The Nimbus JOSE+JWT library adds PS256, PS384 and PS512 signature support

Release 2.20 of the Nimbus JOSE+JWT library adds support for the JWS PS256, PS384 and PS512 signature algorithms, which are a form of RSA signatures with salt, as described in the JWA spec and in the authoritative RFC 3447 (RSASSA-PSS).

RSASSA-PSS reportedly offers a better security than the stock RSA PKCS #1 algorithm, but only marginally. If you consider switching to it the following discussion can provide you with additional information.

The new PS256, PS384 and PS512 signature algorithms are covered by the existing RSA signer and verifier classes:

• com.nimbusds.jose.crypto.RSASSASigner
• com.nimbusds.jose.crypto.RSASSAVerifier

You can get the new version from the download section of the project repo or preferably from Maven Central:

<dependency>
    <groupId>com.nimbusds</groupId>
    <artifactId>nimbus-jose-jwt</artifactId>
    <version>2.20</version>
</dependency>

Example use:

KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048);

KeyPair kp = kpg.genKeyPair();
RSAPublicKey publicKey = (RSAPublicKey)kp.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey)kp.getPrivate();

// Need BouncyCastle for PSS
Security.addProvider(BouncyCastleProviderSingleton.getInstance());

RSASSASigner signer = new RSASSASigner(privateKey);
RSASSAVerifier verifier = new RSASSAVerifier(publicKey);

JWSHeader header = new JWSHeader(JWSAlgorithm.PS256);
JWSObject jwsObject = new JWSObject(header, new Payload("Hello world"));

jwsObject.sign(signer);

boolean verified = jwsObject.verify(verifier);

Note that RSASSA-PSS is not supported by the standard JCA provider (in Java 6 and 7), you’ll need one that provides it, such as BouncyCastle.