JSDoc: Class: JWK

new JWK(data, optionsopt)

Parameters:

Name	Type	Attributes	Default	Description
`data`	Object
`options`	Object	<optional>	{}	Additional JWK metadata.

Source:

JWK.js, line 23

Methods

(static) fromCryptoKey(key, optionsopt) → {Promise.<JWK>}

Import a JWK from a WebCrypto CryptoKey.

Parameters:

Name	Type	Attributes	Description
`key`	CryptoKey		WebCrypto CryptoKey.
`options`	Object	<optional>	Additional JWK metadata.

Source:

JWK.js, line 125

Returns:

A promise that resolves the JWK instance.

Type: Promise.<JWK>

(static) importKey(data, optionsopt) → {Promise.<JWK>}

Import a JWK from JSON String or a JS Object.

Parameters:

Name	Type	Attributes	Description
`data`	String \| Object
`options`	Object	<optional>	Additional JWK metadata.

Source:

JWK.js, line 88

Returns:

A promise that resolves the JWK instance.

Type: Promise.<JWK>

(static) thumbprint(jwk) → {Promise.<String>}

Calculate the SHA-256 JWK Thumbprint according to RFC7638. This method is used to create a unique kid if none is specified.

Parameters:

Name	Type	Description
`jwk`	Object

Source:

JWK.js, line 172

Returns:

A promise that resolves the JWK Thumbprint String.

Type: Promise.<String>

Example

SHA-256 Thumbprint

JWK.thumbprint(jwk)
  .then(console.log)
//
// (line breaks for display only)
//
// => "45BLsBiWcghaEf_NF70Gf5oQcYLHaA
//     tks0C48tT5SJ4"

decrypt(ciphertext, iv, tagopt, aadopt) → {Promise.<String>}

Decrypt data using the JWK.

Parameters:

Name	Type	Attributes	Description
`ciphertext`	String \| Buffer		The encrypted data to decrypt.
`iv`	String \| Buffer		The initialization vector.
`tag`	String \| Buffer	<optional>	The authorization tag (AES-GCM).
`aad`	String \| Buffer	<optional>	Additional non-encrypted integrity protected data (AES-GCM).

Source:

JWK.js, line 294

Returns:

A promise that resolves the plaintext data.

Type: Promise.<String>

Example

Decrypt encrypted string "test"

// base64url encoded data
let ciphertext = 'yq3K4w'
let iv = 'u0l3ttqUFDQ8mcRboHv5Vw'
let tag = 'fHlZ__uuUnHn0ac-Lnrr-A'

secretJwk.decrypt(ciphertext, iv, tag)
  .then(console.log)
// => "data"

encrypt(data, aadopt) → {Promise.<Object>}

Encrypt arbitrary data using the JWK.

Parameters:

Name	Type	Attributes	Description
`data`	String \| Object		The data to encrypt.
`aad`	String \| Buffer	<optional>	Additional non-encrypted integrity protected data (AES-GCM).

Source:

JWK.js, line 267

Returns:

A promise that resolves an object containing the base64url encoded iv, ciphertext and tag (AES-GCM).

Type: Promise.<Object>

Example

Encrypt the string "data"

secretJwk.encrypt('data')
  .then(console.log)
// => { iv: 'u0l3ttqUFDQ8mcRboHv5Vw',
//      ciphertext: 'yq3K4w',
//      tag: 'fHlZ__uuUnHn0ac-Lnrr-A' }

getProtectedHeader(params) → {Object}

Use key metadata to generate a JWS protected header object.

Parameters:

Name	Type	Description
`params`	Object	Additional properties to include in header.

Source:

JWK.js, line 342

Returns:

JWS Header

Type: Object

Examples

Basic JWS Header with JWC

jwk.getProtectedHeader({ jwc: 'base64url encoded compact jwc' })
// => { alg: 'RS256',
//      kid: 'abcd123$',
//      jwc: 'base64url encoded compact jwc' }

Basic JWS Header with JKU

jwk.getProtectedHeader({ jku: 'https://example.com/jwks' })
// => { alg: 'RS256',
//      kid: 'abcd123$',
//      jku: 'https://example.com/jwks' }

sign(data) → {Promise.<String>}

Sign arbitrary data using the JWK.

Parameters:

Name	Type	Description
`data`	String \| Buffer	The data to sign.

Source:

JWK.js, line 221

Returns:

A promise that resolves the base64url encoded signature string.

Type: Promise.<String>

Example

Signing the string "test"

privateJwk.sign('test')
  .then(console.log)
//
// (line breaks for display only)
//
// => "MEUCIQCHwnGM8IsOJgfQsoPgs3hMd8
//     ahfWHM9ZNvj1K6i2yhKQIgWGOuXX43
//     lSTo-U8Pa8sURR53lv6Osjw-dtoLse
//     lftqQ"

thumbprint() → {Promise.<String>}

Calculate the SHA-256 JWK Thumbprint according to RFC7638. This method is used to create a unique kid if none is specified.

Source:

JWK.js, line 317

Returns:

A promise that resolves the JWK Thumbprint String.

Type: Promise.<String>

Example

SHA-256 Thumbprint

jwk.thumbprint()
  .then(console.log)
//
// (line breaks for display only)
//
// => "45BLsBiWcghaEf_NF70Gf5oQcYLHaA
//     tks0C48tT5SJ4"

verify(data, signature) → {Promise.<Boolean>}

Verify a signature using the JWK.

Parameters:

Name	Type	Description
`data`	String \| Buffer	The data to verify.
`signature`	String	A base64url signature string.

Source:

JWK.js, line 245

Returns:

A promise that resolves the boolean result of the signature verification.

Type: Promise.<Boolean>

Example

Verify a signature of the string "test"

// base64url encoded signature string
let signature = `MEUCIQCHwnGM8IsOJgfQsoPgs3hMd8ahfWHM9ZN
vj1K6i2yhKQIgWGOuXX43lSTo-U8Pa8sURR53lv6Osjw-dtoLselftqQ`

publicJwk.verify('test', signature)
  .then(console.log)
// => true