JSON Web Signature (JWS) implementation following RFC 7515 and RFC 7797 (Unencoded Payload Option).

Usage

Decoding & Verification

Use [CompactJWS::verify] to decode a JWS.

# #[cfg(feature = "secp256r1")]
# async_std::task::block_on(async {
use serde_json::json;
use ssi_jwk::JWK;
use ssi_jws::CompactJWSStr;

let jws = CompactJWSStr::new(b"eyJhbGciOiJFUzI1NiJ9.cGF5bG9hZA.LW6XkHmgfNnb2CA-2qdeMVGpekAoxRNsAHoeLpnton3QMaQ3dMj-5G9SlP8dHj7cHf2HtRPdy6-9LbxYKvumKw").unwrap();

let jwk: JWK = json!({
"kty": "EC",
"use": "sig",
"crv": "P-256",
"x": "dxdB360AJqJFYhdctoKZD_a_P6vLGAxtEVaCLnyraXQ",
"y": "iH6o0l5AECsfRuEw2Eghbrp-6Fob3j98-1Cbe1YOmwM",
"alg": "ES256"
}).try_into().unwrap();

assert!(jws.verify(&jwk).await.unwrap().is_ok());
# })

Internally [CompactJWS::verify] uses [CompactJWS::to_decoded] to decode the JWS, then DecodedJWS::verify to validate the signature.

let decoded_jws = jws.to_decoded().unwrap();
let verifiable_jws = decoded_jws.into_verifiable().await.unwrap();
assert_eq!(verifiable_jws.verify(&jwk).await.unwrap().is_ok());

You can use this method to decode the payload before the verification (using [DecodedJWS::try_map] for instance) so it can be verified along the signature.

Signature

Use the [JWSPayload::sign] method to sign a payload into a compact JWS.

# #[cfg(feature = "secp256r1")]
# async_std::task::block_on(async {
use serde_json::json;
use ssi_jwk::JWK;
use ssi_jws::JWSPayload;

let jwk: JWK = json!({
"kty": "EC",
"d": "3KSLs0_obYeQXfEI9I3BBH5y7aOm028bEx3rW6i5UN4",
"use": "sig",
"crv": "P-256",
"x": "dxdB360AJqJFYhdctoKZD_a_P6vLGAxtEVaCLnyraXQ",
"y": "iH6o0l5AECsfRuEw2Eghbrp-6Fob3j98-1Cbe1YOmwM",
"alg": "ES256"
}).try_into().unwrap();

let jwt = "payload".sign(&jwk).await.unwrap();
assert_eq!(jwt, "eyJhbGciOiJFUzI1NiJ9.cGF5bG9hZA.LW6XkHmgfNnb2CA-2qdeMVGpekAoxRNsAHoeLpnton3QMaQ3dMj-5G9SlP8dHj7cHf2HtRPdy6-9LbxYKvumKw")
# })

ssi-jws 0.2.1

Usage

Decoding & Verification

Signature