jsonwebkey

JSON Web Key (JWK) (de)serialization, generation, and conversion.

Note: requires rustc nightly >= 1.45 for conveniences around fixed-size arrays.

Goals

tl;dr: get keys into a format that can be used by other crates; be as safe as possible while doing so.

• Serialization and deserialization of Required and Recommended key types (HS256, RS256, ES256)
• Conversion to PEM for interop with existing JWT libraries (e.g., jsonwebtoken)
• Key generation (particularly useful for testing)

Non-goals

• be a fully-featured JOSE framework

Examples

Deserializing from JSON

rust extern crate jsonwebkey as jwk; // Generated using https://mkjwk.org/. let jwt_str = r#"{ "kty": "oct", "use": "sig", "kid": "my signing key", "k": "Wpj30SfkzM_m0Sa_B2NqNw", "alg": "HS256" }"#; let the_jwk: jwk::JsonWebKey = jwt_str.parse().unwrap(); println!("{:#?}", the_jwk); // looks like `jwt_str` but with reordered fields.

Using with other crates

```rust

[cfg(all(feature = "generate", feature = "jwt-convert"))] {

extern crate jsonwebtoken as jwt; extern crate jsonwebkey as jwk;

[derive(serde::Serialize, serde::Deserialize)]

struct TokenClaims {}

let mut myjwk = jwk::JsonWebKey::new(jwk::Key::generatep256()); myjwk.setalgorithm(jwk::Algorithm::ES256);

let alg: jwt::Algorithm = myjwk.algorithm.unwrap().into(); let token = jwt::encode( &jwt::Header::new(alg), &TokenClaims {}, &myjwk.key.toencodingkey(), ).unwrap();

let mut validation = jwt::Validation::new(alg); validation.validateexp = false; jwt::decode::(&token, &myjwk.key.todecodingkey(), &validation).unwrap(); } ```

Features

• pkcs-convert - enables Key::{to_der, to_pem}. This pulls in the yasna crate.
• generate - enables Key::{generate_p256, generate_symmetric}. This pulls in the p256 and rand crates.
• jwt-convert - enables conversions to types in the jsonwebtoken crate.