search
githubEdit

Provided Features

hashtag
Supported Input Types:

JWS or JWE objects support every input that can be encoded into JSON:

  • string, array, integer, float...

  • Objects that implement the \JsonSerializable interface such as JWK or JWKSet

The detached payload is supported.

hashtag
Supported Serialization Modes

Serialization syntax
JWS
JWE

Compact

YES

YES

Flattened JSON

YES

YES

General JSON

YES

YES

hashtag
Supported Compression Methods

Compression mode
Supported

Deflate (DEF)

YES

triangle-exclamation

Compression is not recommended. Please avoid its use. See RFC8725arrow-up-right for more information.

hashtag
Supported Key Types (JWK)

Key Type
Supported
Comment

oct

YES

Symmetric keys

RSA

YES

RSA based asymmetric keys

EC

YES

Elliptic Curves based asymmetric keys

OKP

YES

Octet Key Pair based asymmetric keys

JWK objects support JSON Web Key Thumbprint (RFC 7638arrow-up-right).

circle-info

A none key type for the none algorithm. It is used to explicitly allow this unsecured algorithm.

hashtag
Key Sets (JWKSet)

JWKSet is fully supported.

hashtag
Supported Signature Algorithms

Signature Algorithm
Supported
Comment

HS256

HS384

HS512

YES

ES256

ES384

ES512

YES

RS256

RS384

RS512

YES

PS256

PS384

PS512

YES

GMP or BCMath extension is highly recommended

none

YES

Please note that this is not a secured algorithm. USE IT WITH CAUTION!

EdDSA with Ed25519 curve

YES

SODIUM extension is highly required

EdDSA with Ed448 curve

NO

No extension or built-in implementation available

circle-info

Other signature algorithms like RS1, HS1 or HS256/64 are also available. These algorithms should be used for testing purpose only or for compatibility with old systems

hashtag
Supported Key Encryption Algorithms

Key Encryption Algorithm
Supported

dir

YES

RSA1_5

RSA-OAEP

RSA-OAEP-256

YES

GMP or BCMath extension is highly recommended Read note below!

ECDH-ES

ECDH-ES+A128KW

ECDH-ES+A192KW

ECDH-ES+A256KW

YES

spomky-labs/aes-key-wrap is required for *KW algorithms

ECDH-SS

ECDH-SS+A128KW

ECDH-SS+A192KW

ECDH-SS+A256KW

YES

spomky-labs/aes-key-wrap is required for *KW algorithms

A128KW

A192KW

A256KW

YES

spomky-labs/aes-key-wrap is required

PBES2-HS256+A128KW

PBES2-HS384+A192KW

PBES2-HS512+A256KW

YES

spomky-labs/aes-key-wrap is required

A128GCMKW

A192GCMKW

A256GCMKW

YES

spomky-labs/aes-key-wrap is required

ECDH-ES with X25519 curve

YES

SODIUM extension is highly required

ECDH-ES with X448 curve

NO

No extension or built-in implementation available

circle-info

Other encryption algorithms like RSA-OEAP-384 or ChaCha20-Poly1305 are also available. These algorithms should be used for testing purpose only or for compatibility with old systems

triangle-exclamation

The algorithms RSA1_5 and RSA-OAEP are now deprecated. Please use with caution.

hashtag
Supported Content Encryption Algorithms

Content Encryption Algorithm
Supported

A128CBC+HS256

A192CBC+HS384

A256CBC+HS512

YES

A128GCM

A192GCM

A256GCM

YES

circle-info

Other encryption algorithms like A128CTR, A192CTR and A256CTR are also available. These algorithms should be used for testing purpose only or for compatibility with old systems

PreviousIntroductionNextSecurity Recommendations

Last updated

Was this helpful?