This library aims to provide an implementation of:
- JWS JSON Web Signature (RFC 7515),
- JWT JSON Web Token (RFC 7519),
- JWE JSON Web Encryption (RFC 7516),
- JWA JSON Web Algorithms (RFC 7518).
- JWK JSON Web Key (RFC 7517).
Tests vectors from RFC 7520 are fully implemented and all test pass.
This library supports JSON Web Key Thumbprint (RFC 7638).
The RFC7797 (SON Web Signature (JWS) Unencoded Payload Option) is not yet supported.
JWS or JWE objects support every input that can be serialized:
- Plain text
- Array
- jwk+json content type (JWKInterface object)
- jwkset+json content type (JWKSetInterface object)
The detached content is also supported.
- Compact JSON Serialization Syntax (JWS/JWE creation and loading)
- Flattened JSON Serialization Syntax (JWS/JWE creation and loading)
- General JSON Serialization Syntax (JWS/JWE creation and loading)
- Deflate —DEF—
- GZip —GZ— (this compression method is not described in the specification)
- ZLib —ZLIB— (this compression method is not described in the specification)
- None keys (
none) - Symmetric keys (
oct) - Asymmetric keys based on RSA keys (
RSA) - Asymmetric keys based on Elliptic Curves (
EC) - Asymmetric keys based on Octet Key Pair (
OKP)
JWK objects support JSON Web Key Thumbprint (RFC 7638).
JWKSet is fully supported.
- HS256, HS384, HS512
- ES256, ES384, ES512 (third party library needed)
- RS256, RS384, RS512
- PS256, PS384, PS512
- none (Please note that this is not a secured algorithm. DO NOT USE IT PRODUCTION!)
- Ed25519 (third party extension reauired)
- Ed448
- dir
- RSA1_5
- RSA-OAEP
- RSA-OAEP-256
- ECDH-ES (third party library needed)
- ECDH-ES+A128KW (third party library needed)
- ECDH-ES+A192KW (third party library needed)
- ECDH-ES+A256KW (third party library needed)
- A128KW
- A192KW
- A256KW
- PBES2-HS256+A128KW
- PBES2-HS384+A192KW
- PBES2-HS512+A256KW
- A128GCMKW (for performance, this third party extension is highly recommended)
- A192GCMKW (for performance, this third party extension is highly recommended)
- A256GCMKW (for performance, this third party extension is highly recommended)
- X25519 (third party extension reauired
- X448
- A128CBC-HS256
- A192CBC-HS384
- A256CBC-HS512
- A128GCM (for performance, this third party extension is highly recommended)
- A192GCM (for performance, this third party extension is highly recommended)
- A256GCM (for performance, this third party extension is highly recommended)
The release process is described here.
This library needs at least:
,
- OpenSSL extension.
Please consider the following optional requirements:
- For AES-GCM based algorithms (
AxxxGCMandAxxxGCMKW): PHP Crypto Extension (at leastv0.2.1) is highly recommended as encryption/decryption is faster than the pure PHP implementation. - For ECC based algorithms: PHP ECC (
v0.3only). - For Ed25519 algorithm: php-ed25519-ext required
- For X25519 algorithm: php-curve25519-ext required
Please read performance test results below concerning the ECC based algorithms. As the time needed to perform operation is very long compared to the other algorithms, we do not recommend their use.
It has been successfully tested using PHP 5.5.9, PHP 5.6 and PHP 7 and HHVM with all algorithms.
We also track bugs and code quality using Scrutinizer-CI and Sensio Insight.
Coding Standards are verified by StyleCI.
Code coverage is analyzed by Coveralls.io.
The preferred way to install this library is to rely on Composer:
{
....
"require": {
"spomky-labs/jose": "^3.0",
"fgrosse/phpasn1": "dev-compat/php5-5 as v1.3.1"
},
...
}Then, you have to update your project dependencies:
composer updateHave a look at How to use to know how to load your JWT and discover all possibilities provided by this library.
Please read the performance page to know how fast are the algorithms supported by this library.
Requests for new features, bug fixed and all other ideas to make this library useful are welcome. Please follow these best practices.
This software is release under MIT licence.