1*1c60b9acSAndroid Build Coastguard Worker# JOSE support 2*1c60b9acSAndroid Build Coastguard Worker 3*1c60b9acSAndroid Build Coastguard WorkerJOSE is a set of web standards aimed at encapsulating crypto 4*1c60b9acSAndroid Build Coastguard Workeroperations flexibly inside JSON objects. 5*1c60b9acSAndroid Build Coastguard Worker 6*1c60b9acSAndroid Build Coastguard WorkerLws provides lightweight apis to performs operations on JWK, JWS and JWE 7*1c60b9acSAndroid Build Coastguard Workerindependent of the tls backend in use. The JSON parsing is handled by the lws 8*1c60b9acSAndroid Build Coastguard Workerlejp stream parser. 9*1c60b9acSAndroid Build Coastguard Worker 10*1c60b9acSAndroid Build Coastguard Worker|Part|RFC|Function| 11*1c60b9acSAndroid Build Coastguard Worker|---|---|---| 12*1c60b9acSAndroid Build Coastguard Worker|JWS|[RFC7515](https://tools.ietf.org/html/rfc7515)|JSON Web Signatures| 13*1c60b9acSAndroid Build Coastguard Worker|JWE|[RFC7516](https://tools.ietf.org/html/rfc7516)|JSON Web Encryption| 14*1c60b9acSAndroid Build Coastguard Worker|JWK|[RFC7517](https://tools.ietf.org/html/rfc7517)|JSON Web Keys| 15*1c60b9acSAndroid Build Coastguard Worker|JWA|[RFC7518](https://tools.ietf.org/html/rfc7518)|JSON Web Algorithms| 16*1c60b9acSAndroid Build Coastguard Worker 17*1c60b9acSAndroid Build Coastguard WorkerJWA is a set of recommendations for which combinations of algorithms 18*1c60b9acSAndroid Build Coastguard Workerare deemed desirable and secure, which implies what must be done for 19*1c60b9acSAndroid Build Coastguard Workeruseful implementations of JWS, JWE and JWK. 20*1c60b9acSAndroid Build Coastguard Worker 21*1c60b9acSAndroid Build Coastguard Worker## Supported algorithms 22*1c60b9acSAndroid Build Coastguard Worker 23*1c60b9acSAndroid Build Coastguard Worker### Supported keys 24*1c60b9acSAndroid Build Coastguard Worker 25*1c60b9acSAndroid Build Coastguard Worker - All RFC7517 / JWK forms: octet, RSA and EC 26*1c60b9acSAndroid Build Coastguard Worker 27*1c60b9acSAndroid Build Coastguard Worker - singleton and keys[] arrays of keys supported 28*1c60b9acSAndroid Build Coastguard Worker 29*1c60b9acSAndroid Build Coastguard Worker### Symmetric ciphers 30*1c60b9acSAndroid Build Coastguard Worker 31*1c60b9acSAndroid Build Coastguard Worker - All common AES varaiants: CBC, CFB128, CFB8, CTR, EVB, OFB, KW and XTS 32*1c60b9acSAndroid Build Coastguard Worker 33*1c60b9acSAndroid Build Coastguard Worker### Asymmetric ciphers 34*1c60b9acSAndroid Build Coastguard Worker 35*1c60b9acSAndroid Build Coastguard Worker - RSA 36*1c60b9acSAndroid Build Coastguard Worker 37*1c60b9acSAndroid Build Coastguard Worker - EC (P-256, P-384 and P-521 JWA curves) 38*1c60b9acSAndroid Build Coastguard Worker 39*1c60b9acSAndroid Build Coastguard Worker### Payload auth and crypt 40*1c60b9acSAndroid Build Coastguard Worker 41*1c60b9acSAndroid Build Coastguard Worker - AES_128_CBC_HMAC_SHA_256 42*1c60b9acSAndroid Build Coastguard Worker - AES_192_CBC_HMAC_SHA_384 43*1c60b9acSAndroid Build Coastguard Worker - AES_256_CBC_HMAC_SHA_512 44*1c60b9acSAndroid Build Coastguard Worker - AES_128_GCM 45*1c60b9acSAndroid Build Coastguard Worker 46*1c60b9acSAndroid Build Coastguard WorkerFor the required and recommended asymmetric algorithms, support currently 47*1c60b9acSAndroid Build Coastguard Workerlooks like this 48*1c60b9acSAndroid Build Coastguard Worker 49*1c60b9acSAndroid Build Coastguard Worker|JWK kty|JWA|lws| 50*1c60b9acSAndroid Build Coastguard Worker|---|---|---| 51*1c60b9acSAndroid Build Coastguard Worker|EC|Recommended+|yes| 52*1c60b9acSAndroid Build Coastguard Worker|RSA|Required|yes| 53*1c60b9acSAndroid Build Coastguard Worker|oct|Required|yes| 54*1c60b9acSAndroid Build Coastguard Worker 55*1c60b9acSAndroid Build Coastguard Worker|JWE alg|JWA|lws| 56*1c60b9acSAndroid Build Coastguard Worker|---|---|---| 57*1c60b9acSAndroid Build Coastguard Worker|RSA1_5|Recommended-|yes| 58*1c60b9acSAndroid Build Coastguard Worker|RSA-OAEP|Recommended+|no| 59*1c60b9acSAndroid Build Coastguard Worker|ECDH-ES|Recommended+|no| 60*1c60b9acSAndroid Build Coastguard Worker 61*1c60b9acSAndroid Build Coastguard Worker|JWS alg|JWA|lws| 62*1c60b9acSAndroid Build Coastguard Worker|---|---|---| 63*1c60b9acSAndroid Build Coastguard Worker|HS256|Required|yes| 64*1c60b9acSAndroid Build Coastguard Worker|RS256|Recommended+|yes| 65*1c60b9acSAndroid Build Coastguard Worker|ES256|Recommended|yes| 66*1c60b9acSAndroid Build Coastguard Worker 67*1c60b9acSAndroid Build Coastguard Worker## Minimal Example tools 68*1c60b9acSAndroid Build Coastguard Worker 69*1c60b9acSAndroid Build Coastguard Worker[JWK](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jwk) 70*1c60b9acSAndroid Build Coastguard Worker 71*1c60b9acSAndroid Build Coastguard Worker[JWS](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jws) 72*1c60b9acSAndroid Build Coastguard Worker 73*1c60b9acSAndroid Build Coastguard Worker[JWE](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jwe) 74*1c60b9acSAndroid Build Coastguard Worker 75*1c60b9acSAndroid Build Coastguard Worker## API tests 76*1c60b9acSAndroid Build Coastguard Worker 77*1c60b9acSAndroid Build Coastguard WorkerSee `./minimal-examples/api-tests/api-test-jose/` for example test code. 78*1c60b9acSAndroid Build Coastguard WorkerThe tests are built and confirmed during CI. 79*1c60b9acSAndroid Build Coastguard Worker 80