Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. This includes support for JSON Web Encryption, JSON Web Signature, and JSON Web Token standards.
Disclaimer: This library contains encryption software that is subject to the U.S. Export Administration Regulations. You may not export, re-export, transfer or download this code or any part of it in violation of any United States law, directive or regulation. In particular this software may not be exported or re-exported in any form or on any media to Iran, North Sudan, Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any US maintained blocked list.
The implementation follows the
JSON Web Encryption (RFC 7516),
JSON Web Signature (RFC 7515), and
JSON Web Token (RFC 7519) specifications.
Tables of supported algorithms are shown below. The library supports both
the compact and JWS/JWE JSON Serialization formats, and has optional support for
multiple recipients. It also comes with a small command-line utility
(jose-util)
for dealing with JOSE messages in a shell.
Note: We use a forked version of the encoding/json package from the Go
standard library which uses case-sensitive matching for member names (instead
of case-insensitive matching).
This is to avoid differences in interpretation of messages between go-jose and
libraries in other languages.
Version 2 (branch, doc) is the current stable version:
import "gopkg.in/square/go-jose.v2"
Version 3 (branch, doc) is the under development/unstable version (not released yet):
import "github.com/go-jose/go-jose/v3"
All new feature development takes place on the master branch, which we are
preparing to release as version 3 when it's ready. Version 2 will continue to
receive critical bug and security fixes. Note that starting with version 3 we
are using Go modules for versioning instead of gopkg.in as before.
Version 1 (on the v1 branch) is frozen and not supported anymore.