frasertweedale / hs-jose

Haskell JOSE and JWT library
http://hackage.haskell.org/package/jose
Apache License 2.0
122 stars 46 forks source link
cryptography haskell jose json jwk jws jwt

jose - JSON Object Signing and Encryption & JWT (JSON Web Token)

jose is a Haskell implementation of JSON Object Signing and Encryption (JOSE) and JSON Web Token (JWT).

The JSON Web Signature (JWS; RFC 7515) implementation is complete. JSON Web Encryption (JWE; RFC 7516) is not yet implemented.

EdDSA signatures (RFC 8037) and secp256k1 signatures (RFC 8812) are supported.

JWK Thumbprint (RFC 7638) is supported.

Contributions are welcome.

Security

If you discover a security issue in this library, please email me the details, ideally with a proof of concept (frase @ frase.id.au ; PGP key).

Before reporting an issue, please note the following known vulnerabilities:

and the following known not-vulnerabilities:

Interoperability issues

The following known interoperability issues will not be addressed, so please do not open issues:

Contributing

Bug reports, patches, feature requests, code review, crypto review, examples and documentation are welcome.

If you are wondering about how or whether to implement some feature or fix, please open an issue where it can be discussed. I appreciate your efforts, but I do not wish such efforts to be misplaced.

To submit a patch, please use git send-email or open a pull request. Write a well formed commit message. If your patch is nontrivial, update the copyright notice at the top of the modified files.