ol.clave.crypto.impl.jws

jws-alg

Return the JWS alg header value for a key.

| Key Type | Result | |----------|-----------| | P-256 | "ES256" | | P-384 | "ES384" | | Ed25519 | "EdDSA" | | RSA | "RS256" |

source

sign

Sign data bytes, return signature bytes in JWS format.

For ECDSA, returns R||S concatenated (not DER). For EdDSA and RSA, returns raw signature bytes.

source

protected-header-json

(protected-header-json alg kid nonce url jwk-json)

Construct the protected header JSON string with deterministic field order.

source

final-jws-json

(final-jws-json protected-b64 payload-b64 signature-b64)

Assemble the final JWS JSON object with deterministic ordering.

source

protected-dot-payload-bytes

(protected-dot-payload-bytes protected-b64 payload-b64)

Return ASCII bytes of '<protected>.<payload>'.

source

encode-payload-b64

(encode-payload-b64 payload-json)

Base64url-encode the payload JSON string or return the empty string when nil.

source

encode-protected-b64

(encode-protected-b64 alg kid nonce url jwk-json)

Construct and base64url-encode the protected header JSON.

source

encode-signature-b64

(encode-signature-b64 alg private-key-or-mac protected-dot-payload)

Compute the signature for the given alg and return base64url-encoded value.

source

jws-encode-json

(jws-encode-json payload-json keypair kid nonce url)

Build a JSON-serialized JWS object.

source

jws-encode-eab

(jws-encode-eab account-key-or-keypair mac-key kid url)

Construct an External Account Binding JWS per RFC 8555 section 7.3.4.

source