mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-30 00:00:16 +01:00

History

Andy Green 47e14ba34b genrsa: add OAEP and PSS and convert openssl to EVP Wanting PSS padding on signatures triggers and avalanche of openssl EVP conversions as the only way to do it with the openssl public apis.		2018-12-27 06:45:31 +08:00
..
jwe	JOSE: refactor and prepare for JWE	2018-12-27 06:45:31 +08:00
jwk	genaes: generic AES layer independent of tls library	2018-12-27 06:45:31 +08:00
jws	genrsa: add OAEP and PSS and convert openssl to EVP	2018-12-27 06:45:31 +08:00
private.h	JOSE: refactor and prepare for JWE	2018-12-27 06:45:31 +08:00
README.md	JOSE: refactor and prepare for JWE	2018-12-27 06:45:31 +08:00

README.md

JOSE support

JOSE is a set of web standards aimed at encapsulating crypto operations flexibly inside JSON objects.

Lws provides lightweight apis to performs operations on JWK, JWS and JWE independent of the tls backend in use. The JSON parsing is handled by the lws lejp stream parser.

Part	RFC	Function
JWS	RFC7515	JSON Web Signatures
JWE	RFC7516	JSON Web Encryption
JWK	RFC7517	JSON Web Keys
JWA	RFC7518	JSON Web Algorithms

JWA is a set of recommendations for which combinations of algorithms are deemed desirable and secure, which implies what must be done for useful implementations of JWS, JWE and JWK.

Supported algorithms

Symmetric ciphers are not currently supported... symmetric keys and HMAC are supported though.

For the required and recommended asymmetric algorithms, support currently looks like this

JWK kty	JWA	lws
EC	Recommended+	no
RSA	Required	yes
oct	Required	yes

JWE alg	JWA	lws
RSA1_5	Recommended-	yes (no JWE yet but lws_genrsa supports)
RSA-OAEP	Recommended+	no
ECDH-ES	Recommended+	no

JWS alg	JWA	lws
HS256	Required	yes
RS256	Recommended+	yes
ES256	Recommended	no

API tests

See ./minimal-examples/api-tests/api-test-jose/ for example test code. The tests are built and confirmed during CI.