jsonwebkey

JSON Web Key (JWK) (de)serialization, generation, and conversion.

Note: requires rustc nightly >= 1.45 for conveniences around fixed-size arrays.

Goals

tl;dr: get keys into a format that can be used by other crates; be as safe as possible while doing so.

• Serialization and deserialization of Required and Recommended key types (HS256, RS256, ES256)
• Conversion to PEM for interop with existing JWT libraries (e.g., jsonwebtoken)
• Key generation (particularly useful for testing)

Non-goals

• be a fully-featured JOSE framework

Examples

Deserializing from JSON

rust extern crate jsonwebkey as jwk; // Generated using https://mkjwk.org/. let jwt_str = r#"{ "kty": "oct", "use": "sig", "kid": "my signing key", "k": "Wpj30SfkzM_m0Sa_B2NqNw", "alg": "HS256" }"#; let jwk: jwk::JsonWebKey = jwt_str.parse().unwrap(); println!("{:#?}", jwk); // looks like `jwt_str` but with reordered fields.

Using with other crates

```rust extern crate jsonwebtoken as jwt; extern crate jsonwebkey as jwk;

[derive(serde::Serialize, serde::Deserialize)]

struct TokenClaims {}

let mut myjwk = jwk::JsonWebKey::new(jwk::Key::generatep256()); myjwk.setalgorithm(jwk::Algorithm::ES256);

let encodingkey = jwt::EncodingKey::fromecder(&myjwk.key.toder().unwrap()); let token = jwt::encode( &jwt::Header::new(myjwk.algorithm.unwrap().into()), &TokenClaims {}, &encoding_key, ).unwrap();

let publicpem = myjwk.key.topublic().unwrap().topem().unwrap(); let decodingkey = jwt::DecodingKey::fromecpem(publicpem.asbytes()).unwrap(); let mut validation = jwt::Validation::new(myjwk.algorithm.unwrap().into()); validation.validateexp = false; jwt::decode::(&token, &decodingkey, &validation).unwrap(); ```

Features

• convert - enables Key::{to_der, to_pem}. This pulls in the yasna crate.
• generate - enables Key::{generate_p256, generate_symmetric}. This pulls in the p256 and rand crates.
• jsonwebtoken - enables conversions to types in the jsonwebtoken crate.