Available on crate feature
ring
only.Expand description
ring
crate Verifier implementation.
Supported Algorithms
Algorithm | Type | Wrapper Type |
---|---|---|
es256 | ::ring::signature::UnparsedPublicKey | EcdsaKeyVerifier er] |
hs256 | ::ring::hmac::Key | HmacKeyVerifier er] |
rs256 | ::ring::signature::UnparsedPublicKey | RsaKeyVerifier er] |
Examples
ES256 PKCS8
let public_key =
"-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEerEk+zqoG1oYBLD3ohuz0tzIlU7X
zFG1098HcCOu0CmVAsp8ZLYXqYD3ts6+j0CV/I2yfzwx/ojBrm+Z/pSQnA==
-----END PUBLIC KEY-----";
// Convert the PKCS8 PEM to SPK.
// Note that ring requires SPK (not SPKI) keys for ECDSA_P256_SHA256 public keys.
// See https://github.com/briansmith/ring/issues/881
let public_key = convert_pkcs8_pem_to_spk(public_key);
let public_key = ::ring::signature::UnparsedPublicKey::new(
&::ring::signature::ECDSA_P256_SHA256_FIXED,
public_key,
);
let verifier = min_jwt::verify::ring::EcdsaKeyVerifier::with_es256(&public_key);
let verified_jwt = min_jwt::verify(jwt, &verifier)?;
let header = verified_jwt.decode_header();
let claims = verified_jwt.decode_claims();
HS256
let hmac_key = ::ring::hmac::Key::new(::ring::hmac::HMAC_SHA256, &hmac_key_bytes);
let verifier = min_jwt::verify::ring::HmacKeyVerifier::with_hs256(hmac_key);
let verified_jwt = min_jwt::verify(jwt, &verifier)?;
let header = verified_jwt.decode_header();
let claims = verified_jwt.decode_claims();
RS256 PKCS8
let public_key =
"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfEiSb2ElqylyAfWkbV0
JmKwzaYH2JtWi05dELrGpSI+OM2mNmFnpxZVUUx77GWASD+u/EbDpB7TxoL8wW6r
SFuduTIb63uhqeilkj6VhpPXVLpZg6m8korAXPGaN5BBMTyBAbpWk9e72z5gOGaF
GI4xOv0v3N0MX2h9uXJvhPTpOdKn6jXEflUFF89OWGEh/3JnyZbX5p8+F8BAuseb
8gfpqT2Ct6KT5GrNiA7dPwjN7XFvVnvyYgR7+QXTVNRMrcrEUoJbR4DG+QVeyIRh
0JGqXtm901cviPBRbicIMn2f8qfs15XMSeHWrgel21Cv1wQh3I4xy+soZuZZ2i/p
zwIDAQAB
-----END PUBLIC KEY-----";
// Convert the PKCS8 PEM to PKCS1 DER for RSA public keys.
let public_key = convert_pkcs8_pem_to_pkcs1_der(public_key);
let public_key = ::ring::signature::UnparsedPublicKey::new(
&::ring::signature::RSA_PKCS1_2048_8192_SHA256,
public_key,
);
let verifier = min_jwt::verify::ring::RsaKeyVerifier::with_rs256(public_key);
let verified_jwt = min_jwt::verify(jwt, &verifier)?;
let header = verified_jwt.decode_header();
let claims = verified_jwt.decode_claims();
Structs
- Wrapper for
::ring::signature::UnparsedPublicKey
. - Wrapper for
::ring::hmac::Key
. - Wrapper for
::ring::signature::UnparsedPublicKey
.
Traits
- A key which can verify a message.
- An
Hmac
key. - A key which can verify a message.