Generate JWK
The jwk.Key type
Key managers are built around the jwk.Key format. This is a special struct that can hold both JSON and concrete key data.
To use the key encoded in a given jwk.Key object, just call its Key() method. The object can also be directly marshalled into valid JSON, using the standard encoding/json package - or any compatible package.
var jsonKey jwk.Key[T]
// The concrete key, that can be directly used for cryptographic operations.
key := jsonKey.Key()
// Produces a valid JSON out-of-the-box, given it was generated by
// the library.
serialized, _ := json.Marshal(jsonKey)Each JSON Web Algorithm has requirements regarding the key used. Some are strict, and some other more loose. Nonetheless, each has optimal parameters that are baked into the library, so you almost don't need to think about it.
Symmetric keys
package main
import (
"github.com/a-novel-kit/jwt/jwk"
)
func main() {
// Uses the Key format described above.
key, _ := jwk.GenerateAES(jwk.A128CBC)
}Available presets for use as Content-Encryption Keys (CEK) are:
| Preset | Target "enc" |
|---|---|
jwk.A128CBC | A128CBC-HS256 |
jwk.A192CBC | A192CBC-HS384 |
jwk.A256CBC | A256CBC-HS512 |
jwk.A128GCM | A128GCM |
jwk.A192GCM | A192GCM |
jwk.A256GCM | A256GCM |
package main
import (
"github.com/a-novel-kit/jwt/jwk"
)
func main() {
// Uses the Key format described above.
key, _ := jwk.GenerateAES(jwk.A128KW)
}Available presets for use as Key-Encryption Keys (KEK) are:
| Preset | Target "alg" |
|---|---|
jwk.A128KW | A128KW |
jwk.A192KW | A192KW |
jwk.A256KW | A256KW |
jwk.A128GCMKW | A128GCMKW |
jwk.A192GCMKW | A192GCMKW |
jwk.A256GCMKW | A256GCMKW |
package main
import (
"github.com/a-novel-kit/jwt/jwk"
)
func main() {
// Uses the Key format described above.
key, _ := jwk.GenerateHMAC(jwk.HS256)
}Available presets for use as Signature keys are:
| Preset | Target "alg" |
|---|---|
jwk.HS256 | HS256 |
jwk.HS384 | HS384 |
jwk.HS512 | HS512 |
Asymmetric keys
package main
import (
"github.com/a-novel-kit/jwt/jwk"
)
func main() {
// Uses the Key format described above.
privateKey, publicKey, _ := jwk.GenerateECDH()
}package main
import (
"github.com/a-novel-kit/jwt/jwk"
)
func main() {
// Uses the Key format described above.
privateKey, publicKey, _ := jwk.GenerateECDSA(jwk.ES256)
}Available presets for use as Signature keys are:
| Preset | Target "alg" |
|---|---|
jwk.ES256 | ES256 |
jwk.ES384 | ES384 |
jwk.ES512 | ES512 |
package main
import (
"github.com/a-novel-kit/jwt/jwk"
)
func main() {
// Uses the Key format described above.
privateKey, publicKey, _ := jwk.GenerateED25519()
}package main
import (
"github.com/a-novel-kit/jwt/jwk"
)
func main() {
// Uses the Key format described above.
privateKey, publicKey, _ := jwk.GenerateRSA(jwk.RS256)
}Available presets for use as Signature keys are:
| Preset | Target "alg" |
|---|---|
jwk.RS256 | RS256 |
jwk.RS384 | RS384 |
jwk.RS512 | RS512 |
jwk.PS256 | PS256 |
jwk.PS384 | PS384 |
jwk.PS512 | PS512 |
package main
import (
"github.com/a-novel-kit/jwt/jwk"
)
func main() {
// Uses the Key format described above.
privateKey, publicKey, _ := jwk.GenerateRSA(jwk.RSAOAEP)
}Available presets for use as Key-Encryption keys are:
| Preset | Target "alg" |
|---|---|
⚠️ jwk.RSAOAEP | RSAOAEP |
jwk.RSAOAEP256 | RSAOAEP256 |
Caution
RSA-OAEP without sha256 is deprecated, as it relies on the broken SHA1 algorithm. It is still available for compatibility reasons, but should not be used in new applications.