Skip to content

matelang/jwt-go-aws-kms

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AWS KMS adapter for golang-jwt/jwt-go library

This library provides an AWS KMS(Key Management Service) adapter to be used with the popular GoLang JWT library golang-jwt/jwt-go.

It will Sign a JWT token using an asymmetric key stored in AWS KMS.

Verification can be done both using KMS Verify method or locally with a cached public key (default).

The minimum supported GoLang version is 1.20, since github.com/aws/aws-sdk-go-v2 v1.28.0 fails to build with anything older.

Supported key types

Signature Algorithm JWT alg Note
ECC_NIST_P256 ES256
ECC_NIST_P384 ES384
ECC_NIST_P521 ES512
ECC_SECG_P256K1 - secp256k1 is not supported by JWT
RSASSA_PKCS1_V1_5_SHA_256 RS256
RSASSA_PKCS1_V1_5_SHA_384 RS384
RSASSA_PKCS1_V1_5_SHA_512 RS512
RSASSA_PSS_SHA_256 PS256
RSASSA_PSS_SHA_384 PS384
RSASSA_PSS_SHA_512 PS512

Usage example

See example.go

Special thanks

Shouting out to:

  • dgrijalva

    for the easy to extend GoLang JWT Library

  • golang-jwt

    for taking over the project from dgrijalva

  • Mikael Gidmark

    AWS KMS ECC returns the signature in DER-encoded object as defined by ANS X9.62–2005 as mentioned here

  • codelittinc

    for their DER to (R,S) and (R,S) to DER methods found here

  • karalabe

    for reviewing my code

  • gkelly

    for various contributions especially around the library's unit testability