@aws-crypto/node-jose_aws-kms-extension v2.0.2

node-jose_aws-kms-extension

This library is an extension of the node-jose library, and uses monkey-patching to extend the capabilities of node-jose. It provides JWE-based encrypters/decrypters and JWS-based signers/verifiers for cryptographic operations with keys stored in AWS Key Management Service (KMS).

Installation

You can install the library from npm using the following command. This library requires Node.js 18 or above.

npm install @aws-crypto/node-jose_aws-kms-extension

Usage

Import the necessary classes from @aws-crypto/node-jose_aws-kms-extension module:

import {
  KMSAsymmetricSigningKey,
  KMSSymmetricCEK,
  KMSSymmetricKey,
} from '@aws-crypto/node-jose_aws-kms-extension';

Import the main jose object.

import { jose } from '@aws-crypto/node-jose_aws-kms-extension';

Now, you can use all existing node-jose features as you would in the absence of this library. This library adds AWS KMS support transparently. You can use your AWS KMS keys for various encryption and signing operations using the regular node-jose functions. AWS KMS-specific algorithm names are supported.

Supported node-jose functions include:

1. jose.JWE.createEncrypt()
2. jose.JWE.createDecrypt()
3. jose.JWS.createSign()
4. jose.JWS.createVerify()

This library uses @aws-sdk/client-kms for all its communication with AWS KMS.

For consolidated usage examples, see Example

Security

See CONTRIBUTING for more information.

License

This library is distributed under the Apache License, Version 2.0, see LICENSE and NOTICE for more information.