# Encryption Algorithms This framework comes with several encryption algorithms. These algorithms are in the following namespaces: * `Jose\Component\Encryption\Algorithm\KeyEncryption`: key encryption algorithms * `Jose\Component\Encryption\Algorithm\ContentEncryption`: content encryption algorithms ## Main Algorithms ### Key Encryption {% hint style="info" %} `spomky-labs/aes-key-wrap` is required for \*KW algorithms {% endhint %}

Algorithm	Additional header parameter
A128KW A192KW A256KW	No
A128GCMKW A192GCMKW A256GCMKW	`iv`: (initialization vector) this value is the base64url-encoded representation of the 96-bit IV value used for the key encryption operation. `tag`: (authentication tag) the value is the base64url-encoded representation of the 128-bit Authentication Tag value resulting from the key encryption operation.
dir	No
ECDH-ES ECDH-ES+A128KW ECDH-ES+A192KW ECDH-ES+A256KW	`epk`: (ephemeral public key) value created by the originator.
ECDH-SS ECDH-SS+A128KW ECDH-SS+A192KW ECDH-SS+A256KW	No
PBES2-HS256+A128KW PBES2-HS384+A192KW PBES2-HS512+A256KW	`p2s`: (PBES2 salt input) encodes a Salt Input value, which is used as part of the PBKDF2 salt value. `p2c`: (PBES2 count) contains the PBKDF2 iteration count, represented as a positive JSON integer.
RSA1_5 RSA-OAEP RSA-OAEP-256

{% hint style="warning" %} Please note that the additional header parameters **MUST** be present and **MUST** be understood. Depending on the algorithm you use, you may be required to check headers BEFORE the decryption operation. Please create a [custom Header Checker](https://web-token.spomky-labs.com/the-components/header-checker) for theses parameters. {% endhint %} ### Content Encryption | Algorithm | Namespace | | ------------------------------------------------------------ | ------------------------------------------------------- | |

A128GCM

A192GCM

A256GCM

| `Jose\Component\Encryption\Algorithm\ContentEncryption` | |

A128CBC-HS256

A192CBC-HS384

A256CBC-HS512

| `Jose\Component\Encryption\Algorithm\ContentEncryption` | {% hint style="danger" %} The algorithm `RSA1_5` is deprecated due to known [security vulnerability](https://en.wikipedia.org/wiki/Adaptive_chosen-ciphertext_attack). The algorithms `ECDH-ES*` are not recommended unless used with the `OKP` key type. {% endhint %} ## Experimental Algorithms The following algorithms are experimental and must not be used in production unless you know what you are doing. They are proposed for testing purpose only. ### Key Encryption

Algorithm	Description
A128CTR A192CTR A256CTR	AES CTR based encryption
Chacha20+Poly1305	Please note that this algorithm requires OpenSSL 1.1
RSA-OAEP-384 RSA-OAEP-512	Same algorithm as RSA-OAEP-256 but with SHA-384 and SHA-512 hashing functions

Algorithm

Description

A128CTR

A192CTR

A256CTR

AES CTR based encryption

Chacha20+Poly1305

Please note that this algorithm requires OpenSSL 1.1

RSA-OAEP-384

RSA-OAEP-512

Same algorithm as RSA-OAEP-256 but with SHA-384 and SHA-512 hashing functions

### Content Encryption

Algorithm	Description
A128CCM-16-128 A128CCM-16-64 A128CCM-64-128 A128CCM-64-64 A256CCM-16-128 A256CCM-16-64 A256CCM-64-128 A256CCM-64-64	AES-CCM based algorithms

Algorithm

Description

A128CCM-16-128

A128CCM-16-64

A128CCM-64-128

A128CCM-64-64

A256CCM-16-128

A256CCM-16-64

A256CCM-64-128

A256CCM-64-64

AES-CCM based algorithms

## How To Use These algorithms have to be used with the [Algorithm Manager](https://web-token.spomky-labs.com/the-components/algorithm-management-jwa). ```php