Noob attempt to translate Web Crypto API calls into Elixir


I’ve been trying to implement the following javascript code provided by Cloudflare to generate tokens to secure video streams (Secure your Stream · Cloudflare Stream docs)

// Main function
async function streamSignedUrl () {
  const encoder = new TextEncoder()
  const expiresIn = Math.floor( / 1000) + expiresTimeInS
  const headers = {
    "alg": "RS256",
    "kid": keyID
  const data = {
    "sub": videoUID,
    "kid": keyID,
    "exp": expiresIn,
    "accessRules": [
        "type": "",
        "action": "allow",
        "country": [
        "type": "any",
        "action": "block"

  const token = `${objectToBase64url(headers)}.${objectToBase64url(data)}`

  const jwk = JSON.parse(atob(jwkKey))

  const key = await crypto.subtle.importKey(
    "jwk", jwk,
      name: 'RSASSA-PKCS1-v1_5',
      hash: 'SHA-256',
    false, [ "sign" ]

  const signature = await crypto.subtle.sign(
    { name: 'RSASSA-PKCS1-v1_5' }, key,

  const signedToken = `${token}.${arrayBufferToBase64Url(signature)}`

  return signedToken

// Utilities functions
function arrayBufferToBase64Url(buffer) {
  return btoa(String.fromCharCode( Uint8Array(buffer)))
    .replace(/=/g, '')
    .replace(/\+/g, '-')
    .replace(/\//g, '_')

function objectToBase64url(payload) {
  return arrayBufferToBase64Url(
    new TextEncoder().encode(JSON.stringify(payload)),

I was able to produce the token variable successfully by comparing the outputs of the javascript code with the output I generate on my elixir code, and then produce the same object assigned to jwk variable in the shape of a elixir map, but then I got got stuck.

I don’t quite understand what would be the equivalent (if there is one) in Elixir for what is produced by crypto.subtle.importKey and crypto.subtle.sign.

crypto.subtle.importKey returns a CryptoKey object that can be used as argument in crypto.subtle.sign but I couldn’t find elixir/erlang counterpart for this.

Could anyone give me some guidance on how to proceed or where to get more information on this?
I don’t even know what to lookup.


Take a look at Joken and the underlying JOSE library, they may do what you need.