In order to sign and verify JWTs, you should load the
jwk) module in order to manage keys. A JWK is a key; it can
either be an RSA public key, a RSA private key or both, or an elliptic
curve point, scalar, or both. In any case, the representation is an
alist, as a map from strings to strings, each key parameter being
encoded in base64 URL without padding.
Check whether x is an RSA or EC key, public, private or both.
Test if x is a JWK, and which key type. x can satisfy both
jwk-rsa-private-key?, or both
Return the key type of key:
Get the curve refered to in the EC key. It is either
'P-521 (mind the last two
digits, “21”, in this order).
Get the key parameters, or
#f if key is not a JWK
or does not have it. The scalar value of an EC private key is obtained
Create a key or key pair with the given key parameters. They should be
base64-url encoding without padding of the big-endian encoding of the
parameter as a number, except for crv which must be the symbol
Strip the private members of key so that it can be sent to other parties. This way, key can be a key pair.
Generate a key pair of type kty:
the additional parameters as a keyword association. Depending on
the key type, you may want to pass keywords:
#:crv, to set the curve (there is no default), as
#:n-size, to set the strength in bits of the RSA key pair,
#:e, to either set the exponent size in bits, or use a fixed exponent. You don’t need to pass these parameters to the key generation function, and if they are missing an exponent of AQAB 1, i.e. 65535, is used.
In case you want to represent multiple keys at once, the JWK RFC also defines a JWK Set, containing exactly a list of public keys.
Check whether x is a JWKS.
Return the list of keys in x.
Make a JWKS out of keys. keys may be:
If any of the keys is not a public key (RSA public key or EC
point), the function returns
Once you have a key or a key set, you can sign or verify data, with
(pomdappi jws) module.
Return the base64 encoding of the signature of payload with
key, according to the algorithm (a symbol,
and so on).
Verify that the signature has been made by key on payload, with the given algorithm. key may be a JWK or a JWKS.
Default RSA keys do not like the police.