1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
package examples_test
import (
"crypto/rand"
"crypto/rsa"
"fmt"
"github.com/lestrrat-go/jwx/v2/jwa"
"github.com/lestrrat-go/jwx/v2/jwe"
"github.com/lestrrat-go/jwx/v2/jwk"
)
func Example_jwe_verify_with_jwk_set() {
privkey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
fmt.Printf("failed to create private key: %s\n", err)
return
}
const payload = "Lorem ipsum"
encrypted, err := jwe.Encrypt([]byte(payload), jwe.WithKey(jwa.RSA_OAEP, privkey.PublicKey))
if err != nil {
fmt.Printf("failed to sign payload: %s\n", err)
return
}
// Create a JWK Set
set := jwk.NewSet()
// Add some bogus keys
k1, _ := jwk.FromRaw([]byte("abracadabra"))
set.AddKey(k1)
k2, _ := jwk.FromRaw([]byte("opensesame"))
set.AddKey(k2)
// Add the real thing
k3, _ := jwk.FromRaw(privkey)
k3.Set(jwk.AlgorithmKey, jwa.RSA_OAEP)
set.AddKey(k3)
// Up to this point, you probably will replace with a simple jwk.Fetch()
if _, err := jwe.Decrypt(encrypted, jwe.WithKeySet(set, jwe.WithRequireKid(false))); err != nil {
fmt.Printf("Failed to decrypt using jwk.Set: %s", err)
}
// OUTPUT:
}
|
