JWS or JWE objects support every input that can be encoded into JSON:
string
, array
, integer
, float
...
Objects that implement the \JsonSerializable
interface such as JWK
or JWKSet
The detached payload is supported.
Compact JSON Serialization Syntax for JWS and JWE
Flattened JSON Serialization Syntax for JWS and JWE
General JSON Serialization Syntax for JWS and JWE
Compression Method | Supported |
Deflate ( | YES |
Key Type | Supported | Comment |
oct | YES | Symmetric keys |
RSA | YES | RSA based asymmetric keys |
EC | YES | Elliptic Curves based asymmetric keys |
OKP | YES | Octet Key Pair based asymmetric keys |
JWK objects support JSON Web Key Thumbprint (RFC 7638).
A none
key type for the none
algorithm. It is used to explicitly allow this unsecured algorithm.
JWKSet is fully supported.
Signature Algorithm | Supported | Comment |
HS256, HS384 and HS512 | YES | ​ |
ES256, ES384 and ES512 | YES | ​ |
RS256, RS384 and RS512 | YES | ​ |
PS256, PS384 and PS512 | YES | ​ |
none | YES | Please note that this is not a secured algorithm. USE IT WITH CAUTION! |
EdDSA with Ed25519 curve | YES | ​With PHP 7.1, third party extension highly recommended​ |
EdDSA with Ed448 curve | NO | No extension or built-in implementation available |
Other signature algorithms like RS1
, HS1
or HS256/64
are also available. These algorithms should be used for testing purpose only or for compatibility with old systems
Key Encryption Algorithm | Supported |
dir | YES |
RSA1_5, RSA-OAEP and RSA-OAEP-256 | YES |
ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW and ECDH-ES+A256KW | YES |
A128KW, A192KW and A256KW | YES |
PBES2-HS256+A128KW, PBES2-HS384+A192KW and PBES2-HS512+A256KW | YES |
A128GCMKW, A192GCMKW and A256GCMKW | YES |
ECDH-ES with X25519 curve | YES |
ECDH-ES with X448 curve | NO |
Other encryption algorithms like RSA-OEAP-384
or ChaCha20-Poly1305
are also available. These algorithms should be used for testing purpose only or for compatibility with old systems
For the ECDH-ES
with X25519 curve with PHP 7.1, the third party extension highly recommended​
The algorithms RSA1_5
and RSA-OAEP
are now deprecated. Please use with caution.
Content Encryption Algorithm | Supported |
A128CBC+HS256, A192CBC+HS384 and A256CBC+HS512 | YES |
A128GCM, A192GCM and A256GCM | YES |
Other encryption algorithms like A128CTR
, A192CTR
and A256CTR
are also available. These algorithms should be used for testing purpose only or for compatibility with old systems