Supported JWKS algorithms
Algorithms for signatures (“alg”-value of JWS)
“alg”-value | Algorithm Description |
|---|---|
HS256 | HMAC using SHA-256 |
HS384 | HMAC using SHA-384 |
HS512 | HMAC using SHA-512 |
RS256 | RSASSA-PKCS1-v1_5 using SHA-256 |
RS384 | RSASSA-PKCS1-v1_5 using SHA-384 |
RS512 | RSASSA-PKCS1-v1_5 using SHA-512 |
ES256 | ECDSA using P-256 and SHA-256 |
ES384 | ECDSA using P-384 and SHA-384 |
ES512 | ECDSA using P-521 and SHA-512 |
PS256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |
PS384 | RSASSA-PSS using SHA-384 and MGF1 with SHA-384 |
PS512 | RSASSA-PSS using SHA-512 and MGF1 with SHA-512 |
EdDSA | Digital Signature with Ed25519 Elliptic Curve |
Encryption algorithms (“enc”-value of JWE)
“enc”-value | Algorithm description |
|---|---|
A128CBC-HS256 | AES_128_CBC_HMAC_SHA_256 authenticated encryption algorithm |
A192CBC-HS384 | AES_192_CBC_HMAC_SHA_384 authenticated encryption algorithm |
A256CBC-HS512 | AES_256_CBC_HMAC_SHA_512 authenticated encryption algorithm |
A128GCM | AES GCM using 128-bit key |
A192GCM | AES GCM using 192-bit key |
A256GCM | AES GCM using 256-bit key |
Algorithms for key management (“alg”-value of JWE)
“alg”-value | Algorithm Description |
|---|---|
RSA1_5 | RSAES-PKCS1-v1_5 |
RSA-OAEP | RSAES OAEP using default parameters |
RSA-OAEP-256 | RSAES OAEP using SHA-256 and MGF1 with SHA-256 |
A128KW | AES Key Wrap with default initial value using 128-bit key |
A192KW | AES Key Wrap with default initial value using 192-bit key |
A256KW | AES Key Wrap with default initial value using 256-bit key |
dir | Direct use of a shared symmetric key as the CEK |
A128GCMKW | Key wrapping with AES GCM using 128-bit key |
A192GCMKW | Key wrapping with AES GCM using 192-bit key |
A256GCMKW | Key wrapping with AES GCM using 256-bit key |
PBES2-HS256+A128KW | PBES2 with HMAC SHA-256 and “A128KW” wrapping |
PBES2-HS384+A192KW | PBES2 with HMAC SHA-384 and “A192KW” wrapping |
PBES2-HS512+A256KW | PBES2 with HMAC SHA-512 and “A256KW” wrapping |