Nimbus JOSE + JWT
Create, parse and process JOSE and JWT objects:
- {@link com.nimbusds.jose.PlainObject Unsecured (alg=none) JOSE objects}.
- {@link com.nimbusds.jose.JWSObject JSON Web Signature (JWS) objects}.
- {@link com.nimbusds.jose.JWEObject JSON Web Encryption (JWE) objects}.
- {@link com.nimbusds.jose.jwk.JWK JSON Web Key (JWK) objects} and
{@link com.nimbusds.jose.jwk.JWKSet JWK Sets}.
- {@link com.nimbusds.jwt.PlainJWT Unsecured},
{@link com.nimbusds.jwt.SignedJWT signed} and
{@link com.nimbusds.jwt.EncryptedJWT encrypted}
{@link com.nimbusds.jwt.JWT JSON Web Tokens (JWTs)}.
A framework for secure application-specific
{@link com.nimbusds.jwt.proc processing of JWTs} as well as generic
(i.e. arbitrary payload) {@link com.nimbusds.jose.proc JOSE objects}
is provided.
The library {@link com.nimbusds.jose.crypto implements} all standard
JWS and JWE algorithms:
JWS algorithms:
- HMAC integrity protection: HS256, HS384 and HS512
- RSA signatures: RS256, RS384, RS512, PS256, PS384 and PS512.
- EC signatures: ES256, ES384 and ES512
JWE key management algorithms:
- Key encryption with RSAES-PKCS1-V1_5: RSA1_5
- Key encryption with RSAES OAEP: RSA-OAEP and RSA-OAEP-256
- Key encryption with AES key wrap: A128KW, A192KW and A256KW
- Key encryption with AES GCM key wrap: A128CGMKW, A192CGMKW and A256CGMKW
- Direct encryption with a symmetric key: dir
- Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static: ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW and ECDH-ES+A256KW
- Password-based encryption: PBES2-HS256+A128KW, PBES2-HS384+A192KW and PBES2-HS512+A256KW
JWE content encryption algorithms:
- AES_CBC_HMAC_SHA2: A128CBC-HS256, A192CBC-HS384, A256CBC-HS512,
the deprecated A128CBC+HS256 and A256CBC+HS512 are also supported
- AES GCM: A128GCM, A192GCM and A256GCM
New JWA algorithms can be easily added. The library provides a set
of simple interfaces to decouple the representation of JOSE / JWT
objects from JWA crypto code for signing / verification or
encryption / decryption. Multiple JCA providers, including
hardware-based can be configured.
Implemented IETF standards:
- RFC 7515 (JWS)
- RFC 7516 (JWE)
- RFC 7517 (JWK)
- RFC 7518 (JWA)
- RFC 7519 (JWT)
- RFC 7638 (JWK Thumbprint)
Dependencies (see the Maven pom.xml for details):
- JSON Smart for highly efficient parsing and serialisation of JSON.
- JCIP for concurrency annotations.
- Apache Commons IO for reading local and remote JWK sets.
- [optional] BouncyCastle as an alternative JCA provider
To post bug reports and suggestions:
https://bitbucket.org/connect2id/nimbus-jose-jwt/issues
Follow updates and new releases on Twitter:
https://twitter.com/connect2id