JSON Web Algorithm

Référence externe : https://datatracker.ietf.org/doc/html/rfc7518

“alg” (Algorithm) Header Parameter Values for JWS

The table below is the set of “alg” (algorithm) Header Parameter values defined by this specification for use with JWS, each of which is explained in more detail in the following sections:

“alg” Param Digital Signature or MAC Implementation

Value Algorithm Requirements

HS256 HMAC using SHA-256 Required

HS384 HMAC using SHA-384 Optional

HS512 HMAC using SHA-512 Optional

RS256 RSASSA-PKCS1-v1_5 using SHA-256 Recommended

RS384 RSASSA-PKCS1-v1_5 using SHA-384 Optional

RS512 RSASSA-PKCS1-v1_5 using SHA-512 Optional

ES256 ECDSA using P-256 and SHA-256 Recommended+

ES384 ECDSA using P-384 and SHA-384 Optional

ES512 ECDSA using P-521 and SHA-512 Optional

PS256 RSASSA-PSS using SHA-256 and MGF1 with SHA-256 Optional

PS384 RSASSA-PSS using SHA-384 and MGF1 with SHA-384 Optional

PS512 RSASSA-PSS using SHA-512 and MGF1 with SHA-512 Optional

none No digital signature or MAC performed Optional

— https://datatracker.ietf.org/doc/html/rfc7518

“alg” Param	Digital Signature or MAC	Implementation
Value	Algorithm	Requirements
HS256	HMAC using SHA-256	Required
HS384	HMAC using SHA-384	Optional
HS512	HMAC using SHA-512	Optional
RS256	RSASSA-PKCS1-v1_5 using SHA-256	Recommended
RS384	RSASSA-PKCS1-v1_5 using SHA-384	Optional
RS512	RSASSA-PKCS1-v1_5 using SHA-512	Optional
ES256	ECDSA using P-256 and SHA-256	Recommended+
ES384	ECDSA using P-384 and SHA-384	Optional
ES512	ECDSA using P-521 and SHA-512	Optional
PS256	RSASSA-PSS using SHA-256 and MGF1 with SHA-256	Optional
PS384	RSASSA-PSS using SHA-384 and MGF1 with SHA-384	Optional
PS512	RSASSA-PSS using SHA-512 and MGF1 with SHA-512	Optional
none	No digital signature or MAC performed	Optional

“alg” (Algorithm) Header Parameter Values for JWE

The table below is the set of “alg” (algorithm) Header Parameter values that are defined by this specification for use with JWE. These algorithms are used to encrypt the CEK, producing the JWE Encrypted Key, or to use key agreement to agree upon the CEK.

"alg" Param Value

                     Key Management
Algorithm
                     More
Header
Params Implementation
Requirements


RSA1_5
RSA-OAEP

RSA-OAEP-256


A128KW



A192KW



A256KW



dir


ECDH-ES




ECDH-ES+A128KW



ECDH-ES+A192KW



ECDH-ES+A256KW



A128GCMKW


A192GCMKW


A256GCMKW


PBES2-HS256+A128KW


PBES2-HS384+A192KW


PBES2-HS512+A256KW

                     RSAES-PKCS1-v1_5
RSAES OAEP using
default parameters
RSAES OAEP using
SHA-256 and MGF1
with SHA-256
AES Key Wrap with
default initial
value using
128-bit key
AES Key Wrap with
default initial
value using
192-bit key
AES Key Wrap with
default initial
value using
256-bit key
Direct use of a
shared symmetric
key as the CEK
Elliptic Curve
Diffie-Hellman
Ephemeral Static
key agreement
using Concat KDF
ECDH-ES using
Concat KDF and CEK
wrapped with
"A128KW"
ECDH-ES using
Concat KDF and CEK
wrapped with
"A192KW"
ECDH-ES using
Concat KDF and CEK
wrapped with
"A256KW"
Key wrapping with
AES GCM using
128-bit key
Key wrapping with
AES GCM using
192-bit key
Key wrapping with
AES GCM using
256-bit key
PBES2 with HMAC
SHA-256 and
"A128KW" wrapping
PBES2 with HMAC
SHA-384 and
"A192KW" wrapping
PBES2 with HMAC
SHA-512 and
"A256KW" wrapping   (none)
(none)

(none)


(none)



(none)



(none)



(none)


"epk",
"apu",
"apv"


"epk",
"apu",
"apv"

"epk",
"apu",
"apv"

"epk",
"apu",
"apv"

"iv",
"tag"

"iv",
"tag"

"iv",
"tag"

"p2s",
"p2c"

"p2s",
"p2c"

"p2s",
"p2c"
         Recommended-
Recommended+

Optional


Recommended



Optional



Recommended



Recommended


Recommended+




Recommended



Optional



Recommended



Optional


Optional


Optional


Optional


Optional


Optional



— https://datatracker.ietf.org/doc/html/rfc7518

Notes pointant ici

how do I create an OAuth 2.0/OIDC resource server? (blog)

"alg" Param Value	Key Management Algorithm	More Header Params	Implementation Requirements
RSA1_5 RSA-OAEP RSA-OAEP-256 A128KW A192KW A256KW dir ECDH-ES ECDH-ES+A128KW ECDH-ES+A192KW ECDH-ES+A256KW A128GCMKW A192GCMKW A256GCMKW PBES2-HS256+A128KW PBES2-HS384+A192KW PBES2-HS512+A256KW	RSAES-PKCS1-v1_5 RSAES OAEP using default parameters RSAES OAEP using SHA-256 and MGF1 with SHA-256 AES Key Wrap with default initial value using 128-bit key AES Key Wrap with default initial value using 192-bit key AES Key Wrap with default initial value using 256-bit key Direct use of a shared symmetric key as the CEK Elliptic Curve Diffie-Hellman Ephemeral Static key agreement using Concat KDF ECDH-ES using Concat KDF and CEK wrapped with "A128KW" ECDH-ES using Concat KDF and CEK wrapped with "A192KW" ECDH-ES using Concat KDF and CEK wrapped with "A256KW" Key wrapping with AES GCM using 128-bit key Key wrapping with AES GCM using 192-bit key Key wrapping with AES GCM using 256-bit key PBES2 with HMAC SHA-256 and "A128KW" wrapping PBES2 with HMAC SHA-384 and "A192KW" wrapping PBES2 with HMAC SHA-512 and "A256KW" wrapping	(none) (none) (none) (none) (none) (none) (none) "epk", "apu", "apv" "epk", "apu", "apv" "epk", "apu", "apv" "epk", "apu", "apv" "iv", "tag" "iv", "tag" "iv", "tag" "p2s", "p2c" "p2s", "p2c" "p2s", "p2c"	Recommended- Recommended+ Optional Recommended Optional Recommended Recommended Recommended+ Recommended Optional Recommended Optional Optional Optional Optional Optional Optional

Konubinix' opinionated web of thoughts

JSON Web Algorithm

Notes pointant ici

Permalink