jose.createJWSSigner(jwsHdr).update(plaintext).sign('compact', function(error, jwsObj) { if (error) { // An error occurred during the sign process and is passed back // via the error parameter since .sign is an asynchronous call // write the error to the output context session.reject(error.errorMessage); reject; } else { // jwsObj is the JWS Compact Serialization object. // BASE64URL(UTF8(JWS Protected Header)) || '.' || // BASE64URL(JWS Payload) || '.' || // BASE64URL(JWS Signature) // since the operation was successful you can write the // object to the output context // session.output.write(jwsObj); // or log the value ... console.debug(jwsObj); // and/or verify it now... //--Begin Verify------- var jwsSignedObject = jose.parse(jwsObj) ; // Parse of the JWS successful // Access the per-signature data and set key for each signature // for verification var signedJWSHeaders = jwsSignedObject.getSignatures(); for (var i = 0; i < signedJWSHeaders.length; i++) { var hdr2 = signedJWSHeaders[i]; // Extract the value for the Header Parameter named 'kid' var kid = hdr2.get('kid'); switch (kid) { case 'kid1': // Set the key so the signature can and will be verified hdr2.setKey(keyKid1); break; case 'kid2': hdr2.setKey(keyKid2); break; default: break; } } var myVerifier = jose.createJWSVerifier(jwsSignedObject); // Verify all signatures for which a key has been set // At least one signature must have key set myVerifier.validate( function(error){ if (error) { // an error occurred during the sign process // write the error to the output context session.reject(error.errorMessage); return; } else { // All signature verifications have succeeded // therefore payload may be trusted var thePlaintext = jwsSignedObject.getPayload(); session.output.write(thePlaintext); } }); //--End Verify------- } });
mySign.sign('json',function(error, jwsObj) { if (error) { // An error occurred during the sign process and is passed back // via the error parameter since .sign is an asynchronous call // write the error to the output context throw new Error(error); } else { // jwsObj is the JWS JSON Serialization object. // { // "payload":"BASE64URL(JWS Payload)", // "signatures":[ // {"protected":"BASE64URL(UTF8(JWS Protected Header 1))", // "header":<non-integrity-protected header 1 contents>, // "signature":"BASE64URL(JWS Signature 1)"}, // ... // {"protected":"BASE64URL(UTF8(JWS Protected Header N))", // "header":<non-integrity-protected header N contents>, // "signature":"BASE64URL(JWS Signature N)"}] // } // // since the operation was successful you can write the // object to the output context // session.output.write(jwsObj); // or log the value ... // console.debug(jwsObj); // or verify it now... //--Begin Verify------- var jwsSignedObject = jose.parse(jwsObj) ; // Parse of the JWS successful // Access the per-signature data and set key for each signature // for verification var signedJWSHeaders = jwsSignedObject.getSignatures(); for (var i = 0; i < signedJWSHeaders.length; i++) { var hdr2 = signedJWSHeaders[i]; // FYI HowTo: Retrieve the Protected Header as a JSON Object // Retrieve a single Header Parameter Value by passing it's name // getProtected(name), getUnprotected(name) or get(name) // var allProtectedHeaderParameters = hdr2.getProtected(); // FYI HowTo: Retrieve the Unprotected Header as a JSON Object // var allUnprotectedHeaderParameters = hdr2.getUnrotected(); // Extract the value for the Header Parameter named 'kid' var kid = hdr2.get('kid'); switch (kid) { case 'kid1': // Set the key so the signature can and will be verified hdr2.setKey(keyKid1); break; case 'kid2': // Set the key so the signature can and will be verified hdr2.setKey(keyKid2); break; default: break; } } var myVerifier = jose.createJWSVerifier(jwsSignedObject); // Verify all signatures for which a key has been set // At least one signature must have key set myVerifier.validate( function(error){ if (error) { // an error occurred during the sign process // write the error to the output context throw new Error(error); } else { // All signature verifications have succeeded // therefore payload may be trusted var thePlaintext = jwsSignedObject.getPayload(); session.output.write(thePlaintext); } }); //--End Verify------- } });