package_name: jwe output: jwe/options_gen.go interfaces: - name: GlobalOption comment: | GlobalOption describes options that changes global settings for this package - name: GlobalDecryptOption comment: | GlobalDecryptOption describes options that changes global settings and for each call of the `jwe.Decrypt` function methods: - globalOption - decryptOption - name: CompactOption comment: | CompactOption describes options that can be passed to `jwe.Compact` - name: DecryptOption comment: | DecryptOption describes options that can be passed to `jwe.Decrypt` - name: EncryptOption comment: | EncryptOption describes options that can be passed to `jwe.Encrypt` - name: EncryptDecryptOption methods: - encryptOption - decryptOption comment: | EncryptDecryptOption describes options that can be passed to either `jwe.Encrypt` or `jwe.Decrypt` - name: WithJSONSuboption concrete_type: withJSONSuboption comment: | JSONSuboption describes suboptions that can be passed to `jwe.WithJSON()` option - name: WithKeySetSuboption comment: | WithKeySetSuboption is a suboption passed to the WithKeySet() option - name: ParseOption methods: - readFileOption comment: | ReadFileOption is a type of `Option` that can be passed to `jwe.Parse` - name: ReadFileOption comment: | ReadFileOption is a type of `Option` that can be passed to `jwe.ReadFile` options: - ident: Key skip_option: true - ident: Pretty skip_option: true - ident: ProtectedHeaders skip_option: true - ident: PerRecipientHeaders skip_option: true - ident: KeyProvider interface: DecryptOption argument_type: KeyProvider - ident: Context interface: DecryptOption argument_type: context.Context comment: | WithContext specifies the context.Context object to use when decrypting a JWE message. If not provided, context.Background() will be used. - ident: Serialization option_name: WithCompact interface: EncryptOption constant_value: fmtCompact comment: | WithCompact specifies that the result of `jwe.Encrypt()` is serialized in compact format. By default `jwe.Encrypt()` will opt to use compact format, so you usually do not need to specify this option other than to be explicit about it - ident: Compress interface: EncryptOption argument_type: jwa.CompressionAlgorithm comment: | WithCompress specifies the compression algorithm to use when encrypting a payload using `jwe.Encrypt` (Yes, we know it can only be "" or "DEF", but the way the specification is written it could allow for more options, and therefore this option takes an argument) - ident: ContentEncryptionAlgorithm interface: EncryptOption option_name: WithContentEncryption argument_type: jwa.ContentEncryptionAlgorithm comment: | WithContentEncryptionAlgorithm specifies the algorithm to encrypt the JWE message content with. If not provided, `jwa.A256GCM` is used. - ident: Message interface: DecryptOption argument_type: '*Message' comment: | WithMessage provides a message object to be populated by `jwe.Decrypt` Using this option allows you to decrypt AND obtain the `jwe.Message` in one go. - ident: RequireKid interface: WithKeySetSuboption argument_type: bool comment: | WithRequiredKid specifies whether the keys in the jwk.Set should only be matched if the target JWE message's Key ID and the Key ID in the given key matches. - ident: Pretty interface: WithJSONSuboption argument_type: bool comment: | WithPretty specifies whether the JSON output should be formatted and indented - ident: MergeProtectedHeaders interface: EncryptOption argument_type: bool comment: | WithMergeProtectedHeaders specify that when given multiple headers as options to `jwe.Encrypt`, these headers should be merged instead of overwritten - ident: FS interface: ReadFileOption argument_type: fs.FS comment: | WithFS specifies the source `fs.FS` object to read the file from. - ident: KeyUsed interface: DecryptOption argument_type: 'any' comment: | WithKeyUsed allows you to specify the `jwe.Decrypt()` function to return the key used for decryption. This may be useful when you specify multiple key sources or if you pass a `jwk.Set` and you want to know which key was successful at decrypting the CEK. `v` must be a pointer to an empty `any`. Do not use `jwk.Key` here unless you are 100% sure that all keys that you have provided are instances of `jwk.Key` (remember that the jwx API allows users to specify a raw key such as *rsa.PublicKey) - ident: CEK interface: DecryptOption argument_type: '*[]byte' comment: | WithCEK allows users to specify a variable to store the CEK used in the message upon successful decryption. The variable must be a pointer to a byte slice, and it will only be populated if the decryption is successful. This option is currently considered EXPERIMENTAL, and is subject to future changes across minor/micro versions. - ident: MaxPBES2Count interface: GlobalOption argument_type: int comment: | WithMaxPBES2Count specifies the maximum number of PBES2 iterations to use when decrypting a message. If not specified, the default value of 10,000 is used. This option has a global effect. - ident: MaxDecompressBufferSize interface: GlobalDecryptOption argument_type: int64 comment: | WithMaxDecompressBufferSize specifies the maximum buffer size for used when decompressing the payload of a JWE message. If a compressed JWE payload exceeds this amount when decompressed, jwe.Decrypt will return an error. The default value is 10MB. This option can be used for `jwe.Settings()`, which changes the behavior globally, or for `jwe.Decrypt()`, which changes the behavior for that specific call. - ident: CBCBufferSize interface: GlobalOption argument_type: int64 comment: | WithCBCBufferSize specifies the maximum buffer size for internal calculations, such as when AES-CBC is performed. The default value is 256MB. If set to an invalid value, the default value is used. In v2, this option was called MaxBufferSize. This option has a global effect. - ident: LegacyHeaderMerging interface: EncryptOption argument_type: bool option_name: WithLegacyHeaderMerging comment: | WithLegacyHeaderMerging specifies whether to perform legacy header merging when encrypting a JWE message in JSON serialization, when there is a single recipient. This behavior is enabled by default for backwards compatibility. When a JWE message is encrypted in JSON serialization, and there is only one recipient, this library automatically serializes the message in flattened JSON serialization format. In older versions of this library, the protected headers and the per-recipient headers were merged together before computing the AAD (Additional Authenticated Data), but the per-recipient headers were kept as-is in the `header` field of the recipient object. This behavior is not compliant with the JWE specification, which states that the headers must be disjoint. Passing this option with a value of `false` disables this legacy behavior, and while the per-recipient headers and protected headers are still merged for the purpose of computing AAD, the per-recipient headers are cleared after merging, so that the resulting JWE message is compliant with the specification. This option has no effect when there are multiple recipients, or when the serialization format is compact serialization. For multiple recipients (i.e. full JSON serialization), the protected headers and per-recipient headers are never merged, and it is the caller's responsibility to ensure that the headers are disjoint. In compact serialization, there are no per-recipient headers; in fact, the protected headers are the only headers that exist, and therefore there is no possibility of header collision after merging (note: while per-recipient headers do not make sense in compact serialization, this library does not prevent you from setting them -- they are all just merged into the protected headers). In future versions, the new behavior will be the default. New users are encouraged to set this option to `false` now to avoid future issues.