Documentation
¶
Overview ¶
Package std provides standard (international) JWE algorithm implementations backed by lestrrat-go/jwx. These are used as the software fallback when no HSM/KMS provider is registered in crypto.ProviderRegistry.
Index ¶
- func AESCBCDecrypt(enc string, key, iv, sealed, aad []byte) ([]byte, error)
- func AESCBCEncrypt(enc string, key, iv, plaintext, aad []byte) ([]byte, error)
- func AESGCMDecrypt(key, nonce, ciphertext, additionalData []byte) ([]byte, error)
- func AESGCMEncrypt(key, nonce, plaintext, additionalData []byte) ([]byte, error)
- func DecryptJWEDir(compact string, symKey []byte, enc string) ([]byte, error)
- func DecryptJWEECDHES(compact string, key interface{}) ([]byte, error)
- func DecryptJWEKW(compact string, key []byte, alg string) ([]byte, error)
- func DecryptJWERSAOAEP(compact string, key interface{}) ([]byte, error)
- func DecryptSM2JWE(compact string, key interface{}) ([]byte, error)
- func DecryptSM9JWE(compact string, key interface{}, uid []byte) ([]byte, error)
- func EncryptJWEDir(plaintext []byte, symKey []byte, enc string) (string, error)
- func EncryptJWEECDHES(payload string, key interface{}, alg, enc string) (string, error)
- func EncryptJWEKW(payload string, key []byte, alg, enc string) (string, error)
- func EncryptJWERSAOAEP(payload string, key interface{}, alg, enc string) (string, error)
- func EncryptSM2JWE(plaintext []byte, key interface{}) (string, error)
- func EncryptSM9JWE(plaintext []byte, key interface{}, uid []byte, enc string) (string, error)
- func LookupJWEContentEnc(enc string) jwa.ContentEncryptionAlgorithm
- func SM4CCMDecrypt(key, nonce, ciphertext, additionalData []byte) ([]byte, error)
- func SM4CCMEncrypt(key, nonce, plaintext, additionalData []byte) ([]byte, error)
- func SM4GCMDecrypt(key, nonce, ciphertext, additionalData []byte) ([]byte, error)
- func SM4GCMEncrypt(key, nonce, plaintext, additionalData []byte) ([]byte, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AESCBCDecrypt ¶
AESCBCDecrypt verifies the HMAC tag and decrypts AES-CBC ciphertext with PKCS7 unpadding. Input sealed is ciphertext||tag (combined output).
func AESCBCEncrypt ¶
AESCBCEncrypt encrypts plaintext using AES-CBC with PKCS7 padding, then computes an HMAC-SHA authentication tag per RFC 7518 §5.2. Returns ciphertext||tag (combined output). enc identifies the algorithm: "A128CBC-HS256", "A192CBC-HS384", or "A256CBC-HS512".
func AESGCMDecrypt ¶
AESGCMDecrypt decrypts ciphertext (ciphertext||tag) using AES-GCM with the given key, nonce, and additional data.
func AESGCMEncrypt ¶
AESGCMEncrypt encrypts plaintext using AES-GCM with the given key, nonce, and additional data. The key length determines the AES variant (16 bytes = AES-128, 32 bytes = AES-256). Returns ciphertext||tag (combined output).
func DecryptJWEDir ¶
DecryptJWEDir decrypts a JWE compact serialization with direct key agreement (alg=dir).
func DecryptJWEECDHES ¶
DecryptJWEECDHES decrypts using ECDH-ES key agreement.
func DecryptJWEKW ¶
DecryptJWEKW decrypts using AES Key Wrap or AES-GCM Key Wrap.
func DecryptJWERSAOAEP ¶
DecryptJWERSAOAEP decrypts using RSA-OAEP key wrapping.
func DecryptSM2JWE ¶
DecryptSM2JWE decrypts a GM/T 0125.3 JWE compact serialization with SM2 key wrapping.
func DecryptSM9JWE ¶
DecryptSM9JWE decrypts a GM/T 0125.3 JWE compact serialization with SM9 key wrapping.
func EncryptJWEDir ¶
EncryptJWEDir encrypts plaintext using direct key agreement (alg=dir).
func EncryptJWEECDHES ¶
EncryptJWEECDHES encrypts using ECDH-ES key agreement. key can be *ecdh.PublicKey or jwk.Key.
func EncryptJWEKW ¶
EncryptJWEKW encrypts using AES Key Wrap or AES-GCM Key Wrap. Supported algorithms: A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, A256GCMKW.
func EncryptJWERSAOAEP ¶
EncryptJWERSAOAEP encrypts using RSA-OAEP key wrapping. key can be *rsa.PublicKey or jwk.Key.
func EncryptSM2JWE ¶
EncryptSM2JWE encrypts plaintext using the GM/T 0125.3 JWE specification with SM2 key wrapping (SGD_SM2_3) and SM4-GCM content encryption (SGD_SM4_GCM).
func EncryptSM9JWE ¶
EncryptSM9JWE encrypts plaintext using the GM/T 0125.3 JWE specification with SM9 key wrapping (SGD_SM9_3) and SM4 content encryption.
func LookupJWEContentEnc ¶
func LookupJWEContentEnc(enc string) jwa.ContentEncryptionAlgorithm
LookupJWEContentEnc maps enc string to jwa.ContentEncryptionAlgorithm.
func SM4CCMDecrypt ¶
SM4CCMDecrypt decrypts ciphertext (ciphertext||tag) using SM4-CCM with the given key, nonce, and additional data.
func SM4CCMEncrypt ¶
SM4CCMEncrypt encrypts plaintext using SM4-CCM with the given key, nonce, and additional data. Returns ciphertext||tag (combined output).
func SM4GCMDecrypt ¶
SM4GCMDecrypt decrypts ciphertext (ciphertext||tag) using SM4-GCM with the given key, nonce, and additional data.
func SM4GCMEncrypt ¶
SM4GCMEncrypt encrypts plaintext using SM4-GCM with the given key, nonce, and additional data. Returns ciphertext||tag (combined output).
Types ¶
This section is empty.