NoWayJose.Key (NoWayJose v1.0.2)

View Source

Represents a cryptographic key for signing and verification.

Key material is stored as an opaque Rust resource - private keys never cross the NIF boundary and cannot be logged or inspected.

Loading Keys

Keys can be loaded from PEM, DER, or JWK formats:

# PEM format
{:ok, key} = NoWayJose.import(pem_data, :pem, alg: :rs256, kid: "key-1")

# JWK format (verification only)
{:ok, key} = NoWayJose.import(jwk_json, :jwk)

Key Capabilities

  • PEM/DER keys can be used for both signing and verification
  • JWK keys are verification-only (jsonwebtoken library limitation)

Struct Fields

  • :kid - Key identifier (optional)
  • :alg - Algorithm atom (:rs256, :es256, etc.)
  • :key_use - Key usage: "sig" for signing, "enc" for encryption
  • :key_ref - Opaque reference to the Rust resource

Summary

Types

alg()
t()

Types

alg()

@type alg() ::
  :rs256 | :rs384 | :rs512 | :es256 | :es384 | :ps256 | :ps384 | :ps512 | :eddsa

t()

@type t() :: %NoWayJose.Key{
  alg: alg(),
  key_ref: reference(),
  key_use: String.t() | nil,
  kid: String.t() | nil
}