Provided Features

Supported Input Types:

JWS or JWE objects support every input that can be encoded into JSON:

string, array, integer, float...
Objects that implement the \JsonSerializable interface such as JWK or JWKSet

The detached payload is supported.

Supported Serialization Modes

Serialization syntax

JWS

JWE

Compact

YES

Flattened JSON

YES

General JSON

YES

Supported Compression Methods

Compression mode

Supported

Deflate (DEF)

YES

Compression is not recommended. Please avoid its use. See RFC8725 for more information.

Supported Key Types (JWK)

Key Type

Supported

Comment

oct

YES

Symmetric keys

RSA

YES

RSA based asymmetric keys

YES

Elliptic Curves based asymmetric keys

OKP

YES

Octet Key Pair based asymmetric keys

JWK objects support JSON Web Key Thumbprint (RFC 7638).

A none key type for the none algorithm. It is used to explicitly allow this unsecured algorithm.

Key Sets (JWKSet)

JWKSet is fully supported.

Supported Signature Algorithms

Signature Algorithm

Supported

Comment

HS256

HS384

HS512

YES

ES256

ES384

ES512

YES

RS256

RS384

RS512

YES

PS256

PS384

PS512

YES

GMP or BCMath extension is highly recommended

none

YES

Please note that this is not a secured algorithm. USE IT WITH CAUTION!

EdDSA with Ed25519 curve

YES

SODIUM extension is highly required

EdDSA with Ed448 curve

No extension or built-in implementation available

Other signature algorithms like RS1, HS1 or HS256/64 are also available. These algorithms should be used for testing purpose only or for compatibility with old systems

Supported Key Encryption Algorithms

Key Encryption Algorithm

Supported

dir

YES

RSA1_5

RSA-OAEP

RSA-OAEP-256

YES

GMP or BCMath extension is highly recommended Read note below!

ECDH-ES

ECDH-ES+A128KW

ECDH-ES+A192KW

ECDH-ES+A256KW

YES

spomky-labs/aes-key-wrap is required for *KW algorithms

ECDH-SS

ECDH-SS+A128KW

ECDH-SS+A192KW

ECDH-SS+A256KW

YES

spomky-labs/aes-key-wrap is required for *KW algorithms

A128KW

A192KW

A256KW

YES

spomky-labs/aes-key-wrap is required

PBES2-HS256+A128KW

PBES2-HS384+A192KW

PBES2-HS512+A256KW

YES

spomky-labs/aes-key-wrap is required

A128GCMKW

A192GCMKW

A256GCMKW

YES

spomky-labs/aes-key-wrap is required

ECDH-ES with X25519 curve

YES

SODIUM extension is highly required

ECDH-ES with X448 curve

No extension or built-in implementation available

Other encryption algorithms like RSA-OEAP-384 or ChaCha20-Poly1305 are also available. These algorithms should be used for testing purpose only or for compatibility with old systems

The algorithms RSA1_5 and RSA-OAEP are now deprecated. Please use with caution.

Supported Content Encryption Algorithms

Content Encryption Algorithm

Supported

A128CBC+HS256

A192CBC+HS384

A256CBC+HS512

YES

A128GCM

A192GCM

A256GCM

YES

Other encryption algorithms like A128CTR, A192CTR and A256CTR are also available. These algorithms should be used for testing purpose only or for compatibility with old systems

PreviousIntroduction NextSecurity Recommendations

Last updated 1 year ago

Was this helpful?