JWT Framework
Search…
v3.0
Introduction
Introduction
Provided Features
Pre-requisite
Continous Integration
Contributing
The Components
Algorithm Management (JWA)
Key (JWK) and Key Set (JWKSet)
Header Checker
Claim Checker
Signed Tokens (JWS)
Encrypted Tokens (JWE)
Encryption Algorithms
JWE Creation
JWE Loading
The Symfony Bundle
Symfony Bundle
Algorithm Management
Key and Key Set Management
Header and Claim Checker Management
Signed Tokens
Encrypted Tokens
Configuration Helper
Events
Console Command
Console
Standalone Application
PHAR Application
Symfony Console
Advanced Topics
Security Recommendations
Nested Tokens
Serialization
Custom Algorithm
Signed tokens and
Encrypted tokens and
Benchmark
How To
Result table
Migration
From v1.x to v2.0
From v2.x to v3.0
Powered By GitBook
Encryption Algorithms
This framework comes with several encryption algorithms. These algorithms are in the following namespaces:
  • Jose\Component\Encryption\Algorithm\KeyEncryption: key encryption algorithms
  • Jose\Component\Encryption\Algorithm\ContentEncryption: content encryption algorithms

Main Algorithms

Key Encryption

Algorithm
Package
A128KW
A192KW
A256KW
web-token/jwt-encryption-algorithm-aeskw
A128GCMKW
A192GCMKW
A256GCMKW
web-token/jwt-encryption-algorithm-aesgcmkw
dir
web-token/jwt-encryption-algorithm-dir
ECDH-ES
ECDH-ES+A128KW
ECDH-ES+A192KW
ECDH-ES+A256KW
web-token/jwt-encryption-algorithm-ecdh-es
PBES2-HS256+A128KW
PBES2-HS384+A192KW
PBES2-HS512+A256KW
web-token/jwt-encryption-algorithm-pbes2
RSA1_5
RSA-OAEP
RSA-OAEP-256
web-token/jwt-encryption-algorithm-rsa

Content Encryption

Algorithm
Package
A128GCM
A192GCM
A256GCM
web-token/jwt-encryption-algorithm-aesgcm
A128CBC-HS256
A192CBC-HS384
A256CBC-HS512
web-token/jwt-encryption-algorithm-aescbc
The algorithm RSA1_5 is deprecated due to known security vulnerability.
The algorithms ECDH-ES* are not recommended unless used with the OKP key type.

Experimental Algorithms

The following algorithms are experimental and must not be used in production unless you know what you are doing. They are proposed for testing purpose only.
They are all part of the package web-token/jwt-encryption-algorithm-experimental

Key Encryption

Algorithm
Description
A128CTR
A192CTR
A256CTR
AES CTR based encryption
Chacha20+Poly1305
Please note that this algorithm requires OpenSSL 1.1
RSA-OAEP-384
RSA-OAEP-512
Same algorithm as RSA-OAEP-256 but with SHA-384 and SHA-512 hashing functions

Content Encryption

Algorithm
Description
A128CCM-16-128
A128CCM-16-64
A128CCM-64-128
A128CCM-64-64
​
A256CCM-16-128
A256CCM-16-64
A256CCM-64-128
A256CCM-64-64
AES-CCM based algorithms

How To Use

These algorithms have to be used with the Algorithm Manager.
1
<?php
2
​
3
use Jose\Component\Core\AlgorithmManager;
4
use Jose\Component\Encryption\Algorithm\KeyEncryption\A128KW;
5
use Jose\Component\Encryption\Algorithm\KeyEncryption\PBES2HS256A128KW;
6
use Jose\Component\Encryption\Algorithm\ContentEncryption\A128CBCHS256;
7
​
8
$algorithmManager = new AlgorithmManager([
9
new A128KW(),
10
new PBES2HS256A128KW(),
11
new A128CBCHS256(),
12
]);
Copied!
By default, PBES2* algorithms use the following parameter values:
  • Salt size: 64 bytes (512 bits)
  • Count: 4096
You may need to use other values. This can be done during the instantiation of the algorithm:
Example with 16 bytes (128 bits) salt and 1024 counts:
1
<?php
2
​
3
use Jose\Component\Core\AlgorithmManager;
4
use Jose\Component\Encryption\Algorithm\KeyEncryption\PBES2HS256A128KW;
5
​
6
$algorithmManager = new AlgorithmManager([
7
new PBES2HS256A128KW(16, 1024),
8
]);
Copied!
The Components - Previous
Encrypted Tokens (JWE)
Next
JWE Creation
Last modified 2mo ago
Export as PDF
Copy link
Contents
Main Algorithms
Key Encryption
Content Encryption
Experimental Algorithms
Key Encryption
Content Encryption
How To Use