Next: Demonstration of Proof of Possession, Previous: The Json Web Token, Up: Top [Contents][Index]
In order to sign and verify JWTs, you should load the (pomdappi
jwk)
module in order to manage keys. A JWK is a key; it can
either be an RSA public key, a RSA private key or both, or an elliptic
curve point, scalar, or both. In any case, the representation is an
alist, as a map from strings to strings, each key parameter being
encoded in base64 URL without padding.
Check whether x is an RSA or EC key, public, private or both.
Test if x is a JWK, and which key type. x can satisfy both
jwk-rsa-public-key?
and jwk-rsa-private-key?
, or both
jwk-ec-point?
and jwk-ec-scalar?
.
Return the key type of key: "RSA"
or "EC"
.
Get the curve refered to in the EC key. It is either
'P-256
, 'P-384
or 'P-521
(mind the last two
digits, “21”, in this order).
Get the key parameters, or #f
if key is not a JWK
or does not have it. The scalar value of an EC private key is obtained
with jwk-d
.
Create a key or key pair with the given key parameters. They should be
base64-url encoding without padding of the big-endian encoding of the
parameter as a number, except for crv which must be the symbol
'P-256
, 'P-384
or 'P-521
.
Strip the private members of key so that it can be sent to other parties. This way, key can be a key pair.
Generate a key pair of type kty: 'EC
or 'RSA
, with
the additional parameters as a keyword association. Depending on
the key type, you may want to pass keywords:
#:crv
, to set the curve (there is no default), as
'P-256
, 'P-384
or 'P-521
,
#:n-size
, to set the strength in bits of the RSA key pair,
#:e-size
or #:e
, to either set the exponent size in
bits, or use a fixed exponent. You don’t need to pass these parameters
to the key generation function, and if they are missing an exponent of
AQAB ^{1}, i.e. 65535,
is used.
In case you want to represent multiple keys at once, the JWK RFC also defines a JWK Set, containing exactly a list of public keys.
Check whether x is a JWKS.
Return the list of keys in x.
Make a JWKS out of keys. keys may be:
If any of the keys is not a public key (RSA public key or EC
point), the function returns #f
.
Once you have a key or a key set, you can sign or verify data, with
the (pomdappi jws)
module.
Return the base64 encoding of the signature of payload with
key, according to the algorithm (a symbol, 'RS256
and so on).
Verify that the signature has been made by key on payload, with the given algorithm. key may be a JWK or a JWKS.
Next: Demonstration of Proof of Possession, Previous: The Json Web Token, Up: Top [Contents][Index]