JOSE & JSON Web Token (JWT) Examples
JWS
JSON Web Signature (JWS) secures content, such as text, JSON or binary data, with a digital signature (RSA, EC or EdDSA) or a Hash-based Message Authentication Code (HMAC).
Create / verify JWS with generic payload and compact serialisation:
- JWS with HMAC protection
- JWS with RSA signature
- JWS with EC signature
- JWS with EdDSA / Ed25519 signature (RFC 8037)
JWS with JSON serialisation:
JWS with detached and unencoded payload (RFC 7797):
JWS can also secure JSON Web Tokens (JWT):
- JWT with HMAC protection
- JWT with RSA signature
- JWT with EC signature
- JWT with ES256K signature (secp256k), used in Bitcoin and Ethereum
- JWT with EdDSA / Ed25519 signature (RFC 8037)
JWS with Android PIN or biometric prompt to unlock the private key for signing:
JWS with the BouncyCastle FIPS provider:
Cloud KMS:
JWE
JSON Web Encryption (JWE) is for sending confidential content with integrity protection. Public / private (RSA and EC) as well as symmetric AES and ChaCha encryption are supported.
Create / decrypt JWE examples:
- JWT with RSA encryption
- JWE with shared key
- Signed and encrypted JWT
- JWE with XChaCha20 / Poly 1305 (XC20P)
- JWE encryption with preset Content Encryption Key (CEK)
- JWE to multiple recipients
Framework for minting JWS objects and signed JWTs
Simple framework to aid the creation of JWS objects and signed JWTs:
Framework for processing JOSE objects and JWTs
The library includes a framework for handling tokens and messages secured with JOSE, such as JWT-encoded access tokens and OpenID Connect ID tokens. The framework follows the best current practises and was tested with a wide range of use cases.
JSON entity mapping
JSON entities are mapped to their most natural Java class counterparts.
Parsing JOSE and JWT objects
Parsing objects and tokens of a particular type (unsecured, JWS, JWE):
Parsing objects and tokens of any type (unsecured, JWS, JWE):
- Combined parsing of unsecured, JWS and JWE objects
- Combined parsing of unsecured, signed and encrypted JWTs
Keys
JSON Web Key (JWK):
- How to generate a JWK
- Converting between a standard Java key representation and a JWK
- JWK Thumbprints
- Using JWK selectors
- Loading JWK sets from a file, URL or JCA KeyStore
- Enhanced JWK set retrieval with rate-limiting, caching, retrial and health status reporting support
- Parsing a PEM-encoded X.509 certificate or key pairs
X.509 certificates
- X.509 certificate parsing and key extraction
- Generate self-signed X.509 certificate with Java SUN classes