Next: , Previous: , Up: Top   [Contents][Index]

3 Json Web Keys

In order to sign and verify JWTs, you should load the (pomdappi jwk) module in order to manage keys. A JWK is a key; it can either be an RSA public key, a RSA private key or both, or an elliptic curve point, scalar, or both. In any case, the representation is an alist, as a map from strings to strings, each key parameter being encoded in base64 URL without padding.

predicate: jwk? x

Check whether x is an RSA or EC key, public, private or both.

predicate: jwk-rsa-public-key? x
predicate: jwk-rsa-private-key? x
predicate: jwk-ec-point? x
predicate: jwk-ec-scalar? x

Test if x is a JWK, and which key type. x can satisfy both jwk-rsa-public-key? and jwk-rsa-private-key?, or both jwk-ec-point? and jwk-ec-scalar?.

function: jwk-kty key

Return the key type of key: "RSA" or "EC".

function: jwk-crv key

Get the curve refered to in the EC key. It is either 'P-256, 'P-384 or 'P-521 (mind the last two digits, “21”, in this order).

function: jwk-n key
function: jwk-e key
function: jwk-x key
function: jwk-y key
function: jwk-d key
function: jwk-p key
function: jwk-q key
function: jwk-dp key
function: jwk-dq key
function: jwk-qi key

Get the key parameters, or #f if key is not a JWK or does not have it. The scalar value of an EC private key is obtained with jwk-d.

function: make-rsa-public-key n e
function: make-rsa-private-key d p q dp dq qi
function: make-rsa-key-pair n e d p q dp dq qi
function: make-ec-point crv x y
function: make-ec-scalar crv d
function: make-ec-key-pair crv x y d

Create a key or key pair with the given key parameters. They should be base64-url encoding without padding of the big-endian encoding of the parameter as a number, except for crv which must be the symbol 'P-256, 'P-384 or 'P-521.

function: jwk-public-part key

Strip the private members of key so that it can be sent to other parties. This way, key can be a key pair.

function: generate-keypair kty . parameters

Generate a key pair of type kty: 'EC or 'RSA, with the additional parameters as a keyword association. Depending on the key type, you may want to pass keywords:

In case you want to represent multiple keys at once, the JWK RFC also defines a JWK Set, containing exactly a list of public keys.

predicate: jwks? x

Check whether x is a JWKS.

function: jwks-keys x

Return the list of keys in x.

function: make-jwks keys

Make a JWKS out of keys. keys may be:

If any of the keys is not a public key (RSA public key or EC point), the function returns #f.

Once you have a key or a key set, you can sign or verify data, with the (pomdappi jws) module.

function: sign alg key payload

Return the base64 encoding of the signature of payload with key, according to the algorithm (a symbol, 'RS256 and so on).

function: verify alg key payload signature

Verify that the signature has been made by key on payload, with the given algorithm. key may be a JWK or a JWKS.



Default RSA keys do not like the police.

Next: , Previous: , Up: Top   [Contents][Index]