[{"data":1,"prerenderedAt":935},["ShallowReactive",2],{"navigation":3,"-jwk":167,"-jwk-surround":932},[4,22,78,106,141,148],{"title":5,"path":6,"stem":7,"children":8},"Introduction","\u002Fgetting-started","0.Getting-Started\u002F0.index",[9,10,14,18],{"title":5,"path":6,"stem":7},{"title":11,"path":12,"stem":13},"Installation","\u002Fgetting-started\u002Finstallation","0.Getting-Started\u002F1.installation",{"title":15,"path":16,"stem":17},"Quickstart","\u002Fgetting-started\u002Fquickstart","0.Getting-Started\u002F2.quickstart",{"title":19,"path":20,"stem":21},"Core concepts","\u002Fgetting-started\u002Fcore-concepts","0.Getting-Started\u002F3.core-concepts",{"title":23,"path":24,"stem":25,"children":26,"icon":28},"JWT","\u002Fjwt","1.JWT\u002F0.index",[27,29,52],{"title":23,"path":24,"stem":25,"icon":28},"i-carbon-certificate",{"title":30,"path":31,"stem":32,"children":33,"icon":35},"JWS","\u002Fjwt\u002Fjws","1.JWT\u002F1.JWS\u002F0.index",[34,36,40,44,48],{"title":30,"path":31,"stem":32,"icon":35},"i-carbon-document-signed",{"title":37,"path":38,"stem":39},"Signing","\u002Fjwt\u002Fjws\u002Fsigning","1.JWT\u002F1.JWS\u002F1.signing",{"title":41,"path":42,"stem":43},"Verifying","\u002Fjwt\u002Fjws\u002Fverifying","1.JWT\u002F1.JWS\u002F2.verifying",{"title":45,"path":46,"stem":47},"Multi-signature","\u002Fjwt\u002Fjws\u002Fmulti-signature","1.JWT\u002F1.JWS\u002F3.multi-signature",{"title":49,"path":50,"stem":51},"Algorithms","\u002Fjwt\u002Fjws\u002Falgorithms","1.JWT\u002F1.JWS\u002F4.algorithms",{"title":53,"path":54,"stem":55,"children":56,"icon":58},"JWE","\u002Fjwt\u002Fjwe","1.JWT\u002F2.JWE\u002F0.index",[57,59,63,67,71,75],{"title":53,"path":54,"stem":55,"icon":58},"i-carbon-locked",{"title":60,"path":61,"stem":62},"Encrypting","\u002Fjwt\u002Fjwe\u002Fencrypting","1.JWT\u002F2.JWE\u002F1.encrypting",{"title":64,"path":65,"stem":66},"Decrypting","\u002Fjwt\u002Fjwe\u002Fdecrypting","1.JWT\u002F2.JWE\u002F2.decrypting",{"title":68,"path":69,"stem":70},"Multi-recipient","\u002Fjwt\u002Fjwe\u002Fmulti-recipient","1.JWT\u002F2.JWE\u002F3.multi-recipient",{"title":72,"path":73,"stem":74},"ECDH-ES and end-to-end encryption","\u002Fjwt\u002Fjwe\u002Fecdh-es","1.JWT\u002F2.JWE\u002F4.ecdh-es",{"title":49,"path":76,"stem":77},"\u002Fjwt\u002Fjwe\u002Falgorithms","1.JWT\u002F2.JWE\u002F5.algorithms",{"title":79,"path":80,"stem":81,"children":82,"icon":84},"Examples","\u002Fexamples","10.Examples\u002F0.index",[83,85,90,94,98,102],{"title":79,"path":80,"stem":81,"icon":84},"i-carbon-code-reference",{"title":86,"path":87,"stem":88,"icon":89},"Authentication basics","\u002Fexamples\u002Fauthentication-basics","10.Examples\u002F1.authentication-basics","i-lucide-code",{"title":91,"path":92,"stem":93,"icon":89},"Consuming a JWKS endpoint","\u002Fexamples\u002Fjwks-endpoint","10.Examples\u002F2.jwks-endpoint",{"title":95,"path":96,"stem":97,"icon":89},"Refresh token pattern","\u002Fexamples\u002Frefresh-token-pattern","10.Examples\u002F3.refresh-token-pattern",{"title":99,"path":100,"stem":101,"icon":89},"End-to-end encryption","\u002Fexamples\u002Fend-to-end-encryption","10.Examples\u002F4.end-to-end-encryption",{"title":103,"path":104,"stem":105,"icon":89},"Signed receipts","\u002Fexamples\u002Fsigned-receipts","10.Examples\u002F5.signed-receipts",{"title":107,"path":108,"stem":109,"children":110,"icon":112},"JWK","\u002Fjwk","2.JWK\u002F0.index",[111,113,117,121,125,129,133,137],{"title":107,"path":108,"stem":109,"icon":112},"i-carbon-two-factor-authentication",{"title":114,"path":115,"stem":116},"Generating keys","\u002Fjwk\u002Fgenerating","2.JWK\u002F1.generating",{"title":118,"path":119,"stem":120},"Importing and exporting","\u002Fjwk\u002Fimport-export","2.JWK\u002F2.import-export",{"title":122,"path":123,"stem":124},"PEM conversion","\u002Fjwk\u002Fpem","2.JWK\u002F3.pem",{"title":126,"path":127,"stem":128},"Key wrapping","\u002Fjwk\u002Fwrapping","2.JWK\u002F4.wrapping",{"title":130,"path":131,"stem":132},"Password derivation","\u002Fjwk\u002Fpassword-derivation","2.JWK\u002F5.password-derivation",{"title":134,"path":135,"stem":136},"JWK Sets","\u002Fjwk\u002Fjwk-sets","2.JWK\u002F6.jwk-sets",{"title":138,"path":139,"stem":140},"JWK cache","\u002Fjwk\u002Fcache","2.JWK\u002F7.cache",{"title":142,"path":143,"stem":144,"children":145,"icon":147},"Utilities","\u002Futilities","3.Utilities\u002F0.index",[146],{"title":142,"path":143,"stem":144,"icon":147},"i-carbon-tool-box",{"title":149,"path":150,"stem":151,"children":152,"icon":154},"Adapters","\u002Fadapters","99.Adapters\u002F0.index",[153,155,159,163],{"title":149,"path":150,"stem":151,"icon":154},"i-carbon-plug",{"title":156,"path":157,"stem":158},"H3 sessions","\u002Fadapters\u002Fh3-sessions","99.Adapters\u002F1.h3-sessions",{"title":160,"path":161,"stem":162},"Lifecycle hooks","\u002Fadapters\u002Fhooks","99.Adapters\u002F2.hooks",{"title":164,"path":165,"stem":166},"Lower-level functions","\u002Fadapters\u002Flower-level","99.Adapters\u002F3.lower-level",{"id":168,"title":107,"body":169,"description":200,"extension":927,"meta":928,"navigation":929,"path":108,"seo":930,"stem":109,"__hash__":931},"content\u002F2.JWK\u002F0.index.md",{"type":170,"value":171,"toc":921,"icon":112},"minimark",[172,177,194,273,276,321,326,333,437,444,486,502,506,512,627,648,656,744,748,847,851,917],[173,174,176],"h1",{"id":175},"jwk-keys-as-json","JWK — keys as JSON",[178,179,180,181,185,186,193],"p",{},"A ",[182,183,184],"strong",{},"JSON Web Key"," (",[187,188,192],"a",{"href":189,"rel":190},"https:\u002F\u002Fwww.rfc-editor.org\u002Frfc\u002Frfc7517",[191],"nofollow","RFC 7517",") is a portable JSON representation of a cryptographic key. Every signing, verifying, encrypting, and decrypting operation in unjwt starts with a key — and JWK is the lingua franca for carrying that key through config files, environment variables, databases, and across the wire.",[195,196,201],"pre",{"className":197,"code":198,"language":199,"meta":200,"style":200},"language-json shiki shiki-themes github-light github-dark github-dark","{\n  \"kty\": \"oct\",\n  \"k\": \"GawgguFyGrWKav7AX4VKUg\",\n  \"alg\": \"HS256\",\n  \"kid\": \"4c3d-...\"\n}\n","json","",[202,203,204,213,230,243,256,267],"code",{"__ignoreMap":200},[205,206,209],"span",{"class":207,"line":208},"line",1,[205,210,212],{"class":211},"slsVL","{\n",[205,214,216,220,223,227],{"class":207,"line":215},2,[205,217,219],{"class":218},"suiK_","  \"kty\"",[205,221,222],{"class":211},": ",[205,224,226],{"class":225},"sfrk1","\"oct\"",[205,228,229],{"class":211},",\n",[205,231,233,236,238,241],{"class":207,"line":232},3,[205,234,235],{"class":218},"  \"k\"",[205,237,222],{"class":211},[205,239,240],{"class":225},"\"GawgguFyGrWKav7AX4VKUg\"",[205,242,229],{"class":211},[205,244,246,249,251,254],{"class":207,"line":245},4,[205,247,248],{"class":218},"  \"alg\"",[205,250,222],{"class":211},[205,252,253],{"class":225},"\"HS256\"",[205,255,229],{"class":211},[205,257,259,262,264],{"class":207,"line":258},5,[205,260,261],{"class":218},"  \"kid\"",[205,263,222],{"class":211},[205,265,266],{"class":225},"\"4c3d-...\"\n",[205,268,270],{"class":207,"line":269},6,[205,271,272],{"class":211},"}\n",[178,274,275],{},"Import:",[195,277,281],{"className":278,"code":279,"language":280,"meta":200,"style":200},"language-ts shiki shiki-themes github-light github-dark github-dark","import { generateJWK, importKey, exportKey } from \"unjwt\u002Fjwk\";\n\u002F\u002F or from the flat barrel:\nimport { generateJWK } from \"unjwt\";\n","ts",[202,282,283,301,307],{"__ignoreMap":200},[205,284,285,289,292,295,298],{"class":207,"line":208},[205,286,288],{"class":287},"so5gQ","import",[205,290,291],{"class":211}," { generateJWK, importKey, exportKey } ",[205,293,294],{"class":287},"from",[205,296,297],{"class":225}," \"unjwt\u002Fjwk\"",[205,299,300],{"class":211},";\n",[205,302,303],{"class":207,"line":215},[205,304,306],{"class":305},"sCsY4","\u002F\u002F or from the flat barrel:\n",[205,308,309,311,314,316,319],{"class":207,"line":232},[205,310,288],{"class":287},[205,312,313],{"class":211}," { generateJWK } ",[205,315,294],{"class":287},[205,317,318],{"class":225}," \"unjwt\"",[205,320,300],{"class":211},[322,323,325],"h2",{"id":324},"basic-usage","Basic usage",[178,327,328,329,332],{},"The most common operation — ",[182,330,331],{},"create a key",":",[195,334,337],{"className":278,"code":335,"filename":336,"language":280,"meta":200,"style":200},"import { generateJWK } from \"unjwt\u002Fjwk\";\n\n\u002F\u002F Symmetric — one JWK\nconst hmacKey = await generateJWK(\"HS256\");\n\u002F\u002F { kty: \"oct\", k: \"...\", alg: \"HS256\", kid: \"4c3d-...\" }\n\n\u002F\u002F Asymmetric — a pair\nconst { privateKey, publicKey } = await generateJWK(\"RS256\");\n","generate.ts",[202,338,339,351,357,362,388,393,397,403],{"__ignoreMap":200},[205,340,341,343,345,347,349],{"class":207,"line":208},[205,342,288],{"class":287},[205,344,313],{"class":211},[205,346,294],{"class":287},[205,348,297],{"class":225},[205,350,300],{"class":211},[205,352,353],{"class":207,"line":215},[205,354,356],{"emptyLinePlaceholder":355},true,"\n",[205,358,359],{"class":207,"line":232},[205,360,361],{"class":305},"\u002F\u002F Symmetric — one JWK\n",[205,363,364,367,370,373,376,380,383,385],{"class":207,"line":245},[205,365,366],{"class":287},"const",[205,368,369],{"class":218}," hmacKey",[205,371,372],{"class":287}," =",[205,374,375],{"class":287}," await",[205,377,379],{"class":378},"shcOC"," generateJWK",[205,381,382],{"class":211},"(",[205,384,253],{"class":225},[205,386,387],{"class":211},");\n",[205,389,390],{"class":207,"line":258},[205,391,392],{"class":305},"\u002F\u002F { kty: \"oct\", k: \"...\", alg: \"HS256\", kid: \"4c3d-...\" }\n",[205,394,395],{"class":207,"line":269},[205,396,356],{"emptyLinePlaceholder":355},[205,398,400],{"class":207,"line":399},7,[205,401,402],{"class":305},"\u002F\u002F Asymmetric — a pair\n",[205,404,406,408,411,414,417,420,423,426,428,430,432,435],{"class":207,"line":405},8,[205,407,366],{"class":287},[205,409,410],{"class":211}," { ",[205,412,413],{"class":218},"privateKey",[205,415,416],{"class":211},", ",[205,418,419],{"class":218},"publicKey",[205,421,422],{"class":211}," } ",[205,424,425],{"class":287},"=",[205,427,375],{"class":287},[205,429,379],{"class":378},[205,431,382],{"class":211},[205,433,434],{"class":225},"\"RS256\"",[205,436,387],{"class":211},[178,438,439,440,443],{},"Every JWK produced by ",[202,441,442],{},"generateJWK()"," includes:",[445,446,447,467,480],"ul",{},[448,449,450,453,454,456,457,456,460,456,463,466],"li",{},[202,451,452],{},"kty"," — key type (",[202,455,226],{}," | ",[202,458,459],{},"\"RSA\"",[202,461,462],{},"\"EC\"",[202,464,465],{},"\"OKP\"",").",[448,468,469,472,473,416,475,416,477,466],{},[202,470,471],{},"alg"," — the algorithm it's meant for (e.g. ",[202,474,253],{},[202,476,434],{},[202,478,479],{},"\"Ed25519\"",[448,481,482,485],{},[202,483,484],{},"kid"," — an auto-generated UUID, which any JWT signed with this key will carry in its header for routing.",[178,487,488,489,416,492,416,495,416,498,501],{},"Those three fields are why the rest of the library \"just works\" — ",[202,490,491],{},"sign()",[202,493,494],{},"verify()",[202,496,497],{},"encrypt()",[202,499,500],{},"decrypt()"," all read them and do the right thing.",[322,503,505],{"id":504},"the-jwk-shape","The JWK shape",[178,507,508,509,511],{},"Every JWK has a ",[202,510,452],{}," (key type) field that determines its other properties:",[513,514,515,532],"table",{},[516,517,518],"thead",{},[519,520,521,526,529],"tr",{},[522,523,524],"th",{},[202,525,452],{},[522,527,528],{},"Meaning",[522,530,531],{},"Key fields",[533,534,535,551,588,610],"tbody",{},[519,536,537,542,545],{},[538,539,540],"td",{},[202,541,226],{},[538,543,544],{},"Symmetric (secret)",[538,546,547,550],{},[202,548,549],{},"k"," (base64url-encoded bytes)",[519,552,553,557,560],{},[538,554,555],{},[202,556,459],{},[538,558,559],{},"RSA keypair",[538,561,562,416,565,568,569,572,573,572,575,572,578,572,581,572,584,587],{},[202,563,564],{},"n",[202,566,567],{},"e",", and ",[202,570,571],{},"d","\u002F",[202,574,178],{},[202,576,577],{},"q",[202,579,580],{},"dp",[202,582,583],{},"dq",[202,585,586],{},"qi"," if private",[519,589,590,594,597],{},[538,591,592],{},[202,593,462],{},[538,595,596],{},"Elliptic curve",[538,598,599,416,602,416,605,568,608,587],{},[202,600,601],{},"crv",[202,603,604],{},"x",[202,606,607],{},"y",[202,609,571],{},[519,611,612,616,619],{},[538,613,614],{},[202,615,465],{},[538,617,618],{},"\"Octet Key Pair\" (EdDSA \u002F X25519 \u002F Ed448)",[538,620,621,416,623,568,625,587],{},[202,622,601],{},[202,624,604],{},[202,626,571],{},[178,628,629,630,633,634,636,637,639,640,643,644,647],{},"A JWK is ",[182,631,632],{},"public"," if it carries no ",[202,635,571],{}," (or has no ",[202,638,571],{}," equivalent for ",[202,641,642],{},"oct","); ",[182,645,646],{},"private"," if it does.",[178,649,650,651,655],{},"unjwt provides ",[187,652,654],{"href":653},"\u002Futilities#type-guards","type guards"," to distinguish:",[195,657,659],{"className":278,"code":658,"language":280,"meta":200,"style":200},"import { isPublicJWK, isPrivateJWK, isSymmetricJWK } from \"unjwt\u002Futils\";\n\nif (isSymmetricJWK(key)) {\n  \u002F* kty === \"oct\" *\u002F\n}\nif (isPublicJWK(key)) {\n  \u002F* asymmetric, no d *\u002F\n}\nif (isPrivateJWK(key)) {\n  \u002F* asymmetric, has d *\u002F\n}\n",[202,660,661,675,679,692,697,701,712,717,721,733,739],{"__ignoreMap":200},[205,662,663,665,668,670,673],{"class":207,"line":208},[205,664,288],{"class":287},[205,666,667],{"class":211}," { isPublicJWK, isPrivateJWK, isSymmetricJWK } ",[205,669,294],{"class":287},[205,671,672],{"class":225}," \"unjwt\u002Futils\"",[205,674,300],{"class":211},[205,676,677],{"class":207,"line":215},[205,678,356],{"emptyLinePlaceholder":355},[205,680,681,684,686,689],{"class":207,"line":232},[205,682,683],{"class":287},"if",[205,685,185],{"class":211},[205,687,688],{"class":378},"isSymmetricJWK",[205,690,691],{"class":211},"(key)) {\n",[205,693,694],{"class":207,"line":245},[205,695,696],{"class":305},"  \u002F* kty === \"oct\" *\u002F\n",[205,698,699],{"class":207,"line":258},[205,700,272],{"class":211},[205,702,703,705,707,710],{"class":207,"line":269},[205,704,683],{"class":287},[205,706,185],{"class":211},[205,708,709],{"class":378},"isPublicJWK",[205,711,691],{"class":211},[205,713,714],{"class":207,"line":399},[205,715,716],{"class":305},"  \u002F* asymmetric, no d *\u002F\n",[205,718,719],{"class":207,"line":405},[205,720,272],{"class":211},[205,722,724,726,728,731],{"class":207,"line":723},9,[205,725,683],{"class":287},[205,727,185],{"class":211},[205,729,730],{"class":378},"isPrivateJWK",[205,732,691],{"class":211},[205,734,736],{"class":207,"line":735},10,[205,737,738],{"class":305},"  \u002F* asymmetric, has d *\u002F\n",[205,740,742],{"class":207,"line":741},11,[205,743,272],{"class":211},[322,745,747],{"id":746},"what-you-can-do-with-a-jwk","What you can do with a JWK",[445,749,750,761,772,787,804,820,831,839],{},[448,751,752,755,756,760],{},[182,753,754],{},"Generate"," one — ",[187,757,758],{"href":115},[202,759,442],{},".",[448,762,763,766,767,760],{},[182,764,765],{},"Import"," existing material — ",[187,768,769],{"href":119},[202,770,771],{},"importKey()",[448,773,774,777,778,781,782,760],{},[182,775,776],{},"Export"," a ",[202,779,780],{},"CryptoKey"," to JWK — ",[187,783,784],{"href":119},[202,785,786],{},"exportKey()",[448,788,789,792,793,798,799,760],{},[182,790,791],{},"Convert to\u002Ffrom PEM"," — ",[187,794,795],{"href":123},[202,796,797],{},"importPEM()"," \u002F ",[187,800,801],{"href":123},[202,802,803],{},"exportPEM()",[448,805,806,809,810,798,815,760],{},[182,807,808],{},"Wrap \u002F unwrap"," a key with another key — ",[187,811,812],{"href":127},[202,813,814],{},"wrapKey()",[187,816,817],{"href":127},[202,818,819],{},"unwrapKey()",[448,821,822,825,826,760],{},[182,823,824],{},"Derive"," from a password — ",[187,827,828],{"href":131},[202,829,830],{},"deriveJWKFromPassword()",[448,832,833,836,837,760],{},[182,834,835],{},"Rotate"," using a JWK Set — ",[187,838,134],{"href":135},[448,840,841,844,845,760],{},[182,842,843],{},"Cache"," to avoid repeat imports — ",[187,846,138],{"href":139},[322,848,850],{"id":849},"going-further","Going further",[445,852,853,866,882,893,899,905,911],{},[448,854,855,792,858,861,862,865],{},[187,856,857],{"href":115},"Generating keys →",[202,859,860],{},"generateKey"," vs ",[202,863,864],{},"generateJWK",", algorithms, curves, RSA modulus.",[448,867,868,792,871,416,874,877,878,881],{},[187,869,870],{"href":119},"Importing & exporting →",[202,872,873],{},"importKey",[202,875,876],{},"exportKey",", the ",[202,879,880],{},"expect"," option.",[448,883,884,792,887,798,890,760],{},[187,885,886],{"href":123},"PEM conversion →",[202,888,889],{},"importPEM",[202,891,892],{},"exportPEM",[448,894,895,898],{},[187,896,897],{"href":127},"Wrapping & unwrapping →"," — wrapping a CEK for custom protocols.",[448,900,901,904],{},[187,902,903],{"href":131},"Password derivation →"," — PBES2 and PBKDF2.",[448,906,907,910],{},[187,908,909],{"href":135},"JWK Sets →"," — multi-key selection, JWKS endpoints, key rotation.",[448,912,913,916],{},[187,914,915],{"href":139},"JWK cache →"," — controlling how imported CryptoKeys are memoized.",[918,919,920],"style",{},"html pre.shiki code .so5gQ, html code.shiki .so5gQ{--shiki-light:#D73A49;--shiki-default:#F97583;--shiki-dark:#F97583}html pre.shiki code .slsVL, html code.shiki .slsVL{--shiki-light:#24292E;--shiki-default:#E1E4E8;--shiki-dark:#E1E4E8}html pre.shiki code .sfrk1, html code.shiki .sfrk1{--shiki-light:#032F62;--shiki-default:#9ECBFF;--shiki-dark:#9ECBFF}html pre.shiki code .sCsY4, html code.shiki .sCsY4{--shiki-light:#6A737D;--shiki-default:#6A737D;--shiki-dark:#6A737D}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .suiK_, html code.shiki .suiK_{--shiki-light:#005CC5;--shiki-default:#79B8FF;--shiki-dark:#79B8FF}html pre.shiki code .shcOC, html code.shiki .shcOC{--shiki-light:#6F42C1;--shiki-default:#B392F0;--shiki-dark:#B392F0}",{"title":200,"searchDepth":215,"depth":215,"links":922},[923,924,925,926],{"id":324,"depth":215,"text":325},{"id":504,"depth":215,"text":505},{"id":746,"depth":215,"text":747},{"id":849,"depth":215,"text":850},"md",{"icon":112},{"icon":112},{"title":107,"description":200},"eh1U16ypCyhqPku0bpl8vXClIO8sbu4wktY-BItty2Y",[933,934],{"title":103,"path":104,"stem":105,"description":200,"icon":89,"children":-1},{"title":114,"path":115,"stem":116,"description":200,"children":-1},1776888557911]