/jwt-go-aws-kms

AWS KMS adapter for https://github.com/golang-jwt/jwt GoLang Json Web Token(JWT) Library

Primary LanguageGoMIT LicenseMIT

AWS KMS adapter for golang-jwt/jwt-go library

This library provides an AWS KMS(Key Management Service) adapter to be used with the popular GoLang JWT library golang-jwt/jwt-go.

It will Sign a JWT token using an asymmetric key stored in AWS KMS.

Verification can be done both using KMS Verify method or locally with a cached public key (default).

Supported key types

Signature Algorithm JWT alg Note
ECC_NIST_P256 ES256
ECC_NIST_P384 ES384
ECC_NIST_P521 ES512
ECC_SECG_P256K1 - secp256k1 is not supported by JWT
RSASSA_PKCS1_V1_5_SHA_256 RS256
RSASSA_PKCS1_V1_5_SHA_384 RS384
RSASSA_PKCS1_V1_5_SHA_512 RS512

Usage example

See example.go

Special thanks

Shouting out to:

  • dgrijalva

    for the easy to extend GoLang JWT Library

  • golang-jwt

    for taking over the project from dgrijalva

  • Mikael Gidmark

    AWS KMS ECC returns the signature in DER-encoded object as defined by ANS X9.62–2005 as mentioned here

  • codelittinc

    for their DER to (R,S) and (R,S) to DER methods found here

  • karalabe

    for reviewing my code

  • gkelly

    for various contributions especially around the library's unit testability