Safe Haskell | None |
---|---|
Language | Haskell2010 |
Internal functions for encrypting and signing / decrypting and verifying JWT content.
- hmacSign :: JwsAlg -> ByteString -> ByteString -> Either JwtError ByteString
- hmacVerify :: JwsAlg -> ByteString -> ByteString -> ByteString -> Bool
- rsaSign :: Maybe Blinder -> JwsAlg -> PrivateKey -> ByteString -> Either JwtError ByteString
- rsaVerify :: JwsAlg -> PublicKey -> ByteString -> ByteString -> Bool
- rsaEncrypt :: CPRG g => g -> JweAlg -> PublicKey -> ByteString -> (ByteString, g)
- rsaDecrypt :: Maybe Blinder -> JweAlg -> PrivateKey -> ByteString -> Either JwtError ByteString
- ecVerify :: JwsAlg -> PublicKey -> ByteString -> ByteString -> Bool
- encryptPayload :: Enc -> ByteString -> ByteString -> ByteString -> ByteString -> (ByteString, AuthTag)
- decryptPayload :: MonadError JwtError m => Enc -> ByteString -> ByteString -> ByteString -> ByteString -> ByteString -> m ByteString
- generateCmkAndIV :: CPRG g => g -> Enc -> ((ByteString, ByteString), g)
Documentation
:: JwsAlg | HMAC algorithm to use |
-> ByteString | Key |
-> ByteString | The message/content |
-> Either JwtError ByteString | HMAC output |
Sign a message with an HMAC key.
:: JwsAlg | HMAC Algorithm to use |
-> ByteString | Key |
-> ByteString | The message/content |
-> ByteString | The signature to check |
-> Bool | Whether the signature is correct |
Verify the HMAC for a given message.
Returns false if the MAC is incorrect or the Alg
is not an HMAC.
:: Maybe Blinder | RSA blinder |
-> JwsAlg | Algorithm to use. Must be one of |
-> PrivateKey | Private key to sign with |
-> ByteString | Message to sign |
-> Either JwtError ByteString | The signature |
Sign a message using an RSA private key.
The failure condition should only occur if the algorithm is not an RSA algorithm, or the RSA key is too small, causing the padding of the signature to fail. With real-world RSA keys this shouldn't happen in practice.
:: JwsAlg | The signature algorithm. Used to obtain the hash function. |
-> PublicKey | The key to check the signature with |
-> ByteString | The message/content |
-> ByteString | The signature to check |
-> Bool | Whether the signature is correct |
Verify the signature for a message using an RSA public key.
Returns false if the check fails or if the Alg
value is not
an RSA signature algorithm.
:: CPRG g | |
=> g | Random number generator |
-> JweAlg | The algorithm (either |
-> PublicKey | The encryption key |
-> ByteString | The message to encrypt |
-> (ByteString, g) | The encrypted messaged and new generator |
Encrypts a message (typically a symmetric key) using RSA.
:: Maybe Blinder | |
-> JweAlg | The RSA algorithm to use |
-> PrivateKey | The decryption key |
-> ByteString | The encrypted content |
-> Either JwtError ByteString | The decrypted key |
Decrypts an RSA encrypted message.
:: JwsAlg | The signature algorithm. Used to obtain the hash function. |
-> PublicKey | The key to check the signature with |
-> ByteString | The message/content |
-> ByteString | The signature to check |
-> Bool | Whether the signature is correct |
Verify the signature for a message using an EC public key.
Returns false if the check fails or if the Alg
value is not
an EC signature algorithm.
:: Enc | Encryption algorithm |
-> ByteString | Content management key |
-> ByteString | IV |
-> ByteString | Additional authenticated data |
-> ByteString | The message/JWT claims |
-> (ByteString, AuthTag) | Ciphertext claims and signature tag |
Encrypt a message using AES.
:: MonadError JwtError m | |
=> Enc | Encryption algorithm |
-> ByteString | Content management key |
-> ByteString | IV |
-> ByteString | Additional authentication data |
-> ByteString | The integrity protection value to be checked |
-> ByteString | The encrypted JWT payload |
-> m ByteString |
Decrypt an AES encrypted message.
:: CPRG g | |
=> g | The random number generator |
-> Enc | The encryption algorithm to be used |
-> ((ByteString, ByteString), g) | The key, IV and generator |
Generates the symmetric key (content management key) and IV
Used to encrypt a message.