-
Notifications
You must be signed in to change notification settings - Fork 30
JSON Web Algorithms
Andrea Tedeschi edited this page Jan 18, 2021
·
3 revisions
JSON Web Algorithms (JWA) is a standard defined by RFC7518. It defines cryptographic algorithms to be used for JSON Web Signature (JWS), JSON Web Encryption (JWE) and JSON Web Key (JWK). The below table lists all supported algorithms; the lef coloumn specify the name of the algorithm, which is speicified in the 'alg' parameter of JWTs while, the right one, describe the algorithm. All of these algorithms are supported by the jwtXploiter.
| "alg" Param | Digital Signature or MAC Algorithm |
|---|---|
| HS256 | HMAC using SHA-256 |
| HS384 | HMAC using SHA-384 |
| HS512 | HMAC using SHA-512 |
| RS256 | RSASSA-PKCS1-v1_5 using SHA-256 |
| RS384 | RSASSA-PKCS1-v1_5 using SHA-384 |
| RS512 | RSASSA-PKCS1-v1_5 using SHA-512 |
| ES256 | ECDSA using P-256 and SHA-256 |
| ES384 | ECDSA using P-384 and SHA-384 |
| ES512 | ECDSA using P-521 and SHA-512 |
| PS256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |
| PS384 | RSASSA-PSS using SHA-384 and MGF1 with SHA-384 |
| PS512 | RSASSA-PSS using SHA-512 and MGF1 with SHA-512 |
| none | No digital signature or MAC |