jose

2022-04-01

JSON Object Signing and Encryption (JOSE) implementation

Upstream URL

github.com/fukamachi/jose

Author

Eitaro Fukamachi

License

BSD 2-Clause
README

jose

Quicklisp dist Build Status Coverage Status

A JSON Object Signing and Encryption (JOSE) implementation for Common Lisp.

Usage

HMAC

(defvar *key* (ironclad:ascii-string-to-byte-array "my$ecret"))

(defvar *token*
  (jose:encode :hs256 *key* '(("hello" . "world"))))

*token*
;=> "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJoZWxsbyI6IndvcmxkIn0.Vr0VKL9WHX9lUPWzrE0DX4fEvl0_CgnKlzI2mWiro8E"

(jose:decode :hs256 *key* *token*)
;=> (("hello" . "world"))
;   (("alg" . "HS256") ("typ" . "JWT"))

;; Decoding without signature verification.
(jose:inspect-token *token*)
;=> (("hello" . "world"))
;   (("alg" . "HS256") ("typ" . "JWT"))
;   #(142 123 175 222 84 4 134 19 70 182 50 209 29 113 176 40 82 42 241 90 230 91
;     176 235 254 57 221 93 97 220 6 101)

RSA

For RSA algorithm, the key must be an instance of Ironclad public/private key, that can be generated with ironclad:generate-key-pair.

To read from OpenSSH key files, use cl-ssh-keys. To parse ASN.1 keys, asn1 library will help.

;; Generate a new key pairs with Ironclad
(defvar *private-key*
  (ironclad:generate-key-pair :rsa :num-bits 2048))

;; Or, read a private key file generated by OpenSSH
(defvar *private-key*
  (ssh-keys:parse-private-key-file #P"~/.ssh/id_rsa"))

(defvar *token*
  (jose:encode :rs256 *private-key* '(("hello" . "world"))))

Supported Algorithms

  • HS256
  • HS384
  • HS512
  • RS256
  • RS384
  • RS512
  • PS256
  • PS384
  • PS512
  • none

See Also

Author

Copyright

Copyright (c) 2017 Eitaro Fukamachi (e.arrows@gmail.com)

License

Licensed under the BSD 2-Clause License.

Dependencies (8)

  • alexandria
  • assoc-utils
  • cl-base64
  • ironclad
  • jonathan
  • rove
  • split-sequence
  • trivial-utf-8

Dependents (2)

  • GitHub
  • Quicklisp