RSA-OAEP-256 encryption added to the Nimbus JOSE+JWT library

We would like to announce the release of Nimbus JOSE+JWT 2.26, the popular open source library for JWS signatures, JWE encryption and for processing JSON Web Tokens (JWT) in Java.

RSA-OEAP encryption using SHA-256 and MGF1 with SHA-256

Thanks to Justin Richer, Brian Campbell and other members of the JOSE WG you can now make use of RSA-OAEP-256 encryption. The algorithm was added about a month ago to the latest JWA draft (version 26).

The new encryption algorithm can be used like this:

// To encrypt
JWEHeader header = new JWEHeader(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A128GCM);
Payload payload = new Payload("Hello world!");

JWEObject jweObject = new JWEObject(header, payload);

JWEEncrypter encrypter = new RSAEncrypter(publicKey);


String jweString = jweObject.serialize();

// To decrypt
jweObject = JWEObject.parse(jweString);

JWEDecrypter decrypter = new RSADecrypter(privateKey);



The library comes with numerous examples and excellent JavaDocs to get you started quickly and minimum hassle.

Restored A128CBC+HS256 and A256CBC+HS512 support

We also put back support for the deprecated A128CBC+HS256 and A256CBC+HS512 encryption algorithms (from JOSE version 08), to enable client applications to decode JWEs and JWTs encrypted with the old algorithm. Clients of Xbox SSO can benefit from this until the engineers from Microsoft have everything set up and ready for a smooth JWT rollover to the new AES/CBC/HMAC encryption algorithm (introduced in JOSE 09).


You can get the new Nimbus JOSE+JWT library release from Maven Central, please read our download instructions for more info.

Bug reports, suggestions?

Do you have any comments or feedback to share? Please, read our how to contribute guide.