-
Notifications
You must be signed in to change notification settings - Fork 10
Home
This library package is an extension of nimbus-jose-jwt library. It is compatible with version 9.+ of nimbus-jose-jwt. It provides JWE based encrypters/decrypters and JWS based signers/verifiers for doing operations with cryptographic keys stores in AWS KMS. This library requires Java 8 or above.
In the current version following encryption and signing operations are supported:
- Symmetric encryption (AES based).
- Classes:
com.nimbusds.jose.aws.kms.crypto.KmsSymmetricEncrypterandcom.nimbusds.jose.aws.kms.crypto.KmsSymmetricDecrypter
- Classes:
- RSA-SSA based signing.
- Classes:
com.nimbusds.jose.aws.kms.crypto.KmsAsymmetricRSASSASignerandcom.nimbusds.jose.aws.kms.crypto.KmsAsymmetricRSASSAVerifier
- Classes:
Above classes should be used in the same way any encryption or signing class, which is directly provided by nimbus-jose-jwt, is used.
final var jweEncrypter = new KmsSymmetricEncrypter(AWSKMSClientBuilder.defaultClient(), kid);
final var jweHeader = new JWEHeader.Builder(alg, enc).keyID(kid).build();
final var jweObject = new JWEObject(jweHeader, new Payload(payload));
jweObject.encrypt(jweEncrypter);
final var jwsSigner = new KmsAsymmetricRSASSASigner(
AWSKMSClientBuilder.defaultClient(),
kid,
MessageType.fromValue(messageType));
final var jwsHeader = new JWSHeader.Builder(alg)
.keyID(kid)
.customParam(MESSAGE_TYPE, messageType)
.build();
final var jwsObject = new JWSObject(jwsHeader, new Payload(payload));
jwsObject.sign(jwsSigner);
For now, you can directly depend upon the git branch 'v-1.0.0'. We'll publish this package on MavenCentral soon.
There are various scripts included in this package, which you can use to perform various encryption/signing operations.
You can find Gradle tasks and available options of these scripts in scripts.gradle file.
See CONTRIBUTING for more information.
This project is licensed under the Apache-2.0 License.