Overview (Nimbus JOSE + JWT v9.8)

Packages
Package	Description
com.nimbusds.jose	Base Javascript Object Signing and Encryption (JOSE) interfaces and classes.
com.nimbusds.jose.crypto	Implementations of standard Javascript Object Signing and Encryption (JOSE) algorithms.
com.nimbusds.jose.crypto.bc	BouncyCastle JCA provider singletons.
com.nimbusds.jose.crypto.factories	JWS signer, JWS verifier, JWE encrypter and JWE decrypter factory implementations.
com.nimbusds.jose.crypto.impl	Cryptographic primitives for JWS signers, JWS verifiers, JWE encrypters and JWE decrypters in the `com.nimbusds.jose.crypto` package.
com.nimbusds.jose.crypto.opts	Javascript Object Signing and Encryption (JOSE) options.
com.nimbusds.jose.crypto.utils	Cryptographic utilities.
com.nimbusds.jose.jca	Java Cryptography Architecture (JCA) context interfaces and classes.
com.nimbusds.jose.jwk	JSON Web Key (JWK) classes.
com.nimbusds.jose.jwk.gen	JSON Web Key (JWK) generation utilities.
com.nimbusds.jose.jwk.source	JSON Web Key (JWK) sourcing interface and utilities.
com.nimbusds.jose.mint	JSON Web Signature (JWS) minting framework.
com.nimbusds.jose.proc	Framework for application-specific verification and decryption of JOSE objects (with arbitrary payloads).
com.nimbusds.jose.produce	Framework for producing JOSE objects (with arbitrary payloads).
com.nimbusds.jose.util	Utility interfaces and classes.
com.nimbusds.jwt	JSON Web Token (JWT) interfaces and classes.
com.nimbusds.jwt.proc	Framework for application-specific verification and decryption of JSON Web Tokens (JWTs).
com.nimbusds.jwt.util	JSON Web Token (JWT) utility interfaces and classes.

Nimbus JOSE + JWT

Create, parse and process JOSE and JWT objects:

A framework for secure application-specific processing of JWTs as well as generic (i.e. arbitrary payload) JOSE objects is provided.

The library implements all standard JWS and JWE algorithms:

JWS algorithms:

HMAC integrity protection: HS256, HS384 and HS512
RSA signatures: RS256, RS384, RS512, PS256, PS384 and PS512.
EC signatures: ES256, ES256K, ES384 andES512
EdDSA signatures: EdDSA

JWE key management algorithms:

Key encryption with RSAES-PKCS1-V1_5: ~~RSA1_5~~ (deprecated)
Key encryption with RSAES OAEP: ~~RSA-OAEP~~ (deprecated) and RSA-OAEP-256
Key encryption with AES key wrap: A128KW, A192KW and A256KW
Key encryption with AES GCM key wrap: A128CGMKW, A192CGMKW and A256CGMKW
Direct encryption with a symmetric key: dir
Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static: ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW and ECDH-ES+A256KW
Password-based encryption: PBES2-HS256+A128KW, PBES2-HS384+A192KW and PBES2-HS512+A256KW

JWE content encryption algorithms:

AES_CBC_HMAC_SHA2: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, the deprecated A128CBC+HS256 and A256CBC+HS512 are also supported
AES GCM: A128GCM, A192GCM and A256GCM

New JWA algorithms can be easily added. The library provides a set of simple interfaces to decouple the representation of JOSE / JWT objects from JWA crypto code for signing / verification or encryption / decryption. Multiple JCA providers, including hardware-based can be configured.

Implemented IETF standards and drafts:

Dependencies (see the Maven pom.xml for details):

JSON Smart for highly efficient parsing and serialisation of JSON.
JCIP for concurrency annotations.
[optional] BouncyCastle as an alternative JCA provider and for selected key and certificate utilities
[optional] Google Tink for OKP key generation and EdDSA

To post bug reports and suggestions:

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues

Follow updates and new releases on Twitter:

https://twitter.com/connect2id