# Provided Features

## Supported Input Types

JWS or JWE objects support every input that can be encoded into JSON:

* `string`, `array`, `integer`, `float`...
* Objects that implement the `\JsonSerializable` interface such as `JWK` or `JWKSet`

The [detached payload](https://web-token.spomky-labs.com/advanced-topics/signed-tokens/detached-payload) is supported.

## Supported Serialization Modes

| Serialization syntax | JWS | JWE |
| -------------------- | --- | --- |
| Compact              | YES | YES |
| Flattened JSON       | YES | YES |
| General JSON         | YES | YES |

## Supported Compression Methods

{% hint style="danger" %}
Compression is not recommended. Since version 4.0, compression support has been removed. See [RFC 8725](https://datatracker.ietf.org/doc/html/rfc8725#section-3.6) for more information.
{% endhint %}

## Supported Key Types (JWK)

| Key Type | Supported | Comment                               |
| -------- | --------- | ------------------------------------- |
| oct      | YES       | Symmetric keys                        |
| RSA      | YES       | RSA based asymmetric keys             |
| EC       | YES       | Elliptic Curves based asymmetric keys |
| OKP      | YES       | Octet Key Pair based asymmetric keys  |

JWK objects support JSON Web Key Thumbprint ([RFC 7638](https://tools.ietf.org/html/rfc7638)).

{% hint style="info" %}
A `none` key type is available for the `none` algorithm. It is used to explicitly allow this unsecured algorithm.
{% endhint %}

## Key Sets (JWKSet)

JWKSet is fully supported.

## Supported Signature Algorithms

| Signature Algorithm                  | Supported | Comment                                                                                                    |
| ------------------------------------ | --------- | ---------------------------------------------------------------------------------------------------------- |
| <p>HS256</p><p>HS384</p><p>HS512</p> | YES       |                                                                                                            |
| <p>ES256</p><p>ES384</p><p>ES512</p> | YES       |                                                                                                            |
| <p>RS256</p><p>RS384</p><p>RS512</p> | YES       |                                                                                                            |
| <p>PS256</p><p>PS384</p><p>PS512</p> | YES       | <mark style="color:orange;">GMP or BCMath extension is highly recommended</mark>                           |
| EdDSA with Ed25519 curve             | YES       | <mark style="color:orange;">SODIUM extension is required</mark>                                            |
| EdDSA with Ed448 curve               | NO        | No extension or built-in implementation available                                                          |
| none                                 | YES       | <mark style="color:red;">**Please note that this is not a secured algorithm. USE IT WITH CAUTION!**</mark> |

{% hint style="info" %}
Other signature algorithms like `RS1`, `HS1`, `HS256/64`, `ES256K`, and `Blake2b` are also available in the `Jose\Experimental` namespace. These algorithms should be used for testing purposes only or for compatibility with old systems.
{% endhint %}

## Supported Key Encryption Algorithms

| Key Encryption Algorithm                                                      | Supported |                                                                                                                                                                  |
| ----------------------------------------------------------------------------- | --------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| dir                                                                           | YES       |                                                                                                                                                                  |
| <p>RSA1\_5</p><p>RSA-OAEP</p><p>RSA-OAEP-256</p>                              | YES       | <p><mark style="color:orange;">GMP or BCMath extension is highly recommended</mark><br><br><mark style="color:red;"><strong>Read note below!</strong></mark></p> |
| <p>ECDH-ES</p><p>ECDH-ES+A128KW</p><p>ECDH-ES+A192KW</p><p>ECDH-ES+A256KW</p> | YES       | `spomky-labs/aes-key-wrap` is required for \*KW algorithms                                                                                                       |
| <p>ECDH-SS</p><p>ECDH-SS+A128KW</p><p>ECDH-SS+A192KW</p><p>ECDH-SS+A256KW</p> | YES       | `spomky-labs/aes-key-wrap` is required for \*KW algorithms                                                                                                       |
| <p>A128KW</p><p>A192KW</p><p>A256KW</p>                                       | YES       | `spomky-labs/aes-key-wrap` is required                                                                                                                           |
| <p>PBES2-HS256+A128KW</p><p>PBES2-HS384+A192KW</p><p>PBES2-HS512+A256KW</p>   | YES       | `spomky-labs/aes-key-wrap` is required                                                                                                                           |
| <p>A128GCMKW</p><p>A192GCMKW</p><p>A256GCMKW</p>                              | YES       | `spomky-labs/aes-key-wrap` is required                                                                                                                           |
| ECDH-ES with X25519 curve                                                     | YES       | <mark style="color:orange;">SODIUM extension is required</mark>                                                                                                  |
| ECDH-ES with X448 curve                                                       | NO        | No extension or built-in implementation available                                                                                                                |

{% hint style="info" %}
Other key encryption algorithms like `RSA-OAEP-384`, `RSA-OAEP-512`, and `chacha20-poly1305` are also available in the `Jose\Experimental` namespace. These algorithms should be used for testing purposes only or for compatibility with old systems.
{% endhint %}

{% hint style="danger" %}
The algorithms `RSA1_5` and `RSA-OAEP` are now deprecated. Please use with caution.
{% endhint %}

## Supported Content Encryption Algorithms

| Content Encryption Algorithm                                 | Supported |
| ------------------------------------------------------------ | --------- |
| <p>A128CBC-HS256</p><p>A192CBC-HS384</p><p>A256CBC-HS512</p> | YES       |
| <p>A128GCM</p><p>A192GCM</p><p>A256GCM</p>                   | YES       |

{% hint style="info" %}
Other content encryption algorithms like `A128CTR`, `A192CTR`, `A256CTR`, and various AES-CCM algorithms (e.g., `A128CCM-16-128`, `A256CCM-64-64`) are also available in the `Jose\Experimental` namespace. These algorithms should be used for testing purposes only or for compatibility with old systems.
{% endhint %}