Versions Compared

Old Version 16

changes.mady.by.user Sergey Beryozkin

Saved on

compared with

New Version 17

changes.mady.by.user Sergey Beryozkin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
xml
xml
<dependency>
  <groupId>org.apache.cxf</groupId>
  <artifactId>cxf-rt-rs-security-jose-jaxrs</artifactId>
  <version>3.1.7</version>
</dependency>

 

JOSE Overview

JOSE consists of the following key parts:

  • JWA - JSON Web Algorithms where all supported signature and encryption algorithms are listed
  • JWK - JSON Web Keys - introduces a JSON format for describing the public and private keys used by JWA algorithms
  • JWS - JSON Web Signature - describes how the data can be signed or validated and introduces compact and JSON JWS formats for representing the signed data
  • JWE - JSON Web Encryption - describes how the data can be encrypted or decrypted and introduces compact and JSON JWE formats for representing the encrypted data  

Additionally, JWT (JSON Web Token), while technically not part of JOSE, is often used as an input material to JWS and JWE processors, especially in OAuth2 flows (example: OAuth2 access tokens can be represented internally as JWT, OpenIdConnect IdToken and UserInfo are effectively JWTs). JWT describes how a set of claims in a JSON format can be either JWS-signed or JWE-enctypted. 

JWA Algorithms

All JOSE signature and encryption algorithms are grouped and described in a JSON Web Algorithms (JWA) specification.

The algorithms are split into 3 categories: signature algorithms (MAC, RSARS, Elliptic CurveES), algorithms for supporting the encryption of content encryption keys (RSA-OAEP, Aes Key Wrap, etc),

and algorithms for encrypting the actual content (AES GCM, etc).

All encryption algorithms produce authentication tags which provides provide the protection against manipulating the already encrypted content.

Refer Please refer to this specification to get all the information needed (with the follow up links to the corresponding RFC when applicable) about a particular signature or encryption

algorithm: the properties, recommended key sizes, other security considerations related to all of or some specific algorithms.

CXF offers the initial utility support for working with JWA algorithms in this package.

JWK Keys

 

Json JSON Web Key (JWK) is a JSON document describing the cryptographic key properties. JWKs are very flexible and light-weight (in most cases) and one can expect JWKs becoming one of the major mechanisms for representing and storing cryptographic keys. What is important is that one does not have to use a JWK in order to sign or encrypt the document, working directly with Java JCA secret and asymmetric key representations is sufficient but JWK is a first class citizen in JOSE with all of JOSE examples using JWK representations.

Here is

CXF offers a utility support for reading and writing JWK keys and key sets and for working with the encrypted inlined and standalone JWK stores in this package. Note that JWK keys can be set as JWS or JWE header properties, example, in order to provide a recipient with the representation of a public key used to create a signatureSupport for the pluggable strategies for loading JWKs is on the map.

JWS Signature

JSON Web Signature (JWS) document describes how a document content can be signed. For example, Appendix A1 shows how the content can be signed with a MAC key.

...

Many more examples will be added here.

JSON Encryption

JSON Web Signature (JWE) document describes how a document content, and, when applicable, a content encryption key, can be encrypted. For example, Appendix A1 shows how the content can be encrypted

...

Many more examples will be added here.

JSON Web Tokens

 

JSON Web Token (JWT) is a collection of claims in JSON format. It offers a standard JSON container for representing various properties or claims.

...