This library is an extension of the node-jose library, and uses monkey-patching to extend the capabilities of node-jose. It provides JWE-based encrypters/decrypters and JWS-based signers/verifiers for cryptographic operations with keys stored in AWS Key Management Service (KMS).
You can install the library from npm using the following command. This library requires Node.js 18 or above.
npm install @aws-crypto/node-jose_aws-kms-extension
Import the necessary classes from @aws-crypto/node-jose_aws-kms-extension
module:
import {
KMSAsymmetricSigningKey,
KMSSymmetricCEK,
KMSSymmetricKey,
} from '@aws-crypto/node-jose_aws-kms-extension';
Import the main jose object.
import { jose } from '@aws-crypto/node-jose_aws-kms-extension';
Now, you can use all existing node-jose features as you would in the absence of this library. This library adds AWS KMS support transparently. You can use your AWS KMS keys for various encryption and signing operations using the regular node-jose functions. AWS KMS-specific algorithm names are supported.
Supported node-jose
functions include:
jose.JWE.createEncrypt()
jose.JWE.createDecrypt()
jose.JWS.createSign()
jose.JWS.createVerify()
This library uses @aws-sdk/client-kms for all its communication with AWS KMS.
For consolidated usage examples, see Example
See CONTRIBUTING for more information.
This library is distributed under the Apache License, Version 2.0, see LICENSE and NOTICE for more information.