Skip navigation links

Nimbus JOSE + JWT v4.36.1

Nimbus JOSE + JWT

See: Description

Package Description
Javascript Object Signing and Encryption (JOSE) classes.
Implementations of all standard Javascript Object Signing and Encryption (JOSE) algorithms.
BouncyCastle JCA provider singleton.
JWS verifier and JWE decrypter factories for use by the JOSE / JWT processor framework.
Cryptographic utilities.
Java Cryptography Architecture (JCA) context interfaces and classes.
JSON Web Key (JWK) classes.
Interface and utilities for sourcing JSON Web Keys (JWKs).
Secure framework for application-specific verification and decryption of JOSE objects (with arbitrary payloads).
Utility interfaces and classes.
JSON Web Token (JWT) classes.
Secure framework for application-specific verification and decryption of JSON Web Tokens (JWTs).
Utility interfaces and classes.

Nimbus JOSE + JWT

Create, parse and process JOSE and JWT objects:

A framework for secure application-specific processing of JWTs as well as generic (i.e. arbitrary payload) JOSE objects is provided.

The library implements all standard JWS and JWE algorithms:

JWS algorithms:

  1. HMAC integrity protection: HS256, HS384 and HS512
  2. RSA signatures: RS256, RS384, RS512, PS256, PS384 and PS512.
  3. EC signatures: ES256, ES384 and ES512

JWE key management algorithms:

  1. Key encryption with RSAES-PKCS1-V1_5: RSA1_5 (deprecated)
  2. Key encryption with RSAES OAEP: RSA-OAEP (deprecated) and RSA-OAEP-256
  3. Key encryption with AES key wrap: A128KW, A192KW and A256KW
  4. Key encryption with AES GCM key wrap: A128CGMKW, A192CGMKW and A256CGMKW
  5. Direct encryption with a symmetric key: dir
  6. Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static: ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW and ECDH-ES+A256KW
  7. Password-based encryption: PBES2-HS256+A128KW, PBES2-HS384+A192KW and PBES2-HS512+A256KW

JWE content encryption algorithms:

  1. AES_CBC_HMAC_SHA2: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, the deprecated A128CBC+HS256 and A256CBC+HS512 are also supported
  2. AES GCM: A128GCM, A192GCM and A256GCM

New JWA algorithms can be easily added. The library provides a set of simple interfaces to decouple the representation of JOSE / JWT objects from JWA crypto code for signing / verification or encryption / decryption. Multiple JCA providers, including hardware-based can be configured.

Implemented IETF standards:

  1. RFC 7515 (JWS)
  2. RFC 7516 (JWE)
  3. RFC 7517 (JWK)
  4. RFC 7518 (JWA)
  5. RFC 7519 (JWT)
  6. RFC 7638 (JWK Thumbprint)

Dependencies (see the Maven pom.xml for details):

  1. JSON Smart for highly efficient parsing and serialisation of JSON.
  2. JCIP for concurrency annotations.
  3. Apache Commons IO for reading local and remote JWK sets.
  4. [optional] BouncyCastle as an alternative JCA provider

To post bug reports and suggestions:

Follow updates and new releases on Twitter:

Skip navigation links

Copyright © 2017 Connect2id Ltd.. All rights reserved.