Javascript Object Signing and Encryption - JOSE

Charter

https://tools.ietf.org/wg/jose/

JavaScript Object Notation (JSON) is a text format for the serialization of structured data described in RFC 4627. The JSON format is often used for serializing and transmitting structured data over a network connection. With the increased usage of JSON in protocols in the IETF and elsewhere, there is now a desire to offer security services, which use encryption, digital signatures, message authentication codes (MACs) algorithms, that carry their data in JSON format.

see more …

Documents

RFC Title Date Pages Status
Active Internet-Drafts
draft-ietf-jose-cfrg-curves CFRG ECDH and signatures in JOSE - - -
RFCs
RFC 7165 Use Cases and Requirements for JSON Object Signing and Encryption (JOSE) 2014-04 25 Informational
RFC 7515 JSON Web Signature (JWS) 2015-05 59 Proposed Standard
RFC 7516 JSON Web Encryption (JWE) 2015-05 51 Proposed Standard
RFC 7517 JSON Web Key (JWK) 2015-05 40 Proposed Standard
RFC 7518 JSON Web Algorithms (JWA) 2015-05 69 Proposed Standard
RFC 7519 JSON Web Token (JWT) 2015-05 30 Proposed Standard
RFC 7520 Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE) 2015-05 120 Informational
RFC 7638 JSON Web Key (JWK) Thumbprint 2015-12 13 Standards Track
RFC 7797 JSON Web Signature (JWS) Unencoded Payload Option 2016-02 11 Standards Track
Related
key-managed-json-web-signature Key Managed JSON Web Signature (KMJWS) - - -

Format

jwk = {'k': <password>}

Algorithm

对称算法 HS256, HS384, HS512
非对称算法 RS256, RS384, RS512


http://codelife.me/blog/2014/03/26/token-based-authentication-and-claims-based-identity/

JWT.io

http://jwt.io/

Java

.Net

https://github.com/dvsekhvalnov/jose-jwt - Ultimate Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) Implementation for .NET

http://openid.net/developers/libraries/

  1. https://tools.ietf.org/wg/jose/charters - Charter
  2. https://datatracker.ietf.org/wg/jose/documents/ - Documents
  3. http://jose.readthedocs.org/ - Javascript Object Signing and Encryption (JOSE) [github]
  4. http://codelife.me/blog/2014/03/26/token-based-authentication-and-claims-based-identity/ - 基于Token的认证和基于声明的标识
  5. http://openid.net/developers/libraries/ - Libraries, Products, and Tools