Module min_jwt::verify::ring

Available on crate feature ring only.

Expand description

ring crate Verifier implementation.

Supported Algorithms

Algorithm	Type	Wrapper Type
es256	`::ring::signature::UnparsedPublicKey`	`EcdsaKeyVerifier`er]
hs256	`::ring::hmac::Key`	`HmacKeyVerifier`er]
rs256	`::ring::signature::UnparsedPublicKey`	`RsaKeyVerifier`er]

Examples

ES256 PKCS8

let public_key =
"-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEerEk+zqoG1oYBLD3ohuz0tzIlU7X
zFG1098HcCOu0CmVAsp8ZLYXqYD3ts6+j0CV/I2yfzwx/ojBrm+Z/pSQnA==
-----END PUBLIC KEY-----";

// Convert the PKCS8 PEM to SPK.
// Note that ring requires SPK (not SPKI) keys for ECDSA_P256_SHA256 public keys.
// See https://github.com/briansmith/ring/issues/881
let public_key = convert_pkcs8_pem_to_spk(public_key);

let public_key = ::ring::signature::UnparsedPublicKey::new(
  &::ring::signature::ECDSA_P256_SHA256_FIXED,
  public_key,
);

let verifier = min_jwt::verify::ring::EcdsaKeyVerifier::with_es256(&public_key);
let verified_jwt = min_jwt::verify(jwt, &verifier)?;

let header = verified_jwt.decode_header();
let claims = verified_jwt.decode_claims();

HS256

let hmac_key = ::ring::hmac::Key::new(::ring::hmac::HMAC_SHA256, &hmac_key_bytes);

let verifier = min_jwt::verify::ring::HmacKeyVerifier::with_hs256(hmac_key);
let verified_jwt = min_jwt::verify(jwt, &verifier)?;

let header = verified_jwt.decode_header();
let claims = verified_jwt.decode_claims();

RS256 PKCS8

let public_key =
"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfEiSb2ElqylyAfWkbV0
JmKwzaYH2JtWi05dELrGpSI+OM2mNmFnpxZVUUx77GWASD+u/EbDpB7TxoL8wW6r
SFuduTIb63uhqeilkj6VhpPXVLpZg6m8korAXPGaN5BBMTyBAbpWk9e72z5gOGaF
GI4xOv0v3N0MX2h9uXJvhPTpOdKn6jXEflUFF89OWGEh/3JnyZbX5p8+F8BAuseb
8gfpqT2Ct6KT5GrNiA7dPwjN7XFvVnvyYgR7+QXTVNRMrcrEUoJbR4DG+QVeyIRh
0JGqXtm901cviPBRbicIMn2f8qfs15XMSeHWrgel21Cv1wQh3I4xy+soZuZZ2i/p
zwIDAQAB
-----END PUBLIC KEY-----";

// Convert the PKCS8 PEM to PKCS1 DER for RSA public keys.
let public_key = convert_pkcs8_pem_to_pkcs1_der(public_key);

let public_key = ::ring::signature::UnparsedPublicKey::new(
  &::ring::signature::RSA_PKCS1_2048_8192_SHA256,
  public_key,
);

let verifier = min_jwt::verify::ring::RsaKeyVerifier::with_rs256(public_key);
let verified_jwt = min_jwt::verify(jwt, &verifier)?;

let header = verified_jwt.decode_header();
let claims = verified_jwt.decode_claims();

Structs

EcdsaKeyVerifier
Wrapper for ::ring::signature::UnparsedPublicKey.
HmacKeyVerifier
Wrapper for ::ring::hmac::Key.
RsaKeyVerifier
Wrapper for ::ring::signature::UnparsedPublicKey.

Traits

EcdsaKey
A key which can verify a message.
HmacKey
An Hmac key.
RsaKey
A key which can verify a message.