Use external service for crypto

[dtoubelis]

We are attempting to make jwe/jwt/jws packages work with HashiCorp vault. The vault provides interface for performing encryption/decryption and signing/verifying internally. This provides benefit of key management, rotations, and audit. I'm trying wrap my head around if I can use this library to delegate crypto operation to the vault and what I found so far is jws Signer/Verifier interfaces that will likely allow us to handle jws and jwt. But for jwe I only found an experimental KeyEncrypter/KeyDecrypter interfaces... However, they seem only provide an interface to encrypt/decrypt keys but not the content. In particular, we need to use symmetrik key encryption, something like AES-GCM. Am I missing something (or looking in the wrong place)? Any help is appreciated.

[lestrrat]

@dtoubelis I'm not quite sure what you mean.

With JWE, the sender generates a content encryption key (CEK), and encrypt it with the receiver's public key so that it's safe to send it along with the JWE message itself. The sender further encrypts the content using the CEK, by means of AES-GCM or AES-CBC. The sender sends the encrypted key and encrypted content. The receiver then decrypts the CEK using his private key, and uses it to decrypt the encrypted content.

So the only place where something external can come in is when you encrypt the CEK, which is where KeyEncrypter comes in. I'm not familiar with HashiCorp products, but presumably that's where you'd want to plug it in, if at all.

If you still think that there's some feature missing, please explain what you are trying to do with code (pseudocode is fine), thanks.

[dtoubelis]

@lestrrat Thanks for the reply. I think I figured it out. I managed to implement Signer/Verifier and KeyEncrypter/KeyDecrypter and they seem work as expected. I noticed that approach and APIs to do this are quite different and there are pros and cons of each approach. Here is my feedback:

Sgner/Verifier - have much cleaner APIs but require registration in a global context which is arguably not the best practice (I've added #1340 with some suggestions).

KeyEncrypter/KeyDecrypter - have less mature APIs (I'm still fuzzy on what is the purpose of Recipient and Message in key decrypter but I'm sure there is a reason :-) , virtually no similarity with Signer/Verifier that technically serve same purpose... on a positive side - it is possible to pass KeyEncrrypter/KeyDecrypter in place of a key which addresses my problem with global context... as a further improvement, I would suggest to create dedicated options like WithKeyEncrypter()/WithKeyDecrypter()... but it works as is and it is already good enough :-)

[lestrrat]

As I replied in #1340, I'm not sure about "global context". You should be able to use crypto.Signer or jwe.KeyEncrypter on a per-call basis.

[dtoubelis]

It seems that v3 (or even v2) APIs no longer accepts crypto.Signer :-( ...but I see that it is supported in v1.

[dtoubelis]

I don't mind sending a PR, just want to understand your intent ;-)