jose

JavaScript Object Signing and Encryption

Read and write JSON Web Keys (JWK, rfc7517), generate and verify JSON Web Signatures (JWS, rfc7515) and encode/decode JSON Web Tokens (JWT, rfc7519). These standards provide modern signing and encryption formats that are natively supported by browsers via the JavaScript WebCryptoAPI, and used by services like OAuth 2.0, LetsEncrypt, and Github Apps.

Documentation

Vignettes for the R package:

• Reading/Writing JSON Web Keys (JWK) in R
• Encoding/Decoding JSON Web Tokens (JWT) in R

Specifications and standards:

• JOSE RFC Tracker: https://datatracker.ietf.org/wg/jose/documents/
• Browser WebCryptoAPI API: https://www.w3.org/TR/WebCryptoAPI/#jose
• ACME Protocol (LetsEncrypt): https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.html

JSON Web Keys (JWK)

library(jose)

# generate an ecdsa key
key <- ec_keygen("P-521")
write_jwk(key)
write_jwk(as.list(key)$pubkey)

# Same for RSA
key <- rsa_keygen()
write_jwk(key)
write_jwk(as.list(key)$pubkey)

JSON Web Tokens (JWT)

# HMAC signing
mysecret <- "This is super secret"
token <- jwt_claim(name = "jeroen", session = 123456)
sig <- jwt_encode_hmac(token, mysecret)
jwt_decode_hmac(sig, mysecret)

# RSA encoding
mykey <- openssl::rsa_keygen()
pubkey <- as.list(mykey)$pubkey
sig <- jwt_encode_sig(token, mykey)
jwt_decode_sig(sig, pubkey)

# Same with EC
mykey <- openssl::ec_keygen()
pubkey <- as.list(mykey)$pubkey
sig <- jwt_encode_sig(token, mykey)
jwt_decode_sig(sig, pubkey)