JSON Object Signing and Encryption (JOSE)
JSON Object Signing and Encryption (JOSE) is a set of standards that provides a method to secure the content of JSON objects. First of all, lets define the problem set that JOSE tries to solve. JSON objects are widely used in the web applications. However, JSON objects are subject to;
- Integrity: Ensuring that the content of the JSON object is not tampered.
- Confidentiality: Ensuring that the content of the JSON object is not read by unauthorized parties.
- Authentication: Ensuring that the content of the JSON object is sent by the expected party.
JOSE provides a set of standards to solve these problems. Lets explore them one by one.
JSON Web Algorithms (JWA)
JSON Web Algorithms (JWA) is a set of algorithms that can be used to secure the content of JSON objects. JWA organizes these algorithms into four different categories:
- Cryptographic Algorithms for Digital Signatures and MACs: These algorithms are used to ensure the integrity and the authentication of the content of the JSON objects.
- Cryptographic Algorithms for Key Management: These algorithms are used to manage the keys that are used to secure the content of the JSON objects.
- Cryptographic Algorithms for Content Encryption: These algorithms are used to ensure the confidentiality of the content of the JSON objects.
- Cryptographic Algorithms for Keys: These algorithms are used to manage the keys that are used to encrypt the content of the JSON objects.
| "alg" Param | Digital Signature or MAC | Implementation Requirements |
|---|---|---|
| HS256 | HMAC using SHA-256 | Required |
| HS384 | HMAC using SHA-384 | Optional |
| HS512 | HMAC using SHA-512 | Optional |
| RS256 | RSASSA-PKCS1-v1_5 using SHA-256 | Recommended |
| RS384 | RSASSA-PKCS1-v1_5 using SHA-384 | Optional |
| RS512 | RSASSA-PKCS1-v1_5 using SHA-512 | Optional |
| ES256 | ECDSA using P-256 and SHA-256 | Recommended+ |
| ES384 | ECDSA using P-384 and SHA-384 | Optional |
| ES512 | ECDSA using P-521 and SHA-512 | Optional |
| PS256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 | Optional |
| PS384 | RSASSA-PSS using SHA-384 and MGF1 with SHA-384 | Optional |
| PS512 | RSASSA-PSS using SHA-512 and MGF1 with SHA-512 | Optional |
| none | No digital signature or MAC performed | Optional |
JSON Web Signature (JWS)
JSON Web Signature (JWS) is a standardized format for digitally signing JSON-based content. By signing the content of a JSON object, the integrity and the authentication of the content can be ensured. JWS is defined in RFC 7515.
JWS simply starts with a JSON object that we want to sign and serializes it to a string representation. Then, the string representation is hashed with a cryptographic hash function. The hash is then encrypted with a private key. The result is the signature of the JSON object. The signature is then appended to the JSON object. The final result is a JWS object.
A JWS consists of Header.Payload.Signature structure. The Header part contains metadata about the signature. The Payload part contains the content of the JSON object. The
Signature part contains the signature of the Header and Payload parts.
Lets try to calculate a JWS object of the following JSON object:
{
"name": "John Doe",
"age": 30,
"email": "john.doe@example.com"
}
First, we need to decide which algorithm we want to use to sign the JSON object. There are several algorithms that can be used to sign a JSON object. Some of them are:
- HMAC with SHA-256: This algorithm uses a symmetric key to sign the JSON object.
- RSA with SHA-256: This algorithm uses an asymmetric key pair to sign the JSON object.
- ECDSA with SHA-256: This algorithm uses an elliptic curve key pair to sign the JSON object.