View on GitHub

jsjws (now a part of jsjws)

jsjws : pure JavaScript implementation of JWT ( JSON Web Token ) and JWS ( JSON Web Signature )

Download this project as a .zip file Download this project as a tar.gz file
jsrsasign TOP | DOWNLOADS | TUTORIALS | API REFERENCE | DEMOS | MOBILE | NPM |
JSON Web Signature(JWS) is a specification for signing JSON data structure defined in OpenID community [1] and IETF [2] and one of basic component for OpenID ABC or OpenID Connect. The 'jsjws'(JSON Web Signature JavaScript Library) is a pure open source free JavaScript implementation of it. Furthermore, 'jsjws' provides JSON Web Signature JSON Serialization (JWS-JS) [3] which is a kind of parallel or independent signature format by multiple signers.

FEATURES

NEWS

2015-May-29:
Now jsjws is merged into jsrsasign 4.8.0. There is no further update at github jsjws repository. Please watch jsrsasign.
2015-Apr-26:
3.2.2 released. Bugfix release for safe JSON strings and samples..
2015-Apr-19:
3.2.0 released. Mitigation for some signature replacement attacks in JWS.verify. Great thanks to Alberto Pose for suggestions.
2015-Apr-04:
3.1.0 released. alg=none support have been removed in the verify method to resolve the same issue. Thank you kindly, Adriano Raiano, David Halls, Alberto Pose and JPCERT/CC.
2013-Oct-07:
Node.js npm module of jsrsasign is now registered in the repository. It also includes this 'jsjws'.
2013-Sep-24
3.0.2 released. Now supports HS384 (HmacSHA384) signature by CryptoJS patch.
2013-Sep-04
The jsjws page for iPhone and Android is now available. JWT siging/verifying demo for smart phone is also available.
2013-Aug-29
Document "Algorithm Support Matrix for JWT/JWS Implementations" added.
2013-Aug-28
2013-Aug-27:
Release 3.0.0
  • provides powerful and easy signing and verifying method.
  • add ECDSA and HMAC support
  • add PKCS#5 and PKCS#8 encrypted/plain private key support
  • QUnit unit tests added
2013-Jul-23:
Release 2.0.1 to fix RSAPSS signatures.
2013-Jul-21:
Release 2.0 is now available to support PS{256,512} (i.e. SHA256/512withRSAPSS) signature algorithm.
2012-May-21:
Release 1.2 is now available to add JWS-JS parallel signature support.
2012-May-07:
Release 1.1 is available. Following features are added.
  • UTF-8 string support in JWS Header and Payload
  • sign JWS with PEM formatted PKCS# RSA private key without passcode
  • verify JWS with PEM formatted X.509 certificate

DEMO

DOWNLOAD

See 'ChangeLog.txt' in detail.

API DOCUMENT

The 'jsjws'(JSON Web Signature JavaScript Library) JavaScript API document is available here.

LICENSE

The 'jsjws'(JSON Web Signature JavaScript Library) is licensed under the terms of the MIT license reproduced which is simple and easy to understand and places almost no restrictions.

MY RELATED PROJECT

RELATED LINKS

INCLUDED THIRD-PARTY LIBRARIES

WHAT IS JWS?

JSON Web Signature(JWS) is a simple signature format for signing small JSON data and will be used to exchange an authentication data for OpenID Connect. Any JWS data is represented in a printable text since it consists of Base64URL encoded characters and period('.'). Following figure shows how JWS signature will be generated.

See following pages for detail.

WHAT IS JWS-JS?

JSON Web Signature JSON Serialization (JWS-JS) is a signature format to sign a data by a number of signers independently. This way of signing is called parallel or independent signature in general. Following figure shows how JWS-JS signature will be generated.