RFC7518: JSON Web Algorithms

This section contains the generic implementation of RFC7518.

Algorithms for JWS

The interface for JWS Algorithms are all inherit from authlib.jose.JWSAlgorithm.

Find how to use them in JSON Web Signature (JWS).

HMAC with SHA-2 Functions

This section is defined by RFC7518 Section 3.2.

  1. HS256: HMAC using SHA-256

  2. HS384: HMAC using SHA-384

  3. HS512: HMAC using SHA-512

Digital Signature with RSASSA-PKCS1-v1_5

Algorithms in this section requires extra crypto backends. This section is defined by RFC7518 Section 3.3.

  1. RS256: RSASSA-PKCS1-v1_5 using SHA-256

  2. RS384: RSASSA-PKCS1-v1_5 using SHA-384

  3. RS512: RSASSA-PKCS1-v1_5 using SHA-384

Digital Signature with ECDSA

Algorithms in this section requires extra crypto backends. This section is defined by RFC7518 Section 3.4.

  1. ES256: ECDSA using P-256 and SHA-256

  2. ES384: ECDSA using P-384 and SHA-384

  3. ES384: ECDSA using P-521 and SHA-512

Digital Signature with RSASSA-PSS

Algorithms in this section requires extra crypto backends. This section is defined by RFC7518 Section 3.5.

  1. PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256

  2. PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384

  3. PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512

Algorithms for JWE

This section contains algorithms for JWE alg and enc header. For alg the interface are all inherited from authlib.jose.JWEAlgorithm. For enc, the interface are inherited from authlib.jose.JWEEncAlgorithm.

Current available algorithms for alg:

  1. dir: Direct use of a shared symmetric key

  2. RSA1_5: RSAES-PKCS1-v1_5

  3. RSA-OAEP: RSAES OAEP using default parameters

  4. RSA-OAEP-256: RSAES OAEP using SHA-256 and MGF1 with SHA-256

  5. A128KW: AES Key Wrap with default initial value using 128-bit key

  6. A192KW: AES Key Wrap with default initial value using 192-bit key

  7. A256KW: AES Key Wrap with default initial value using 256-bit key

  8. A128GCMKW: Key wrapping with AES GCM using 128-bit key

  9. A192GCMKW: Key wrapping with AES GCM using 192-bit key

  10. A256GCMKW: Key wrapping with AES GCM using 256-bit key

  11. ECDH-ES: In the Direct Key Agreement mode

  12. ECDH-ES+A128KW: using Concat KDF and CEK wrapped with A128KW

  13. ECDH-ES+A192KW: using Concat KDF and CEK wrapped with A192KW

  14. ECDH-ES+A256KW: using Concat KDF and CEK wrapped with A256KW

Current available algorithms for enc:

  1. A128CBC-HS256

  2. A192CBC-HS384

  3. A256CBC-HS512

  4. A128GCM

  5. A192GCM

  6. A256GCM

Current available algorithms for zip:

  1. DEF

Algorithms for JWK

This section defines the parameters for keys using the algorithms via RFC7518 Section 6.

Find how to use them in JSON Web Key (JWK).