std

package
v2.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 21, 2026 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package std provides standard (international) JWE algorithm implementations backed by lestrrat-go/jwx. These are used as the software fallback when no HSM/KMS provider is registered in crypto.ProviderRegistry.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AESCBCDecrypt

func AESCBCDecrypt(enc string, key, iv, sealed, aad []byte) ([]byte, error)

AESCBCDecrypt verifies the HMAC tag and decrypts AES-CBC ciphertext with PKCS7 unpadding. Input sealed is ciphertext||tag (combined output).

func AESCBCEncrypt

func AESCBCEncrypt(enc string, key, iv, plaintext, aad []byte) ([]byte, error)

AESCBCEncrypt encrypts plaintext using AES-CBC with PKCS7 padding, then computes an HMAC-SHA authentication tag per RFC 7518 §5.2. Returns ciphertext||tag (combined output). enc identifies the algorithm: "A128CBC-HS256", "A192CBC-HS384", or "A256CBC-HS512".

func AESGCMDecrypt

func AESGCMDecrypt(key, nonce, ciphertext, additionalData []byte) ([]byte, error)

AESGCMDecrypt decrypts ciphertext (ciphertext||tag) using AES-GCM with the given key, nonce, and additional data.

func AESGCMEncrypt

func AESGCMEncrypt(key, nonce, plaintext, additionalData []byte) ([]byte, error)

AESGCMEncrypt encrypts plaintext using AES-GCM with the given key, nonce, and additional data. The key length determines the AES variant (16 bytes = AES-128, 32 bytes = AES-256). Returns ciphertext||tag (combined output).

func DecryptJWEDir

func DecryptJWEDir(compact string, symKey []byte, enc string) ([]byte, error)

DecryptJWEDir decrypts a JWE compact serialization with direct key agreement (alg=dir).

func DecryptJWEECDHES

func DecryptJWEECDHES(compact string, key interface{}) ([]byte, error)

DecryptJWEECDHES decrypts using ECDH-ES key agreement.

func DecryptJWEKW

func DecryptJWEKW(compact string, key []byte, alg string) ([]byte, error)

DecryptJWEKW decrypts using AES Key Wrap or AES-GCM Key Wrap.

func DecryptJWERSAOAEP

func DecryptJWERSAOAEP(compact string, key interface{}) ([]byte, error)

DecryptJWERSAOAEP decrypts using RSA-OAEP key wrapping.

func DecryptSM2JWE

func DecryptSM2JWE(compact string, key interface{}) ([]byte, error)

DecryptSM2JWE decrypts a GM/T 0125.3 JWE compact serialization with SM2 key wrapping.

func DecryptSM9JWE

func DecryptSM9JWE(compact string, key interface{}, uid []byte) ([]byte, error)

DecryptSM9JWE decrypts a GM/T 0125.3 JWE compact serialization with SM9 key wrapping.

func EncryptJWEDir

func EncryptJWEDir(plaintext []byte, symKey []byte, enc string) (string, error)

EncryptJWEDir encrypts plaintext using direct key agreement (alg=dir).

func EncryptJWEECDHES

func EncryptJWEECDHES(payload string, key interface{}, alg, enc string) (string, error)

EncryptJWEECDHES encrypts using ECDH-ES key agreement. key can be *ecdh.PublicKey or jwk.Key.

func EncryptJWEKW

func EncryptJWEKW(payload string, key []byte, alg, enc string) (string, error)

EncryptJWEKW encrypts using AES Key Wrap or AES-GCM Key Wrap. Supported algorithms: A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, A256GCMKW.

func EncryptJWERSAOAEP

func EncryptJWERSAOAEP(payload string, key interface{}, alg, enc string) (string, error)

EncryptJWERSAOAEP encrypts using RSA-OAEP key wrapping. key can be *rsa.PublicKey or jwk.Key.

func EncryptSM2JWE

func EncryptSM2JWE(plaintext []byte, key interface{}) (string, error)

EncryptSM2JWE encrypts plaintext using the GM/T 0125.3 JWE specification with SM2 key wrapping (SGD_SM2_3) and SM4-GCM content encryption (SGD_SM4_GCM).

func EncryptSM9JWE

func EncryptSM9JWE(plaintext []byte, key interface{}, uid []byte, enc string) (string, error)

EncryptSM9JWE encrypts plaintext using the GM/T 0125.3 JWE specification with SM9 key wrapping (SGD_SM9_3) and SM4 content encryption.

func LookupJWEContentEnc

func LookupJWEContentEnc(enc string) jwa.ContentEncryptionAlgorithm

LookupJWEContentEnc maps enc string to jwa.ContentEncryptionAlgorithm.

func SM4CCMDecrypt

func SM4CCMDecrypt(key, nonce, ciphertext, additionalData []byte) ([]byte, error)

SM4CCMDecrypt decrypts ciphertext (ciphertext||tag) using SM4-CCM with the given key, nonce, and additional data.

func SM4CCMEncrypt

func SM4CCMEncrypt(key, nonce, plaintext, additionalData []byte) ([]byte, error)

SM4CCMEncrypt encrypts plaintext using SM4-CCM with the given key, nonce, and additional data. Returns ciphertext||tag (combined output).

func SM4GCMDecrypt

func SM4GCMDecrypt(key, nonce, ciphertext, additionalData []byte) ([]byte, error)

SM4GCMDecrypt decrypts ciphertext (ciphertext||tag) using SM4-GCM with the given key, nonce, and additional data.

func SM4GCMEncrypt

func SM4GCMEncrypt(key, nonce, plaintext, additionalData []byte) ([]byte, error)

SM4GCMEncrypt encrypts plaintext using SM4-GCM with the given key, nonce, and additional data. Returns ciphertext||tag (combined output).

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL