JOSE & JSON Web Token (JWT) Examples


JSON Web Signatures (JWS) can secure content, such as text, JSON or binary data, with a digital signature (RSA, EC or EdDSA) or a Hash-based Message Authentication Code (HMAC).

Create / verify JWS examples with generic payload:

JWS example with detached and unencoded payload (RFC 7797):

JWS can also secure JSON Web Tokens (JWT):

JWS with Android PIN or biometric prompt to unlock the private key for signing:

JWS with the BouncyCastle FIPS provider:


JSON Web Encryption (JWE) provides confidentiality of content, while also ensuring its integrity. Public / private (RSA and EC) as well as symmetric encryption are supported.

Create / decrypt JWE examples:

Framework for minting JWS objects and signed JWTs

Simple framework to aid the creation of JWS objects and signed JWTs:

Framework for processing JOSE objects and JWTs

The library also includes a secure framework for handling tokens and messages secured with JOSE, such as JWT-encoded access tokens and OpenID tokens. The framework follows the security recommendations of the JOSE working group and has been tried with a wide range of use cases.

Parsing JOSE and JWT objects

Parsing objects and tokens of a particular type (unsecured, JWS, JWE):

Parsing objects and tokens of any type (unsecured, JWS, JWE):


JSON Web Key (JWK):

X.509 certificates

Smart cards and Hardware Security Modules (HSM)