(verifiable_jws.verify(&jwk).await.unwrap().is_ok());
You can use this method to decode the payload before the verification
(using DecodedJWS::try_map
for instance) so it can be verified along the
signature.
Signature
Use the JWSPayload::sign
method to sign a payload into a compact JWS.
use serde_json::json;
use ssi_jwk::JWK;
use ssi_jws::JWSPayload;
let jwk: JWK = json!({
"kty": "EC",
"d": "3KSLs0_obYeQXfEI9I3BBH5y7aOm028bEx3rW6i5UN4",
"use": "sig",
"crv": "P-256",
"x": "dxdB360AJqJFYhdctoKZD_a_P6vLGAxtEVaCLnyraXQ",
"y": "iH6o0l5AECsfRuEw2Eghbrp-6Fob3j98-1Cbe1YOmwM",
"alg": "ES256"
}).try_into().unwrap();
let jwt = "payload".sign(&jwk).await.unwrap();
assert_eq!(jwt, "eyJhbGciOiJFUzI1NiJ9.cGF5bG9hZA.LW6XkHmgfNnb2CA-2qdeMVGpekAoxRNsAHoeLpnton3QMaQ3dMj-5G9SlP8dHj7cHf2HtRPdy6-9LbxYKvumKw")
Dependencies
~22–44MB
~678K SLoC