RSA-OAEP-256 encryption added to the Nimbus JOSE+JWT library
We would like to announce the release of Nimbus JOSE+JWT 2.26, the popular open source library for JWS signatures, JWE encryption and for processing JSON Web Tokens (JWT) in Java.
RSA-OEAP encryption using SHA-256 and MGF1 with SHA-256
Thanks to Justin Richer, Brian Campbell and other members of the JOSE WG you
can now make use of RSA-OAEP-256 encryption. The algorithm was added about
a month ago to the latest JWA
draft
(version 26).
The new encryption algorithm can be used like this:
// To encrypt
JWEHeader header = new JWEHeader(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A128GCM);
Payload payload = new Payload("Hello world!");
JWEObject jweObject = new JWEObject(header, payload);
JWEEncrypter encrypter = new RSAEncrypter(publicKey);
encrypter.setKeyEncryptionProvider(BouncyCastleProviderSingleton.getInstance());
jweObject.encrypt(encrypter);
String jweString = jweObject.serialize();
// To decrypt
jweObject = JWEObject.parse(jweString);
JWEDecrypter decrypter = new RSADecrypter(privateKey);
decrypter.setKeyEncryptionProvider(BouncyCastleProviderSingleton.getInstance());
jweObject.decrypt(decrypter);
System.out.println(jweObject.getPayload());
The library comes with numerous examples and excellent JavaDocs to get you started quickly and minimum hassle.
Restored A128CBC+HS256 and A256CBC+HS512 support
We also put back support for the deprecated A128CBC+HS256 and A256CBC+HS512
encryption algorithms (from JOSE version 08), to enable client applications to
decode JWEs and JWTs encrypted with the old algorithm. Clients of Xbox SSO can
benefit from this until the engineers from Microsoft have everything set up and
ready for a smooth JWT rollover to the new AES/CBC/HMAC encryption algorithm
(introduced in JOSE 09).
Download
You can get the new Nimbus JOSE+JWT library release from Maven Central, please read our download instructions for more info.
Bug reports, suggestions?
Do you have any comments or feedback to share? Please, read our how to contribute guide.