Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libwebsockets / 45ec3ce369287a4bd5a271fd78ddbeff4c3a3869 / . / lib / jose
tree: cf6880d616a8486b4f04a1af632655e5499ed8b5 [path history] [tgz]
  1. jwe/
  2. jwk/
  3. jws/
  4. private.h
  5. README.md
lib/jose/README.md

JOSE support

JOSE is a set of web standards aimed at encapsulating crypto operations flexibly inside JSON objects.

Lws provides lightweight apis to performs operations on JWK, JWS and JWE independent of the tls backend in use. The JSON parsing is handled by the lws lejp stream parser.

PartRFCFunction
JWSRFC7515JSON Web Signatures
JWERFC7516JSON Web Encryption
JWKRFC7517JSON Web Keys
JWARFC7518JSON Web Algorithms

JWA is a set of recommendations for which combinations of algorithms are deemed desirable and secure, which implies what must be done for useful implementations of JWS, JWE and JWK.

Supported algorithms

Supported keys

  • All RFC7517 / JWK forms: octet, RSA and EC

  • singleton and keys[] arrays of keys supported

Symmetric ciphers

  • All common AES varaiants: CBC, CFB128, CFB8, CTR, EVB, OFB, KW and XTS

Asymmetric ciphers

  • RSA

  • EC (P-256, P-384 and P-521 JWA curves)

Payload auth and crypt

  • AES_128_CBC_HMAC_SHA_256
  • AES_192_CBC_HMAC_SHA_384
  • AES_256_CBC_HMAC_SHA_512
  • AES_128_GCM

For the required and recommended asymmetric algorithms, support currently looks like this

JWK ktyJWAlws
ECRecommended+yes
RSARequiredyes
octRequiredyes
JWE algJWAlws
RSA1_5Recommended-yes
RSA-OAEPRecommended+no
ECDH-ESRecommended+no
JWS algJWAlws
HS256Requiredyes
RS256Recommended+yes
ES256Recommendedyes

Minimal Example tools

JWK

JWS

JWE

API tests

See ./minimal-examples/api-tests/api-test-jose/ for example test code. The tests are built and confirmed during CI.