Nimbus JOSE+JWT Library
The Nimbus JOSE+JWT library implements the Javascript Object Signing
and Encryption (JOSE) spec suite and the closely related JSON Web
Token (JWT) spec.
The library supports creating, querying, serialising and parsing of the
following JOSE and JWT objects:
- {@link com.nimbusds.jose.PlainObject Plain (unsecured) JOSE objects}.
- {@link com.nimbusds.jose.JWSObject JSON Web Signature (JWS) objects}.
- {@link com.nimbusds.jose.JWEObject JSON Web Encryption (JWE) objects}.
- {@link com.nimbusds.jose.jwk.JWK JSON Web Key (JWK) objects} and
{@link com.nimbusds.jose.jwk.JWKSet JSON Web Key (JWK) Sets}.
- {@link com.nimbusds.jwt.PlainJWT Plain},
{@link com.nimbusds.jwt.SignedJWT signed} and
{@link com.nimbusds.jwt.EncryptedJWT encrypted}
{@link com.nimbusds.jwt.JWT JSON Web Tokens (JWTs)}.
The JOSE and JWT object representation is completely decoupled from
JSON Web Algorithm (JWA) implementations through a set of simple
interfaces for signing, validating, encrypting and decrypting the
objects.
The library currently ships ready {@link com.nimbusds.jose.crypto implementations}
of the following standard algorithms:
- JWS:
- HMAC signatures with HS256, HS384 and HS512.
- RSA signatures with RS256, RS384 and RS512.
- EC signatures with ES256, ES384 and ES512.
- JWE:
- RSAES-PKCS1-V1_5 encryption with A128CBC_HS256,
A256CBC_HS512, A128GCM and A256GCM methods.
- RSAES OAEP encryption with A128CBC_HS256,
A256CBC_HS512, A128GCM and A256GCM methods.
- Direct encryption with A128CBC_HS256,
A256CBC_HS512, A128GCM and A256GCM methods.
Related IETF drafts:
Dependencies (see the pom.xml for details):
- Apache Commons Codec for Base64 and Base64URL encoding and decoding.
- javax.mail for MIME type handling.
- JSON Smart for highly efficient parsing and serialisation of JSON.
- JCIP for concurrency annotations.
- [optional] The BouncyCastle.org cryptography provider for Java, for
ECDSA, RSA encryption and AES-GCM.