Reference lists of supported JWKS algorithms

Algorithms for signatures ("alg"-value of JWS)

"alg"-value

Algorithm Description

HS256

HMAC using SHA-256

HS384

HMAC using SHA-384

HS512

HMAC using SHA-512

RS256

RSASSA-PKCS1-v1_5 using SHA-256

RS384

RSASSA-PKCS1-v1_5 using SHA-384

RS512

RSASSA-PKCS1-v1_5 using SHA-512

ES256

ECDSA using P-256 and SHA-256

ES384

ECDSA using P-384 and SHA-384

ES512

ECDSA using P-521 and SHA-512

PS256

RSASSA-PSS using SHA-256 and MGF1 with SHA-256

PS384

RSASSA-PSS using SHA-384 and MGF1 with SHA-384

PS512

RSASSA-PSS using SHA-512 and MGF1 with SHA-512

EdDSA

Digital Signature with Ed25519 Elliptic Curve

Encryption algorithms ("enc"-value of JWE)

"enc"-value

Algorithm description

A128CBC-HS256

AES_128_CBC_HMAC_SHA_256 authenticated encryption algorithm

A192CBC-HS384

AES_192_CBC_HMAC_SHA_384 authenticated encryption algorithm

A256CBC-HS512

AES_256_CBC_HMAC_SHA_512 authenticated encryption algorithm

A128GCM

AES GCM using 128-bit key

A192GCM

AES GCM using 192-bit key

A256GCM

AES GCM using 256-bit key

Algorithms for key management ("alg"-value of JWE)

"alg"-value

Algorithm Description

RSA1_5

RSAES-PKCS1-v1_5

RSA-OAEP

RSAES OAEP using default parameters

RSA-OAEP-256

RSAES OAEP using SHA-256 and MGF1 with SHA-256

A128KW

AES Key Wrap with default initial value using 128-bit key

A192KW

AES Key Wrap with default initial value using 192-bit key

A256KW

AES Key Wrap with default initial value using 256-bit key

dir

Direct use of a shared symmetric key as the CEK

A128GCMKW

Key wrapping with AES GCM using 128-bit key

A192GCMKW

Key wrapping with AES GCM using 192-bit key

A256GCMKW

Key wrapping with AES GCM using 256-bit key

PBES2-HS256+A128KW

PBES2 with HMAC SHA-256 and "A128KW" wrapping

PBES2-HS384+A192KW

PBES2 with HMAC SHA-384 and "A192KW" wrapping

PBES2-HS512+A256KW

PBES2 with HMAC SHA-512 and "A256KW" wrapping