cbiedl
/
jose


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237
							.TH "jose_jwk" 3 "Tue May 30 2017" "José" \" -*- nroff -*-
.ad l
.nh
.SH NAME
jose_jwk \- JSON Web Keys (RFC 7517)  

.SH SYNOPSIS
.br
.PP
.SS "Functions"

.in +1c
.ti -1c
.RI "bool \fBjose_jwk_gen\fP (jose_cfg_t *cfg, json_t *jwk)"
.br
.RI "Generates a new JWK\&. "
.ti -1c
.RI "bool \fBjose_jwk_pub\fP (jose_cfg_t *cfg, json_t *jwk)"
.br
.RI "Removes all private key material from a JWK\&. "
.ti -1c
.RI "bool \fBjose_jwk_prm\fP (jose_cfg_t *cfg, const json_t *jwk, bool req, const char *op)"
.br
.RI "Determines if an operation is permitted for a JWK\&. "
.ti -1c
.RI "json_t * \fBjose_jwk_thp\fP (jose_cfg_t *cfg, const json_t *jwk, const char *alg)"
.br
.RI "Calculates the thumbprint of a JWK as a URL-safe Base64 encoded JSON string\&. "
.ti -1c
.RI "size_t \fBjose_jwk_thp_buf\fP (jose_cfg_t *cfg, const json_t *jwk, const char *alg, uint8_t *thp, size_t len)"
.br
.RI "Calculates the thumbprint of a JWK\&. "
.ti -1c
.RI "json_t * \fBjose_jwk_exc\fP (jose_cfg_t *cfg, const json_t *prv, const json_t *pub)"
.br
.RI "Perform a key exchange\&. "
.in -1c
.SH "Detailed Description"
.PP 
JSON Web Keys (RFC 7517) 

A JSON Web Key (JWS) is a standard data format for expresing cryptographic keys in JSON\&.
.PP
\fBSee also:\fP
.RS 4
https://tools.ietf.org/html/rfc7517 
.PP
https://tools.ietf.org/html/rfc7638 
.RE
.PP

.SH "Function Documentation"
.PP 
.SS "bool jose_jwk_gen (jose_cfg_t * cfg, json_t * jwk)"

.PP
Generates a new JWK\&. The JWK is generated using hints from the input in exactly the same format as you would find in the output\&. For example, the most common way to generate a key is to specify the algorithm you'd like to use the key with\&. For example (error handling omitted): 
.PP
.nf
json_t *gen(void) {
    json_auto_t *jwk = json_pack("{s:s}", "alg", "ES256");
    jose_jwk_gen(NULL, jwk);
    return json_incref(jwk);
}

.fi
.PP
.PP
This method is preferred because other metadata can be inferred from the algorithm name, such as the key usage\&. Additionally, the algorithm metadata can be used to automatically generate correct headers when creating signatures (JWS) or encryptions (JWE)\&. Thus, you should always default to creating keys by their algorithm usage\&.
.PP
However, should your requirements differ, you can also generate a key using raw parameters (again, error handling omitted): 
.PP
.nf
json_t *gen(void) {
    json_auto_t *jwk = json_pack("{s:s,s:s}", "kty", "EC", "crv", "P-256");
    jose_jwk_gen(NULL, jwk);
    return json_incref(jwk);
}

json_t *gen(void) {
    json_auto_t *jwk = json_pack("{s:s,s:i}", "kty", "RSA", "bits", 2048);
    jose_jwk_gen(NULL, jwk);
    return json_incref(jwk);
}

json_t *gen(void) {
    json_auto_t *jwk = json_pack("{s:s,s:i}", "kty", "oct", "bytes", 32);
    jose_jwk_gen(NULL, jwk);
    return json_incref(jwk);
}

.fi
.PP
.PP
In this case, 'bits' and 'bytes' will be removed from the final output\&.
.PP
\fBSee also:\fP
.RS 4
https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms 
.RE
.PP
\fBParameters:\fP
.RS 4
\fIcfg\fP The configuration context (optional)\&. 
.br
\fIjwk\fP The JWK to generate\&. 
.RE
.PP
\fBReturns:\fP
.RS 4
On success, true\&. Otherwise, false\&. 
.RE
.PP

.SS "bool jose_jwk_pub (jose_cfg_t * cfg, json_t * jwk)"

.PP
Removes all private key material from a JWK\&. In addition, this function will remove any key operations from the \fCkey_ops\fP JWK property (if present) that apply only to the private key\&.
.PP
This function should be used before exporting keys to third parties\&.
.PP
\fBParameters:\fP
.RS 4
\fIcfg\fP The configuration context (optional)\&. 
.br
\fIjwk\fP The JWK to remove private keys from\&. 
.RE
.PP
\fBReturns:\fP
.RS 4
On success, true\&. Otherwise, false\&. 
.RE
.PP

.SS "bool jose_jwk_prm (jose_cfg_t * cfg, const json_t * jwk, bool req, const char * op)"

.PP
Determines if an operation is permitted for a JWK\&. The operation to be confirmed (\fCop\fP) is always specified according to the syntax of the 'key_ops' JWK property, even when the 'use' property is defined on the JWK\&.
.PP
This function has two modes of operation\&. If \fCreq\fP is false, then JWKs which do not have any key use metadata will be approved for this operation\&. However, if \fCreq\fP is true then this metadata will be required for approval\&.
.PP
\fBParameters:\fP
.RS 4
\fIcfg\fP The configuration context (optional)\&. 
.br
\fIjwk\fP The JWK from which to remove private keys\&. 
.br
\fIreq\fP Whether JWK key use metadata is required or not\&. 
.br
\fIop\fP The opperation to seek approval for\&. 
.RE
.PP
\fBReturns:\fP
.RS 4
When the JWK is approved, true\&. Otherwise, false\&. 
.RE
.PP

.SS "json_t* jose_jwk_thp (jose_cfg_t * cfg, const json_t * jwk, const char * alg)"

.PP
Calculates the thumbprint of a JWK as a URL-safe Base64 encoded JSON string\&. This function is a thin wrapper around \fBjose_jwk_thp_buf()\fP\&.
.PP
\fBSee also:\fP
.RS 4
\fBjose_jwk_thp_buf()\fP 
.RE
.PP
\fBParameters:\fP
.RS 4
\fIcfg\fP The configuration context (optional)\&. 
.br
\fIjwk\fP The JWK to calculate the thumbprint for\&. 
.br
\fIalg\fP The hash algorithm to use\&. 
.RE
.PP
\fBReturns:\fP
.RS 4
On success, a newly-allocated JSON string\&. Otherwise, NULL\&. 
.RE
.PP

.SS "size_t jose_jwk_thp_buf (jose_cfg_t * cfg, const json_t * jwk, const char * alg, uint8_t * thp, size_t len)"

.PP
Calculates the thumbprint of a JWK\&. This function calculates the thumbprint of a JWK according to the method defined by RFC 7638\&.
.PP
If \fCthp\fP is NULL, this function returns the size of the buffer required for the thumbprint output\&.
.PP
\fBSee also:\fP
.RS 4
https://tools.ietf.org/html/rfc7638 
.RE
.PP
\fBParameters:\fP
.RS 4
\fIcfg\fP The configuration context (optional)\&. 
.br
\fIjwk\fP The JWK to calculate the thumbprint for\&. 
.br
\fIalg\fP The hash algorithm to use\&. 
.br
\fIthp\fP The output hash buffer\&. 
.br
\fIlen\fP The size of the output hash buffer\&. 
.RE
.PP
\fBReturns:\fP
.RS 4
On success, the number of bytes written\&. Otherwise, SIZE_MAX\&. 
.RE
.PP

.SS "json_t* jose_jwk_exc (jose_cfg_t * cfg, const json_t * prv, const json_t * pub)"

.PP
Perform a key exchange\&. The only currently implemented algorithm is ECDH\&.
.PP
\fBParameters:\fP
.RS 4
\fIcfg\fP The configuration context (optional)\&. 
.br
\fIprv\fP The private JWK\&. 
.br
\fIpub\fP The public JWK\&. 
.RE
.PP
\fBReturns:\fP
.RS 4
On success, the JWK result of the key exchange\&. Otherwise, NULL\&. 
.RE
.PP

.SH "Author"
.PP 
Generated automatically by Doxygen for José from the source code\&.