Cryptographic Algorithms

JSON Web Algorithms (JWA) specification prescribes cryptographic algorithms and artifacts which can be used to implement JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Token (JWT) and JSON Web Key (JWK).

Algorithms for Keys

Axioms support three key types,

Kty ParamKey TypeClassificationSignatureEncryptionMACImplementation Requirements
RSARSAPublic/private keypairYesYesNoRecommended+
ECElliptic CurvePublic/private keypairYesYesNoRequired
octOctet sequenceSecret or shared keyNoYesYesRequired

Algorithms for Digital Signatures and MACs

Possible alg (algorithm) header parameter values for JWS/JWT,

Key TypeValues for alg paramAlgorithm Family
RSARS256, RS384,RS512RSA
ECES256, ES384, ES512ECDSA
octHS256, HS384, HS512HMAC

Algorithms Supported by Axioms Platform

Default alg (algorithm) header parameter values for JWS/JWT,

Default algAlgorithmImplementation Requirements
HS256HMAC using SHA-256Required
RS256RSASSA-PKCS1-v1_5 using SHA-256Recommended
ES256ECDSA using P-256 and SHA-256Recommended+

Recommendations

  • For third party clients you should use RSA/EC to issue signed JWT token.
  • Third party clients can verify the signature using public keys JWKS endpoint.
  • For first party clients you can also issue JWT tokens signed by secret key.
  • For first party clients you can also issue Signed and Encrypted JWT Tokens.