Library
Module
Module type
Parameter
Class
Class type
use
will default to `Sig
in all functions unless supplied
type pub_rsa = Mirage_crypto_pk.Rsa.pub jwk
rsa
represents a public JWK with kty
`RSA
and a Rsa.pub
key
type priv_rsa = Mirage_crypto_pk.Rsa.priv jwk
rsa
represents a private JWK with kty
`RSA
and a Rsa.priv
key
type oct = string jwk
oct
represents a JWK with kty
`OCT
and a string key.
oct
will in most cases be a private key but there are some cases where it will be considered public, eg. if you parse a public JSON
type priv_es256 = Mirage_crypto_ec.P256.Dsa.priv jwk
es256
represents a public JWK with kty
`EC
and a P256.pub
key
type pub_es256 = Mirage_crypto_ec.P256.Dsa.pub jwk
es256
represents a private JWK with kty
`EC
and a P256.priv
key
type priv_es384 = Mirage_crypto_ec.P384.Dsa.priv jwk
es384
represents a public JWK with kty
`EC
and a P384.pub
key
type pub_es384 = Mirage_crypto_ec.P384.Dsa.pub jwk
es384
represents a private JWK with kty
`EC
and a P384.priv
key
type priv_es512 = Mirage_crypto_ec.P521.Dsa.priv jwk
es512
represents a public JWK with kty
`EC
and a P512.pub
key
type pub_es512 = Mirage_crypto_ec.P521.Dsa.pub jwk
es512
represents a private JWK with kty
`EC
and a P512.priv
key
type priv_ed25519 = Mirage_crypto_ec.Ed25519.priv jwk
ed25519
represents a public JWK with kty
`OKP
and a Ed25519.pub
key
type pub_ed25519 = Mirage_crypto_ec.Ed25519.pub jwk
ed25519
represents a private JWK with kty
`OKP
and a Ed25519.priv
key
type 'a t =
| Oct : oct -> 'a t
| Rsa_priv : priv_rsa -> priv t
| Rsa_pub : pub_rsa -> public t
| Es256_priv : priv_es256 -> priv t
| Es256_pub : pub_es256 -> public t
| Es384_priv : priv_es384 -> priv t
| Es384_pub : pub_es384 -> public t
| Es512_priv : priv_es512 -> priv t
| Es512_pub : pub_es512 -> public t
| Ed25519_priv : priv_ed25519 -> priv t
| Ed25519_pub : pub_ed25519 -> public t
t
describes a JSON Web Key which can be either public
or private
These keys are safe to show and should be used to verify signed content.
val make_pub_rsa : ?use:use -> Mirage_crypto_pk.Rsa.pub -> public t
rsa_of_pub use pub
takes a public key generated by Nocrypto and returns a result t or a message of what went wrong.
val of_pub_pem :
?use:use ->
string ->
(public t, [> `Msg of string | `Unsupported_kty ]) Stdlib.result
of_pub_pem use pem
takes a PEM as a string and returns a public t
or a message of what went wrong.
val to_pub_pem :
'a t ->
(string, [> `Msg of string | `Unsupported_kty ]) Stdlib.result
to_pub_pem t
takes a JWK and returns a result PEM string or a message of what went wrong.
val of_pub_json :
Yojson.Safe.t ->
(public t,
[> `Json_parse_failed of string | `Msg of string | `Unsupported_kty ])
Stdlib.result
of_pub_json t
takes a Yojson.Safe.t
and tries to return a public t
val of_pub_json_string :
string ->
(public t,
[> `Json_parse_failed of string | `Msg of string | `Unsupported_kty ])
Stdlib.result
of_pub_json_string json_string
takes a JSON string representation and tries to return a public t
val to_pub_json : 'a t -> Yojson.Safe.t
to_pub_json t
takes a priv t
and returns a JSON representation
val to_pub_json_string : 'a t -> string
to_pub_json_string t
takes a priv t
and returns a JSON string representation
These keys are not safe to show and should be used to sign content.
val make_priv_rsa : ?use:use -> Mirage_crypto_pk.Rsa.priv -> priv t
make_priv_rsa use priv
takes a private key generated by Nocrypto and returns a priv t or a message of what went wrong.
val of_priv_pem :
?use:use ->
string ->
(priv t, [> `Msg of string | `Unsupported_kty ]) Stdlib.result
of_priv_pem use pem
takes a PEM as a string and returns a priv t
or a message of what went wrong.
make_oct use secret
creates a priv t
from a shared secret
to_priv_pem t
takes a JWK and returns a result PEM string or a message of what went wrong.
val of_priv_x509 :
?use:use ->
X509.Private_key.t ->
(priv t, [> `Msg of string | `Unsupported_kty ]) Stdlib.result
val of_pub_x509 :
?use:use ->
X509.Public_key.t ->
(public t, [> `Msg of string | `Unsupported_kty ]) Stdlib.result
val of_priv_json :
Yojson.Safe.t ->
(priv t,
[> `Json_parse_failed of string | `Msg of string | `Unsupported_kty ])
Stdlib.result
of_json json
takes a Yojson.Safe.t
and returns a priv t
val of_priv_json_string :
string ->
(priv t,
[> `Json_parse_failed of string | `Msg of string | `Unsupported_kty ])
Stdlib.result
of_priv_json_string json_string
takes a JSON string representation and tries to return a private t
val to_priv_json : priv t -> Yojson.Safe.t
to_json t
takes a t
and returns a Yojson.Safe.t
to_priv_json_string t
takes a priv t
and returns a JSON string representation
pub_of_priv t
takes a priv t
and returns the coresponding public key.
When using it on Oct
keys it will just return the same as it's a symetric key.
Utils to get different data from a JWK
val get_kid : 'a t -> string option
get_kid jwk
is a convencience function to get the kid string
val get_thumbprint :
Mirage_crypto.Hash.hash ->
'a t ->
(Cstruct.t, [> `Unsafe ]) Stdlib.result
get_thumbprint hash jwk
calculates the thumbprint of jwk
with hash
, following RFC 7638.
Returns an error for symmetric keys: sharing the hash may leak information about the key itself ans it's deemed unsafe.
val use_to_string : use -> string
val use_of_string : string -> use