Cryptographic Algorithms
JSON Web Algorithms (JWA) specification prescribes cryptographic algorithms and artifacts which can be used to implement JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Token (JWT) and JSON Web Key (JWK).
Algorithms for Keys
Axioms support three key types,
| Kty Param | Key Type | Classification | Signature | Encryption | MAC | Implementation Requirements |
|---|---|---|---|---|---|---|
| RSA | RSA | Public/private keypair | Yes | Yes | No | Recommended+ |
| EC | Elliptic Curve | Public/private keypair | Yes | Yes | No | Required |
| oct | Octet sequence | Secret or shared key | No | Yes | Yes | Required |
Algorithms for Digital Signatures and MACs
Possible alg (algorithm) header parameter values for JWS/JWT,
| Key Type | Values for alg param | Algorithm Family |
|---|---|---|
| RSA | RS256, RS384,RS512 | RSA |
| EC | ES256, ES384, ES512 | ECDSA |
| oct | HS256, HS384, HS512 | HMAC |
Algorithms Supported by Axioms Platform
Default alg (algorithm) header parameter values for JWS/JWT,
Default alg | Algorithm | Implementation Requirements |
|---|---|---|
| HS256 | HMAC using SHA-256 | Required |
| RS256 | RSASSA-PKCS1-v1_5 using SHA-256 | Recommended |
| ES256 | ECDSA using P-256 and SHA-256 | Recommended+ |
Recommendations
- For third party clients you should use
RSA/ECto issue signed JWT token. - Third party clients can verify the signature using public keys JWKS endpoint.
- For first party clients you can also issue JWT tokens signed by secret key.
- For first party clients you can also issue Signed and Encrypted JWT Tokens.