Skip to content

Latest commit

 

History

History
213 lines (197 loc) · 5.41 KB

README.md

File metadata and controls

213 lines (197 loc) · 5.41 KB

jwt-go-ecdsa

This Go module generates JWTs using ECDSA encryption, tailored to specific services and purposes as defined in a policy file. It dynamically adjusts token claims based on the policy, including permissions and conditions for the token's use, then signs it with a private EC key. The token's expiration is set according to the specified duration.

The function structure is:

GenerateToken(policyPath string, serviceName string, purpose string, keyPath string, expirationInHours time.Duration)

The key should be a ECDSA-256 private key and the JSON structure of the policy should be:

{
  "services": [
    {
      "service1": {
        "purpose1": {
          "allowed":
          {
            "field1": [
              "string"
            ],
            "field2": [
              "string"
            ],
            "field3": [
              "string"
            ]
          },
          "generalized":
          {
            "field1": [
              "string",
              "parameter if necessary"
            ],
            "field2": [
              "string",
              "parameter if necessary"
            ],
            "field3": [
              "string",
              "parameter if necessary"
            ]
          },
          "noised":
          {
            "field1": [
              "string",
              "parameter if necessary"
            ],
            "field2": [
              "string",
              "parameter if necessary"

            ],
            "field3": [
              "string",
              "parameter if necessary"
            ]
          },
          "reduced":
          {
            "field1": [
              "string",
              "parameter if necessary"
            ],
            "field2": [
              "string",
              "parameter if necessary"
            ],
            "field3": [
              "string",
              "parameter if necessary"
            ]
          }
        },
        "purpose2": {
          ...
        }
      },
      "service2": {
        ...
      },
      ...
  ]
}

Example: You can find an example here.

Citation

To cite the preprint version of the paper to appear in the Proceedings of the 24th International Conference on Web Engineering (ICWE 2024), use the following BibTeX entry:

@InProceedings{loechel2024hookin,
      author={Louis Loechel and Siar-Remzi Akbayin and Elias Grünewald and Jannis Kiesel and Inga Strelnikova and Thomas Janke and Frank Pallas},
      editor={Stefanidis, Kostas and Systa, Kari and Matera, Maristella and Heil, Sebastian and Kondylakis, Haridimos and Quintarelli, Elisa},
      title={{Hook-in Privacy Techniques for gRPC-based Microservice Communication}}, 
      year={2024},
      publisher="Springer Nature Switzerland",
      address="Cham",
      note={to appear in the Proceedings of the 24th International Conference on Web Engineering (ICWE 2024)},
      eprint={2404.05598},
      archivePrefix={arXiv},
      primaryClass={cs.CR},
}

Usage

To use this module run:

go get -u github.com/PEngG7/[email protected]

and add this import statement to your Go file:

import ("github.com/PEngG7/jwt-go-ecdsa")

Testing

The test.go file contains a test for the GenerateToken function. It uses the policy.json file and the private key provided in this repo. The provided test generates the following token:

eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJwb2xpY3kiOnsiYWxsb3dlZCI6e30sImdlbmVyYWxpemVkIjp7ImNpdHkiOlsic3RyaW5nIiwiMiJdLCJjcmVkaXRfY2FyZF9jdnYiOlsiaW50IiwiMyJdLCJjcmVkaXRfY2FyZF9leHBpcmF0aW9uX3llYXIiOlsiaW50IiwiMTAiXSwiY3JlZGl0X2NhcmRfbnVtYmVyIjpbInN0cmluZyIsIjUiXSwiemlwX2NvZGUiOlsiaW50IiwiOCJdfSwibm9pc2VkIjp7ImFnZSI6WyJpbnQiLCJMYXBsYWNlIl0sImNyZWRpdF9jYXJkX2V4cGlyYXRpb25fbW9udGgiOlsiaW50IiwiTGFwbGFjZSJdLCJzdHJlZXRfbmFtZSI6WyJzdHJpbmciLCJMYXBsYWNlIl0sInN0cmVldF9udW1iZXIiOlsiaW50IiwiTGFwbGFjZSJdfSwicmVkdWNlZCI6eyJjb3VudHJ5IjpbInN0cmluZyIsIjMiXSwiZW1haWwiOlsic3RyaW5nIiwiNCJdLCJuYW1lIjpbInN0cmluZyIsIjQiXSwicGhvbmUiOlsic3RyaW5nIiwiMyJdfX0sImlzcyI6InRva2VuR2VuZXJhdG9yIiwiZXhwIjoxNzA3NTA5OTE5fQ.F0nzF6clbMLxyOSFfeBHCXOEpHC1nWQGRYThA_vt3_nsI8gaYW8slupbAhc4EwFVHkx1knleX14Vj2UQyJHVOw

The content can be decoded using a JWT decoder, such as jwt.io.

In this case it looks like this: HEADER

{
  "alg": "HS256",
  "typ": "JWT"
}

PAYLOAD

{
  "policy": {
    "allowed": {},
    "generalized": {
      "city": [
        "string",
        "2"
      ],
      "credit_card_cvv": [
        "int",
        "3"
      ],
      "credit_card_expiration_year": [
        "int",
        "10"
      ],
      "credit_card_number": [
        "string",
        "5"
      ],
      "zip_code": [
        "int",
        "8"
      ]
    },
    "noised": {
      "age": [
        "int",
        "Laplace"
      ],
      "credit_card_expiration_month": [
        "int",
        "Laplace"
      ],
      "street_name": [
        "string",
        "Laplace"
      ],
      "street_number": [
        "int",
        "Laplace"
      ]
    },
    "reduced": {
      "country": [
        "string",
        "3"
      ],
      "email": [
        "string",
        "4"
      ],
      "name": [
        "string",
        "4"
      ],
      "phone": [
        "string",
        "3"
      ]
    }
  },
  "iss": "tokenGenerator",
  "exp": 1707509919
}