kjwt-core/co.touchlab.kjwt.model.jwk/Jwk

Jwk

@Serializable(with = JwkSerializer::class)

sealed class Jwk(source)

Sealed class representing a JSON Web Key (JWK) as defined in RFC 7517.

A JWK is a JSON object that represents a cryptographic key. The three supported key types are:

Rsa — RSA public or private key (kty = "RSA").
Ec — Elliptic Curve public or private key (kty = "EC").
Oct — Symmetric (octet sequence) key (kty = "oct").

Each subtype exposes its own required parameters as well as the common parameters defined in RFC 7517 §4 (use, key_ops, alg, kid). JWK Thumbprints (RFC 7638) are available through the thumbprint property.

Inheritors

Rsa

Oct

Types

@Serializable(with = JwkEcSerializer::class)

data class Ec(val crv: String, val x: String, val y: String, val d: String? = null, val use: String? = null, val keyOps: List<String>? = null, val alg: String? = null, val kid: String? = null) : Jwk

Elliptic Curve key (kty = "EC"). Public key requires crv, x, and y. Private key additionally requires d. Supported curves: "P-256", "P-384", "P-521".

Oct

@Serializable(with = JwkOctSerializer::class)

data class Oct(val k: String, val use: String? = null, val keyOps: List<String>? = null, val alg: String? = null, val kid: String? = null) : Jwk

Symmetric (octet sequence) key (kty = "oct"). The k parameter holds the raw key bytes encoded as base64url. Always considered private key material.

Rsa

@Serializable(with = JwkRsaSerializer::class)

data class Rsa(val n: String, val e: String, val d: String? = null, val p: String? = null, val q: String? = null, val dp: String? = null, val dq: String? = null, val qi: String? = null, val use: String? = null, val keyOps: List<String>? = null, val alg: String? = null, val kid: String? = null) : Jwk

RSA key (kty = "RSA"). Public key requires n and e. Private key additionally requires d; CRT parameters p, q, dp, dq, qi are optional but required for key conversion to cryptography-kotlin types.