gose
A Gleam library for JOSE (JSON Object Signing and Encryption) and COSE (CBOR Object Signing and Encryption).
Core:
gose/algorithm: algorithm identifiersgose/key: key managementgose/cbor: CBOR encoding for COSE
JOSE:
gose/jose/jws: JSON Web Signature (RFC 7515)gose/jose/jws_multi: JWS JSON Serialization for multi-signer workflowsgose/jose/jwe: JSON Web Encryption (RFC 7516)gose/jose/jwe_multi: JWE JSON Serialization for multi-recipient workflowsgose/jose/jwk: JSON Web Key serialization (RFC 7517)gose/jose/key_set: JWK Set (RFC 7517 Section 5)gose/jose/encrypted_key: encrypted JWK export/importgose/jose/jwt: JSON Web Token (RFC 7519)gose/jose/encrypted_jwt: encrypted JWT (JWE-based)
COSE:
gose/cose: header parameters (RFC 9052 Section 3.1)gose/cose/sign1: COSE_Sign1 (RFC 9052)gose/cose/sign: COSE_Sign multi-signer (RFC 9052)gose/cose/encrypt0: COSE_Encrypt0 (RFC 9052)gose/cose/encrypt: COSE_Encrypt multi-recipient (RFC 9052)gose/cose/mac0: COSE_Mac0 (RFC 9052)gose/cose/key: COSE Key serialization (RFC 9052)gose/cose/algorithm: COSE algorithm ID mapping (RFC 9053)gose/cose/cwt: CBOR Web Token (RFC 8392)gose/cose/encrypted_cwt: encrypted CWT (Encrypt0-wrapped Sign1)
Types
Error type for JOSE and COSE operations.
Used by low-level JOSE/COSE primitives. The JWT and CWT layers wrap these errors in their own domain-specific variants for token validation.
pub type GoseError {
ParseError(String)
CryptoError(String)
InvalidState(String)
VerificationFailed
}Constructors
-
ParseError(String)Parsing failed: invalid base64, malformed JSON, unexpected structure, etc. The
Stringprovides a human-readable description of what went wrong. -
CryptoError(String)A cryptographic operation failed: signature verification, decryption, key derivation, etc. The
Stringdescribes the failure. -
InvalidState(String)An operation was attempted in an invalid state: wrong key type for the chosen algorithm, missing required header field, etc. The
Stringexplains which invariant was violated. -
VerificationFailedSignature or MAC verification failed. Intentionally carries no detail to avoid leaking information that could enable oracle attacks.
Values
pub fn error_message(error: GoseError) -> StringExtract the message string from a GoseError, regardless of variant.