Showing preview only (1,094K chars total). Download the full file or copy to clipboard to get everything.
Repository: panva/jose
Branch: main
Commit: a18254b74070
Files: 309
Total size: 1014.6 KB
Directory structure:
gitextract_gemcyrai/
├── .electron_flags.sh
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ ├── bug-report.yml
│ │ └── config.yml
│ ├── dependabot.yml
│ └── workflows/
│ ├── build.yml
│ ├── lock.yml
│ ├── release.yml
│ ├── retry.yml
│ └── test.yml
├── .gitignore
├── .node_flags.sh
├── .prettierignore
├── .prettierrc.json
├── .versionrc.json
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE.md
├── README.md
├── SECURITY.md
├── ava.config.mjs
├── cookbook/
│ ├── jwe.mjs
│ └── jws.mjs
├── docs/
│ ├── README.md
│ ├── jwe/
│ │ ├── compact/
│ │ │ ├── decrypt/
│ │ │ │ ├── README.md
│ │ │ │ ├── functions/
│ │ │ │ │ └── compactDecrypt.md
│ │ │ │ └── interfaces/
│ │ │ │ └── CompactDecryptGetKey.md
│ │ │ └── encrypt/
│ │ │ ├── README.md
│ │ │ └── classes/
│ │ │ └── CompactEncrypt.md
│ │ ├── flattened/
│ │ │ ├── decrypt/
│ │ │ │ ├── README.md
│ │ │ │ ├── functions/
│ │ │ │ │ └── flattenedDecrypt.md
│ │ │ │ └── interfaces/
│ │ │ │ └── FlattenedDecryptGetKey.md
│ │ │ └── encrypt/
│ │ │ ├── README.md
│ │ │ └── classes/
│ │ │ └── FlattenedEncrypt.md
│ │ └── general/
│ │ ├── decrypt/
│ │ │ ├── README.md
│ │ │ ├── functions/
│ │ │ │ └── generalDecrypt.md
│ │ │ └── interfaces/
│ │ │ └── GeneralDecryptGetKey.md
│ │ └── encrypt/
│ │ ├── README.md
│ │ ├── classes/
│ │ │ └── GeneralEncrypt.md
│ │ └── interfaces/
│ │ └── Recipient.md
│ ├── jwk/
│ │ ├── embedded/
│ │ │ ├── README.md
│ │ │ └── functions/
│ │ │ └── EmbeddedJWK.md
│ │ └── thumbprint/
│ │ ├── README.md
│ │ └── functions/
│ │ ├── calculateJwkThumbprint.md
│ │ └── calculateJwkThumbprintUri.md
│ ├── jwks/
│ │ ├── local/
│ │ │ ├── README.md
│ │ │ └── functions/
│ │ │ └── createLocalJWKSet.md
│ │ └── remote/
│ │ ├── README.md
│ │ ├── functions/
│ │ │ └── createRemoteJWKSet.md
│ │ ├── interfaces/
│ │ │ ├── ExportedJWKSCache.md
│ │ │ └── RemoteJWKSetOptions.md
│ │ ├── type-aliases/
│ │ │ ├── FetchImplementation.md
│ │ │ └── JWKSCacheInput.md
│ │ └── variables/
│ │ ├── customFetch.md
│ │ └── jwksCache.md
│ ├── jws/
│ │ ├── compact/
│ │ │ ├── sign/
│ │ │ │ ├── README.md
│ │ │ │ └── classes/
│ │ │ │ └── CompactSign.md
│ │ │ └── verify/
│ │ │ ├── README.md
│ │ │ ├── functions/
│ │ │ │ └── compactVerify.md
│ │ │ └── interfaces/
│ │ │ └── CompactVerifyGetKey.md
│ │ ├── flattened/
│ │ │ ├── sign/
│ │ │ │ ├── README.md
│ │ │ │ └── classes/
│ │ │ │ └── FlattenedSign.md
│ │ │ └── verify/
│ │ │ ├── README.md
│ │ │ ├── functions/
│ │ │ │ └── flattenedVerify.md
│ │ │ └── interfaces/
│ │ │ └── FlattenedVerifyGetKey.md
│ │ └── general/
│ │ ├── sign/
│ │ │ ├── README.md
│ │ │ ├── classes/
│ │ │ │ └── GeneralSign.md
│ │ │ └── interfaces/
│ │ │ └── Signature.md
│ │ └── verify/
│ │ ├── README.md
│ │ ├── functions/
│ │ │ └── generalVerify.md
│ │ └── interfaces/
│ │ └── GeneralVerifyGetKey.md
│ ├── jwt/
│ │ ├── decrypt/
│ │ │ ├── README.md
│ │ │ ├── functions/
│ │ │ │ └── jwtDecrypt.md
│ │ │ └── interfaces/
│ │ │ ├── JWTDecryptGetKey.md
│ │ │ └── JWTDecryptOptions.md
│ │ ├── encrypt/
│ │ │ ├── README.md
│ │ │ └── classes/
│ │ │ └── EncryptJWT.md
│ │ ├── sign/
│ │ │ ├── README.md
│ │ │ └── classes/
│ │ │ └── SignJWT.md
│ │ ├── unsecured/
│ │ │ ├── README.md
│ │ │ ├── classes/
│ │ │ │ └── UnsecuredJWT.md
│ │ │ └── interfaces/
│ │ │ └── UnsecuredResult.md
│ │ └── verify/
│ │ ├── README.md
│ │ ├── functions/
│ │ │ └── jwtVerify.md
│ │ └── interfaces/
│ │ ├── JWTVerifyGetKey.md
│ │ └── JWTVerifyOptions.md
│ ├── key/
│ │ ├── export/
│ │ │ ├── README.md
│ │ │ └── functions/
│ │ │ ├── exportJWK.md
│ │ │ ├── exportPKCS8.md
│ │ │ └── exportSPKI.md
│ │ ├── generate_key_pair/
│ │ │ ├── README.md
│ │ │ ├── functions/
│ │ │ │ └── generateKeyPair.md
│ │ │ └── interfaces/
│ │ │ ├── GenerateKeyPairOptions.md
│ │ │ └── GenerateKeyPairResult.md
│ │ ├── generate_secret/
│ │ │ ├── README.md
│ │ │ ├── functions/
│ │ │ │ └── generateSecret.md
│ │ │ └── interfaces/
│ │ │ └── GenerateSecretOptions.md
│ │ └── import/
│ │ ├── README.md
│ │ ├── functions/
│ │ │ ├── importJWK.md
│ │ │ ├── importPKCS8.md
│ │ │ ├── importSPKI.md
│ │ │ └── importX509.md
│ │ └── interfaces/
│ │ └── KeyImportOptions.md
│ ├── types/
│ │ ├── README.md
│ │ ├── interfaces/
│ │ │ ├── CompactDecryptResult.md
│ │ │ ├── CompactJWEHeaderParameters.md
│ │ │ ├── CompactJWSHeaderParameters.md
│ │ │ ├── CompactVerifyResult.md
│ │ │ ├── CritOption.md
│ │ │ ├── DecryptOptions.md
│ │ │ ├── EncryptOptions.md
│ │ │ ├── FlattenedDecryptResult.md
│ │ │ ├── FlattenedJWE.md
│ │ │ ├── FlattenedJWS.md
│ │ │ ├── FlattenedJWSInput.md
│ │ │ ├── FlattenedVerifyResult.md
│ │ │ ├── GeneralDecryptResult.md
│ │ │ ├── GeneralJWE.md
│ │ │ ├── GeneralJWS.md
│ │ │ ├── GeneralJWSInput.md
│ │ │ ├── GeneralVerifyResult.md
│ │ │ ├── GetKeyFunction.md
│ │ │ ├── JSONWebKeySet.md
│ │ │ ├── JWEHeaderParameters.md
│ │ │ ├── JWEKeyManagementHeaderParameters.md
│ │ │ ├── JWK.md
│ │ │ ├── JWKParameters.md
│ │ │ ├── JWK_AKP_Private.md
│ │ │ ├── JWK_AKP_Public.md
│ │ │ ├── JWK_EC_Private.md
│ │ │ ├── JWK_EC_Public.md
│ │ │ ├── JWK_OKP_Private.md
│ │ │ ├── JWK_OKP_Public.md
│ │ │ ├── JWK_RSA_Private.md
│ │ │ ├── JWK_RSA_Public.md
│ │ │ ├── JWK_oct.md
│ │ │ ├── JWSHeaderParameters.md
│ │ │ ├── JWTClaimVerificationOptions.md
│ │ │ ├── JWTDecryptResult.md
│ │ │ ├── JWTHeaderParameters.md
│ │ │ ├── JWTPayload.md
│ │ │ ├── JWTVerifyResult.md
│ │ │ ├── JoseHeaderParameters.md
│ │ │ ├── KeyObject.md
│ │ │ ├── ProduceJWT.md
│ │ │ ├── ResolvedKey.md
│ │ │ ├── SignOptions.md
│ │ │ └── VerifyOptions.md
│ │ └── type-aliases/
│ │ └── CryptoKey.md
│ └── util/
│ ├── base64url/
│ │ ├── README.md
│ │ └── functions/
│ │ ├── decode.md
│ │ └── encode.md
│ ├── decode_jwt/
│ │ ├── README.md
│ │ └── functions/
│ │ └── decodeJwt.md
│ ├── decode_protected_header/
│ │ ├── README.md
│ │ ├── functions/
│ │ │ └── decodeProtectedHeader.md
│ │ └── type-aliases/
│ │ └── ProtectedHeaderParameters.md
│ └── errors/
│ ├── README.md
│ └── classes/
│ ├── JOSEAlgNotAllowed.md
│ ├── JOSEError.md
│ ├── JOSENotSupported.md
│ ├── JWEDecryptionFailed.md
│ ├── JWEInvalid.md
│ ├── JWKInvalid.md
│ ├── JWKSInvalid.md
│ ├── JWKSMultipleMatchingKeys.md
│ ├── JWKSNoMatchingKey.md
│ ├── JWKSTimeout.md
│ ├── JWSInvalid.md
│ ├── JWSSignatureVerificationFailed.md
│ ├── JWTClaimValidationFailed.md
│ ├── JWTExpired.md
│ └── JWTInvalid.md
├── jsr.json
├── package.json
├── patches/
│ ├── typedoc-plugin-markdown+4.11.0.patch
│ └── typedoc-plugin-mdn-links+5.1.1.patch
├── playwright.config.ts
├── src/
│ ├── index.ts
│ ├── jwe/
│ │ ├── compact/
│ │ │ ├── decrypt.ts
│ │ │ └── encrypt.ts
│ │ ├── flattened/
│ │ │ ├── decrypt.ts
│ │ │ └── encrypt.ts
│ │ └── general/
│ │ ├── decrypt.ts
│ │ └── encrypt.ts
│ ├── jwk/
│ │ ├── embedded.ts
│ │ └── thumbprint.ts
│ ├── jwks/
│ │ ├── local.ts
│ │ └── remote.ts
│ ├── jws/
│ │ ├── compact/
│ │ │ ├── sign.ts
│ │ │ └── verify.ts
│ │ ├── flattened/
│ │ │ ├── sign.ts
│ │ │ └── verify.ts
│ │ └── general/
│ │ ├── sign.ts
│ │ └── verify.ts
│ ├── jwt/
│ │ ├── decrypt.ts
│ │ ├── encrypt.ts
│ │ ├── sign.ts
│ │ ├── unsecured.ts
│ │ └── verify.ts
│ ├── key/
│ │ ├── export.ts
│ │ ├── generate_key_pair.ts
│ │ ├── generate_secret.ts
│ │ └── import.ts
│ ├── lib/
│ │ ├── aesgcmkw.ts
│ │ ├── aeskw.ts
│ │ ├── asn1.ts
│ │ ├── base64.ts
│ │ ├── buffer_utils.ts
│ │ ├── check_key_type.ts
│ │ ├── content_encryption.ts
│ │ ├── crypto_key.ts
│ │ ├── deflate.ts
│ │ ├── ecdhes.ts
│ │ ├── helpers.ts
│ │ ├── invalid_key_input.ts
│ │ ├── is_key_like.ts
│ │ ├── jwk_to_key.ts
│ │ ├── jwt_claims_set.ts
│ │ ├── key_management.ts
│ │ ├── key_to_jwk.ts
│ │ ├── normalize_key.ts
│ │ ├── pbes2kw.ts
│ │ ├── rsaes.ts
│ │ ├── signing.ts
│ │ ├── type_checks.ts
│ │ ├── validate_algorithms.ts
│ │ └── validate_crit.ts
│ ├── types.d.ts
│ └── util/
│ ├── base64url.ts
│ ├── decode_jwt.ts
│ ├── decode_protected_header.ts
│ └── errors.ts
├── tap/
│ ├── .browser.ts
│ ├── .browsers.sh
│ ├── .bun.sh
│ ├── .deno.sh
│ ├── .electron.sh
│ ├── .node.sh
│ ├── .workerd.sh
│ ├── aes.ts
│ ├── aeskw.ts
│ ├── cookbook.ts
│ ├── ecdh.ts
│ ├── encrypt.ts
│ ├── env.ts
│ ├── fixtures.ts
│ ├── generate_options.ts
│ ├── hmac.ts
│ ├── jwk.ts
│ ├── jwks.ts
│ ├── jws.ts
│ ├── keyobject-stub.ts
│ ├── noop.ts
│ ├── pbes2.ts
│ ├── pem.ts
│ ├── rsaes.ts
│ ├── run-browser.ts
│ ├── run-bun.ts
│ ├── run-deno.ts
│ ├── run-electron.ts
│ ├── run-node.ts
│ ├── run-workerd.ts
│ ├── run.ts
│ ├── sign.ts
│ └── tsconfig.json
├── test/
│ ├── jwe/
│ │ ├── compact.decrypt.test.ts
│ │ ├── compact.encrypt.test.ts
│ │ ├── flattened.decrypt.test.ts
│ │ ├── flattened.encrypt.test.ts
│ │ ├── general.test.ts
│ │ └── zip.test.ts
│ ├── jwk/
│ │ ├── embedded.test.ts
│ │ ├── issue-459.test.ts
│ │ ├── jwk2key.test.ts
│ │ └── thumbprint.test.ts
│ ├── jwks/
│ │ ├── local.test.ts
│ │ └── remote.test.ts
│ ├── jws/
│ │ ├── compact.sign.test.ts
│ │ ├── compact.verify.test.ts
│ │ ├── crit.test.ts
│ │ ├── flattened.sign.test.ts
│ │ ├── flattened.verify.test.ts
│ │ ├── general.test.ts
│ │ ├── restrictions.test.ts
│ │ └── unencoded.test.ts
│ ├── jwt/
│ │ ├── decrypt.test.ts
│ │ ├── encrypt.test.ts
│ │ ├── sign.test.ts
│ │ ├── time_setters.ts
│ │ ├── unsecured.test.ts
│ │ └── verify.test.ts
│ ├── tsconfig.json
│ ├── unit/
│ │ ├── buffer_utils.test.ts
│ │ ├── cek.test.ts
│ │ ├── check_iv_length.test.ts
│ │ ├── check_key_type.test.ts
│ │ ├── check_key_type_jwk.test.ts
│ │ ├── iv.test.ts
│ │ └── secs.test.ts
│ └── util/
│ ├── decode_jwt.test.ts
│ └── decode_protected_header.test.ts
├── tools/
│ ├── postbump.cjs
│ ├── prebump.cjs
│ ├── publish.cjs
│ └── release-notes.cjs
├── tsconfig/
│ └── types.json
├── tsconfig.json
└── typedoc.json
================================================
FILE CONTENTS
================================================
================================================
FILE: .electron_flags.sh
================================================
echo $(electron -i <<< 'process.exit(0)' 2> /dev/null | grep "Using" | awk '{$1=$1};1' | sed -r "s/\x1B\[([0-9]{1,3}(;[0-9]{1,2};?)?)?[mGK]//g")
electron -i <<< 'process.exit(parseInt(process.versions.node, 10))' &> /dev/null
NODE_VERSION=$?
export NODE_OPTIONS='--enable-source-maps --import=tsx/esm'
================================================
FILE: .github/ISSUE_TEMPLATE/bug-report.yml
================================================
name: 🐞Bug report
description: There's a bug I want to report
labels:
- triage
body:
- type: markdown
attributes:
value: |
Thanks for taking the time to fill out this bug report. Do not use this form to ask questions or make suggestions, use the [appropriate](https://github.com/panva/jose/issues/new/choose) Discussions Topic for those.
- type: textarea
attributes:
label: What happened?
description: A clear and concise description of what the bug is and what you expected to happen instead.
validations:
required: true
- type: input
attributes:
label: Version
description: What exact version of the library do you use?
placeholder: e.g. v3.14.0
validations:
required: true
- type: dropdown
attributes:
label: Runtime
description: What runtime are you seeing the problem on?
options:
- Select an option
- Browser
- Bun
- Cloudflare Workers
- Deno
- Electron
- Node.js
- Other (I will specify below)
validations:
required: true
- type: input
attributes:
label: Runtime Details
description: More information about the runtime (e.g. node version, browser vendor and version, electron version, operating system)
validations:
required: true
- type: textarea
attributes:
label: Code to reproduce
description: Please copy and paste code to reproduce the issue.
render: js
validations:
required: true
- type: checkboxes
attributes:
label: Required
options:
- label: I have searched the issues tracker and discussions for similar topics and couldn't find anything related.
required: true
- label: I agree to follow this project's [Code of Conduct](https://github.com/panva/jose/blob/main/CODE_OF_CONDUCT.md)
required: true
================================================
FILE: .github/ISSUE_TEMPLATE/config.yml
================================================
blank_issues_enabled: false
contact_links:
- name: ❓ Question
url: https://github.com/panva/jose/discussions/new?category=q-a
about:
Have a question about using jose? Head over to the discussions "Q&A" Category
- name: 💡 Feature proposal
url: https://github.com/panva/jose/discussions/new?category=ideas
about:
Have a proposal for a new feature? Head over to the discussions "Ideas" Category
- name: Support the project
url: https://github.com/sponsors/panva
about:
Are you asking your nth question? Relying on jose for critical operations? Consider
supporting the project so that it may continue being maintained.
================================================
FILE: .github/dependabot.yml
================================================
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
groups:
actions:
patterns:
- "*"
================================================
FILE: .github/workflows/build.yml
================================================
name: Build
permissions: {}
on:
workflow_call:
outputs:
cache-key:
value: ${{ jobs.build.outputs.cache-key }}
jobs:
build:
concurrency: build-${{ github.ref }}
runs-on: ubuntu-latest
outputs:
cache-key: ${{ steps.cache-key.outputs.value }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup node
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: lts/*
cache: 'npm'
- run: npm clean-install
- id: cache-key
run: echo "value=dist-${{ hashFiles('src/**/*.ts', 'tsconfig/*.json', '.github/workflows/*.yml', 'package-lock.json') }}" >> $GITHUB_OUTPUT
- name: Cache dist
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
id: dist
with:
path: dist
key: ${{ steps.cache-key.outputs.value }}
- name: Build
run: npm run build-all
if: ${{ steps.dist.outputs.cache-hit != 'true' }}
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: dist
path: dist
- run: git reset HEAD --hard
================================================
FILE: .github/workflows/lock.yml
================================================
name: "Lock threads"
permissions: {}
on:
schedule:
- cron: '11 11 * * 1'
jobs:
lock:
permissions:
issues: write
pull-requests: write
discussions: write
continue-on-error: true
runs-on: ubuntu-latest
steps:
- uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v6.0.0
with:
github-token: ${{ github.token }}
issue-inactive-days: "90"
issue-lock-reason: ""
pr-inactive-days: "90"
pr-lock-reason: ""
discussion-inactive-days: "90"
================================================
FILE: .github/workflows/release.yml
================================================
name: Release
permissions: {}
on:
push:
tags: ['v6.[0-9]+.[0-9]+']
jobs:
build:
uses: ./.github/workflows/build.yml
npm:
needs:
- build
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Setup node
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: lts/*
registry-url: https://registry.npmjs.org
- name: Load cached dist
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
id: dist
with:
path: dist
key: dist-${{ hashFiles('src/**/*.ts', 'tsconfig/*.json', '.github/workflows/*.yml', 'package-lock.json') }}
fail-on-cache-miss: true
- name: Prepare distribution
run: node tools/publish.cjs
- run: npm publish
jsr:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- run: npx jsr publish
cleanup:
needs:
- npm
- jsr
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- run: git push origin $GITHUB_SHA:v6.x
- run: git rm -r dist
- run: |
git config --local user.name "github-actions[bot]"
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
git commit -m "chore: cleanup after release"
- run: git push origin HEAD:main
github:
needs:
- npm
- jsr
runs-on: ubuntu-latest
permissions:
contents: write
discussions: write
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 2
- name: Setup node
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: lts/*
cache: 'npm'
- run: node tools/release-notes.cjs
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .github/workflows/retry.yml
================================================
name: Retry
permissions: {}
on:
workflow_run:
workflows:
- Test
types:
- completed
jobs:
retry:
permissions:
actions: write
runs-on: ubuntu-latest
if: ${{ github.repository == 'panva/jose' && github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.run_attempt == 1 }}
steps:
- run: gh api -XPOST ${{ github.event.workflow_run.rerun_url }}-failed-jobs
env:
GH_TOKEN: ${{ github.token }}
================================================
FILE: .github/workflows/test.yml
================================================
name: Test
permissions: {}
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: '11 11 * * 1'
workflow_dispatch:
jobs:
build:
uses: ./.github/workflows/build.yml
node-versions:
uses: panva/.github/.github/workflows/node-versions.yml@main
with:
min: 20
node:
needs:
- node-versions
strategy:
fail-fast: false
matrix:
node-version: ${{ fromJSON(needs.node-versions.outputs.matrix) }}
suite:
- tap:node
- test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup node
id: node
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
check-latest: true
- run: npm clean-install
- name: Run Test Suite
run: npm run ${{ matrix.suite }}
deno:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: denoland/setup-deno@667a34cdef165d8d2b2e98dde39547c9daac7282 # v2.0.4
with:
deno-version: latest
- name: Setup node
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: lts/*
cache: 'npm'
- run: npm clean-install
- name: Test Deno Definitions
run: |
npm run build:deno
deno check dist/deno/index.ts
- name: Test Deno
run: npm run tap:deno
bun:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
with:
bun-version: latest
- name: Setup node
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: lts/*
cache: 'npm'
- run: npm clean-install
- name: Test Bun
run: npm run tap:bun
workerd:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup node
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: lts/*
cache: 'npm'
- run: npm clean-install
- run: npm install --global workerd
- run: npm link workerd
- name: Run Test Suite
run: npm run tap:workerd
browsers:
runs-on: macos-latest
strategy:
fail-fast: false
matrix:
browser: [chromium, firefox, safari]
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup node
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: lts/*
cache: 'npm'
- run: npm clean-install
- run: npm upgrade playwright
- name: get playwright version
id: playwright-version
run:
echo "version=$(npm list playwright --json | jq -r '.dependencies["@playwright/test"].dependencies.playwright.version')" >>
$GITHUB_OUTPUT
- uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/Library/Caches/ms-playwright
key: playwright-${{ runner.os }}-${{ steps.playwright-version.outputs.version }}
- run: npx playwright install --only-shell chromium firefox webkit
- name: Run Test Suite
run: npm run tap:browsers
env:
BROWSER: ${{ matrix.browser }}
electron:
runs-on: macos-15
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup node
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: lts/*
cache: 'npm'
- run: npm clean-install
- name: Install Electron
run: npm install --global electron
- name: Run Test Suite
run: npm run tap:electron
================================================
FILE: .gitignore
================================================
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
# Runtime data
pids
*.pid
*.seed
*.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
*.lcov
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# Bower dependency directory (https://bower.io/)
bower_components
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directory and lockfiles
node_modules/
jspm_packages/
yarn.lock
npm-shrinkwrap.json
# Snowpack dependency directory (https://snowpack.dev/)
web_modules/
# TypeScript cache
*.tsbuildinfo
# Optional npm cache directory
.npm
# Optional eslint cache
.eslintcache
# Microbundle cache
.rpt2_cache/
.rts2_cache_cjs/
.rts2_cache_es/
.rts2_cache_umd/
# Optional REPL history
.node_repl_history
# Output of 'npm pack'
*.tgz
# Yarn Integrity file
.yarn-integrity
# dotenv environment variables file
.env
.env.test
# parcel-bundler cache (https://parceljs.org/)
.cache
.parcel-cache
# Next.js build output
.next
out
# Nuxt.js build / generate output
.nuxt
dist
dist-browser-tests
# Gatsby files
.cache/
# Comment in the public line in if your project uses Gatsby and not Next.js
# https://nextjs.org/blog/next-9-1#public-directory-support
# public
# vuepress build output
.vuepress/dist
# Serverless directories
.serverless/
# FuseBox cache
.fusebox/
# DynamoDB Local files
.dynamodb/
# TernJS port file
.tern-port
# Stores VSCode versions used for testing VSCode extensions
.vscode-test
# yarn v2
.yarn/cache
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
.npmrc
tap/*.js
tap/*.js.map
tap/run-*.mjs
tap/run-*.mjs.map
tap/run-*.cjs
tap/run-*.cjs.map
*.bak
*.bun
tap/.workerd.capnp
tap/.workers.capnp
test-results/.last-run.json
================================================
FILE: .node_flags.sh
================================================
echo "Using Node.js $(node --version)"
node -e 'process.exit(parseInt(process.versions.node, 10))' &> /dev/null
NODE_VERSION=$?
export NODE_OPTIONS='--enable-source-maps --import=tsx/esm'
================================================
FILE: .prettierignore
================================================
# Ignore artifacts:
build
dist
coverage
================================================
FILE: .prettierrc.json
================================================
{
"trailingComma": "all",
"singleQuote": true,
"printWidth": 100,
"semi": false,
"plugins": ["prettier-plugin-jsdoc"],
"tsdoc": true,
"jsdocSeparateReturnsFromParam": true,
"jsdocSeparateTagGroups": true,
"jsdocPrintWidth": 100
}
================================================
FILE: .versionrc.json
================================================
{
"commit-all": true,
"scripts": {
"prerelease": "node ./tools/prebump.cjs && npm run-script build-all",
"postbump": "node ./tools/postbump.cjs",
"postchangelog": "sed -i '' -e 's/### \\[/## [/g' CHANGELOG.md"
},
"types": [
{
"type": "feat",
"section": "Features"
},
{
"type": "fix",
"section": "Fixes"
},
{
"type": "chore",
"hidden": true
},
{
"type": "docs",
"section": "Documentation",
"hidden": false
},
{
"type": "style",
"hidden": true
},
{
"type": "refactor",
"section": "Refactor",
"hidden": false
},
{
"type": "revert",
"section": "Reverts",
"hidden": false
},
{
"type": "perf",
"section": "Performance",
"hidden": false
},
{
"type": "test",
"hidden": true
}
]
}
================================================
FILE: CHANGELOG.md
================================================
# Changelog
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
## [6.2.2](https://github.com/panva/jose/compare/v6.2.1...v6.2.2) (2026-03-18)
### Fixes
* reject failed decompression with JWEInvalid error ([043b181](https://github.com/panva/jose/commit/043b181a96ee55d92b9ff1ee94e11be36e258ee4))
## [6.2.1](https://github.com/panva/jose/compare/v6.2.0...v6.2.1) (2026-03-09)
### Refactor
* reorganize internals, less files, smaller footprint ([d4231f9](https://github.com/panva/jose/commit/d4231f9f2a654d203589a787bfa8a34fb03c87c5))
## [6.2.0](https://github.com/panva/jose/compare/v6.1.3...v6.2.0) (2026-03-05)
### Features
* re-introduce JWE "zip" (Compression Algorithm) Header Parameter support ([b13b446](https://github.com/panva/jose/commit/b13b44688baeaf078259379c61f42569f5d63ab5))
### Documentation
* clarify return of general jws and jwe ([56682b4](https://github.com/panva/jose/commit/56682b4608eacafb7bcd6b63713d6434e0e6ad66))
## [6.1.3](https://github.com/panva/jose/compare/v6.1.2...v6.1.3) (2025-12-02)
### Refactor
* avoid export * as for google closure's compiler sake ([6303d98](https://github.com/panva/jose/commit/6303d98efba00c9a3f8f3e814c85ac6e6944b11c)), closes [#832](https://github.com/panva/jose/issues/832)
## [6.1.2](https://github.com/panva/jose/compare/v6.1.1...v6.1.2) (2025-11-15)
### Refactor
* fallback to checking instanceof for CryptoKey ([901cd90](https://github.com/panva/jose/commit/901cd908f325265c39f8af1f1505138e0a689f94)), closes [#765](https://github.com/panva/jose/issues/765) [#803](https://github.com/panva/jose/issues/803) [#821](https://github.com/panva/jose/issues/821) [#827](https://github.com/panva/jose/issues/827) [#828](https://github.com/panva/jose/issues/828)
## [6.1.1](https://github.com/panva/jose/compare/v6.1.0...v6.1.1) (2025-11-09)
### Documentation
* add link to RFC9864 ([767edde](https://github.com/panva/jose/commit/767edde5bde07c60e2c1b1db365ad234a9ae5195))
* link to ML-DSA for JOSE ([ed4252c](https://github.com/panva/jose/commit/ed4252ca8ed084e734a53b214f62e3da11c39857))
* remove mention of Edge Runtime from the readme ([94fdde7](https://github.com/panva/jose/commit/94fdde702498f5e94ec3307f85f120f43a527590))
* update README.md ([25098ef](https://github.com/panva/jose/commit/25098ef7518be732bbef3ea6ed87b0d61a85f581))
### Refactor
* eliminate named exports in the source code ([f6ae30d](https://github.com/panva/jose/commit/f6ae30d5d86c376269ffa853f62e403d13d4f610))
* expose setKeyManagementParameters also on a GeneralEncrypt Recipient ([16e6b23](https://github.com/panva/jose/commit/16e6b230ee29662c599c556b91a2c367f0fa088c))
* faster path for symmetric key checks ([a44c2ec](https://github.com/panva/jose/commit/a44c2ec6351fb639816846ec8b23f5f084a3d9fb))
* improve en/decoding overheads ([daee426](https://github.com/panva/jose/commit/daee4265c9ab218acbcdb1d7b10c3c728447240b))
## [6.1.0](https://github.com/panva/jose/compare/v6.0.13...v6.1.0) (2025-08-27)
### Features
* support AKP JWKs in calculateJwkThumbprint and calculateJwkThumbprintUri ([cf2092a](https://github.com/panva/jose/commit/cf2092a2b51c9fb67049e96ee22d551ad34c0b2c))
* support for the ML-DSA PQC Algorithm Identifiers ([25ddce4](https://github.com/panva/jose/commit/25ddce491ba3968e8802db5913e49a52224246be))
## [6.0.13](https://github.com/panva/jose/compare/v6.0.12...v6.0.13) (2025-08-21)
### Refactor
* more readability in ecdhes.ts ([84da9de](https://github.com/panva/jose/commit/84da9decd8b2f266a343a507b6b79197f2da11e8))
* update asn1.ts helpers ([b4f8fb3](https://github.com/panva/jose/commit/b4f8fb372689b5b38074aa45c9921a6a997a9142))
## [6.0.12](https://github.com/panva/jose/compare/v6.0.11...v6.0.12) (2025-07-15)
### Documentation
* add known caveats to customFetch ([02e1f1e](https://github.com/panva/jose/commit/02e1f1e87c764885121590aa2af80c831a9320ab))
* mention the apu/apv parameter names in setKeyManagementParameters ([6274d5a](https://github.com/panva/jose/commit/6274d5abca3d3882d3d722415f064fee5c44d0e4))
* update compact setKeyManagementParameters ([2f44381](https://github.com/panva/jose/commit/2f44381b6b0e30cf538ea2edb0d42b76a61de1f8))
* use GitHub Flavored Markdown for notes and warnings ([f6b4ffc](https://github.com/panva/jose/commit/f6b4ffcd82d9645d9b818ece09a09b5a636b69c9))
### Refactor
* createPublicKey is not a constructor ([61ded78](https://github.com/panva/jose/commit/61ded787150c6ae13eeb65b6680f857d6657465f))
* update asn1.ts helper functions ([b2b611c](https://github.com/panva/jose/commit/b2b611c426eeed3c40c3a1423d8a02dd46f3f7e8))
## [6.0.11](https://github.com/panva/jose/compare/v6.0.10...v6.0.11) (2025-05-05)
### Fixes
* typ checking edge-cases when it contains a slash (/) character ([31e4baf](https://github.com/panva/jose/commit/31e4bafc0a908cac044bbe34c7024f4eac9c974f))
## [6.0.10](https://github.com/panva/jose/compare/v6.0.9...v6.0.10) (2025-03-12)
### Refactor
* removed unused claims methods ([74719cf](https://github.com/panva/jose/commit/74719cfcfba1920b87740245da08bb70b68e7cd1))
* reorganize jwt claim set utils ([1f12d88](https://github.com/panva/jose/commit/1f12d88ee8cfa328126934a7020396f9a8dd8932))
## [6.0.9](https://github.com/panva/jose/compare/v6.0.8...v6.0.9) (2025-03-11)
### Documentation
* add more symbol document, ignore ts-private fields ([8b73687](https://github.com/panva/jose/commit/8b73687595a7ca608aa1b78870b6b165ad5249f2))
* bump typedoc ([6163a8b](https://github.com/panva/jose/commit/6163a8b6a773100ed31d207b598db1259a7e13a8))
* drop cdnjs links in README ([a910038](https://github.com/panva/jose/commit/a9100383ab16cb62c375401fac08a77f3c6c528d))
* drop denoland/x links in README and add jsr ([3662b9e](https://github.com/panva/jose/commit/3662b9ec44403bd501fc895bea4ded623d23e7e1))
* fix key export links from docs/README.md ([c8edfc2](https://github.com/panva/jose/commit/c8edfc29416d3339f6c78fdc42bdfdfadaa5cf7e))
### Refactor
* always assume structuredClone is present ([f7898a9](https://github.com/panva/jose/commit/f7898a9487508684dbbeba990e0cc96d344b1ff6))
* hide internal private fields and drop ProduceJWT inheritance ([ab18881](https://github.com/panva/jose/commit/ab18881a57524897aec300c9bf7bbd73d9e3447c))
* less objects when JWE JWT Replicated Header Parameters are used ([c763a0e](https://github.com/panva/jose/commit/c763a0e373b0e814dc4705dd2eb7daa614eae43a))
## [6.0.8](https://github.com/panva/jose/compare/v6.0.7...v6.0.8) (2025-02-26)
### Fixes
* export [customFetch] symbol from the default entrypoint ([1615614](https://github.com/panva/jose/commit/1615614964b4a66ac888f470bad94b6dee7009bc)), closes [#762](https://github.com/panva/jose/issues/762)
## [6.0.7](https://github.com/panva/jose/compare/v6.0.6...v6.0.7) (2025-02-25)
### Documentation
* improve generate key/secret and import function descriptions ([cd06359](https://github.com/panva/jose/commit/cd06359597a3b8e5c30892142f3d750eded2fbce))
### Fixes
* use [customFetch] when provided to createRemoteJWKSet ([35f6509](https://github.com/panva/jose/commit/35f6509ff45927d9f55f3b5c09f96f459e60136a)), closes [#760](https://github.com/panva/jose/issues/760)
## [6.0.6](https://github.com/panva/jose/compare/v6.0.5...v6.0.6) (2025-02-23)
### Refactor
* move base64url around ([e1350ef](https://github.com/panva/jose/commit/e1350eff8786b92eead82258dc2d5b9db128b523))
### Documentation
* add various exported symbol descriptions ([3b8ff71](https://github.com/panva/jose/commit/3b8ff717ad2054c1c50f72bcc866f08cd672b49d))
* add various exported symbol descriptions ([fc4e7da](https://github.com/panva/jose/commit/fc4e7dab4c7021d5d2f23a55de93c9ed35b79cef))
* add various exported symbol descriptions ([74f02c8](https://github.com/panva/jose/commit/74f02c833e057ab419173be7b8b8140eddcfc19f))
* update base64url function descriptions ([03d72c8](https://github.com/panva/jose/commit/03d72c8a5578bd442190724ca05994b0856432d5))
## [6.0.5](https://github.com/panva/jose/compare/v6.0.4...v6.0.5) (2025-02-23)
### Refactor
* **types:** make JWKParameters.kty compatible with @types/node and @types/web ([bb6ccfe](https://github.com/panva/jose/commit/bb6ccfed3efd5c84c540c2a1f621b9d2951f2b84))
### Documentation
* add various exported symbol descriptions ([f52c2ff](https://github.com/panva/jose/commit/f52c2ff0c3edbe30b32a4c9858199bfbc9f9367e))
## [6.0.4](https://github.com/panva/jose/compare/v6.0.3...v6.0.4) (2025-02-22)
### Refactor
* optimize base64 with tc39/proposal-arraybuffer-base64 ([8a0da69](https://github.com/panva/jose/commit/8a0da6968ec2813ced80962e847a89676ef9e8af)), closes [#752](https://github.com/panva/jose/issues/752)
* update getSPKI to use crypto.createPublicKey when available ([92392a0](https://github.com/panva/jose/commit/92392a0aa278ecf419a8b0b6a984c72d071125ad)), closes [#752](https://github.com/panva/jose/issues/752)
* use Double HMAC pattern for AES-CBC tag comparison ([f3ba4c7](https://github.com/panva/jose/commit/f3ba4c715f3ff5baef624bbb62771398de488166)), closes [#752](https://github.com/panva/jose/issues/752)
## [6.0.3](https://github.com/panva/jose/compare/v6.0.2...v6.0.3) (2025-02-22)
### Documentation
* remove root module tag so that README.md shows up on jsr.io ([ee70698](https://github.com/panva/jose/commit/ee7069818b6a3bc6df7aa7ab8060a90299ef0c9a))
## [6.0.2](https://github.com/panva/jose/compare/v6.0.1...v6.0.2) (2025-02-22)
### Documentation
* add module tags to all entrypoints ([a5687aa](https://github.com/panva/jose/commit/a5687aaed475ba113dd01d8fddf95f5911c17d0f))
## [6.0.1](https://github.com/panva/jose/compare/v6.0.0...v6.0.1) (2025-02-22)
### Fixes
* **types:** update build to include extensions in type imports ([9b96672](https://github.com/panva/jose/commit/9b96672ef79aabf07699e0ccafa5b54380f6330c))
## [6.0.0](https://github.com/panva/jose/compare/v5.10.0...v6.0.0) (2025-02-22)
### ⚠ BREAKING CHANGES
* The PEMImportOptions type interface is renamed to KeyImportOptions.
* all builds and bundles now use ES2022 as target
* createRemoteJWKSet now uses fetch, because of that its Node.js only options.agent property has been removed and new fetch-related options were added
* drop support for Ed448 and X448
* drop support for JWK key_ops and CryptoKey usages "(un)wrapKey" and "deriveKey"
* resolved keys returned as part of verify/decrypt operations (when get key functions are used) are always normalized to either Uint8Array / CryptoKey depending on what's more efficient for the executed operation
* Key "Type" Generics are removed
* CJS-style require is now only possible when require(esm) support is present in the Node.js runtime
* private KeyObject instances can no longer be used for verify operations
* private KeyObject instances can no longer be used for encryption operations
* generateSecret, generateKeyPair, importPKCS8, importSPKI, importJWK, and importX509 now yield a CryptoKey instead of a KeyObject in Node.js
* drop support for Node.js 18.x and earlier
* runtime-specific npm releases (jose-browser-runtime, jose-node-cjs-runtime, and jose-node-esm-runtime) are no longer maintained or supported
* removed secp256k1 JWS support
* removed deprecated experimental APIs
* removed RSA1_5 JWE support
### Features
* enable CryptoKey and KeyObject inputs in JWK thumbprint functions ([6fc9c44](https://github.com/panva/jose/commit/6fc9c4461a1fa39b363185e866bd686044ee30c6))
* JSON Web Key is now an allowed input everywhere ([ebda967](https://github.com/panva/jose/commit/ebda9674e9daf9b9d09568cf17b1a23d9cf20a60))
### Refactor
* always use infered CryptoKey ([c4abaa2](https://github.com/panva/jose/commit/c4abaa265ef56b517f868cf49db4ed8975446465))
* backport the Ed25519 JWS Algorithm Identifier support ([7a94cb9](https://github.com/panva/jose/commit/7a94cb997af94ae2db61efbeb271e0555afc62d8))
* drop support for Ed448 and X448 ([2fae1c4](https://github.com/panva/jose/commit/2fae1c447b621fb5dbdb1896c29c3a0772f26f44))
* drop support for JWK key_ops and CryptoKey usages "(un)wrapKey" and "deriveKey" ([ef918be](https://github.com/panva/jose/commit/ef918be8bab1b8dc5ec30b026d85da8ce7e0b062))
* ensure export functions continue to work with KeyObject inputs ([28e9e68](https://github.com/panva/jose/commit/28e9e684bbe15a1fa40631465b9688fdf1cecf0e))
* hardcode the cryptoRuntime export since it is now always WebCryptoAPI ([e00f273](https://github.com/panva/jose/commit/e00f2737fdc7b44b3c9d8c581460617d64152ce2))
* JWK import extractable default for public keys is now true ([64dcebe](https://github.com/panva/jose/commit/64dcebef368851863d11c3718f10bdbb1f0102c7))
* PEM import extractable default for public keys is now true ([4e9f114](https://github.com/panva/jose/commit/4e9f1143c7c31176e55d2e75aea96ead16db4107))
* removed deprecated APIs ([5352083](https://github.com/panva/jose/commit/5352083dc603f8f71acd34d969842be1881f3b19))
* removed secp256k1 JWS support ([e2b58a5](https://github.com/panva/jose/commit/e2b58a5ca50a40559451179cdd15f62be831eda2))
* restructure src/lib and src/runtime now that runtime is fixed ([9b236ce](https://github.com/panva/jose/commit/9b236cec4e66a588d0e7f27039a08a51db5abc49))
* target is now ES2022 everywhere ([aa590d5](https://github.com/panva/jose/commit/aa590d569f7eff948f96e4e8210843668777c724))
* update importJWK args to align with other import functions ([355a2dd](https://github.com/panva/jose/commit/355a2dd33a2466245f2872014110c9a1c0257c16))
* WebCryptoAPI is now the only crypto used ([161de46](https://github.com/panva/jose/commit/161de466a29d90a1129e671ed3a23be556c77f27))
## [5.10.0](https://github.com/panva/jose/compare/v5.9.6...v5.10.0) (2025-02-17)
### Features
* support fully specified Ed25519 algorithm identifier ([c39f57d](https://github.com/panva/jose/commit/c39f57d614ec7493ad7b1eeaf8ccdc51c499cd17))
## [5.9.6](https://github.com/panva/jose/compare/v5.9.5...v5.9.6) (2024-10-20)
### Reverts
* Revert "refactor(build): simplify package exports" ([2ef3a52](https://github.com/panva/jose/commit/2ef3a5266e2f903aab2f8c9d43437151d7da0122))
## [5.9.5](https://github.com/panva/jose/compare/v5.9.4...v5.9.5) (2024-10-20)
### Refactor
* **build:** simplify package exports ([4783f7f](https://github.com/panva/jose/commit/4783f7fcb0282c2e24479758614a82e3d7c0e627))
## [5.9.4](https://github.com/panva/jose/compare/v5.9.3...v5.9.4) (2024-10-11)
### Refactor
* **types:** update error definitions ([510c5ca](https://github.com/panva/jose/commit/510c5ca4a7c5dce08b6dd358a7120ad18747c3c8))
## [5.9.3](https://github.com/panva/jose/compare/v5.9.2...v5.9.3) (2024-09-22)
### Refactor
* use as Type for type assertions instead of <Type> ([c4dc24d](https://github.com/panva/jose/commit/c4dc24da1e6cec99dade1a82eecea423236d342e))
## [5.9.2](https://github.com/panva/jose/compare/v5.9.1...v5.9.2) (2024-09-14)
### Refactor
* **types:** remove index signatures from JWK interfaces ([ccf0cda](https://github.com/panva/jose/commit/ccf0cdaa7166d9273a951356859172192ed1be3f))
## [5.9.1](https://github.com/panva/jose/compare/v5.9.0...v5.9.1) (2024-09-13)
### Fixes
* **types:** add missing index signature on the convenience JWK types ([90a93dc](https://github.com/panva/jose/commit/90a93dc9ce5da294e91d2a964ed593299c464893))
## [5.9.0](https://github.com/panva/jose/compare/v5.8.0...v5.9.0) (2024-09-13)
### Features
* allow JWK objects as "key" input to sign and verify ([c6302ea](https://github.com/panva/jose/commit/c6302ea6886974eb433c51ddcf6eff1bbfdf5459))
## [5.8.0](https://github.com/panva/jose/compare/v5.7.0...v5.8.0) (2024-08-26)
### Features
* add subpath module exports ([72ecff6](https://github.com/panva/jose/commit/72ecff6574d252f407b6e145a166c995cdd85949))
### Refactor
* omit LocalJWKSet export since it's no longer needed for RemoteJWKSet ([c502731](https://github.com/panva/jose/commit/c502731fd888c165df32214f13333bc055d1d3f4))
## [5.7.0](https://github.com/panva/jose/compare/v5.6.3...v5.7.0) (2024-08-19)
### Features
* graduate jwksCache to stable API ([0f09c12](https://github.com/panva/jose/commit/0f09c124529bf84f027e57ce1f769319e7d42185))
## [5.6.3](https://github.com/panva/jose/compare/v5.6.2...v5.6.3) (2024-07-03)
### Fixes
* add sideEffects:false to nested ESM package.json files ([f3aff1c](https://github.com/panva/jose/commit/f3aff1cf018b62356e46a70e89aa96adeca6e686))
## [5.6.2](https://github.com/panva/jose/compare/v5.6.1...v5.6.2) (2024-06-27)
### Refactor
* CryptoKey normalization is not always async ([b7751f5](https://github.com/panva/jose/commit/b7751f58743c837f5bc76df301430c9b7c72dd85))
* weak cache normalized CryptoKey instances ([32b25a5](https://github.com/panva/jose/commit/32b25a5c94febe79dcfa7b2e62e432d1dce1cd44))
### Fixes
* ensure KeyObject type in Web API encrypt/decrypt ([b7920bd](https://github.com/panva/jose/commit/b7920bd635d1b7642307709e888ea3dcaf3e9b6f))
## [5.6.1](https://github.com/panva/jose/compare/v5.6.0...v5.6.1) (2024-06-27)
### Refactor
* normalize is always defined for Web API runtimes ([7bcb103](https://github.com/panva/jose/commit/7bcb10392cb7ff6bd17ebeb27f95f334d799fdb8))
### Fixes
* workaround turbo's eager optimizations ([723a042](https://github.com/panva/jose/commit/723a04264e03daa5e311055ad2672e6ae5dfd1e3)), closes [#690](https://github.com/panva/jose/issues/690)
## [5.6.0](https://github.com/panva/jose/compare/v5.5.0...v5.6.0) (2024-06-27)
### Features
* support KeyObject inputs in WebCryptoAPI runtimes given compatibility ([e178b8f](https://github.com/panva/jose/commit/e178b8f0fbdd0313f5327a8e9e48ef7233060e0c))
## [5.5.0](https://github.com/panva/jose/compare/v5.4.1...v5.5.0) (2024-06-26)
### Features
* add experimental support for edge compute runtimes JWKS caching ([ab166e2](https://github.com/panva/jose/commit/ab166e207f1f2f63b1f1ab259e1280549b2e9097)), closes [#551](https://github.com/panva/jose/issues/551) [#661](https://github.com/panva/jose/issues/661) [#653](https://github.com/panva/jose/issues/653) [#415](https://github.com/panva/jose/issues/415)
## [5.4.1](https://github.com/panva/jose/compare/v5.4.0...v5.4.1) (2024-06-18)
### Fixes
* ensure latest release on npm is v5.x ([a9b2a30](https://github.com/panva/jose/commit/a9b2a300947f9ab10d580748a3eda58207de4c62))
## [5.4.0](https://github.com/panva/jose/compare/v5.3.0...v5.4.0) (2024-06-03)
### Features
* expose JWT's payload in JWTClaimValidationFailed instances ([58bcffb](https://github.com/panva/jose/commit/58bcffbac735cc727fd81c36813f12fd6f58b695)), closes [#680](https://github.com/panva/jose/issues/680)
### Refactor
* add explicit return types everywhere ([cc2b2d7](https://github.com/panva/jose/commit/cc2b2d7b76118d59b9e08c589dc33a45a6377f4a))
## [5.3.0](https://github.com/panva/jose/compare/v5.2.4...v5.3.0) (2024-05-10)
### Features
* allow observing remote JWKS resolver state and its manual reload ([fa8b639](https://github.com/panva/jose/commit/fa8b639c277e1694b08a08c7152341b22ec1725d))
### Refactor
* if should not be the only statement in else blocks ([a6b716b](https://github.com/panva/jose/commit/a6b716b13859c76e4c1f7e33c60574514c6c2504))
## [5.2.4](https://github.com/panva/jose/compare/v5.2.3...v5.2.4) (2024-04-07)
### Refactor
* use createLocalJWKSet instead of LocalJWKSet in createRemoteJWKSet ([a7c566c](https://github.com/panva/jose/commit/a7c566c61ccf3b62d2bd3a9e58a70e1d4d3c8b0c))
## [5.2.3](https://github.com/panva/jose/compare/v5.2.2...v5.2.3) (2024-03-07)
### Refactor
* move iv generation and optional outputs around ([05c4351](https://github.com/panva/jose/commit/05c4351be3a356da2a0e882fbbd8006f2725ec7b))
## [5.2.2](https://github.com/panva/jose/compare/v5.2.1...v5.2.2) (2024-02-11)
### Fixes
* **types:** iv and tag is optional in JSON serializations ([53019cd](https://github.com/panva/jose/commit/53019cd1fa3a4dc265d4868b9c626d4d6c832e86))
## [5.2.1](https://github.com/panva/jose/compare/v5.2.0...v5.2.1) (2024-02-03)
### Fixes
* **build:** refactor export targets for browser, node cjs, and node esm builds ([50cbc65](https://github.com/panva/jose/commit/50cbc65e165ea27b4ed08ee7fc5a747a17d235da))
## [5.2.0](https://github.com/panva/jose/compare/v5.1.3...v5.2.0) (2023-12-24)
### Features
* extend JWT NumericDate setter syntax ([ae363c3](https://github.com/panva/jose/commit/ae363c3c434fb040985f08da68ed02067d205cbe))
## [5.1.3](https://github.com/panva/jose/compare/v5.1.2...v5.1.3) (2023-11-30)
## [5.1.2](https://github.com/panva/jose/compare/v5.1.1...v5.1.2) (2023-11-27)
### Fixes
* do not mutate JWTVerifyOptions.requiredClaims ([1bf9cec](https://github.com/panva/jose/commit/1bf9cec024a4d01d989e15bb6e4b54e3940b4458)), closes [#610](https://github.com/panva/jose/issues/610)
## [5.1.1](https://github.com/panva/jose/compare/v5.1.0...v5.1.1) (2023-11-14)
### Refactor
* deprecate the RSA1_5 JWE Algorithm ([f746da1](https://github.com/panva/jose/commit/f746da172b693eb417c4f75c8db6230cf213cd76))
## [5.1.0](https://github.com/panva/jose/compare/v5.0.2...v5.1.0) (2023-11-03)
### Features
* add payload generics to jose.decodeJwt ([9de49e2](https://github.com/panva/jose/commit/9de49e26956a20cdb94472f10f83b20480613329)), closes [#604](https://github.com/panva/jose/issues/604)
## [5.0.2](https://github.com/panva/jose/compare/v5.0.1...v5.0.2) (2023-11-02)
### Fixes
* **createRemoteJWKSet:** ensure a default user-agent header is present ([887dd3c](https://github.com/panva/jose/commit/887dd3cd05f34e06ce20ad00201599a5a469fbac)), closes [#600](https://github.com/panva/jose/issues/600)
## [5.0.1](https://github.com/panva/jose/compare/v5.0.0...v5.0.1) (2023-10-25)
### Fixes
* also use ES2020 in the CDN bundles ([8c4d390](https://github.com/panva/jose/commit/8c4d3909db56f2d62cf2bf413e8343c0fdd2b92f))
## [5.0.0](https://github.com/panva/jose/compare/v4.15.4...v5.0.0) (2023-10-25)
### ⚠ BREAKING CHANGES
* **Node.js:** return Uint8Array (not a Buffer) from base64url.decode
* Browser distribution is now built using ES2020 as a target
* Node.js distribution is now built using ES2022 as a target
* **types:** jwtVerify and jwtDecrypt type argument for the resolved
KeyLike type is now a second optional type argument following a type
for the JWT Claims Set (aka payload)
* PBES2 Key Management Algorithms' use in decrypt
functions now requires the use of the keyManagementAlgorithms option
to explicitly opt-in for their use.
* importJWK "octAsKeyObject" option was removed.
importJWK will no longer return CryptoKey or KeyObject for "oct" (octet
sequence) JWK key types, it will instead always return a Uint8Array
formed from the "k" (Key Value) Parameter regardless of the other JWK
Parameters that may be present.
* End-Of-Life versions of Node.js as of October 2023 are
no longer supported. Node.js 18, 20, and 21 and future releases are
the ones that remain supported.
* The JWE "zip" (Compression Algorithm) Header Parameter
is no longer supported by this JOSE implementation.
### Features
* add Date as valid input to timestamp setting functions ([bd830a4](https://github.com/panva/jose/commit/bd830a47979912d4c0775d01a05584c2aa9f0dcd))
* default to an empty payload in JWT producing constructors ([98d6ca1](https://github.com/panva/jose/commit/98d6ca12c448697ed6342b1230b351eb5bfa0df8))
* **types:** add optional Generics for JWT verify and decrypt ([61bd2a0](https://github.com/panva/jose/commit/61bd2a0adb638c1c2469459d78556a99cec697c7)), closes [#568](https://github.com/panva/jose/issues/568)
### Reverts
* Revert "test: fix test under lts/erbium" ([b64b6c7](https://github.com/panva/jose/commit/b64b6c731c3e2d0e6751e0221804af08d7015bfa))
### Refactor
* Browser distribution is now built using ES2020 as a target ([1836684](https://github.com/panva/jose/commit/18366840e1ae557b951fe921c5004b17ad56e972))
* drop support for EOL Node.js versions ([b5aee54](https://github.com/panva/jose/commit/b5aee542fb5995dd29e012011f832ce8dfd24e29))
* importJWK always returns a Uint8Array for symmetric key inputs ([163e1b0](https://github.com/panva/jose/commit/163e1b02ed5b64368110d750c9f5f5c3d247042d))
* Node.js distribution is now built using ES2022 as a target ([239697a](https://github.com/panva/jose/commit/239697a17d048b8eb2120d29adff7f98edc0f26e))
* **Node.js:** return Uint8Array (not a Buffer) from base64url.decode ([02d5182](https://github.com/panva/jose/commit/02d51827e24195d650cf83de100ae16cd8b0599e))
* PBES2 Algorithms require explicit opt-in during verification ([e2da031](https://github.com/panva/jose/commit/e2da031381b7c5327ea9a0ccf58f059fa8af7e92))
* remove support for JWE "zip" (Compression Algorithm) Header Parameter ([16998b1](https://github.com/panva/jose/commit/16998b15c75d90b64eb5b0fa0713cfdfa7896757))
* **types:** rename type parameters for the KeyLike returns ([eddd400](https://github.com/panva/jose/commit/eddd400235e84e3d84c1a8471b01915a12d3d866))
* update allow list error messages ([fe8114c](https://github.com/panva/jose/commit/fe8114c82646f2468857effb934f39dd7bc75902))
## [4.15.4](https://github.com/panva/jose/compare/v4.15.3...v4.15.4) (2023-10-14)
### Fixes
* **types:** export GetKeyFunction ([#592](https://github.com/panva/jose/issues/592)) ([936c9df](https://github.com/panva/jose/commit/936c9dff2bc124dc5f64906a96f665a28e57392c)), closes [#591](https://github.com/panva/jose/issues/591)
## [4.15.3](https://github.com/panva/jose/compare/v4.15.2...v4.15.3) (2023-10-11)
## [4.15.2](https://github.com/panva/jose/compare/v4.15.1...v4.15.2) (2023-10-04)
### Fixes
* **build:** add a node target for jose-browser-runtime releases ([abb63d0](https://github.com/panva/jose/commit/abb63d0e8e7a55326dc343eec5f5eee9addc1dcf))
## [4.15.1](https://github.com/panva/jose/compare/v4.15.0...v4.15.1) (2023-10-02)
### Fixes
* resolve missing types for the cryptoRuntime const ([1627965](https://github.com/panva/jose/commit/16279652a67133fba0db7c9879767f000a8f1662))
## [4.15.0](https://github.com/panva/jose/compare/v4.14.6...v4.15.0) (2023-10-02)
### Features
* export the used crypto runtime as a constant ([0681dda](https://github.com/panva/jose/commit/0681dda1592a82c22a18981002b3763c502d0fc4))
## [4.14.6](https://github.com/panva/jose/compare/v4.14.5...v4.14.6) (2023-09-04)
### Fixes
* **build:** publish bundle and umd files with jose-browser-runtime module ([62fcbcc](https://github.com/panva/jose/commit/62fcbcc2170db00f5bbfc817839523dbf970239f)), closes [#571](https://github.com/panva/jose/issues/571)
## [4.14.5](https://github.com/panva/jose/compare/v4.14.4...v4.14.5) (2023-09-02)
### Refactor
* catch type error when decoding base64url signature ([#569](https://github.com/panva/jose/issues/569)) ([935e920](https://github.com/panva/jose/commit/935e920d29d242e0446d365b1e4f0449d144c23c))
* catch type errors when decoding various base64url strings ([9024e87](https://github.com/panva/jose/commit/9024e870ece4ef121205dadc733c36d7978b97ab))
## [4.14.4](https://github.com/panva/jose/compare/v4.14.3...v4.14.4) (2023-04-30)
### Refactor
* cleanup NODE-ED25519 workerd workarounds ([072e83d](https://github.com/panva/jose/commit/072e83de5bf3a15775b0bf25ef8afa8851b8862d))
## [4.14.3](https://github.com/panva/jose/compare/v4.14.2...v4.14.3) (2023-04-27)
### Reverts
* Revert "fix(types): headers and payloads may only be JSON values and primitives" ([06d8101](https://github.com/panva/jose/commit/06d8101a5827a69bb25c2847b1a10d03f015db03)), closes [#534](https://github.com/panva/jose/issues/534)
## [4.14.2](https://github.com/panva/jose/compare/v4.14.1...v4.14.2) (2023-04-26)
### Fixes
* **types:** headers and payloads may only be JSON values and primitives ([24f306e](https://github.com/panva/jose/commit/24f306e7f33485daaba1e250dfc97b5f621079ad))
## [4.14.1](https://github.com/panva/jose/compare/v4.14.0...v4.14.1) (2023-04-20)
## [4.14.0](https://github.com/panva/jose/compare/v4.13.2...v4.14.0) (2023-04-14)
### Features
* add requiredClaims JWT validation option ([eeea91d](https://github.com/panva/jose/commit/eeea91df48cadda84e4fdce6bbba7251ca7af83f))
## [4.13.2](https://github.com/panva/jose/compare/v4.13.1...v4.13.2) (2023-04-12)
### Refactor
* src/util/decode_protected_header.ts ([5716725](https://github.com/panva/jose/commit/5716725d7eb6fa8a416638db9d448840f839f620))
## [4.13.1](https://github.com/panva/jose/compare/v4.13.0...v4.13.1) (2023-03-02)
### Fixes
* **workerd:** avoid "The script will never generate a response" edge cases completely ([96a8c99](https://github.com/panva/jose/commit/96a8c99189f2399e9816ae1bca04b6d9cff93c26)), closes [#355](https://github.com/panva/jose/issues/355) [#509](https://github.com/panva/jose/issues/509)
## [4.13.0](https://github.com/panva/jose/compare/v4.12.2...v4.13.0) (2023-02-27)
### Features
* **types:** allow generics to aid in CryptoKey or KeyObject narrowing of KeyLike ([6effa4d](https://github.com/panva/jose/commit/6effa4d35cfa984a5859d228f750e96af0c0a5e5))
### Fixes
* make jose.EmbeddedJWK arguments optional ([20610a9](https://github.com/panva/jose/commit/20610a930d337c25756de107d93b84ccc52707a3))
## [4.12.2](https://github.com/panva/jose/compare/v4.12.1...v4.12.2) (2023-02-27)
### Fixes
* **types:** declare explicit return from EmbeddedJWK ([46934ac](https://github.com/panva/jose/commit/46934ac474ba0119976c5ac15cce4ea7bf50de8c))
## [4.12.1](https://github.com/panva/jose/compare/v4.12.0...v4.12.1) (2023-02-27)
### Refactor
* clarify when alg is used and required on key imports ([19e525f](https://github.com/panva/jose/commit/19e525fdee04ba6281f70bd20523b878408aa7ee))
* **node:** have node:crypto deal with x509 parsing ([45bb45d](https://github.com/panva/jose/commit/45bb45d42b6c96cbfcab7242d5cc366fb34481f1))
## [4.12.0](https://github.com/panva/jose/compare/v4.11.4...v4.12.0) (2023-02-15)
### Features
* enable key iteration over JWKSMultipleMatchingKeys ([a278acd](https://github.com/panva/jose/commit/a278acdb0f458e555abdc1d048920e7da4fb7981))
## [4.11.4](https://github.com/panva/jose/compare/v4.11.3...v4.11.4) (2023-02-07)
### Fixes
* **build:** ignore deno files in npm publishes ([b3d6a11](https://github.com/panva/jose/commit/b3d6a11bf0803c37e1e9d0368ccec1f1264eef74))
## [4.11.3](https://github.com/panva/jose/compare/v4.11.2...v4.11.3) (2023-02-07)
### Fixes
* **CF Workers:** improve miniflare compat with different Node.js versions, get ready for future non-proprietary support ([3406b9f](https://github.com/panva/jose/commit/3406b9f73b1884b5db9c60675a68fe85794d48e0)), closes [#446](https://github.com/panva/jose/issues/446) [#495](https://github.com/panva/jose/issues/495) [#497](https://github.com/panva/jose/issues/497)
## [4.11.2](https://github.com/panva/jose/compare/v4.11.1...v4.11.2) (2023-01-01)
### Refactor
* **node:** dry node version checks ([aff2f7c](https://github.com/panva/jose/commit/aff2f7c00f28b599ee72dd9f0a36c3783f1e195f))
## [4.11.1](https://github.com/panva/jose/compare/v4.11.0...v4.11.1) (2022-11-22)
## [4.11.0](https://github.com/panva/jose/compare/v4.10.4...v4.11.0) (2022-11-08)
### Features
* add bun as a supported runtime ([3a63631](https://github.com/panva/jose/commit/3a636318914866decd934d455d7c3789d304992c))
### Fixes
* respect JWK ext for symmetric keys ([20557fc](https://github.com/panva/jose/commit/20557fccf1ce0ebd7dd5d18cc33aa64d6f7b35ba))
## [4.10.4](https://github.com/panva/jose/compare/v4.10.3...v4.10.4) (2022-10-28)
### Fixes
* typo in importPKSC8 error message ([#468](https://github.com/panva/jose/issues/468)) ([746bc64](https://github.com/panva/jose/commit/746bc64675636f2a09a6745e71cba8a2bdf3718f))
* workaround for invalid use checks on CF Workers and Deno ([e4d04eb](https://github.com/panva/jose/commit/e4d04eb65f72041784d948eaa8432e4b64193729))
## [4.10.3](https://github.com/panva/jose/compare/v4.10.2...v4.10.3) (2022-10-20)
## [4.10.2](https://github.com/panva/jose/compare/v4.10.1...v4.10.2) (2022-10-20)
## [4.10.1](https://github.com/panva/jose/compare/v4.10.0...v4.10.1) (2022-10-20)
## [4.10.0](https://github.com/panva/jose/compare/v4.9.3...v4.10.0) (2022-09-27)
### Features
* Curve25519, and Curve448 support for WebCryptoAPI runtimes ([fea359a](https://github.com/panva/jose/commit/fea359a2055aa1b65170999a7f8e1bb23a3a1cb5))
### Fixes
* **importX509:** handle length encodings better ([47d0d77](https://github.com/panva/jose/commit/47d0d777a1ac90ff2ed0368fdab536db3d17aa8c)), closes [#459](https://github.com/panva/jose/issues/459)
## [4.9.3](https://github.com/panva/jose/compare/v4.9.2...v4.9.3) (2022-09-15)
### Refactor
* update CEK length validation error message ([81a92a9](https://github.com/panva/jose/commit/81a92a9a9803022b82ea67577bde3fc0da3ecc6f))
* update key input validation error messages ([2eac34a](https://github.com/panva/jose/commit/2eac34aa8f02c800a5f0b944e03fbe681c962b9c))
* update keylike description for WinterCG ([6741679](https://github.com/panva/jose/commit/6741679936acf78f00c6effd559b4698cc92f123))
## [4.9.2](https://github.com/panva/jose/compare/v4.9.1...v4.9.2) (2022-09-01)
### Fixes
* limit default PBES2 alg's computational expense ([03d6d01](https://github.com/panva/jose/commit/03d6d013bf6e070e85adfe5731f526978e3e8e4d))
## [4.9.1](https://github.com/panva/jose/compare/v4.9.0...v4.9.1) (2022-08-29)
### Fixes
* **deno:** add a Deno package entrypoint ([9f3c459](https://github.com/panva/jose/commit/9f3c459e30b71eec54163d500edb59f5c72bf7c9))
## [4.9.0](https://github.com/panva/jose/compare/v4.8.3...v4.9.0) (2022-08-17)
### Features
* add support for RFC 9278 - JWK Thumbprint URI ([d06ce65](https://github.com/panva/jose/commit/d06ce654666c5f584716f39843534118407c14e0))
### Refactor
* consume some base64url decode errors ([#436](https://github.com/panva/jose/issues/436)) ([caaf2c3](https://github.com/panva/jose/commit/caaf2c38dc51209d7adc493029f416c61759b1b1))
* unify JOSENotSupported throw on key export ([fe5d093](https://github.com/panva/jose/commit/fe5d093bf74b812ecd3ee92d40dd02619e88e06c))
## [4.8.3](https://github.com/panva/jose/compare/v4.8.1...v4.8.3) (2022-06-29)
## [4.8.1](https://github.com/panva/jose/compare/v4.8.0...v4.8.1) (2022-05-02)
### Fixes
* **typescript:** add types export for nodenext module resolution ([#406](https://github.com/panva/jose/issues/406)) ([5a6d8f0](https://github.com/panva/jose/commit/5a6d8f0a2a3283bd1e832f1e71906d70f74c1262))
## [4.8.0](https://github.com/panva/jose/compare/v4.7.0...v4.8.0) (2022-04-26)
### Features
* add "worker" export in package.json ([#400](https://github.com/panva/jose/issues/400)) ([c58c80a](https://github.com/panva/jose/commit/c58c80ae98b7a55b3b95e72438040983ae9a23de))
* optional headers options for createRemoteJWKSet ([#397](https://github.com/panva/jose/issues/397)) ([b4612f5](https://github.com/panva/jose/commit/b4612f5d256b773ab7a1144ac839bdf0f8ccff53))
## [4.7.0](https://github.com/panva/jose/compare/v4.6.2...v4.7.0) (2022-04-21)
### Features
* add createRemoteJWKSet cacheMaxAge option ([5017d95](https://github.com/panva/jose/commit/5017d95764b3aca551631c1a2fbe7cc40cbb6055)), closes [#394](https://github.com/panva/jose/issues/394)
## [4.6.2](https://github.com/panva/jose/compare/v4.6.1...v4.6.2) (2022-04-19)
### Fixes
* dont check JWT iat is in the past unless maxTokenAge is used ([96d85c7](https://github.com/panva/jose/commit/96d85c70033d2249de41ed07d97ed6843c15eb2a))
## [4.6.1](https://github.com/panva/jose/compare/v4.6.0...v4.6.1) (2022-04-11)
## [4.6.0](https://github.com/panva/jose/compare/v4.5.3...v4.6.0) (2022-03-06)
### Features
* mark APIs and parameters that can lead to footguns as deprecated ([0ddbcc6](https://github.com/panva/jose/commit/0ddbcc6725ecb2d68efdaf0951cec4db31cc9b16))
* **types:** include JSDoc in the types ([74187a9](https://github.com/panva/jose/commit/74187a9aa97cac70c42035949dd847177025af7c))
## [4.5.3](https://github.com/panva/jose/compare/v4.5.2...v4.5.3) (2022-03-05)
### Fixes
* **web api runtime:** rely on default fetch init values ([df6d966](https://github.com/panva/jose/commit/df6d96651d4ddeeb4a9b05bd2d778bd58528dad2))
## [4.5.2](https://github.com/panva/jose/compare/v4.5.1...v4.5.2) (2022-03-04)
### Fixes
* decrypting empty ciphertext compact JWEs ([#374](https://github.com/panva/jose/issues/374)) ([95fe597](https://github.com/panva/jose/commit/95fe59791dab9b31203f7a4ec5f4b44633d9b74f))
## [4.5.1](https://github.com/panva/jose/compare/v4.5.0...v4.5.1) (2022-02-22)
### Fixes
* **typescript:** allow synchronous get key functions ([7c99153](https://github.com/panva/jose/commit/7c99153a9e8ae45a35de7eff45fcf6e60e1b088b))
## [4.5.0](https://github.com/panva/jose/compare/v4.4.0...v4.5.0) (2022-02-07)
### Features
* add jose.decodeJwt utility ([3d2a2b8](https://github.com/panva/jose/commit/3d2a2b8eee18c9b60debbfae284b2bc3d2947dd2))
### Fixes
* concurrent fetch await in cloudflare ([e44cd18](https://github.com/panva/jose/commit/e44cd18ea4cf8af173f874ca3a847fc315eee592)), closes [#355](https://github.com/panva/jose/issues/355)
## [4.4.0](https://github.com/panva/jose/compare/v4.3.9...v4.4.0) (2022-01-24)
### Features
* add createLocalJWKSet, resolver to verify using a local JWKSet ([bd7bf37](https://github.com/panva/jose/commit/bd7bf3789c146d765bbee2db0c93ba035020b24c))
## [4.3.9](https://github.com/panva/jose/compare/v4.3.8...v4.3.9) (2022-01-22)
### Fixes
* only add y to the epk header parameter when EC keys are used ([dd6775e](https://github.com/panva/jose/commit/dd6775eed00b60c14b7038ddec85c8bb3cf05781)), closes [#348](https://github.com/panva/jose/issues/348)
## [4.3.8](https://github.com/panva/jose/compare/v4.3.7...v4.3.8) (2022-01-09)
## [4.3.7](https://github.com/panva/jose/compare/v4.3.6...v4.3.7) (2021-11-18)
### Fixes
* **typescript:** b64: true is fine to use in JWT, its useless, but allowed ([#324](https://github.com/panva/jose/issues/324)) ([ee401c9](https://github.com/panva/jose/commit/ee401c9e0f23f10ff5c0484798cb0cb3e9074b84))
## [4.3.6](https://github.com/panva/jose/compare/v4.3.5...v4.3.6) (2021-11-16)
### Fixes
* **electron:** rsa-pss keys are never supported ([188c1f7](https://github.com/panva/jose/commit/188c1f709002302da99105cfc8fc6863a95761d9))
## [4.3.5](https://github.com/panva/jose/compare/v4.3.4...v4.3.5) (2021-11-12)
### Fixes
* **typescript:** b64 header regression ([#324](https://github.com/panva/jose/issues/324)) ([9da0a7f](https://github.com/panva/jose/commit/9da0a7f49cf763314748eb01303320ce5af69762))
## [4.3.4](https://github.com/panva/jose/compare/v4.3.3...v4.3.4) (2021-11-12)
### Fixes
* Compact JWS verification handles a zero-length payload string ([7c70e7b](https://github.com/panva/jose/commit/7c70e7b9700886dfad8e7555b909da8e079c88da))
## [4.3.3](https://github.com/panva/jose/compare/v4.3.2...v4.3.3) (2021-11-11)
### Fixes
* **typescript:** apply updated compact and jwt headers to compact/jwt verify and decrypt results ([0c1946c](https://github.com/panva/jose/commit/0c1946c3e2a95e082b9a9095bf035756d8f17730))
## [4.3.2](https://github.com/panva/jose/compare/v4.3.0...v4.3.2) (2021-11-11)
### Fixes
* createRemoteJWKSet handles all JWS syntaxes ([aaba8f3](https://github.com/panva/jose/commit/aaba8f3000b76b41733567367b9000348a839c17))
* **typescript:** Compact JWS Header Parameters has alg and enc as required ([0fa87af](https://github.com/panva/jose/commit/0fa87af64b8e9f0f0cb68264f4dc22cc985acf91))
* **typescript:** Compact JWS Header Parameters has alg as required ([c7fabd0](https://github.com/panva/jose/commit/c7fabd0f012513f3c9161b0f59befae1d7430e16))
* **typescript:** Signed JWT Header Parameters has alg as required and b64 as never ([79cbd82](https://github.com/panva/jose/commit/79cbd82d3dd36f9ef87e4d306d77d9694a1c5836))
## [4.3.0](https://github.com/panva/jose/compare/v4.2.1...v4.3.0) (2021-11-11)
### Features
* add GeneralSign signature and GeneralEncrypt recipient builder chaining ([cfc93f5](https://github.com/panva/jose/commit/cfc93f5daf4729a189ef5caabae4a9ec9ad45378))
## [4.2.1](https://github.com/panva/jose/compare/v4.2.0...v4.2.1) (2021-11-09)
### Fixes
* **node:** dont mention CryptoKey in versions without webcrypto ([401cabf](https://github.com/panva/jose/commit/401cabf97419768cea1d685dc73d933fa38d6c26))
## [4.2.0](https://github.com/panva/jose/compare/v4.1.5...v4.2.0) (2021-11-08)
### Features
* General JWE Encryption ([94eca81](https://github.com/panva/jose/commit/94eca816872527074d2a591a983ee6c5d64da30c))
## [4.1.5](https://github.com/panva/jose/compare/v4.1.4...v4.1.5) (2021-11-05)
### Fixes
* importX509 certificate values that do not include a version number ([51a18b6](https://github.com/panva/jose/commit/51a18b675a771ed573047398f79cd6f70d8f9fec)), closes [#308](https://github.com/panva/jose/issues/308)
## [4.1.4](https://github.com/panva/jose/compare/v4.1.3...v4.1.4) (2021-11-01)
### Fixes
* allow shorter HMAC secrets ([57126f1](https://github.com/panva/jose/commit/57126f1806493a2782647610c2a6b5d20ea3e516))
## [4.1.3](https://github.com/panva/jose/compare/v4.1.2...v4.1.3) (2021-11-01)
### Fixes
* **edge-functions:** don't use globalThis ([3952030](https://github.com/panva/jose/commit/39520302d078da2273b5a24f8254f6c221195c63))
## [4.1.2](https://github.com/panva/jose/compare/v4.1.1...v4.1.2) (2021-10-25)
### Fixes
* **build:** ensure cjs/esm specific packages have the right main entry ([2f4526a](https://github.com/panva/jose/commit/2f4526a22b9bd62727bdd825e326ef79695c8ea3))
## [4.1.1](https://github.com/panva/jose/compare/v4.1.0...v4.1.1) (2021-10-21)
### Fixes
* **typescript:** work around potentially missing global URL from DOM lib ([7ed731c](https://github.com/panva/jose/commit/7ed731c567db6e64f0fbd618efe7e48d812af0c6)), closes [#295](https://github.com/panva/jose/issues/295)
## [4.1.0](https://github.com/panva/jose/compare/v4.0.4...v4.1.0) (2021-10-18)
### Features
* **web:** publish umd and bundle files to cdnjs.com ([3b3100a](https://github.com/panva/jose/commit/3b3100a8f115db5fb7c56482a0c5cf4814e0f838))
## [4.0.4](https://github.com/panva/jose/compare/v4.0.3...v4.0.4) (2021-10-17)
### Fixes
* **web:** check Uint8Array CEK lengths, refactor for better tree-shaking ([e8299f2](https://github.com/panva/jose/commit/e8299f246b1dbf1665d8f1ed141b9bde34684293))
## [4.0.3](https://github.com/panva/jose/compare/v4.0.2...v4.0.3) (2021-10-16)
### Fixes
* **web:** checking cryptokey applicability early ([89dc2aa](https://github.com/panva/jose/commit/89dc2aab99d831e922ba865eccfb29b8229ed767))
## [4.0.2](https://github.com/panva/jose/compare/v4.0.1...v4.0.2) (2021-10-15)
### Fixes
* **typescript:** export ProduceJWT ([#285](https://github.com/panva/jose/issues/285)) ([2b8738e](https://github.com/panva/jose/commit/2b8738e38a4286c9a1411e3aef3159f61427317c))
## [4.0.1](https://github.com/panva/jose/compare/v4.0.0...v4.0.1) (2021-10-14)
### Fixes
* **typescript:** re-export all types from index.d.ts ([d68f104](https://github.com/panva/jose/commit/d68f104d5895f639812b3317696a4616c3e5fb59))
## [4.0.0](https://github.com/panva/jose/compare/v3.20.3...v4.0.0) (2021-10-14)
### ⚠ BREAKING CHANGES
* All module named exports have moved from subpaths to
just "jose". For example, `import { jwtVerify } from 'jose/jwt/verify'`
is now just `import { jwtVerify } from 'jose'`.
* All submodule default exports and named have been
removed in favour of just "jose" named exports.
* **typescript:** remove repeated type re-exports
* The undocumented `jose/util/random` was removed.
* The `jose/jwk/thumbprint` named export
is renamed to `calculateJwkThumbprint`, now
`import { calculateJwkThumbprint } from 'jose'`
* The deprecated `jose/jwk/parse` module was
removed, use `import { importJWK } from 'jose'` instead.
* The deprecated `jose/jwk/from_key_like` module was
removed, use `import { exportJWK } from 'jose'` instead.
### Refactor
* redo exports to support broader tooling ([dd2cf9e](https://github.com/panva/jose/commit/dd2cf9ed2d89488de6dc4536f721887ffc9bb34f))
* remove util/random ([914e47f](https://github.com/panva/jose/commit/914e47fc9b6c207fd7e3469b1c3fac40f7a81031))
* removed the deprecated jwk/from_key_like module ([ec1d0e7](https://github.com/panva/jose/commit/ec1d0e72fe39ec2bccc28e46b5bce2dc17711134))
* removed the deprecated jwk/parse module ([8d3cc3b](https://github.com/panva/jose/commit/8d3cc3bb46e7e87e6511859dce58a651811ca551))
* rename calculateThumprint to calculateJwkThumbprint ([5afb713](https://github.com/panva/jose/commit/5afb713fbb99e6c884bb3b1c68ae2cf490e54595))
* **typescript:** remove repeated type re-exports ([3e137d2](https://github.com/panva/jose/commit/3e137d2427035d18397825074c2ee1e5db97515b))
## [3.20.3](https://github.com/panva/jose/compare/v3.20.2...v3.20.3) (2021-10-14)
### Fixes
* remove clutter when tree shaking browser dist ([73ba370](https://github.com/panva/jose/commit/73ba3708d45e32215c76f17d9982b0f4e20b7f08))
* **typescript:** JWTExpired error TS2417 ([373e0e4](https://github.com/panva/jose/commit/373e0e4b22fb48cefcf14385a19c5ea6a57a849e))
## [3.20.2](https://github.com/panva/jose/compare/v3.20.1...v3.20.2) (2021-10-13)
### Fixes
* allow tree-shaking of errors ([0824301](https://github.com/panva/jose/commit/08243010d922c36d22002e35299ec5710654c695))
## [3.20.1](https://github.com/panva/jose/compare/v3.20.0...v3.20.1) (2021-10-06)
### Fixes
* **typescript:** PEM import functions always resolve a KeyLike, never a Uint8Array ([8ef3a8e](https://github.com/panva/jose/commit/8ef3a8ebb78b592e664102cb593542ae6259d72a))
## [3.20.0](https://github.com/panva/jose/compare/v3.19.0...v3.20.0) (2021-10-06)
### Features
* improve key input type errors, remove dependency on @types/node ([a13eb04](https://github.com/panva/jose/commit/a13eb045d86d96e56f7a250cdc808f8c5aa0e62a))
### Fixes
* proper createRemoteJWKSet timeoutDuration handling ([efa1619](https://github.com/panva/jose/commit/efa16195173f9f66b21d4f41039caaad0ccfa92a)), closes [#277](https://github.com/panva/jose/issues/277)
## [3.19.0](https://github.com/panva/jose/compare/v3.18.0...v3.19.0) (2021-09-26)
### Features
* return resolved key when verify and decrypt resolve functions are used ([49fb62c](https://github.com/panva/jose/commit/49fb62cb96cd9afc854f5102313f16e27c0eb2b4))
## [3.18.0](https://github.com/panva/jose/compare/v3.17.0...v3.18.0) (2021-09-22)
### Features
* add X.509/SPKI/PKCS8 key import and SPKI/PKCS8 export functions ([a2af0f4](https://github.com/panva/jose/commit/a2af0f45fe47b3d73178ab00c18e49fccd2b1432))
## [3.17.0](https://github.com/panva/jose/compare/v3.16.1...v3.17.0) (2021-09-10)
### Features
* **cloudflare workers:** add support for EdDSA using Ed25519 ([0967369](https://github.com/panva/jose/commit/09673694027ffc4961c211c12e0b7eb2ac9966f3))
## [3.16.1](https://github.com/panva/jose/compare/v3.16.0...v3.16.1) (2021-09-08)
### Fixes
* guard Sign payloads and Encrypt plaintext argument types ([10a18f2](https://github.com/panva/jose/commit/10a18f28a0f845e91579afab3573730c9b1ae478))
## [3.16.0](https://github.com/panva/jose/compare/v3.15.5...v3.16.0) (2021-09-07)
### Features
* **node:** support rsa-pss keys in Node.js >= 16.9.0 for sign/verify ([0b112cf](https://github.com/panva/jose/commit/0b112cf63ed2a859806531853c37486485740f9c))
## [3.15.5](https://github.com/panva/jose/compare/v3.15.4...v3.15.5) (2021-09-02)
### Fixes
* omit some fetch options when running in Cloudflare Workers env ([ced065a](https://github.com/panva/jose/commit/ced065aa9754c625ea88a598025962503e078ae9)), closes [#255](https://github.com/panva/jose/issues/255)
## [3.15.4](https://github.com/panva/jose/compare/v3.15.3...v3.15.4) (2021-08-20)
### Fixes
* **deno:** ignore incomplete webcrypto api type errors ([c5f2262](https://github.com/panva/jose/commit/c5f226290ead93b7f43f664fc05c5fec90f38be8))
* **typescript:** generateKeyPair never returns Uint8Array ([73adc01](https://github.com/panva/jose/commit/73adc014ad9827067637153a97f230bfdd72cb9b))
## [3.15.3](https://github.com/panva/jose/compare/v3.15.2...v3.15.3) (2021-08-20)
### Fixes
* **typescript:** GeneralJWSInput and GeneralJWS omit ([bc0b42f](https://github.com/panva/jose/commit/bc0b42f0f58e802721910ac1bc4d62eb704910ff))
## [3.15.2](https://github.com/panva/jose/compare/v3.15.1...v3.15.2) (2021-08-20)
## [3.15.1](https://github.com/panva/jose/compare/v3.15.0...v3.15.1) (2021-08-20)
### Fixes
* **typescript:** remove file extensions from types/**/*.d.ts files ([0c432e5](https://github.com/panva/jose/commit/0c432e554e7b1f0382efefe44c0053a446c9dcc4)), closes [#222](https://github.com/panva/jose/issues/222)
## [3.15.0](https://github.com/panva/jose/compare/v3.14.4...v3.15.0) (2021-08-20)
### Features
* experimental Deno build & publish ([5c7d265](https://github.com/panva/jose/commit/5c7d2656b6e5659a19c6cb3c4fed73e724fe2f6e))
### Fixes
* **typescript:** allow sign results to be passed to verify ([59aa96d](https://github.com/panva/jose/commit/59aa96d28dd259d9d8b03fcf37b5a703c5e36874))
## [3.14.4](https://github.com/panva/jose/compare/v3.14.3...v3.14.4) (2021-08-16)
### Fixes
* throw JWEInvalid when jwe protected header is invalid ([991d435](https://github.com/panva/jose/commit/991d4350d0357ebad17080644c24bccec844c3b9))
* throw JWSInvalid when jws protected header is invalid ([#244](https://github.com/panva/jose/issues/244)) ([1fc79aa](https://github.com/panva/jose/commit/1fc79aa8315fa25e28f63f1c5534d0630fc781dc))
## [3.14.3](https://github.com/panva/jose/compare/v3.14.2...v3.14.3) (2021-07-21)
### Fixes
* **docs:** update doc links again ([26c4361](https://github.com/panva/jose/commit/26c4361c007e3bc7e6ee60b65f9535cecf447fe6))
## [3.14.2](https://github.com/panva/jose/compare/v3.14.1...v3.14.2) (2021-07-21)
### Fixes
* **docs:** update doc links ([86f9134](https://github.com/panva/jose/commit/86f9134248a1746904f4c9f79ee404007ab68858))
## [3.14.1](https://github.com/panva/jose/compare/v3.14.0...v3.14.1) (2021-07-21)
### Fixes
* **typescript:** export generate key pair result interface ([2b5cc28](https://github.com/panva/jose/commit/2b5cc28684bd9cd09de2f774d7326bffe61fe6ea))
## [3.14.0](https://github.com/panva/jose/compare/v3.13.0...v3.14.0) (2021-07-02)
### Features
* add verbose key type error messages ([df56b94](https://github.com/panva/jose/commit/df56b942c64dfdbb14cb860a403742f25ec60b49))
### Fixes
* **typescript:** remove file extensions from .d.ts files ([e091f0f](https://github.com/panva/jose/commit/e091f0f24537541e350e803bd1e657348f428da2)), closes [#222](https://github.com/panva/jose/issues/222)
* AES Key Wrap input type check ([b83821b](https://github.com/panva/jose/commit/b83821b2bf99fe2051d4d4d89fe4ff18a8559722))
* guard SignJWT.prototype.sign() from missing protected header ([4103719](https://github.com/panva/jose/commit/4103719c24d1811306acf7d5290ef15c5afddcfb)), closes [#221](https://github.com/panva/jose/issues/221)
* **typescript:** add "jku" header to JoseHeaderParameters ([#220](https://github.com/panva/jose/issues/220)) ([72a72db](https://github.com/panva/jose/commit/72a72db7723e06994066d6ad154073387c5bc17c))
## [3.13.0](https://github.com/panva/jose/compare/v3.12.3...v3.13.0) (2021-06-22)
### Features
* **typescript:** export consume module interface types ([#213](https://github.com/panva/jose/issues/213)) ([13fa3d8](https://github.com/panva/jose/commit/13fa3d8ae089b21dace0ea22782451ca77941600))
## [3.12.3](https://github.com/panva/jose/compare/v3.12.2...v3.12.3) (2021-06-02)
### Fixes
* **browser:** remove the use of a node std-lib in decodeProtectedHeader ([d9d4a5f](https://github.com/panva/jose/commit/d9d4a5f2e88ca5172ff753a503bfbdb50522d094)), closes [#206](https://github.com/panva/jose/issues/206)
## [3.12.2](https://github.com/panva/jose/compare/v3.12.1...v3.12.2) (2021-05-19)
### Performance
* **node:** use util.types.is* helpers when available ([d36311d](https://github.com/panva/jose/commit/d36311d5162b3500728937bf25bd2c756f8a33d6))
## [3.12.1](https://github.com/panva/jose/compare/v3.12.0...v3.12.1) (2021-05-14)
### Fixes
* **browser:** avoid global-conflicting variable name fetch ([#199](https://github.com/panva/jose/issues/199)) ([b2c6273](https://github.com/panva/jose/commit/b2c6273eccad5e34cbe0219c521c6453ba71e6c4))
## [3.12.0](https://github.com/panva/jose/compare/v3.11.6...v3.12.0) (2021-05-12)
### Features
* **webcrypto:** allow generate* modules extractable: false override ([afae428](https://github.com/panva/jose/commit/afae428f39eb920297ef474878d4266172d9a015))
## [3.11.6](https://github.com/panva/jose/compare/v3.11.5...v3.11.6) (2021-04-30)
### Fixes
* swallow promisified crypto.verify errors ([d512ede](https://github.com/panva/jose/commit/d512ede0730155051707d60ae8c69ba0492d858f))
## [3.11.5](https://github.com/panva/jose/compare/v3.11.4...v3.11.5) (2021-04-13)
### Fixes
* isObject helper in different vm contexts or jest re-assigned globals ([7819df7](https://github.com/panva/jose/commit/7819df73ebf6391377ef3e7623948d8329ac47f5)), closes [#178](https://github.com/panva/jose/issues/178)
## [3.11.4](https://github.com/panva/jose/compare/v3.11.3...v3.11.4) (2021-04-09)
### Fixes
* defer AES CBC w/ HMAC decryption after tag verification passes ([579485c](https://github.com/panva/jose/commit/579485cb806e9989643e32a66752d3235cd43f09))
## [3.11.3](https://github.com/panva/jose/compare/v3.11.2...v3.11.3) (2021-04-01)
### Fixes
* **node:** check CryptoKey algorithm & usage before exporting KeyObject ([dab4b2f](https://github.com/panva/jose/commit/dab4b2f03efc5772773e66fdb757db5571deee4d))
## [3.11.2](https://github.com/panva/jose/compare/v3.11.1...v3.11.2) (2021-03-30)
### Fixes
* assert KeyLike input types, change "any" types to "unknown" ([edb83a8](https://github.com/panva/jose/commit/edb83a846a880d316d77ace485641330dd0debb6))
## [3.11.1](https://github.com/panva/jose/compare/v3.11.0...v3.11.1) (2021-03-26)
### Fixes
* **node:** crypto.verify callback invocation with a private keyobject ([d3d4acd](https://github.com/panva/jose/commit/d3d4acd8be612850999309ef7de86c549d5de9c0))
## [3.11.0](https://github.com/panva/jose/compare/v3.10.0...v3.11.0) (2021-03-24)
### Features
* export error codes as static properties ([89d8003](https://github.com/panva/jose/commit/89d80038755be21228a3455a8feca396e76fbcf5)), closes [#170](https://github.com/panva/jose/issues/170)
## [3.10.0](https://github.com/panva/jose/compare/v3.9.0...v3.10.0) (2021-03-18)
### Features
* **node:** use libuv threadpool to sign in node >= 15.12.0 ([cf5074e](https://github.com/panva/jose/commit/cf5074e7e1333728f7632ee6785cc52ef32711bf))
* **node:** use libuv threadpool to verify in node >= 15.12.0 ([ae9a7f4](https://github.com/panva/jose/commit/ae9a7f4186da9675820dc2e77786b9ee3f7dd0d0))
* **node:** use native JWK export in node >= 15.9.0 ([7f3cc44](https://github.com/panva/jose/commit/7f3cc44bd0508bf15c061500738473eeafdc32d1))
* **node:** use native JWK import in node >= 15.12.0 ([f0c2a64](https://github.com/panva/jose/commit/f0c2a6472844c43a92a79ed90b51cc5133a2e22e))
## [3.9.0](https://github.com/panva/jose/compare/v3.8.0...v3.9.0) (2021-03-15)
### Features
* add named exports for all modules ([5cba6b0](https://github.com/panva/jose/commit/5cba6b0fdddd24c2e48623d8aaf48640b3279a43))
## [3.8.0](https://github.com/panva/jose/compare/v3.7.1...v3.8.0) (2021-03-12)
### Features
* publish alternative Node.js and Browser specific distributions ([7856dad](https://github.com/panva/jose/commit/7856dad1031845bfc3cadfdbe609d0f0154f19ce))
## [3.7.1](https://github.com/panva/jose/compare/v3.7.0...v3.7.1) (2021-03-11)
### Fixes
* swallow invalid signature encoding errors ([e0adf49](https://github.com/panva/jose/commit/e0adf49e5789f9fc23afb1e2bd3e330e34b46b78))
## [3.7.0](https://github.com/panva/jose/compare/v3.6.2...v3.7.0) (2021-03-02)
### Features
* electron >=12.0.0 is now supported (and tested on ci) ([8fffd3e](https://github.com/panva/jose/commit/8fffd3e2e1ec0c5f3517a779b42974a4c1beae27))
### Fixes
* **electron:** only call (de)cipher.setAAD() when aad is not empty ([a5a6c4d](https://github.com/panva/jose/commit/a5a6c4dc9f459b88de5f243cf1d4ea620def8d98))
* **electron:** properly ASN.1 encode [0x00] when converting RSA JWKs ([433f020](https://github.com/panva/jose/commit/433f020246a9131f63705a3e1aa99492dac50947))
## [3.6.2](https://github.com/panva/jose/compare/v3.6.1...v3.6.2) (2021-02-16)
### Fixes
* **typescript:** update maxTokenAge type and examples ([2c358e0](https://github.com/panva/jose/commit/2c358e0ea550f19896ccf43724ee8224aa04a664))
## [3.6.1](https://github.com/panva/jose/compare/v3.6.0...v3.6.1) (2021-02-10)
### Fixes
* node runtime json fetch handles connection errors properly ([fc584b2](https://github.com/panva/jose/commit/fc584b2efd9a6e7bf2ac83c6fb0ddf96fb0ca6a5))
## [3.6.0](https://github.com/panva/jose/compare/v3.5.4...v3.6.0) (2021-02-04)
### Features
* allow CryptoKey instances in a regular non-webcrypto node runtime ([e8d41a9](https://github.com/panva/jose/commit/e8d41a933582495c9a9b02d6ec38b46bef8795e1))
## [3.5.4](https://github.com/panva/jose/compare/v3.5.3...v3.5.4) (2021-01-26)
### Fixes
* export package.json ([8c29107](https://github.com/panva/jose/commit/8c29107aea26a54869d8adadceaf0bbf70fb18cd)), closes [#157](https://github.com/panva/jose/issues/157)
## [3.5.3](https://github.com/panva/jose/compare/v3.5.2...v3.5.3) (2021-01-20)
### Fixes
* workaround downstream dependency issues messing with http ([2e58005](https://github.com/panva/jose/commit/2e5800535ab72ab35f3abfaab7493163d8b0494e)), closes [#154](https://github.com/panva/jose/issues/154)
## [3.5.2](https://github.com/panva/jose/compare/v3.5.1...v3.5.2) (2021-01-18)
### Performance
* use 'base64url' encoding when available in Node.js runtime ([808f06c](https://github.com/panva/jose/commit/808f06cd08b10cf53343afb35802cc6e5b95ea20))
* use KeyObject.prototype asymmetricKeyDetails when available ([ad88ee2](https://github.com/panva/jose/commit/ad88ee2cd5bcaee3c3e5ec79735c8172ae2725be))
## [3.5.1](https://github.com/panva/jose/compare/v3.5.0...v3.5.1) (2021-01-10)
### Fixes
* workaround for RangeError in browser runtime base64url ([ed32b0d](https://github.com/panva/jose/commit/ed32b0d46ee570e405e0d88b43aecd8ef6fea129))
## [3.5.0](https://github.com/panva/jose/compare/v3.4.0...v3.5.0) (2020-12-17)
### Features
* added JWE General JSON Serialization decryption ([16dea9e](https://github.com/panva/jose/commit/16dea9ec7d6179471f794a3463bba0c6e77295ff))
## [3.4.0](https://github.com/panva/jose/compare/v3.3.2...v3.4.0) (2020-12-16)
### Features
* added JWS General JSON Serialization signing ([6fb862c](https://github.com/panva/jose/commit/6fb862cf12d34b7dc5077d1872ad29eeac27d21e)), closes [#129](https://github.com/panva/jose/issues/129)
* added JWS General JSON Serialization verification ([55b7781](https://github.com/panva/jose/commit/55b77810d03a1f7e38e13bec384dece08b74b206)), closes [#129](https://github.com/panva/jose/issues/129)
* added utility function for decoding token's protected header ([fa29d68](https://github.com/panva/jose/commit/fa29d68cfdf0922c7e4dac24eb50161d1eab28d4))
## [3.3.2](https://github.com/panva/jose/compare/v3.3.1...v3.3.2) (2020-12-14)
### Fixes
* **typescript:** ref dom lib via triple-slash to fix some compile issues ([175f273](https://github.com/panva/jose/commit/175f273819785c29b9ad822dcb5d70073523f504)), closes [#126](https://github.com/panva/jose/issues/126)
## [3.3.1](https://github.com/panva/jose/compare/v3.3.0...v3.3.1) (2020-12-06)
### Fixes
* botched v3.3.0 release ([1c3e116](https://github.com/panva/jose/commit/1c3e116976c997f205b917405f010b568d1bd3b9))
## [3.3.0](https://github.com/panva/jose/compare/v3.2.0...v3.3.0) (2020-12-06)
### Features
* support recognizing proprietary `crit` header parameters ([5163116](https://github.com/panva/jose/commit/5163116ca1c091871ed0c601c9fbc1dbe94599cd)), closes [#123](https://github.com/panva/jose/issues/123)
### Fixes
* reject JWTs with b64: false ([691b44a](https://github.com/panva/jose/commit/691b44ad4717c82a06539facfedff48fa0e9c6a9))
## [3.2.0](https://github.com/panva/jose/compare/v3.1.3...v3.2.0) (2020-12-02)
### Features
* allow specifying modulusLength when generating RSA Key Pairs ([5f7a0e9](https://github.com/panva/jose/commit/5f7a0e9055256bce4786a53711bcf14cf59fa8f1)), closes [#121](https://github.com/panva/jose/issues/121)
## [3.1.3](https://github.com/panva/jose/compare/v3.1.2...v3.1.3) (2020-11-26)
### Fixes
* **typescript:** refactored how types are published ([2937363](https://github.com/panva/jose/commit/29373633bc540ff1e7bfe8fb3e5c5b391e79c2d9)), closes [#119](https://github.com/panva/jose/issues/119)
## [3.1.2](https://github.com/panva/jose/compare/v3.1.1...v3.1.2) (2020-11-24)
### Fixes
* handle globalThis undefined in legacy browsers ([b83c59b](https://github.com/panva/jose/commit/b83c59bb43ad14ac932cd0c662f7dfc2c4c62753))
## [3.1.1](https://github.com/panva/jose/compare/v3.1.0...v3.1.1) (2020-11-24)
### Fixes
* global detection in a browser worker runtime ([56ff8fa](https://github.com/panva/jose/commit/56ff8fa65aa045411c6c6a67d80b67c1099576a0))
## [3.1.0](https://github.com/panva/jose/compare/v3.0.2...v3.1.0) (2020-11-22)
### Features
* added "KeyLike to JWK" module ([7a8418e](https://github.com/panva/jose/commit/7a8418eadd68b645fb7edf78873a35980ea8e41d)), closes [#109](https://github.com/panva/jose/issues/109)
* allow compact verify/decrypt tokens to be uint8array encoded ([e39c3db](https://github.com/panva/jose/commit/e39c3dba75e5ae70697e6a4f93096c492a265c07))
* allow http.Agent and https.Agent passed in remote JWK Set ([38494a8](https://github.com/panva/jose/commit/38494a88828a8df2015efa78ca29c1a6317a3a50))
## [3.0.2](https://github.com/panva/jose/compare/v3.0.1...v3.0.2) (2020-11-15)
### Fixes
* **build:** publish esm submodules ([7b6364f](https://github.com/panva/jose/commit/7b6364f26f7654368c9e33af58043ee40e77ec77)), closes [#104](https://github.com/panva/jose/issues/104)
## [3.0.1](https://github.com/panva/jose/compare/v3.0.0...v3.0.1) (2020-11-15)
### Fixes
* **typescript:** fix compiling by adding .d.ts files for runtime modules ([d9cb573](https://github.com/panva/jose/commit/d9cb5734d779df26c3e717a9f4f23d18b856dc5f))
## [3.0.0](https://github.com/panva/jose/compare/v2.0.3...v3.0.0) (2020-11-14)
### ⚠ BREAKING CHANGES
* Revised, Promise-based API
* No dependencies
* Browser support (using [Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/))
* Support for verification using a remote JWKS endpoint
### Features
* Revised API, No dependencies, Browser Support, Promises ([357fe0b](https://github.com/panva/jose/commit/357fe0b964903e8c84ab49f0f27ddf0447d44c84))
## [2.0.3](https://github.com/panva/jose/compare/v2.0.2...v2.0.3) (2020-10-29)
### Fixes
* allow stubbing of the JWT.decode function ([6c3b92f](https://github.com/panva/jose/commit/6c3b92f4394a5d7092d7336922eda61e311e6f8c))
## [2.0.2](https://github.com/panva/jose/compare/v2.0.1...v2.0.2) (2020-09-14)
### Fixes
* **esm:** include esm files in the published package ([1956746](https://github.com/panva/jose/commit/1956746df6542c00bc33af750f93394805b5d603))
## [2.0.1](https://github.com/panva/jose/compare/v2.0.0...v2.0.1) (2020-09-10)
### Fixes
* allow plugins such as jose-chacha to work in newer node runtime ([30f1dc2](https://github.com/panva/jose/commit/30f1dc2c41e5554d322167b84b610a99bf5e69c5))
## [2.0.0](https://github.com/panva/jose/compare/v1.28.0...v2.0.0) (2020-09-08)
### ⚠ BREAKING CHANGES
* the `JWE.decrypt` option `algorithms` was removed and
replaced with contentEncryptionAlgorithms (handles `enc` allowlist) and
keyManagementAlgorithms (handles `alg` allowlist)
* the `JWT.verify` profile option was removed, use e.g.
`JWT.IdToken.verify` instead.
* removed the `maxAuthAge` `JWT.verify` option, this
option is now only present at the specific JWT profile APIs where the
`auth_time` property applies.
* removed the `nonce` `JWT.verify` option, this
option is now only present at the specific JWT profile APIs where the
`nonce` property applies.
* the `acr`, `amr`, `nonce` and `azp` claim value types
will only be checked when verifying a specific JWT profile using its
dedicated API.
* using the draft implementing APIs will emit a one-time
warning per process using `process.emitWarning`
* `JWT.sign` function options no longer accept a `nonce`
property. To create a JWT with a `nonce` just pass the value to the
payload.
* due to added ESM module support Node.js version with
ESM implementation bugs are no longer supported, this only affects early
v13.x versions. The resulting Node.js semver range is
`>=10.13.0 < 13 || >=13.7.0`
* deprecated method `JWK.importKey` was removed
* deprecated method `JWKS.KeyStore.fromJWKS` was removed
* the use of unregistered curve name P-256K for secp256k1
was removed
* jose.JWE.Encrypt constructor aad and unprotectedHeader
arguments swapped places
* jose.JWE.encrypt.flattened header (unprotectedHeader)
and aad arguments swapped places
* jose.JWE.encrypt.general header (unprotectedHeader)
and aad arguments swapped places
* JWS.verify returned payloads are now always buffers
* JWS.verify options `encoding` and `parse` were removed
### Features
* added support for ESM (ECMAScript modules) ([1aa9035](https://github.com/panva/jose/commit/1aa9035552bbcb34b95e092d0f082cc6d94465ab))
* decrypt allowlists for both key management and content encryption ([30e5c46](https://github.com/panva/jose/commit/30e5c46ecf00a498e65a551ced88bc897531c2a4))
### Fixes
* **typescript:** allow Buffer when verifying detached signature ([cadbd04](https://github.com/panva/jose/commit/cadbd047ca953d6d8171439f2efd7bb98a5d8e73))
* **typescript:** properly type all decode/verify/decrypt fn options ([4c23bd6](https://github.com/panva/jose/commit/4c23bd65fe6fa634726a5eb73c6d590f7348a97e))
### Refactor
* encrypt APIs unprotectedHeader and aad arguments swapped ([70bd4ae](https://github.com/panva/jose/commit/70bd4ae6b2e6ba94bbe0b3dc1a17b2990af3a18b))
* move JWT profile specifics outside of generic JWT ([fd69d7f](https://github.com/panva/jose/commit/fd69d7f5093d0b3a231d7d79aa3bca3a8a64464c))
* removed `nonce` option from `JWT.sign` ([c4267cc](https://github.com/panva/jose/commit/c4267cc655bc2721d846c98f8a40640d1a12e9ad))
* removed deprecated methods and utilities ([6c35c51](https://github.com/panva/jose/commit/6c35c519c9181f8246b36ad02572adb609d6de1d))
* removed payload parsing from JWS.verify ([ba5c897](https://github.com/panva/jose/commit/ba5c89791915a2a3cd56b3dab1f3328778152d33))
## [1.28.0](https://github.com/panva/jose/compare/v1.27.3...v1.28.0) (2020-08-10)
### Features
* support for validating issuer from a list of values ([#91](https://github.com/panva/jose/issues/91)) ([ce6836a](https://github.com/panva/jose/commit/ce6836af88c9e73c29560233f15ed1760c7dcc13))
## [1.27.3](https://github.com/panva/jose/compare/v1.27.2...v1.27.3) (2020-08-04)
### Fixes
* do not mutate unencoded payload when signing for multiple parties ([1695423](https://github.com/panva/jose/commit/169542363f884e4028db9f80086d631e626eb469)), closes [#89](https://github.com/panva/jose/issues/89)
* ensure "b64" is the same for all recipients edge cases ([d56ec9f](https://github.com/panva/jose/commit/d56ec9f5ddc2612e5ff21fe35d45a56e7153e0e4))
## [1.27.2](https://github.com/panva/jose/compare/v1.27.1...v1.27.2) (2020-07-01)
### Fixes
* handle private EC keys without public component ([#86](https://github.com/panva/jose/issues/86)) ([e8ad389](https://github.com/panva/jose/commit/e8ad38993e29747098f7fd1594dde4ce893ba802)), closes [#85](https://github.com/panva/jose/issues/85)
## [1.27.1](https://github.com/panva/jose/compare/v1.27.0...v1.27.1) (2020-06-01)
### Fixes
* allow any JSON numeric value for timestamp values ([7ba4922](https://github.com/panva/jose/commit/7ba492237aaf788914166c134d50fb046041efa0))
## [1.27.0](https://github.com/panva/jose/compare/v1.26.1...v1.27.0) (2020-05-05)
### Features
* add opt-in objects to verify using embedded JWS Header public keys ([7c1cab1](https://github.com/panva/jose/commit/7c1cab196edc409ec6cc4741bdf7e06c5aaf5dab))
## [1.26.1](https://github.com/panva/jose/compare/v1.26.0...v1.26.1) (2020-04-27)
### Fixes
* **typescript:** types of key generate functions without overloads ([7e60722](https://github.com/panva/jose/commit/7e60722ae7054f8acf833e015c22679d56fbc0ca)), closes [#80](https://github.com/panva/jose/issues/80)
* "typ" content-type validation, case insensitive and handled prefix ([0691586](https://github.com/panva/jose/commit/06915861b32c0ae252dcc84791050bc3716ce102))
## [1.26.0](https://github.com/panva/jose/compare/v1.25.2...v1.26.0) (2020-04-16)
### Features
* update JWT Profile for OAuth 2.0 Access Tokens to latest draft ([8c0a8a9](https://github.com/panva/jose/commit/8c0a8a950e4503cb7a756589e307286fe1116b05))
### BREAKING CHANGES
* `at+JWT` JWT draft profile - in the draft's Section 2.2
the claims `iat` and `jti` are now REQUIRED (was RECOMMENDED).
## [1.25.2](https://github.com/panva/jose/compare/v1.25.1...v1.25.2) (2020-04-15)
### Fixes
* **build:** don't publish junk files ([6e98c1a](https://github.com/panva/jose/commit/6e98c1a5f994224b9412fc47c4065b468c89fe2c))
## [1.25.1](https://github.com/panva/jose/compare/v1.25.0...v1.25.1) (2020-04-15)
### Fixes
* use native openssl AES Key Wrap 🤦 ([dcf8d75](https://github.com/panva/jose/commit/dcf8d75a8aca4f05fe04df64fdd2ba50bbc75bc9))
## [1.25.0](https://github.com/panva/jose/compare/v1.24.1...v1.25.0) (2020-03-11)
### Features
* update JWT Profile for OAuth 2.0 Access Tokens to latest draft ([bc77a15](https://github.com/panva/jose/commit/bc77a15fab10f8a29561ef667a923b2f074fa9b3))
## [1.24.1](https://github.com/panva/jose/compare/v1.24.0...v1.24.1) (2020-03-05)
### Fixes
* allow importing simpler passphrases as `oct` keys ([f86bda3](https://github.com/panva/jose/commit/f86bda3bb709f29e4264fb8de45242f518128744))
## [1.24.0](https://github.com/panva/jose/compare/v1.23.0...v1.24.0) (2020-02-25)
### Features
* add JWT.verify "typ" option for checking JWT Type Header parameter ([fc08426](https://github.com/panva/jose/commit/fc08426466233709b442ba21232768ddeeb94e56))
## [1.23.0](https://github.com/panva/jose/compare/v1.22.2...v1.23.0) (2020-02-18)
### Fixes
* **typescript:** add optional JWK.Key props and make them readonly ([b92079c](https://github.com/panva/jose/commit/b92079cb64216b8ea91082adc07ac03972dbbb0e)), closes [#67](https://github.com/panva/jose/issues/67)
### Features
* add ECDH-ES with X25519 and X448 OKP keys ([38369ea](https://github.com/panva/jose/commit/38369ea3d72812abe7ecebd6dc7da164b0a2e29d))
* add RSA-OAEP-384 and RSA-OAEP-512 JWE Key Management Algorithms ([7477f08](https://github.com/panva/jose/commit/7477f0831b38765a9a916b35b1d40aaf11f0e6b8))
## [1.22.2](https://github.com/panva/jose/compare/v1.22.1...v1.22.2) (2020-02-06)
### Performance Improvements
* various codepaths refactored ([3e3d7dd](https://github.com/panva/jose/commit/3e3d7dd38168159e188e54c48a9f83e3a02a8fe1))
## [1.22.1](https://github.com/panva/jose/compare/v1.22.0...v1.22.1) (2020-02-03)
### Fixes
* actually remove the base64url proper encoding check ([eae01b5](https://github.com/panva/jose/commit/eae01b57ab9f33e8c621ffcd2a77d513a51d22b2))
## [1.22.0](https://github.com/panva/jose/compare/v1.21.1...v1.22.0) (2020-01-29)
### Features
* keystore filtering by JWK Key thumbprint ([a9f6f71](https://github.com/panva/jose/commit/a9f6f7135005d6231d6f42d95c02414139a89d17))
### Performance Improvements
* base64url decode, JWT.verify, JWK.Key instance re-use ([470b4c7](https://github.com/panva/jose/commit/470b4c73154e1fcf8b92726d521940e5e11c9d94))
## [1.21.1](https://github.com/panva/jose/compare/v1.21.0...v1.21.1) (2020-01-25)
### Fixes
* contactKDF iteration count fixed for key sizes larger than 256 bits ([70ff222](https://github.com/panva/jose/commit/70ff22227ad303e57228dc8351688531499a833a))
## [1.21.0](https://github.com/panva/jose/compare/v1.20.0...v1.21.0) (2020-01-23)
### Fixes
* **typescript:** don't expose non existant classes, fix decode key ([0f8bf88](https://github.com/panva/jose/commit/0f8bf886da1b5d02cd0d968d0ec02a58673df258))
### Features
* add opt-in support for Unsecured JWS algorithm "none" ([3a6d17f](https://github.com/panva/jose/commit/3a6d17fdd18d8bbd074c07c2dd08f0406c16a8f1))
## [1.20.0](https://github.com/panva/jose/compare/v1.19.0...v1.20.0) (2020-01-16)
### Features
* add JWTExpired error and JWTClaimInvalid claim and reason props ([a0c0c7a](https://github.com/panva/jose/commit/a0c0c7ad70f42d9b23b3e71de43599a8ac6fe1ff)), closes [#62](https://github.com/panva/jose/issues/62)
## [1.19.0](https://github.com/panva/jose/compare/v1.18.2...v1.19.0) (2020-01-13)
### Features
* exposed shorthands for JWT verification profiles ([b1864e3](https://github.com/panva/jose/commit/b1864e319d1a7a42eadfa0c4b0145952e7814726))
## [1.18.2](https://github.com/panva/jose/compare/v1.18.1...v1.18.2) (2020-01-08)
### Fixes
* ensure asn1.js version to remove Buffer deprecation notice ([13b1106](https://github.com/panva/jose/commit/13b1106048fdeae00b09d54f05245dded85b14a7))
* expose JOSENotSupported key import errors on unsupported runtimes ([bc81e5d](https://github.com/panva/jose/commit/bc81e5dec2987f6ce6dc3fa5daa23dfe620c0a34))
* typo in JOSENotSupported error when x509 certs are not supported ([bb58c9c](https://github.com/panva/jose/commit/bb58c9ce52e807ca4cfad6bcbf1ab96b91778b1f))
## [1.18.1](https://github.com/panva/jose/compare/v1.18.0...v1.18.1) (2020-01-01)
### Fixes
* force iat past check when maxTokenAge option is used + JWT refactor ([828ad5a](https://github.com/panva/jose/commit/828ad5a33dc0cc0049923b69f43f97463295456e))
## [1.18.0](https://github.com/panva/jose/compare/v1.17.2...v1.18.0) (2019-12-31)
### Features
* add JWT validation profiles for Access Tokens and Logout Tokens ([7bb5c95](https://github.com/panva/jose/commit/7bb5c953a9c6d9bd915e8ebc0608bc0649427745))
## [1.17.2](https://github.com/panva/jose/compare/v1.17.1...v1.17.2) (2019-12-17)
### Fixes
* skip validating iat is in the past when exp is present ([0ed5025](https://github.com/panva/jose/commit/0ed5025de30a754de95ae2587ce0f4573909b006))
## [1.17.1](https://github.com/panva/jose/compare/v1.17.0...v1.17.1) (2019-12-10)
### Fixes
* properly fail to import unsupported openssh keys ([bee5744](https://github.com/panva/jose/commit/bee574457f29597ccab09d51ac61b85dd7a7146a))
## [1.17.0](https://github.com/panva/jose/compare/v1.16.2...v1.17.0) (2019-12-10)
### Features
* importing a certificate populates x5c and x5t thumbprints ([25a7a71](https://github.com/panva/jose/commit/25a7a71915c4f7514536cec9e7e162d0ad3b670c)), closes [#59](https://github.com/panva/jose/issues/59)
## [1.16.2](https://github.com/panva/jose/compare/v1.16.1...v1.16.2) (2019-12-05)
### Fixes
* handle Unencoded Payload (b64:false) with arbitrary buffer payloads ([daabedc](https://github.com/panva/jose/commit/daabedc776617f4fde427b3a5e79d8c176293132)), closes [#57](https://github.com/panva/jose/issues/57)
## [1.16.1](https://github.com/panva/jose/compare/v1.16.0...v1.16.1) (2019-12-05)
### Fixes
* allow PBES2 for the correct JWK `use` values ([f0d7194](https://github.com/panva/jose/commit/f0d719416ec9ca041ea88b8a983b5d899a6aa107))
## [1.16.0](https://github.com/panva/jose/compare/v1.15.1...v1.16.0) (2019-12-04)
### Features
* two official jose plugins/extensions for those living on the edge ([5b27c97](https://github.com/panva/jose/commit/5b27c97ac8836ffa9f3880e009c8db5afbfbaa2c)), closes [#56](https://github.com/panva/jose/issues/56)
## [1.15.1](https://github.com/panva/jose/compare/v1.15.0...v1.15.1) (2019-11-30)
### Fixes
* **typescript:** export Key Input types ([0277fcd](https://github.com/panva/jose/commit/0277fcd1896af497e79190212b0719f7e62366c1))
## [1.15.0](https://github.com/panva/jose/compare/v1.14.0...v1.15.0) (2019-11-27)
### Fixes
* default JWT.sign `kid` option value is false for HMAC signatures ([ce77388](https://github.com/panva/jose/commit/ce7738825403f8cdb8f99cb51c096baf0dfa3af7))
### Features
* allow JWK.asKey inputs for sign/verify/encrypt/decrypt operations ([5e1009a](https://github.com/panva/jose/commit/5e1009a63e4bc829009cc46d6295c00f8431024c))
## [1.14.0](https://github.com/panva/jose/compare/v1.13.0...v1.14.0) (2019-11-26)
### Features
* allow JWKS.KeyStore .all and .get to filter for key curves ([ea60338](https://github.com/panva/jose/commit/ea60338ca6f58f2626992a38da76812477ce4540))
## [1.13.0](https://github.com/panva/jose/compare/v1.12.1...v1.13.0) (2019-11-23)
### Features
* return the CEK from JWE.decrypt operation with { complete: true } ([c3eb845](https://github.com/panva/jose/commit/c3eb8450b98b2f5ecc127d69afe85a7ae2cc5aaa))
## [1.12.1](https://github.com/panva/jose/compare/v1.12.0...v1.12.1) (2019-11-14)
## [1.12.0](https://github.com/panva/jose/compare/v1.11.0...v1.12.0) (2019-11-05)
### Features
* add JWS.verify encoding and parsing options ([6bb66d4](https://github.com/panva/jose/commit/6bb66d4f0b4c96f2da8ac5f14fda6bc4f53f2994))
## [1.11.0](https://github.com/panva/jose/compare/v1.10.2...v1.11.0) (2019-11-03)
### Features
* expose crypto.KeyObject instances in supported runtimes ([8ea9683](https://github.com/panva/jose/commit/8ea968312e97ed0f992fab909a20e7993159ec45))
## [1.10.2](https://github.com/panva/jose/compare/v1.10.1...v1.10.2) (2019-10-29)
### Fixes
* only use secp256k1 keys for signing/verification ([9588223](https://github.com/panva/jose/commit/95882232d6d409a321b6a8c168f5b78ebbdabf95))
## [1.10.1](https://github.com/panva/jose/compare/v1.10.0...v1.10.1) (2019-10-04)
### Fixes
* throw proper error when runtime doesn't support OKP ([0a16efb](https://github.com/panva/jose/commit/0a16efb)), closes [#48](https://github.com/panva/jose/issues/48)
## [1.10.0](https://github.com/panva/jose/compare/v1.9.2...v1.10.0) (2019-10-01)
### Features
* rename package ([26f4cf2](https://github.com/panva/jose/commit/26f4cf2))
## [1.9.2](https://github.com/panva/jose/compare/v1.9.1...v1.9.2) (2019-09-16)
### Fixes
* keystore.toJWKS(true) does not throw on public keys ([81abdfa](https://github.com/panva/jose/commit/81abdfa)), closes [#42](https://github.com/panva/jose/issues/42)
## [1.9.1](https://github.com/panva/jose/compare/v1.9.0...v1.9.1) (2019-09-10)
## [1.9.0](https://github.com/panva/jose/compare/v1.8.0...v1.9.0) (2019-08-24)
### Features
* allow JWKS.asKeyStore to swallow errors ([78398d3](https://github.com/panva/jose/commit/78398d3))
## [1.8.0](https://github.com/panva/jose/compare/v1.7.0...v1.8.0) (2019-08-22)
### Features
* added Node.js lts/dubnium support for runtime supported features ([67a8601](https://github.com/panva/jose/commit/67a8601))
## [1.7.0](https://github.com/panva/jose/compare/v1.6.1...v1.7.0) (2019-08-20)
### Features
* add RSA-OAEP-256 support (when a node version supports it) ([28d7cf8](https://github.com/panva/jose/commit/28d7cf8)), closes [#29](https://github.com/panva/jose/issues/29)
## [1.6.1](https://github.com/panva/jose/compare/v1.6.0...v1.6.1) (2019-07-29)
### Fixes
* properly pad calculated RSA primes ([dd121ce](https://github.com/panva/jose/commit/dd121ce))
## [1.6.0](https://github.com/panva/jose/compare/v1.5.2...v1.6.0) (2019-07-27)
### Fixes
* use the correct ECPrivateKey version when importing EC JWK ([24acd20](https://github.com/panva/jose/commit/24acd20))
### Features
* electron v6.x support ([e7ad82c](https://github.com/panva/jose/commit/e7ad82c))
## [1.5.2](https://github.com/panva/jose/compare/v1.5.1...v1.5.2) (2019-07-27)
### Fixes
* importing x5c in electron requires the input split ([181fd09](https://github.com/panva/jose/commit/181fd09))
## [1.5.1](https://github.com/panva/jose/compare/v1.5.0...v1.5.1) (2019-07-27)
### Fixes
* correctly pad integers when importing RSA JWK ([1dc7f35](https://github.com/panva/jose/commit/1dc7f35))
## [1.5.0](https://github.com/panva/jose/compare/v1.4.1...v1.5.0) (2019-07-23)
### Features
* validate JWTs according to a JWT profile - ID Token ([6c98b61](https://github.com/panva/jose/commit/6c98b61))
## [1.4.1](https://github.com/panva/jose/compare/v1.4.0...v1.4.1) (2019-07-14)
### Fixes
* honour the JWT.sign `jti` option ([36c9ce2](https://github.com/panva/jose/commit/36c9ce2)), closes [#33](https://github.com/panva/jose/issues/33)
## [1.4.0](https://github.com/panva/jose/compare/v1.3.0...v1.4.0) (2019-07-08)
### Features
* add secp256k1 EC Key curve and ES256K ([211d7af](https://github.com/panva/jose/commit/211d7af))
## [1.3.0](https://github.com/panva/jose/compare/v1.0.2...c51dc28) (2019-06-21)
### Features
* compute private RSA key p, q, dp, dq, qi when omitted ([6e3d6fd](https://github.com/panva/jose/commit/6e3d6fd)), closes [#26](https://github.com/panva/jose/issues/26)
* add support for JWK x5c, x5t and x5t#S256 ([9d46c48](https://github.com/panva/jose/commit/9d46c48))
* instances of JWKS.KeyStore are now iterable (e.g. for ... of) ([2eae293](https://github.com/panva/jose/commit/2eae293))
### Fixes
* limit calculation of missing RSA private components ([5b53cb0](https://github.com/panva/jose/commit/5b53cb0))
* reject rsa keys without all factors and exponents with a specific message ([b0ff436](https://github.com/panva/jose/commit/b0ff436))
### Deprecations
- this deprecates the use of `JWK.importKey` in favor of
`JWK.asKey`
- this deprecates the use of `JWKS.KeyStore.fromJWKS` in favor of
`JWKS.asKeyStore`
Both `JWK.importKey` and `JWKS.KeyStore.fromJWKS` could have resulted
in the process getting blocked when large bitsize RSA private keys
were missing their components and could also result in an endless
calculation loop when the private key's private exponent was outright
invalid or tampered with.
The new methods still allow to import private RSA keys with these
optimization key parameters missing but it is disabled by default and one
should choose to enable it when working with keys from trusted sources
It is recommended not to use `jose` versions with this feature in
its original on-by-default form - v1.1.0 and v1.2.0
## [1.0.2](https://github.com/panva/jose/compare/v1.0.1...v1.0.2) (2019-05-13)
### Fixes
* add missing keystore.toJWKS() .d.ts definition ([c7a8606](https://github.com/panva/jose/commit/c7a8606)), closes [#25](https://github.com/panva/jose/issues/25)
## [1.0.1](https://github.com/panva/jose/compare/v1.0.0...v1.0.1) (2019-04-27)
### Fixes
* oct key ts "k" type fix ([0750d2c](https://github.com/panva/jose/commit/0750d2c))
## [1.0.0](https://github.com/panva/jose/compare/v0.12.0...v1.0.0) (2019-04-23)
### Fixes
* fail to import invalid PEM formatted strings and buffers ([857dc2b](https://github.com/panva/jose/commit/857dc2b))
### Features
* add JWK key_ops support, fix .algorithms() op returns ([23b874c](https://github.com/panva/jose/commit/23b874c))
* add key.toPEM() export function with optional encryption ([1159b0d](https://github.com/panva/jose/commit/1159b0d))
* add OKP Key and EdDSA sign/verify support ([2dbd3ed](https://github.com/panva/jose/commit/2dbd3ed)), closes [#12](https://github.com/panva/jose/issues/12)
### BREAKING CHANGES
* key.algorithms(op) un+wrapKey was split into correct
wrapKey/unwrapKey/deriveKey returns
* keystore.all and keystore.get `operation` option was
removed, `key_ops: string[]` supersedes it
* Node.js minimal version is now v12.0.0 due to its
added EdDSA support (crypto.sign, crypto.verify and eddsa key objects)
## [0.12.0](https://github.com/panva/jose/compare/v0.11.5...v0.12.0) (2019-04-07)
### Reverts
* add EC P-256K JWK and ES256K sign/verify support ([e21fea1](https://github.com/panva/jose/commit/e21fea1))
### BREAKING CHANGES
* removing ES256K alg and EC P-256K crv support until the
IETF WG decides on what the final names will be.
## [0.11.5](https://github.com/panva/jose/compare/v0.11.4...v0.11.5) (2019-04-04)
### Features
* add key.secret<boolean> and key.type<string> for completeness ([2dd7053](https://github.com/panva/jose/commit/2dd7053))
* add key.thumbprint always returning the JWK Thumbprint (RFC7638) ([65db7e0](https://github.com/panva/jose/commit/65db7e0))
## [0.11.4](https://github.com/panva/jose/compare/v0.11.3...v0.11.4) (2019-03-28)
### Fixes
* properly restrict EC curves in generate(Sync) ([764b863](https://github.com/panva/jose/commit/764b863))
* remove unintended exposure of private material via enumerables ([946d9df](https://github.com/panva/jose/commit/946d9df))
## [0.11.3](https://github.com/panva/jose/compare/v0.11.2...v0.11.3) (2019-03-27)
### Fixes
* throw on unsupported EC curves ([cfa4222](https://github.com/panva/jose/commit/cfa4222))
### Features
* add EC P-256K JWK and ES256K sign/verify support ([2e33e1c](https://github.com/panva/jose/commit/2e33e1c))
## [0.11.2](https://github.com/panva/jose/compare/v0.11.1...v0.11.2) (2019-03-19)
### Fixes
* internal symbol method is now really a symbol ([925d47c](https://github.com/panva/jose/commit/925d47c))
* key.toJWK() fixed on windows ([57f1692](https://github.com/panva/jose/commit/57f1692)), closes [#17](https://github.com/panva/jose/issues/17)
## [0.11.1](https://github.com/panva/jose/compare/v0.11.0...v0.11.1) (2019-03-17)
### Fixes
* restrict RS key algorithms by the key's bit size ([9af295b](https://github.com/panva/jose/commit/9af295b))
## [0.11.0](https://github.com/panva/jose/compare/v0.10.0...v0.11.0) (2019-03-16)
### Fixes
* all JWA defined RSA operations require key of 2048 or more ([cc70c5d](https://github.com/panva/jose/commit/cc70c5d))
* use correct salt length for RSASSA-PSS ([e936d54](https://github.com/panva/jose/commit/e936d54))
### BREAKING CHANGES
* all [JWA](https://www.rfc-editor.org/rfc/rfc7518) defined
RSA based operations require key size of 2048 bits or more.
## [0.10.0](https://github.com/panva/jose/compare/v0.9.2...v0.10.0) (2019-03-12)
### Fixes
* do not list "dir" under wrap/unwrapKey operations ([17b37d3](https://github.com/panva/jose/commit/17b37d3))
### Features
* keystore .all and .get operation option ([d349ba9](https://github.com/panva/jose/commit/d349ba9))
### BREAKING CHANGES
* "dir" is no longer returned as wrap/unwrapKey key
operation
## [0.9.2](https://github.com/panva/jose/compare/v0.9.1...v0.9.2) (2019-03-05)
### Fixes
* "dir" is only available on keys with correct lengths ([6854860](https://github.com/panva/jose/commit/6854860))
* do not 'in' operator when importing keys as string ([be3f4e4](https://github.com/panva/jose/commit/be3f4e4))
## [0.9.1](https://github.com/panva/jose/compare/v0.9.0...v0.9.1) (2019-03-02)
### Fixes
* only import RSA, EC and oct successfully ([e5e02fc](https://github.com/panva/jose/commit/e5e02fc))
# 0.9.0 (2019-03-02)
Initial release
### Implemented Features
- JSON Web Signature (JWS) - [RFC7515][spec-jws]
- JSON Web Encryption (JWE) - [RFC7516][spec-jwe]
- JSON Web Key (JWK) - [RFC7517][spec-jwk]
- JSON Web Algorithms (JWA) - [RFC7518][spec-jwa]
- JSON Web Token (JWT) - [RFC7519][spec-jwt]
- JSON Web Key (JWK) Thumbprint - [RFC7638][spec-thumbprint]
- JWS Unencoded Payload Option - [RFC7797][spec-b64]
| JWK Key Types | Supported ||
| -- | -- | -- |
| RSA | ✓ | RSA |
| Elliptic Curve | ✓ | EC |
| Octet sequence | ✓ | oct |
| Serialization | JWS Sign | JWS Verify | JWE Encrypt | JWE Decrypt |
| -- | -- | -- | -- | -- |
| Compact | ✓ | ✓ | ✓ | ✓ |
| General JSON | ✓ | ✓ | ✓ | ✓ |
| Flattened JSON | ✓ | ✓ | ✓ | ✓ |
| JWS Algorithms | Supported ||
| -- | -- | -- |
| RSASSA-PKCS1-v1_5 | ✓ | RS256, RS384, RS512 |
| RSASSA-PSS | ✓ | PS256, PS384, PS512 |
| ECDSA | ✓ | ES256, ES384, ES512 |
| HMAC with SHA-2 | ✓ | HS256, HS384, HS512 |
| JWE Key Management Algorithms | Supported ||
| -- | -- | -- |
| AES | ✓ | A128KW, A192KW, A256KW |
| AES GCM | ✓ | A128GCMKW, A192GCMKW, A256GCMKW |
| Direct Key Agreement | ✓ | dir |
| RSAES OAEP | ✓<sup>*</sup> | RSA-OAEP <sub>(<sup>*</sup>RSA-OAEP-256 is not supported due to its lack of support in Node.js)</sub> |
| RSAES-PKCS1-v1_5 | ✓ | RSA1_5 |
| PBES2 | ✓ | PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW |
| ECDH-ES | ✓ | ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW |
| JWE Content Encryption Algorithms | Supported ||
| -- | -- | -- |
| AES GCM | ✓ | A128GCM, A192GCM, A256GCM |
| AES_CBC_HMAC_SHA2 | ✓ | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 |
[spec-b64]: https://www.rfc-editor.org/rfc/rfc7797
[spec-jwa]: https://www.rfc-editor.org/rfc/rfc7518
[spec-jwe]: https://www.rfc-editor.org/rfc/rfc7516
[spec-jwk]: https://www.rfc-editor.org/rfc/rfc7517
[spec-jws]: https://www.rfc-editor.org/rfc/rfc7515
[spec-jwt]: https://www.rfc-editor.org/rfc/rfc7519
[spec-thumbprint]: https://www.rfc-editor.org/rfc/rfc7638
================================================
FILE: CODE_OF_CONDUCT.md
================================================
# Contributor Covenant Code of Conduct
## Our Pledge
We as members, contributors, and leaders pledge to make participation in our
community a harassment-free experience for everyone, regardless of age, body
size, visible or invisible disability, ethnicity, sex characteristics, gender
identity and expression, level of experience, education, socio-economic status,
nationality, personal appearance, race, caste, color, religion, or sexual identity
and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming,
diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment for our
community include:
* Demonstrating empathy and kindness toward other people
* Being respectful of differing opinions, viewpoints, and experiences
* Giving and gracefully accepting constructive feedback
* Accepting responsibility and apologizing to those affected by our mistakes,
and learning from the experience
* Focusing on what is best not just for us as individuals, but for the
overall community
Examples of unacceptable behavior include:
* The use of sexualized language or imagery, and sexual attention or
advances of any kind
* Trolling, insulting or derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or email
address, without their explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Enforcement Responsibilities
Community leaders are responsible for clarifying and enforcing our standards of
acceptable behavior and will take appropriate and fair corrective action in
response to any behavior that they deem inappropriate, threatening, offensive,
or harmful.
Community leaders have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
not aligned to this Code of Conduct, and will communicate reasons for moderation
decisions when appropriate.
## Scope
This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
Examples of representing our community include using an official e-mail address,
posting via an official social media account, or acting as an appointed
representative at an online or offline event.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported to the community leaders responsible for enforcement at
panva.ip@gmail.com.
All complaints will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and security of the
reporter of any incident.
## Enforcement Guidelines
Community leaders will follow these Community Impact Guidelines in determining
the consequences for any action they deem in violation of this Code of Conduct:
### 1. Correction
**Community Impact**: Use of inappropriate language or other behavior deemed
unprofessional or unwelcome in the community.
**Consequence**: A private, written warning from community leaders, providing
clarity around the nature of the violation and an explanation of why the
behavior was inappropriate. A public apology may be requested.
### 2. Warning
**Community Impact**: A violation through a single incident or series
of actions.
**Consequence**: A warning with consequences for continued behavior. No
interaction with the people involved, including unsolicited interaction with
those enforcing the Code of Conduct, for a specified period of time. This
includes avoiding interactions in community spaces as well as external channels
like social media. Violating these terms may lead to a temporary or
permanent ban.
### 3. Temporary Ban
**Community Impact**: A serious violation of community standards, including
sustained inappropriate behavior.
**Consequence**: A temporary ban from any sort of interaction or public
communication with the community for a specified period of time. No public or
private interaction with the people involved, including unsolicited interaction
with those enforcing the Code of Conduct, is allowed during this period.
Violating these terms may lead to a permanent ban.
### 4. Permanent Ban
**Community Impact**: Demonstrating a pattern of violation of community
standards, including sustained inappropriate behavior, harassment of an
individual, or aggression toward or disparagement of classes of individuals.
**Consequence**: A permanent ban from any sort of public interaction within
the community.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at
[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0].
Community Impact Guidelines were inspired by
[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
For answers to common questions about this code of conduct, see the FAQ at
[https://www.contributor-covenant.org/faq][FAQ]. Translations are available
at [https://www.contributor-covenant.org/translations][translations].
[homepage]: https://www.contributor-covenant.org
[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
[Mozilla CoC]: https://github.com/mozilla/diversity
[FAQ]: https://www.contributor-covenant.org/faq
[translations]: https://www.contributor-covenant.org/translations
================================================
FILE: CONTRIBUTING.md
================================================
# Contributing to jose
Please note we have a [code of conduct][coc], please follow it in all your interactions with the
project.
When contributing to this project, please first discuss the change you wish to make via a discussion,
email, or any other appropriate method with the owners of this project before proposing a change
via a Pull Request. The project promotes and follows current best practices in regards to the
specifications it implements. A contribution that tries to implement something non-standard will most
likely be dismissed.
## Rules of the discussions
Remember to be very clear and transparent when discussing any issue in the discussions boards. We
ask that you keep the language to English and keep on track with the issue at hand. Lastly, please
be respectful of our fellow contributors and keep an exemplary level of professionalism at all
times.
[coc]: https://github.com/panva/jose/blob/main/CODE_OF_CONDUCT.md
================================================
FILE: LICENSE.md
================================================
The MIT License (MIT)
Copyright (c) 2018 Filip Skokan
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================
FILE: README.md
================================================
# jose
`jose` is a JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. The module is designed to work across various Web-interoperable runtimes including Node.js, browsers, Cloudflare Workers, Deno, Bun, and others.
## Sponsor
<picture>
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/panva/jose/HEAD/sponsor/Auth0byOkta_dark.png">
<source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/panva/jose/HEAD/sponsor/Auth0byOkta_light.png">
<img height="65" align="left" alt="Auth0 by Okta" src="https://raw.githubusercontent.com/panva/jose/HEAD/sponsor/Auth0byOkta_light.png">
</picture>
If you want to quickly add JWT authentication to JavaScript apps, feel free to check out Auth0's JavaScript SDK and free plan. [Create an Auth0 account; it's free!][sponsor-auth0]<br><br>
## [💗 Help the project](https://github.com/sponsors/panva)
Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva).
## Dependencies: 0
`jose` has no dependencies and it exports tree-shakeable ESM[^cjs].
## Documentation
`jose` is distributed via [npmjs.com](https://www.npmjs.com/package/jose), [jsr.io](https://jsr.io/@panva/jose), [jsdelivr.com](https://www.jsdelivr.com/package/npm/jose), and [github.com](https://github.com/panva/jose).
**`example`** ESM import[^cjs]
```js
import * as jose from 'jose'
```
### JSON Web Tokens (JWT)
The `jose` module supports JSON Web Tokens (JWT) and provides functionality for signing and verifying tokens, as well as their JWT Claims Set validation.
- [JWT Claims Set Validation & Signature Verification](docs/jwt/verify/functions/jwtVerify.md) using the `jwtVerify` function
- [Using a remote JSON Web Key Set (JWKS)](docs/jwks/remote/functions/createRemoteJWKSet.md)
- [Using a local JSON Web Key Set (JWKS)](docs/jwks/local/functions/createLocalJWKSet.md)
- [Signing](docs/jwt/sign/classes/SignJWT.md) using the `SignJWT` class
- Utility functions
- [Decoding Token's Protected Header](docs/util/decode_protected_header/functions/decodeProtectedHeader.md)
- [Decoding JWT Claims Set](docs/util/decode_jwt/functions/decodeJwt.md) prior to its validation
### Encrypted JSON Web Tokens
The `jose` module supports encrypted JSON Web Tokens and provides functionality for encrypting and decrypting tokens, as well as their JWT Claims Set validation.
- [Decryption & JWT Claims Set Validation](docs/jwt/decrypt/functions/jwtDecrypt.md) using the `jwtDecrypt` function
- [Encryption](docs/jwt/encrypt/classes/EncryptJWT.md) using the `EncryptJWT` class
- Utility functions
- [Decoding Token's Protected Header](docs/util/decode_protected_header/functions/decodeProtectedHeader.md)
### Key Utilities
The `jose` module supports importing, exporting, and generating keys and secrets in various formats, including PEM formats like SPKI, X.509 certificate, and PKCS #8, as well as JSON Web Key (JWK).
- Key Import Functions
- [JWK Import](docs/key/import/functions/importJWK.md)
- [Public Key Import (SPKI)](docs/key/import/functions/importSPKI.md)
- [Public Key Import (X.509 Certificate)](docs/key/import/functions/importX509.md)
- [Private Key Import (PKCS #8)](docs/key/import/functions/importPKCS8.md)
- Key and Secret Generation Functions
- [Asymmetric Key Pair Generation](docs/key/generate_key_pair/functions/generateKeyPair.md)
- [Symmetric Secret Generation](docs/key/generate_secret/functions/generateSecret.md)
- Key Export Functions
- [JWK Export](docs/key/export/functions/exportJWK.md)
- [Private Key Export](docs/key/export/functions/exportPKCS8.md)
- [Public Key Export](docs/key/export/functions/exportSPKI.md)
### JSON Web Signature (JWS)
The `jose` module supports signing and verification of JWS messages with arbitrary payloads in Compact, Flattened JSON, and General JSON serialization syntaxes.
- Signing - [Compact](docs/jws/compact/sign/classes/CompactSign.md), [Flattened JSON](docs/jws/flattened/sign/classes/FlattenedSign.md), [General JSON](docs/jws/general/sign/classes/GeneralSign.md)
- Verification - [Compact](docs/jws/compact/verify/functions/compactVerify.md), [Flattened JSON](docs/jws/flattened/verify/functions/flattenedVerify.md), [General JSON](docs/jws/general/verify/functions/generalVerify.md)
- [Using a remote JSON Web Key Set (JWKS)](docs/jwks/remote/functions/createRemoteJWKSet.md)
- [Using a local JSON Web Key Set (JWKS)](docs/jwks/local/functions/createLocalJWKSet.md)
- Utility functions
- [Decoding Token's Protected Header](docs/util/decode_protected_header/functions/decodeProtectedHeader.md)
### JSON Web Encryption (JWE)
The `jose` module supports encryption and decryption of JWE messages with arbitrary plaintext in Compact, Flattened JSON, and General JSON serialization syntaxes.
- Encryption - [Compact](docs/jwe/compact/encrypt/classes/CompactEncrypt.md), [Flattened JSON](docs/jwe/flattened/encrypt/classes/FlattenedEncrypt.md), [General JSON](docs/jwe/general/encrypt/classes/GeneralEncrypt.md)
- Decryption - [Compact](docs/jwe/compact/decrypt/functions/compactDecrypt.md), [Flattened JSON](docs/jwe/flattened/decrypt/functions/flattenedDecrypt.md), [General JSON](docs/jwe/general/decrypt/functions/generalDecrypt.md)
- Utility functions
- [Decoding Token's Protected Header](docs/util/decode_protected_header/functions/decodeProtectedHeader.md)
### Other
The following are additional features and utilities provided by the `jose` module:
- [Calculating JWK Thumbprint](docs/jwk/thumbprint/functions/calculateJwkThumbprint.md)
- [Calculating JWK Thumbprint URI](docs/jwk/thumbprint/functions/calculateJwkThumbprintUri.md)
- [Verification using a JWK Embedded in a JWS Header](docs/jwk/embedded/functions/EmbeddedJWK.md)
- [Unsecured JWT](docs/jwt/unsecured/classes/UnsecuredJWT.md)
- [JOSE Errors](docs/util/errors/README.md)
## Supported Runtimes
The `jose` module is compatible with JavaScript runtimes that support the utilized Web API globals and standard built-in objects or are Node.js.
The following runtimes are supported _(this is not an exhaustive list)_:
- [Bun](https://github.com/panva/jose/issues/471)
- [Browsers](https://github.com/panva/jose/issues/263)
- [Cloudflare Workers](https://github.com/panva/jose/issues/265)
- [Deno](https://github.com/panva/jose/issues/266)
- [Electron](https://github.com/panva/jose/issues/264)
- [Node.js](https://github.com/panva/jose/issues/262)
Please note that certain algorithms may not be available depending on the runtime used. You can find a list of available algorithms for each runtime in the specific issue links provided above.
## Supported Versions
| Version | Security Fixes 🔑 | Other Bug Fixes 🐞 | New Features ⭐ | Runtime and Module type |
| ----------------------------------------------- | ----------------- | ------------------ | --------------- | ------------------------------- |
| [v6.x](https://github.com/panva/jose/tree/v6.x) | [Security Policy] | ✅ | ✅ | Universal[^universal] ESM[^cjs] |
| [v5.x](https://github.com/panva/jose/tree/v5.x) | [Security Policy] | ❌ | ❌ | Universal[^universal] CJS + ESM |
| [v4.x](https://github.com/panva/jose/tree/v4.x) | [Security Policy] | ❌ | ❌ | Universal[^universal] CJS + ESM |
| [v2.x](https://github.com/panva/jose/tree/v2.x) | [Security Policy] | ❌ | ❌ | Node.js CJS |
## Specifications
<details>
<summary>Details</summary>
- JSON Web Signature (JWS) - [RFC7515](https://www.rfc-editor.org/rfc/rfc7515)
- JSON Web Encryption (JWE) - [RFC7516](https://www.rfc-editor.org/rfc/rfc7516)
- JSON Web Key (JWK) - [RFC7517](https://www.rfc-editor.org/rfc/rfc7517)
- JSON Web Algorithms (JWA) - [RFC7518](https://www.rfc-editor.org/rfc/rfc7518)
- JSON Web Token (JWT) - [RFC7519](https://www.rfc-editor.org/rfc/rfc7519)
- JSON Web Key Thumbprint - [RFC7638](https://www.rfc-editor.org/rfc/rfc7638)
- JSON Web Key Thumbprint URI - [RFC9278](https://www.rfc-editor.org/rfc/rfc9278)
- JWS Unencoded Payload Option - [RFC7797](https://www.rfc-editor.org/rfc/rfc7797)
- CFRG Elliptic Curve ECDH and Signatures - [RFC8037](https://www.rfc-editor.org/rfc/rfc8037)
- Fully-Specified Algorithms for JOSE - [RFC9864](https://www.rfc-editor.org/rfc/rfc9864.html)
- ML-DSA for JOSE - [draft-ietf-cose-dilithium-10](https://www.ietf.org/archive/id/draft-ietf-cose-dilithium-10.html)
The algorithm implementations in `jose` have been tested using test vectors from their respective specifications as well as [RFC7520](https://www.rfc-editor.org/rfc/rfc7520).
</details>
[sponsor-auth0]: https://a0.to/signup/panva
[WebCryptoAPI]: https://w3c.github.io/webcrypto/
[Fetch API]: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API
[Security Policy]: https://github.com/panva/jose/security/policy
[^cjs]: CJS style `let jose = require('jose')` is possible in Node.js versions where the `require(esm)` feature is enabled by default (^20.19.0 || ^22.12.0 || >= 23.0.0).
[^universal]: Assumes runtime support of [WebCryptoAPI][] and [Fetch API][]
================================================
FILE: SECURITY.md
================================================
# Security Policy
## Supported Versions
The following major versions are currently supported with security updates.
| Version | End-of-life |
| ----------------------------------------------- | ----------- |
| [v6.x](https://github.com/panva/jose/tree/v6.x) | TBD |
| [v5.x](https://github.com/panva/jose/tree/v5.x) | 2026-04-30 |
| [v4.x](https://github.com/panva/jose/tree/v4.x) | 2026-04-30 |
| [v2.x](https://github.com/panva/jose/tree/v2.x) | 2026-04-30 |
End-of-life for the current release will be determined prior to the release of its successor.
## Reporting a Vulnerability
Vulnerabilities must be reported using the [project's security advisory](https://github.com/panva/jose/security/advisories/new).
**All vulnerability reports MUST be submitted through the channel listed above.** This allows the maintainers to assess the report, collaborate on remediation, and coordinate disclosure in a responsible manner.
CVE identifiers for confirmed vulnerabilities will only be requested by the maintainers through the GitHub Security Advisory process. Vulnerability reports submitted directly to third-party CVE Numbering Authorities (CNAs), such as MITRE, without first being reported and confirmed through this project's documented channel will be considered as not following the coordinated disclosure process. The maintainers reserve the right to request rejection or dispute of any CVE entry that was assigned without prior coordinated disclosure with the project.
## Threat Model
This section documents the threat model for `jose`, a JavaScript implementation of JSON Object Signing and Encryption standards including [JSON Web Token (JWT) - RFC 7519](https://www.rfc-editor.org/rfc/rfc7519), [JSON Web Signature (JWS) - RFC 7515](https://www.rfc-editor.org/rfc/rfc7515), [JSON Web Encryption (JWE) - RFC 7516](https://www.rfc-editor.org/rfc/rfc7516), [JSON Web Key (JWK) - RFC 7517](https://www.rfc-editor.org/rfc/rfc7517), and [JSON Web Algorithms (JWA) - RFC 7518](https://www.rfc-editor.org/rfc/rfc7518).
### Purpose and Intended Users
This library is intended for general application developers, cryptography practitioners, and anyone needing JOSE functionality in JavaScript runtimes (Node.js, browsers, Cloudflare Workers, Deno, Bun, and other Web-interoperable environments).
### Trust Assumptions
#### Underlying Cryptographic Primitives
This library trusts that the Web Cryptography implementations provided by the runtime are correct and secure. The library delegates all cryptographic operations (key generation, signing, verification, encryption, decryption, key derivation, etc.) to the runtime's Web Cryptography implementation and does not attempt to validate or verify the correctness of these underlying primitives.
#### Runtime Environment
The library assumes it is running in a trusted execution environment. The following are considered outside the scope of this library's threat model:
- **Prototype pollution attacks**: If an attacker can modify JavaScript prototypes, this is considered a vulnerability in the user's application code or the runtime environment, not in this library.
- **Debugger access**: If an attacker has debugger access to the running process, they can inspect memory, modify variables, and bypass security controls. This is a runtime-level compromise, not a library vulnerability.
- **Runtime compromise**: Attacks that compromise the JavaScript runtime itself (e.g., malicious runtime modifications, compromised Node.js binaries, malicious browser extensions with elevated privileges) are not considered attacks on this library.
#### Remote JWKS Sources
When using remote JSON Web Key Sets (JWKS) via `createRemoteJWKSet`, the library assumes that users configure trusted JWKS sources. The security of key material fetched from remote sources depends on the trustworthiness of those sources and the security of the transport (HTTPS).
#### Key Material
Private keys and secret key material provided by users for signing, decryption, or key management operations are considered trusted and fitting the user's own security requirements. The library does not validate that key material originates from a secure source or has been handled securely prior to being provided.
#### Key and Secret Sizes
As cryptographic requirements on key and secret sizes evolve over time, following these developments is the user's responsibility. The library implements reasonable measures where practical, but in the spirit of interoperability with other implementations, it does not enforce strict key size requirements for all algorithms. For example, the library cannot prevent use of short HMAC secret keys because such restrictions are easily sidestepped and would hinder interoperability.
#### Input Size Limits
The library does not enforce size limits on any inputs (tokens, keys, payloads, headers, etc.). It is the application's responsibility to enforce input size limits appropriate for its context before passing data to the library. Without such limits, an attacker could supply arbitrarily large inputs that consume excessive memory or processing time.
#### Side-Channel Attacks
This library delegates all cryptographic operations to the underlying Web Cryptography. Any resistance to side-channel attacks (timing attacks, cache attacks, etc.) is entirely dependent on the underlying cryptographic implementations and is outside the scope of this library.
### Security Guarantees
This library aims to provide the following security guarantees:
- **Specification compliance**: Correct implementation of the JOSE family of specifications (RFC 7515, RFC 7516, RFC 7517, RFC 7518, RFC 7519, and related RFCs), validated against test vectors from the respective specifications.
- **JWT Claims Set validation**: Proper validation of JWT claims (`exp`, `nbf`, `iat`, `aud`, `iss`, etc.) as defined by the underlying RFCs.
- **Input validation**: Validation of inputs to prevent misuse of the API.
### Out of Scope
#### Key Management
This library does not handle key storage. Users are responsible for securely storing, managing, and distributing cryptographic keys.
#### Memory Clearing
This library does not guarantee that key material or other sensitive data is cleared from memory after use. As long as the user retains references to key objects, the key material may remain in memory. Secure memory management is the responsibility of the user and the runtime environment.
### Threat Actors and Security Properties
This library aims to provide the security properties defined by the JOSE specifications. For detailed security considerations, refer to the Security Considerations sections in [RFC 7515 (JWS)](https://www.rfc-editor.org/rfc/rfc7515#section-10), [RFC 7516 (JWE)](https://www.rfc-editor.org/rfc/rfc7516#section-11), [RFC 7517 (JWK)](https://www.rfc-editor.org/rfc/rfc7517#section-9), [RFC 7518 (JWA)](https://www.rfc-editor.org/rfc/rfc7518#section-8), and [RFC 7519 (JWT)](https://www.rfc-editor.org/rfc/rfc7519#section-8).
### What is NOT Considered a Vulnerability
The following are explicitly **not** considered vulnerabilities in this library:
- **Prototype pollution** ([CWE-1321](https://cwe.mitre.org/data/definitions/1321.html)): Attacks that exploit JavaScript prototype pollution are considered vulnerabilities in user application code or the runtime, not this library.
- **Object injection** ([CWE-915](https://cwe.mitre.org/data/definitions/915.html)): Similar to prototype pollution, object injection attacks are outside the scope of this library.
- **Debugger/inspector access** ([CWE-489](https://cwe.mitre.org/data/definitions/489.html)): If an attacker can attach a debugger to the process, they have already compromised the runtime environment.
- **Memory inspection**: Reading process memory, heap dumps, or core dumps to extract key material is a runtime-level attack.
- **Side-channel attacks** ([CWE-208](https://cwe.mitre.org/data/definitions/208.html)): Timing attacks, cache attacks, and other side-channel vulnerabilities in the underlying Web Cryptography implementations are not vulnerabilities in this library.
- **Compromised runtime environment**: Malicious or backdoored JavaScript runtimes, compromised system libraries, or tampered Web Cryptography implementations.
- **Supply chain attacks on the runtime** ([CWE-1357](https://cwe.mitre.org/data/definitions/1357.html)): Compromised Node.js binaries, malicious browser builds, or similar supply chain attacks on the execution environment.
- **Denial of service via resource exhaustion** ([CWE-400](https://cwe.mitre.org/data/definitions/400.html)): While the library validates inputs, it does not implement resource limits. Applications should implement their own rate limiting and resource management.
- **Oversized inputs** ([CWE-400](https://cwe.mitre.org/data/definitions/400.html)): The library does not enforce size limits on JWTs, JWS, JWE, JWK, or JWKS inputs. Enforcing input size limits appropriate for the application's context (e.g., limiting the size of incoming tokens or payloads before passing them to the library) is the responsibility of the application.
- **Untrusted JWKS sources**: Security issues arising from fetching keys from untrusted or compromised JWKS endpoints are the user's responsibility.
================================================
FILE: ava.config.mjs
================================================
const files = ['test/**/*.test.ts']
if ('CITGM' in process.env) {
files.push("!**/remote.test.ts")
}
export default {
extensions: {
ts: 'module',
mjs: true,
},
files,
workerThreads: false,
nodeArguments: ['--enable-source-maps'],
}
================================================
FILE: cookbook/jwe.mjs
================================================
export default [
{
title:
'https://www.rfc-editor.org/rfc/rfc7520#section-5.2 - Key Encryption using RSA-OAEP with AES-GCM',
input: {
plaintext:
'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
key: {
kty: 'RSA',
ext: false,
kid: 'samwise.gamgee@hobbiton.example',
use: 'enc',
n: 'wbdxI55VaanZXPY29Lg5hdmv2XhvqAhoxUkanfzf2-5zVUxa6prHRrI4pP1AhoqJRlZfYtWWd5mmHRG2pAHIlh0ySJ9wi0BioZBl1XP2e-C-FyXJGcTy0HdKQWlrfhTm42EW7Vv04r4gfao6uxjLGwfpGrZLarohiWCPnkNrg71S2CuNZSQBIPGjXfkmIy2tl_VWgGnL22GplyXj5YlBLdxXp3XeStsqo571utNfoUTU8E4qdzJ3U1DItoVkPGsMwlmmnJiwA7sXRItBCivR4M5qnZtdw-7v4WuR4779ubDuJ5nalMv2S66-RPcnFAzWSKxtBDnFJJDGIUe7Tzizjg1nms0Xq_yPub_UOlWn0ec85FCft1hACpWG8schrOBeNqHBODFskYpUc2LC5JA2TaPF2dA67dg1TTsC_FupfQ2kNGcE1LgprxKHcVWYQb86B-HozjHZcqtauBzFNV5tbTuB-TpkcvJfNcFLlH3b8mb-H_ox35FjqBSAjLKyoeqfKTpVjvXhd09knwgJf6VKq6UC418_TOljMVfFTWXUxlnfhOOnzW6HSSzD1c9WrCuVzsUMv54szidQ9wf1cYWf3g5qFDxDQKis99gcDaiCAwM3yEBIzuNeeCa5dartHDb1xEB_HcHSeYbghbMjGfasvKn0aZRsnTyC0xhWBlsolZE',
e: 'AQAB',
alg: 'RSA-OAEP',
d: 'n7fzJc3_WG59VEOBTkayzuSMM780OJQuZjN_KbH8lOZG25ZoA7T4Bxcc0xQn5oZE5uSCIwg91oCt0JvxPcpmqzaJZg1nirjcWZ-oBtVk7gCAWq-B3qhfF3izlbkosrzjHajIcY33HBhsy4_WerrXg4MDNE4HYojy68TcxT2LYQRxUOCf5TtJXvM8olexlSGtVnQnDRutxEUCwiewfmmrfveEogLx9EA-KMgAjTiISXxqIXQhWUQX1G7v_mV_Hr2YuImYcNcHkRvp9E7ook0876DhkO8v4UOZLwA1OlUX98mkoqwc58A_Y2lBYbVx1_s5lpPsEqbbH-nqIjh1fL0gdNfihLxnclWtW7pCztLnImZAyeCWAG7ZIfv-Rn9fLIv9jZ6r7r-MSH9sqbuziHN2grGjD_jfRluMHa0l84fFKl6bcqN1JWxPVhzNZo01yDF-1LiQnqUYSepPf6X3a2SOdkqBRiquE6EvLuSYIDpJq3jDIsgoL8Mo1LoomgiJxUwL_GWEOGu28gplyzm-9Q0U0nyhEf1uhSR8aJAQWAiFImWH5W_IQT9I7-yrindr_2fWQ_i1UgMsGzA7aOGzZfPljRy6z-tY_KuBG00-28S_aWvjyUc-Alp8AUyKjBZ-7CWH32fGWK48j1t-zomrwjL_mnhsPbGs0c9WsWgRzI-K8gE',
p: '7_2v3OQZzlPFcHyYfLABQ3XP85Es4hCdwCkbDeltaUXgVy9l9etKghvM4hRkOvbb01kYVuLFmxIkCDtpi-zLCYAdXKrAK3PtSbtzld_XZ9nlsYa_QZWpXB_IrtFjVfdKUdMz94pHUhFGFj7nr6NNxfpiHSHWFE1zD_AC3mY46J961Y2LRnreVwAGNw53p07Db8yD_92pDa97vqcZOdgtybH9q6uma-RFNhO1AoiJhYZj69hjmMRXx-x56HO9cnXNbmzNSCFCKnQmn4GQLmRj9sfbZRqL94bbtE4_e0Zrpo8RNo8vxRLqQNwIy85fc6BRgBJomt8QdQvIgPgWCv5HoQ',
q: 'zqOHk1P6WN_rHuM7ZF1cXH0x6RuOHq67WuHiSknqQeefGBA9PWs6ZyKQCO-O6mKXtcgE8_Q_hA2kMRcKOcvHil1hqMCNSXlflM7WPRPZu2qCDcqssd_uMbP-DqYthH_EzwL9KnYoH7JQFxxmcv5An8oXUtTwk4knKjkIYGRuUwfQTus0w1NfjFAyxOOiAQ37ussIcE6C6ZSsM3n41UlbJ7TCqewzVJaPJN5cxjySPZPD3Vp01a9YgAD6a3IIaKJdIxJS1ImnfPevSJQBE79-EXe2kSwVgOzvt-gsmM29QQ8veHy4uAqca5dZzMs7hkkHtw1z0jHV90epQJJlXXnH8Q',
dp: '19oDkBh1AXelMIxQFm2zZTqUhAzCIr4xNIGEPNoDt1jK83_FJA-xnx5kA7-1erdHdms_Ef67HsONNv5A60JaR7w8LHnDiBGnjdaUmmuO8XAxQJ_ia5mxjxNjS6E2yD44USo2JmHvzeeNczq25elqbTPLhUpGo1IZuG72FZQ5gTjXoTXC2-xtCDEUZfaUNh4IeAipfLugbpe0JAFlFfrTDAMUFpC3iXjxqzbEanflwPvj6V9iDSgjj8SozSM0dLtxvu0LIeIQAeEgT_yXcrKGmpKdSO08kLBx8VUjkbv_3Pn20Gyu2YEuwpFlM_H1NikuxJNKFGmnAq9LcnwwT0jvoQ',
dq: 'S6p59KrlmzGzaQYQM3o0XfHCGvfqHLYjCO557HYQf72O9kLMCfd_1VBEqeD-1jjwELKDjck8kOBl5UvohK1oDfSP1DleAy-cnmL29DqWmhgwM1ip0CCNmkmsmDSlqkUXDi6sAaZuntyukyflI-qSQ3C_BafPyFaKrt1fgdyEwYa08pESKwwWisy7KnmoUvaJ3SaHmohFS78TJ25cfc10wZ9hQNOrIChZlkiOdFCtxDqdmCqNacnhgE3bZQjGp3n83ODSz9zwJcSUvODlXBPc2AycH6Ci5yjbxt4Ppox_5pjm6xnQkiPgj01GpsUssMmBN7iHVsrE7N2iznBNCeOUIQ',
qi: 'FZhClBMywVVjnuUud-05qd5CYU0dK79akAgy9oX6RX6I3IIIPckCciRrokxglZn-omAY5CnCe4KdrnjFOT5YUZE7G_Pg44XgCXaarLQf4hl80oPEf6-jJ5Iy6wPRx7G2e8qLxnh9cOdf-kRqgOS3F48Ucvw3ma5V6KGMwQqWFeV31XtZ8l5cVI-I3NzBS7qltpUVgz2Ju021eyc7IlqgzR98qKONl27DuEES0aK0WE97jnsyO27Yp88Wa2RiBrEocM89QZI1seJiGDizHRUP4UZxw9zsXww46wy0P6f9grnYp7t8LkyDDk8eoI4KX6SNMNVcyVS9IWjlq8EzqZEKIA',
},
alg: 'RSA-OAEP',
enc: 'A256GCM',
},
generated: {
cek: 'mYMfsggkTAm0TbvtlFh2hyoXnbEzJQjMxmgLN3d8xXA',
iv: '-nBoKLH0YkLZPSI9',
},
encrypting_key: {},
encrypting_content: {
protected: {
alg: 'RSA-OAEP',
kid: 'samwise.gamgee@hobbiton.example',
enc: 'A256GCM',
},
},
output: {
compact:
'eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0.rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8BpxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDRs.-nBoKLH0YkLZPSI9.o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw.UCGiqJxhBI3IFVdPalHHvA',
json: {
recipients: [
{
encrypted_key:
'rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8BpxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDRs',
},
],
protected:
'eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0',
iv: '-nBoKLH0YkLZPSI9',
ciphertext:
'o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw',
tag: 'UCGiqJxhBI3IFVdPalHHvA',
},
json_flat: {
protected:
'eyJhbGciOiJSU0EtT0FFUCIsImtpZCI6InNhbXdpc2UuZ2FtZ2VlQGhvYmJpdG9uLmV4YW1wbGUiLCJlbmMiOiJBMjU2R0NNIn0',
encrypted_key:
'rT99rwrBTbTI7IJM8fU3Eli7226HEB7IchCxNuh7lCiud48LxeolRdtFF4nzQibeYOl5S_PJsAXZwSXtDePz9hk-BbtsTBqC2UsPOdwjC9NhNupNNu9uHIVftDyucvI6hvALeZ6OGnhNV4v1zx2k7O1D89mAzfw-_kT3tkuorpDU-CpBENfIHX1Q58-Aad3FzMuo3Fn9buEP2yXakLXYa15BUXQsupM4A1GD4_H4Bd7V3u9h8Gkg8BpxKdUV9ScfJQTcYm6eJEBz3aSwIaK4T3-dwWpuBOhROQXBosJzS1asnuHtVMt2pKIIfux5BC6huIvmY7kzV7W7aIUrpYm_3H4zYvyMeq5pGqFmW2k8zpO878TRlZx7pZfPYDSXZyS0CfKKkMozT_qiCwZTSz4duYnt8hS4Z9sGthXn9uDqd6wycMagnQfOTs_lycTWmY-aqWVDKhjYNRf03NiwRtb5BE-tOdFwCASQj3uuAgPGrO2AWBe38UjQb0lvXn1SpyvYZ3WFc7WOJYaTa7A8DRn6MC6T-xDmMuxC0G7S2rscw5lQQU06MvZTlFOt0UvfuKBa03cxA_nIBIhLMjY2kOTxQMmpDPTr6Cbo8aKaOnx6ASE5Jx9paBpnNmOOKH35j_QlrQhDWUN6A2Gg8iFayJ69xDEdHAVCGRzN3woEI2ozDRs',
iv: '-nBoKLH0YkLZPSI9',
ciphertext:
'o4k2cnGN8rSSw3IDo1YuySkqeS_t2m1GXklSgqBdpACm6UJuJowOHC5ytjqYgRL-I-soPlwqMUf4UgRWWeaOGNw6vGW-xyM01lTYxrXfVzIIaRdhYtEMRBvBWbEwP7ua1DRfvaOjgZv6Ifa3brcAM64d8p5lhhNcizPersuhw5f-pGYzseva-TUaL8iWnctc-sSwy7SQmRkfhDjwbz0fz6kFovEgj64X1I5s7E6GLp5fnbYGLa1QUiML7Cc2GxgvI7zqWo0YIEc7aCflLG1-8BboVWFdZKLK9vNoycrYHumwzKluLWEbSVmaPpOslY2n525DxDfWaVFUfKQxMF56vn4B9QMpWAbnypNimbM8zVOw',
tag: 'UCGiqJxhBI3IFVdPalHHvA',
},
},
},
{
title:
'https://www.rfc-editor.org/rfc/rfc7520#section-5.3 - Key Wrap using PBES2-AES-KeyWrap with AES-CBC-HMAC-SHA2',
deterministic: true,
input: {
plaintext:
'{"keys":[{"kty":"oct","kid":"77c7e2b8-6e13-45cf-8672-617b5b45243a","use":"enc","alg":"A128GCM","k":"XctOhJAkA-pD9Lh7ZgW_2A"},{"kty":"oct","kid":"81b20965-8332-43d9-a468-82160ad91ac8","use":"enc","alg":"A128KW","k":"GZy6sIZ6wl9NJOKB-jnmVQ"},{"kty":"oct","kid":"18ec08e1-bfa9-4d95-b205-2b4dd1d4321d","use":"enc","alg":"A256GCMKW","k":"qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8"}]}',
pwd: 'entrap_o–peter_long–credit_tun',
alg: 'PBES2-HS512+A256KW',
enc: 'A128CBC-HS256',
},
generated: {
cek: 'uwsjJXaBK407Qaf0_zpcpmr1Cs0CC50hIUEyGNEt3m0',
iv: 'VBiCzVHNoLiR3F4V82uoTQ',
},
encrypting_key: {
salt: '8Q1SzinasR3xchYz6ZZcHA',
iteration_count: 8192,
},
encrypting_content: {
protected: {
alg: 'PBES2-HS512+A256KW',
p2s: '8Q1SzinasR3xchYz6ZZcHA',
p2c: 8192,
cty: 'jwk-set+json',
enc: 'A128CBC-HS256',
},
},
output: {
compact:
'eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.d3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g.VBiCzVHNoLiR3F4V82uoTQ.23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V3kobXZ77ulMwDs4p.0HlwodAhOCILG5SQ2LQ9dg',
json: {
recipients: [
{
encrypted_key: 'd3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g',
},
],
protected:
'eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0',
iv: 'VBiCzVHNoLiR3F4V82uoTQ',
ciphertext:
'23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V3kobXZ77ulMwDs4p',
tag: '0HlwodAhOCILG5SQ2LQ9dg',
},
json_flat: {
protected:
'eyJhbGciOiJQQkVTMi1IUzUxMitBMjU2S1ciLCJwMnMiOiI4UTFTemluYXNSM3hjaFl6NlpaY0hBIiwicDJjIjo4MTkyLCJjdHkiOiJqd2stc2V0K2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0',
encrypted_key: 'd3qNhUWfqheyPp4H8sjOWsDYajoej4c5Je6rlUtFPWdgtURtmeDV1g',
iv: 'VBiCzVHNoLiR3F4V82uoTQ',
ciphertext:
'23i-Tb1AV4n0WKVSSgcQrdg6GRqsUKxjruHXYsTHAJLZ2nsnGIX86vMXqIi6IRsfywCRFzLxEcZBRnTvG3nhzPk0GDD7FMyXhUHpDjEYCNA_XOmzg8yZR9oyjo6lTF6si4q9FZ2EhzgFQCLO_6h5EVg3vR75_hkBsnuoqoM3dwejXBtIodN84PeqMb6asmas_dpSsz7H10fC5ni9xIz424givB1YLldF6exVmL93R3fOoOJbmk2GBQZL_SEGllv2cQsBgeprARsaQ7Bq99tT80coH8ItBjgV08AtzXFFsx9qKvC982KLKdPQMTlVJKkqtV4Ru5LEVpBZXBnZrtViSOgyg6AiuwaS-rCrcD_ePOGSuxvgtrokAKYPqmXUeRdjFJwafkYEkiuDCV9vWGAi1DH2xTafhJwcmywIyzi4BqRpmdn_N-zl5tuJYyuvKhjKv6ihbsV_k1hJGPGAxJ6wUpmwC4PTQ2izEm0TuSE8oMKdTw8V3kobXZ77ulMwDs4p',
tag: '0HlwodAhOCILG5SQ2LQ9dg',
},
},
},
{
title:
'https://www.rfc-editor.org/rfc/rfc7520#section-5.4 - Key Agreement with Key Wrapping using ECDH-ES and AES-KeyWrap with AES-GCM',
input: {
plaintext:
'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
key: {
kty: 'EC',
ext: false,
kid: 'peregrin.took@tuckborough.example',
use: 'enc',
crv: 'P-384',
x: 'YU4rRUzdmVqmRtWOs2OpDE_T5fsNIodcG8G5FWPrTPMyxpzsSOGaQLpe2FpxBmu2',
y: 'A8-yxCHxkfBz3hKZfI1jUYMjUhsEveZ9THuwFjH2sCNdtksRJU7D5-SkgaFL1ETP',
d: 'iTx2pk7wW-GqJkHcEkFQb2EFyYcO7RugmaW3mRrQVAOUiPommT0IdnYK2xDlZh-j',
},
alg: 'ECDH-ES+A128KW',
enc: 'A128GCM',
},
generated: {
cek: 'Nou2ueKlP70ZXDbq9UrRwg',
iv: 'mH-G2zVqgztUtnW_',
},
encrypting_key: {
epk: {
kty: 'EC',
crv: 'P-384',
x: 'uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6iuEDsQ6wNdNg3',
y: 'sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQTA-JdaY8tb7E0',
d: 'D5H4Y_5PSKZvhfVFbcCYJOtcGZygRgfZkpsBr59Icmmhe9sW6nkZ8WfwhinUfWJg',
},
},
encrypting_content: {
protected: {
alg: 'ECDH-ES+A128KW',
kid: 'peregrin.took@tuckborough.example',
epk: {
kty: 'EC',
crv: 'P-384',
x: 'uBo4kHPw6kbjx5l0xowrd_oYzBmaz-GKFZu4xAFFkbYiWgutEK6iuEDsQ6wNdNg3',
y: 'sp3p5SGhZVC2faXumI-e9JU2Mo8KpoYrFDr5yPNVtW4PgEwZOyQTA-JdaY8tb7E0',
},
enc: 'A128GCM',
},
},
output: {
compact:
'eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0.0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2.mH-G2zVqgztUtnW_.tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ.WuGzxmcreYjpHGJoa17EBg',
json: {
recipients: [
{
encrypted_key: '0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2',
},
],
protected:
'eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0',
iv: 'mH-G2zVqgztUtnW_',
ciphertext:
'tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ',
tag: 'WuGzxmcreYjpHGJoa17EBg',
},
json_flat: {
protected:
'eyJhbGciOiJFQ0RILUVTK0ExMjhLVyIsImtpZCI6InBlcmVncmluLnRvb2tAdHVja2Jvcm91Z2guZXhhbXBsZSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InVCbzRrSFB3Nmtiang1bDB4b3dyZF9vWXpCbWF6LUdLRlp1NHhBRkZrYllpV2d1dEVLNml1RURzUTZ3TmROZzMiLCJ5Ijoic3AzcDVTR2haVkMyZmFYdW1JLWU5SlUyTW84S3BvWXJGRHI1eVBOVnRXNFBnRXdaT3lRVEEtSmRhWTh0YjdFMCJ9LCJlbmMiOiJBMTI4R0NNIn0',
encrypted_key: '0DJjBXri_kBcC46IkU5_Jk9BqaQeHdv2',
iv: 'mH-G2zVqgztUtnW_',
ciphertext:
'tkZuOO9h95OgHJmkkrfLBisku8rGf6nzVxhRM3sVOhXgz5NJ76oID7lpnAi_cPWJRCjSpAaUZ5dOR3Spy7QuEkmKx8-3RCMhSYMzsXaEwDdXta9Mn5B7cCBoJKB0IgEnj_qfo1hIi-uEkUpOZ8aLTZGHfpl05jMwbKkTe2yK3mjF6SBAsgicQDVCkcY9BLluzx1RmC3ORXaM0JaHPB93YcdSDGgpgBWMVrNU1ErkjcMqMoT_wtCex3w03XdLkjXIuEr2hWgeP-nkUZTPU9EoGSPj6fAS-bSz87RCPrxZdj_iVyC6QWcqAu07WNhjzJEPc4jVntRJ6K53NgPQ5p99l3Z408OUqj4ioYezbS6vTPlQ',
tag: 'WuGzxmcreYjpHGJoa17EBg',
},
},
},
{
title:
'https://www.rfc-editor.org/rfc/rfc7520#section-5.5 - Key Agreement using ECDH-ES with AES-CBC-HMAC-SHA2',
input: {
plaintext:
'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
key: {
kty: 'EC',
ext: false,
kid: 'meriadoc.brandybuck@buckland.example',
use: 'enc',
crv: 'P-256',
x: 'Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0',
y: 'HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw',
d: 'r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8',
},
alg: 'ECDH-ES',
enc: 'A128CBC-HS256',
},
generated: {
iv: 'yc9N8v5sYyv3iGQT926IUg',
},
encrypting_key: {
epk: {
kty: 'EC',
crv: 'P-256',
x: 'mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA',
y: '8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs',
d: 'AtH35vJsQ9SGjYfOsjUxYXQKrPH3FjZHmEtSKoSN8cM',
},
cek: 'hzHdlfQIAEehb8Hrd_mFRhKsKLEzPfshfXs9l6areCc',
},
encrypting_content: {
protected: {
alg: 'ECDH-ES',
kid: 'meriadoc.brandybuck@buckland.example',
epk: {
kty: 'EC',
crv: 'P-256',
x: 'mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA',
y: '8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs',
},
enc: 'A128CBC-HS256',
},
},
output: {
compact:
'eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ..yc9N8v5sYyv3iGQT926IUg.BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9Csg.WCCkNa-x4BeB9hIDIfFuhg',
json: {
protected:
'eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ',
iv: 'yc9N8v5sYyv3iGQT926IUg',
ciphertext:
'BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9Csg',
tag: 'WCCkNa-x4BeB9hIDIfFuhg',
},
json_flat: {
protected:
'eyJhbGciOiJFQ0RILUVTIiwia2lkIjoibWVyaWFkb2MuYnJhbmR5YnVja0BidWNrbGFuZC5leGFtcGxlIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibVBVS1RfYkFXR0hJaGcwVHBqanFWc1AxclhXUXVfdndWT0hIdE5rZFlvQSIsInkiOiI4QlFBc0ltR2VBUzQ2ZnlXdzVNaFlmR1RUMElqQnBGdzJTUzM0RHY0SXJzIn0sImVuYyI6IkExMjhDQkMtSFMyNTYifQ',
iv: 'yc9N8v5sYyv3iGQT926IUg',
ciphertext:
'BoDlwPnTypYq-ivjmQvAYJLb5Q6l-F3LIgQomlz87yW4OPKbWE1zSTEFjDfhU9IPIOSA9Bml4m7iDFwA-1ZXvHteLDtw4R1XRGMEsDIqAYtskTTmzmzNa-_q4F_evAPUmwlO-ZG45Mnq4uhM1fm_D9rBtWolqZSF3xGNNkpOMQKF1Cl8i8wjzRli7-IXgyirlKQsbhhqRzkv8IcY6aHl24j03C-AR2le1r7URUhArM79BY8soZU0lzwI-sD5PZ3l4NDCCei9XkoIAfsXJWmySPoeRb2Ni5UZL4mYpvKDiwmyzGd65KqVw7MsFfI_K767G9C9Azp73gKZD0DyUn1mn0WW5LmyX_yJ-3AROq8p1WZBfG-ZyJ6195_JGG2m9Csg',
tag: 'WCCkNa-x4BeB9hIDIfFuhg',
},
},
},
{
title:
'https://www.rfc-editor.org/rfc/rfc7520#section-5.6 - Direction Encryption using AES-GCM',
deterministic: true,
input: {
plaintext:
'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
key: {
kty: 'oct',
ext: false,
kid: '77c7e2b8-6e13-45cf-8672-617b5b45243a',
use: 'enc',
alg: 'A128GCM',
k: 'XctOhJAkA-pD9Lh7ZgW_2A',
},
alg: 'dir',
enc: 'A128GCM',
},
generated: {
iv: 'refa467QzzKx6QAB',
},
encrypting_content: {
protected: {
alg: 'dir',
kid: '77c7e2b8-6e13-45cf-8672-617b5b45243a',
enc: 'A128GCM',
},
},
output: {
compact:
'eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0..refa467QzzKx6QAB.JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp.vbb32Xvllea2OtmHAdccRQ',
json: {
protected:
'eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0',
iv: 'refa467QzzKx6QAB',
ciphertext:
'JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp',
tag: 'vbb32Xvllea2OtmHAdccRQ',
},
json_flat: {
protected:
'eyJhbGciOiJkaXIiLCJraWQiOiI3N2M3ZTJiOC02ZTEzLTQ1Y2YtODY3Mi02MTdiNWI0NTI0M2EiLCJlbmMiOiJBMTI4R0NNIn0',
iv: 'refa467QzzKx6QAB',
ciphertext:
'JW_i_f52hww_ELQPGaYyeAB6HYGcR559l9TYnSovc23XJoBcW29rHP8yZOZG7YhLpT1bjFuvZPjQS-m0IFtVcXkZXdH_lr_FrdYt9HRUYkshtrMmIUAyGmUnd9zMDB2n0cRDIHAzFVeJUDxkUwVAE7_YGRPdcqMyiBoCO-FBdE-Nceb4h3-FtBP-c_BIwCPTjb9o0SbdcdREEMJMyZBH8ySWMVi1gPD9yxi-aQpGbSv_F9N4IZAxscj5g-NJsUPbjk29-s7LJAGb15wEBtXphVCgyy53CoIKLHHeJHXex45Uz9aKZSRSInZI-wjsY0yu3cT4_aQ3i1o-tiE-F8Ios61EKgyIQ4CWao8PFMj8TTnp',
tag: 'vbb32Xvllea2OtmHAdccRQ',
},
},
},
{
title:
'https://www.rfc-editor.org/rfc/rfc7520#section-5.6 - Key Wrap using AES-GCM KeyWrap with AES-CBC-HMAC-SHA2',
deterministic: true,
input: {
plaintext:
'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
key: {
kty: 'oct',
ext: false,
kid: '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d',
use: 'enc',
alg: 'A256GCMKW',
k: 'qC57l_uxcm7Nm3K-ct4GFjx8tM1U8CZ0NLBvdQstiS8',
},
alg: 'A256GCMKW',
enc: 'A128CBC-HS256',
},
generated: {
cek: 'UWxARpat23nL9ReIj4WG3D1ee9I4r-Mv5QLuFXdy_rE',
iv: 'gz6NjyEFNm_vm8Gj6FwoFQ',
},
encrypting_key: {
iv: 'KkYT0GX_2jHlfqN_',
tag: 'kfPduVQ3T3H6vnewt--ksw',
},
encrypting_content: {
protected: {
alg: 'A256GCMKW',
kid: '18ec08e1-bfa9-4d95-b205-2b4dd1d4321d',
tag: 'kfPduVQ3T3H6vnewt--ksw',
iv: 'KkYT0GX_2jHlfqN_',
enc: 'A128CBC-HS256',
},
},
output: {
compact:
'eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok.gz6NjyEFNm_vm8Gj6FwoFQ.Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3xWU.DKW7jrb4WaRSNfbXVPlT5g',
json: {
recipients: [
{
encrypted_key: 'lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok',
},
],
protected:
'eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1NiJ9',
iv: 'gz6NjyEFNm_vm8Gj6FwoFQ',
ciphertext:
'Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3xWU',
tag: 'DKW7jrb4WaRSNfbXVPlT5g',
},
json_flat: {
protected:
'eyJhbGciOiJBMjU2R0NNS1ciLCJraWQiOiIxOGVjMDhlMS1iZmE5LTRkOTUtYjIwNS0yYjRkZDFkNDMyMWQiLCJ0YWciOiJrZlBkdVZRM1QzSDZ2bmV3dC0ta3N3IiwiaXYiOiJLa1lUMEdYXzJqSGxmcU5fIiwiZW5jIjoiQTEyOENCQy1IUzI1NiJ9',
encrypted_key: 'lJf3HbOApxMEBkCMOoTnnABxs_CvTWUmZQ2ElLvYNok',
iv: 'gz6NjyEFNm_vm8Gj6FwoFQ',
ciphertext:
'Jf5p9-ZhJlJy_IQ_byKFmI0Ro7w7G1QiaZpI8OaiVgD8EqoDZHyFKFBupS8iaEeVIgMqWmsuJKuoVgzR3YfzoMd3GxEm3VxNhzWyWtZKX0gxKdy6HgLvqoGNbZCzLjqcpDiF8q2_62EVAbr2uSc2oaxFmFuIQHLcqAHxy51449xkjZ7ewzZaGV3eFqhpco8o4DijXaG5_7kp3h2cajRfDgymuxUbWgLqaeNQaJtvJmSMFuEOSAzw9Hdeb6yhdTynCRmu-kqtO5Dec4lT2OMZKpnxc_F1_4yDJFcqb5CiDSmA-psB2k0JtjxAj4UPI61oONK7zzFIu4gBfjJCndsZfdvG7h8wGjV98QhrKEnR7xKZ3KCr0_qR1B-gxpNk3xWU',
tag: 'DKW7jrb4WaRSNfbXVPlT5g',
},
},
},
{
title:
'https://www.rfc-editor.org/rfc/rfc7520#section-5.8 - Key Wrap using AES-KeyWrap with AES-GCM',
deterministic: true,
input: {
plaintext:
'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
key: {
kty: 'oct',
ext: false,
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
use: 'enc',
alg: 'A128KW',
k: 'GZy6sIZ6wl9NJOKB-jnmVQ',
},
alg: 'A128KW',
enc: 'A128GCM',
},
generated: {
cek: 'aY5_Ghmk9KxWPBLu_glx1w',
iv: 'Qx0pmsDa8KnJc9Jo',
},
encrypting_key: {},
encrypting_content: {
protected: {
alg: 'A128KW',
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
enc: 'A128GCM',
},
},
output: {
compact:
'eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0.CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx.Qx0pmsDa8KnJc9Jo.AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF.ER7MWJZ1FBI_NKvn7Zb1Lw',
json: {
recipients: [
{
encrypted_key: 'CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx',
},
],
protected:
'eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0',
iv: 'Qx0pmsDa8KnJc9Jo',
ciphertext:
'AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF',
tag: 'ER7MWJZ1FBI_NKvn7Zb1Lw',
},
json_flat: {
protected:
'eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0',
encrypted_key: 'CBI6oDw8MydIx1IBntf_lQcw2MmJKIQx',
iv: 'Qx0pmsDa8KnJc9Jo',
ciphertext:
'AwliP-KmWgsZ37BvzCefNen6VTbRK3QMA4TkvRkH0tP1bTdhtFJgJxeVmJkLD61A1hnWGetdg11c9ADsnWgL56NyxwSYjU1ZEHcGkd3EkU0vjHi9gTlb90qSYFfeF0LwkcTtjbYKCsiNJQkcIp1yeM03OmuiYSoYJVSpf7ej6zaYcMv3WwdxDFl8REwOhNImk2Xld2JXq6BR53TSFkyT7PwVLuq-1GwtGHlQeg7gDT6xW0JqHDPn_H-puQsmthc9Zg0ojmJfqqFvETUxLAF-KjcBTS5dNy6egwkYtOt8EIHK-oEsKYtZRaa8Z7MOZ7UGxGIMvEmxrGCPeJa14slv2-gaqK0kEThkaSqdYw0FkQZF',
tag: 'ER7MWJZ1FBI_NKvn7Zb1Lw',
},
},
},
{
title: 'https://www.rfc-editor.org/rfc/rfc7520#section-5.9 - Compressed Content',
deterministic: false, // https://www.rfc-editor.org/errata/eid7680
input: {
plaintext:
'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
key: {
kty: 'oct',
ext: false,
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
use: 'enc',
alg: 'A128KW',
k: 'GZy6sIZ6wl9NJOKB-jnmVQ',
},
alg: 'A128KW',
enc: 'A128GCM',
zip: 'DEF',
},
generated: {
plaintext_c:
'bY_BDcIwDEVX-QNU3QEOrIA4pqlDokYxchxVvbEDGzIJbioOSJwc-f___HPjBu8KVFpVtAplVE1-wZo0YjNZo3C7R5v72pV5f5X382VWjYQpqZKAyjziZOr2B7kQPSy6oZIXUnDYbVKN4jNXi2u0yB7t1qSHTjmMODf9QgvrDzfTIQXnyQRuUya4zIWG3vTOdir0v7BRHFYWq3k1k1A_gSDJqtcBF-GZxw8',
cek: 'hC-MpLZSuwWv8sexS6ydfw',
iv: 'p9pUq6XHY0jfEZIl',
},
encrypting_key: {},
encrypting_content: {
protected: {
alg: 'A128KW',
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
enc: 'A128GCM',
zip: 'DEF',
},
},
output: {
compact:
'eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0.5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi.p9pUq6XHY0jfEZIl.HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw.VILuUwuIxaLVmh5X-T7kmA',
json: {
recipients: [
{
encrypted_key: '5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi',
},
],
protected:
'eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0',
iv: 'p9pUq6XHY0jfEZIl',
ciphertext:
'HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw',
tag: 'VILuUwuIxaLVmh5X-T7kmA',
},
json_flat: {
protected:
'eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIiwiemlwIjoiREVGIn0',
encrypted_key: '5vUT2WOtQxKWcekM_IzVQwkGgzlFDwPi',
iv: 'p9pUq6XHY0jfEZIl',
ciphertext:
'HbDtOsdai1oYziSx25KEeTxmwnh8L8jKMFNc1k3zmMI6VB8hry57tDZ61jXyezSPt0fdLVfe6Jf5y5-JaCap_JQBcb5opbmT60uWGml8blyiMQmOn9J--XhhlYg0m-BHaqfDO5iTOWxPxFMUedx7WCy8mxgDHj0aBMG6152PsM-w5E_o2B3jDbrYBKhpYA7qi3AyijnCJ7BP9rr3U8kxExCpG3mK420TjOw',
tag: 'VILuUwuIxaLVmh5X-T7kmA',
},
},
},
{
title:
'https://www.rfc-editor.org/rfc/rfc7520#section-5.10 - Including Additional Authenticated Data',
deterministic: true,
input: {
plaintext:
'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
key: {
kty: 'oct',
ext: false,
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
use: 'enc',
alg: 'A128KW',
k: 'GZy6sIZ6wl9NJOKB-jnmVQ',
},
alg: 'A128KW',
enc: 'A128GCM',
aad: '["vcard",[["version",{},"text","4.0"],["fn",{},"text","Meriadoc Brandybuck"],["n",{},"text",["Brandybuck","Meriadoc","Mr.",""]],["bday",{},"text","TA 2982"],["gender",{},"text","M"]]]',
},
generated: {
cek: '75m1ALsYv10pZTKPWrsqdg',
iv: 'veCx9ece2orS7c_N',
aad_b64u:
'WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d',
},
encrypting_key: {},
encrypting_content: {
protected: {
alg: 'A128KW',
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
enc: 'A128GCM',
},
},
output: {
json: {
recipients: [
{
encrypted_key: '4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X',
},
],
protected:
'eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0',
iv: 'veCx9ece2orS7c_N',
aad: 'WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d',
ciphertext:
'Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fzOI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrsLNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV',
tag: 'vOaH_Rajnpy_3hOtqvZHRA',
},
json_flat: {
protected:
'eyJhbGciOiJBMTI4S1ciLCJraWQiOiI4MWIyMDk2NS04MzMyLTQzZDktYTQ2OC04MjE2MGFkOTFhYzgiLCJlbmMiOiJBMTI4R0NNIn0',
encrypted_key: '4YiiQ_ZzH76TaIkJmYfRFgOV9MIpnx4X',
aad: 'WyJ2Y2FyZCIsW1sidmVyc2lvbiIse30sInRleHQiLCI0LjAiXSxbImZuIix7fSwidGV4dCIsIk1lcmlhZG9jIEJyYW5keWJ1Y2siXSxbIm4iLHt9LCJ0ZXh0IixbIkJyYW5keWJ1Y2siLCJNZXJpYWRvYyIsIk1yLiIsIiJdXSxbImJkYXkiLHt9LCJ0ZXh0IiwiVEEgMjk4MiJdLFsiZ2VuZGVyIix7fSwidGV4dCIsIk0iXV1d',
iv: 'veCx9ece2orS7c_N',
ciphertext:
'Z_3cbr0k3bVM6N3oSNmHz7Lyf3iPppGf3Pj17wNZqteJ0Ui8p74SchQP8xygM1oFRWCNzeIa6s6BcEtp8qEFiqTUEyiNkOWDNoF14T_4NFqF-p2Mx8zkbKxI7oPK8KNarFbyxIDvICNqBLba-v3uzXBdB89fzOI-Lv4PjOFAQGHrgv1rjXAmKbgkft9cB4WeyZw8MldbBhc-V_KWZslrsLNygon_JJWd_ek6LQn5NRehvApqf9ZrxB4aq3FXBxOxCys35PhCdaggy2kfUfl2OkwKnWUbgXVD1C6HxLIlqHhCwXDG59weHrRDQeHyMRoBljoV3X_bUTJDnKBFOod7nLz-cj48JMx3SnCZTpbQAkFV',
tag: 'vOaH_Rajnpy_3hOtqvZHRA',
},
},
},
{
title:
'https://www.rfc-editor.org/rfc/rfc7520#section-5.11 - Protecting Specific Header Fields',
deterministic: true,
input: {
plaintext:
'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
key: {
kty: 'oct',
ext: false,
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
use: 'enc',
alg: 'A128KW',
k: 'GZy6sIZ6wl9NJOKB-jnmVQ',
},
alg: 'A128KW',
enc: 'A128GCM',
},
generated: {
cek: 'WDgEptBmQs9ouUvArz6x6g',
iv: 'WgEJsDS9bkoXQ3nR',
},
encrypting_key: {},
encrypting_content: {
protected: {
enc: 'A128GCM',
},
unprotected: {
alg: 'A128KW',
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
},
},
output: {
json: {
recipients: [
{
encrypted_key: 'jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H',
},
],
unprotected: {
alg: 'A128KW',
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
},
protected: 'eyJlbmMiOiJBMTI4R0NNIn0',
iv: 'WgEJsDS9bkoXQ3nR',
ciphertext:
'lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2DM3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9OCCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf',
tag: 'fNYLqpUe84KD45lvDiaBAQ',
},
json_flat: {
protected: 'eyJlbmMiOiJBMTI4R0NNIn0',
unprotected: {
alg: 'A128KW',
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
},
encrypted_key: 'jJIcM9J-hbx3wnqhf5FlkEYos0sHsF0H',
iv: 'WgEJsDS9bkoXQ3nR',
ciphertext:
'lIbCyRmRJxnB2yLQOTqjCDKV3H30ossOw3uD9DPsqLL2DM3swKkjOwQyZtWsFLYMj5YeLht_StAn21tHmQJuuNt64T8D4t6C7kC9OCCJ1IHAolUv4MyOt80MoPb8fZYbNKqplzYJgIL58g8N2v46OgyG637d6uuKPwhAnTGm_zWhqc_srOvgiLkzyFXPq1hBAURbc3-8BqeRb48iR1-_5g5UjWVD3lgiLCN_P7AW8mIiFvUNXBPJK3nOWL4teUPS8yHLbWeL83olU4UAgL48x-8dDkH23JykibVSQju-f7e-1xreHWXzWLHs1NqBbre0dEwK3HX_xM0LjUz77Krppgegoutpf5qaKg3l-_xMINmf',
tag: 'fNYLqpUe84KD45lvDiaBAQ',
},
},
},
{
title: 'https://www.rfc-editor.org/rfc/rfc7520#section-5.12 - Protecting Content Only',
deterministic: true,
input: {
plaintext:
'You can trust us to stick with you through thick and thin–to the bitter end. And you can trust us to keep any secret of yours–closer than you keep it yourself. But you cannot trust us to let you face trouble alone, and go off without a word. We are your friends, Frodo.',
key: {
kty: 'oct',
ext: false,
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
use: 'enc',
alg: 'A128KW',
k: 'GZy6sIZ6wl9NJOKB-jnmVQ',
},
alg: 'A128KW',
enc: 'A128GCM',
},
generated: {
cek: 'KBooAFl30QPV3vkcZlXnzQ',
iv: 'YihBoVOGsR1l7jCD',
},
encrypting_key: {},
encrypting_content: {
unprotected: {
alg: 'A128KW',
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
enc: 'A128GCM',
},
},
output: {
json: {
recipients: [
{
encrypted_key: '244YHfO_W7RMpQW81UjQrZcq5LSyqiPv',
},
],
unprotected: {
alg: 'A128KW',
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
enc: 'A128GCM',
},
iv: 'YihBoVOGsR1l7jCD',
ciphertext:
'qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF',
tag: 'e2m0Vm7JvjK2VpCKXS-kyg',
},
json_flat: {
unprotected: {
alg: 'A128KW',
kid: '81b20965-8332-43d9-a468-82160ad91ac8',
enc: 'A128GCM',
},
encrypted_key: '244YHfO_W7RMpQW81UjQrZcq5LSyqiPv',
iv: 'YihBoVOGsR1l7jCD',
ciphertext:
'qtPIMMaOBRgASL10dNQhOa7Gqrk7Eal1vwht7R4TT1uq-arsVCPaIeFwQfzrSS6oEUWbBtxEasE0vC6r7sphyVziMCVJEuRJyoAHFSP3eqQPb4Ic1SDSqyXjw_L3svybhHYUGyQuTmUQEDjgjJfBOifwHIsDsRPeBz1NomqeifVPq5GTCWFo5k_MNIQURR2Wj0AHC2k7JZfu2iWjUHLF8ExFZLZ4nlmsvJu_mvifMYiikfNfsZAudISOa6O73yPZtL04k_1FI7WDfrb2w7OqKLWDXzlpcxohPVOLQwpA3mFNRKdY-bQz4Z4KX9lfz1cne31N4-8BKmojpw-OdQjKdLOGkC445Fb_K1tlDQXw2sBF',
tag: 'e2m0Vm7JvjK2VpCKXS-kyg',
},
},
},
]
================================================
FILE: cookbook/jws.mjs
================================================
export default [
{
title: 'https://www.rfc-editor.org/rfc/rfc7520#section-4.1 - RSA v1.5 Signature',
deterministic: true,
input: {
payload:
"It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there’s no knowing where you might be swept off to.",
key: {
kty: 'RSA',
ext: false,
kid: 'bilbo.baggins@hobbiton.example',
use: 'sig',
n: 'n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw',
e: 'AQAB',
d: 'bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78eiZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRldY7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-bMwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDjd18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOcOpBrQzwQ',
p: '3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nRaO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmGpeNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8bUq0k',
q: 'uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7anV5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0s7pFc',
dp: 'B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn-RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX59ehik',
dq: 'CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pErAMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJKbi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdKT1cYF8',
qi: '3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-NZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDhjJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpPz8aaI4',
},
alg: 'RS256',
},
signing: {
protected: {
alg: 'RS256',
kid: 'bilbo.baggins@hobbiton.example',
},
},
output: {
compact:
'eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4.MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg',
json: {
payload:
'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4',
signatures: [
{
protected: 'eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9',
signature:
'MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg',
},
],
},
json_flat: {
payload:
'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4',
protected: 'eyJhbGciOiJSUzI1NiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9',
signature:
'MRjdkly7_-oTPTS3AXP41iQIGKa80A0ZmTuV5MEaHoxnW2e5CZ5NlKtainoFmKZopdHM1O2U4mwzJdQx996ivp83xuglII7PNDi84wnB-BDkoBwA78185hX-Es4JIwmDLJK3lfWRa-XtL0RnltuYv746iYTh_qHRD68BNt1uSNCrUCTJDt5aAE6x8wW1Kt9eRo4QPocSadnHXFxnt8Is9UzpERV0ePPQdLuW3IS_de3xyIrDaLGdjluPxUAhb6L2aXic1U12podGU0KLUQSE_oI-ZnmKJ3F4uOZDnd6QZWJushZ41Axf_fcIe8u9ipH84ogoree7vjbU5y18kDquDg',
},
},
},
{
title: 'https://www.rfc-editor.org/rfc/rfc8037#appendix-A.4 - Ed25519 Signing',
deterministic: false, // https://github.com/WICG/webcrypto-secure-curves/issues/28
input: {
payload: 'Example of Ed25519 signing',
key: {
kty: 'OKP',
ext: false,
crv: 'Ed25519',
d: 'nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A',
x: '11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo',
},
alg: 'EdDSA',
},
signing: {
protected: {
alg: 'EdDSA',
},
},
output: {
compact:
'eyJhbGciOiJFZERTQSJ9.RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc.hgyY0il_MGCjP0JzlnLWG1PPOt7-09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt9g7sVvpAr_MuM0KAg',
json: {
payload: 'RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc',
signatures: [
{
protected: 'eyJhbGciOiJFZERTQSJ9',
signature:
'hgyY0il_MGCjP0JzlnLWG1PPOt7-09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt9g7sVvpAr_MuM0KAg',
},
],
},
json_flat: {
payload: 'RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc',
protected: 'eyJhbGciOiJFZERTQSJ9',
signature:
'hgyY0il_MGCjP0JzlnLWG1PPOt7-09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt9g7sVvpAr_MuM0KAg',
},
},
},
{
title: 'https://www.rfc-editor.org/rfc/rfc7520#section-4.2 - RSA-PSS Signature',
input: {
payload:
"It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there’s no knowing where you might be swept off to.",
key: {
kty: 'RSA',
ext: false,
kid: 'bilbo.baggins@hobbiton.example',
use: 'sig',
n: 'n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw',
e: 'AQAB',
d: 'bWUC9B-EFRIo8kpGfh0ZuyGPvMNKvYWNtB_ikiH9k20eT-O1q_I78eiZkpXxXQ0UTEs2LsNRS-8uJbvQ-A1irkwMSMkK1J3XTGgdrhCku9gRldY7sNA_AKZGh-Q661_42rINLRCe8W-nZ34ui_qOfkLnK9QWDDqpaIsA-bMwWWSDFu2MUBYwkHTMEzLYGqOe04noqeq1hExBTHBOBdkMXiuFhUq1BU6l-DqEiWxqg82sXt2h-LMnT3046AOYJoRioz75tSUQfGCshWTBnP5uDjd18kKhyv07lhfSJdrPdM5Plyl21hsFf4L_mHCuoFau7gdsPfHPxxjVOcOpBrQzwQ',
p: '3Slxg_DwTXJcb6095RoXygQCAZ5RnAvZlno1yhHtnUex_fp7AZ_9nRaO7HX_-SFfGQeutao2TDjDAWU4Vupk8rw9JR0AzZ0N2fvuIAmr_WCsmGpeNqQnev1T7IyEsnh8UMt-n5CafhkikzhEsrmndH6LxOrvRJlsPp6Zv8bUq0k',
q: 'uKE2dh-cTf6ERF4k4e_jy78GfPYUIaUyoSSJuBzp3Cubk3OCqs6grT8bR_cu0Dm1MZwWmtdqDyI95HrUeq3MP15vMMON8lHTeZu2lmKvwqW7anV5UzhM1iZ7z4yMkuUwFWoBvyY898EXvRD-hdqRxHlSqAZ192zB3pVFJ0s7pFc',
dp: 'B8PVvXkvJrj2L-GYQ7v3y9r6Kw5g9SahXBwsWUzp19TVlgI-YV85q1NIb1rxQtD-IsXXR3-TanevuRPRt5OBOdiMGQp8pbt26gljYfKU_E9xn-RULHz0-ed9E9gXLKD4VGngpz-PfQ_q29pk5xWHoJp009Qf1HvChixRX59ehik',
dq: 'CLDmDGduhylc9o7r84rEUVn7pzQ6PF83Y-iBZx5NT-TpnOZKF1pErAMVeKzFEl41DlHHqqBLSM0W1sOFbwTxYWZDm6sI6og5iTbwQGIC3gnJKbi_7k_vJgGHwHxgPaX2PnvP-zyEkDERuf-ry4c_Z11Cq9AqC2yeL6kdKT1cYF8',
qi: '3PiqvXQN0zwMeE-sBvZgi289XP9XCQF3VWqPzMKnIgQp7_Tugo6-NZBKCQsMf3HaEGBjTVJs_jcK8-TRXvaKe-7ZMaQj8VfBdYkssbu0NKDDhjJ-GtiseaDVWt7dcH0cfwxgFUHpQh7FoCrjFJ6h6ZEpMF6xmujs4qMpPz8aaI4',
},
alg: 'PS384',
},
signing: {
protected: {
alg: 'PS384',
kid: 'bilbo.baggins@hobbiton.example',
},
},
output: {
compact:
'eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4.cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw',
json: {
payload:
'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4',
signatures: [
{
protected: 'eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9',
signature:
'cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw',
},
],
},
json_flat: {
payload:
'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4',
protected: 'eyJhbGciOiJQUzM4NCIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9',
signature:
'cu22eBqkYDKgIlTpzDXGvaFfz6WGoz7fUDcfT0kkOy42miAh2qyBzk1xEsnk2IpN6-tPid6VrklHkqsGqDqHCdP6O8TTB5dDDItllVo6_1OLPpcbUrhiUSMxbbXUvdvWXzg-UD8biiReQFlfz28zGWVsdiNAUf8ZnyPEgVFn442ZdNqiVJRmBqrYRXe8P_ijQ7p8Vdz0TTrxUeT3lm8d9shnr2lfJT8ImUjvAA2Xez2Mlp8cBE5awDzT0qI0n6uiP1aCN_2_jLAeQTlqRHtfa64QQSUmFAAjVKPbByi7xho0uTOcbH510a6GYmJUAfmWjwZ6oD4ifKo8DYM-X72Eaw',
},
},
},
{
title: 'https://www.rfc-editor.org/rfc/rfc7520#section-4.3 - ECDSA Signature',
input: {
payload:
"It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there’s no knowing where you might be swept off to.",
key: {
kty: 'EC',
ext: false,
kid: 'bilbo.baggins@hobbiton.example',
use: 'sig',
crv: 'P-521',
x: 'AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt',
y: 'AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1',
d: 'AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zbKipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt',
},
alg: 'ES512',
},
signing: {
protected: {
alg: 'ES512',
kid: 'bilbo.baggins@hobbiton.example',
},
},
output: {
compact:
'eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4.AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2',
json: {
payload:
'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4',
signatures: [
{
protected: 'eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9',
signature:
'AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2',
},
],
},
json_flat: {
payload:
'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4',
protected: 'eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZXhhbXBsZSJ9',
signature:
'AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvbu9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kvAD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2',
},
},
},
{
title: 'https://www.rfc-editor.org/rfc/rfc7520#section-4.4 - HMAC-SHA2 Integrity Protection',
deterministic: true,
input: {
payload:
"It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there’s no knowing where you might be swept off to.",
key: {
kty: 'oct',
ext: false,
kid: '018c0ae5-4d9b-471b-bfd6-eef314bc7037',
use: 'sig',
alg: 'HS256',
k: 'hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg',
},
alg: 'HS256',
},
signing: {
protected: {
alg: 'HS256',
kid: '018c0ae5-4d9b-471b-bfd6-eef314bc7037',
},
},
output: {
compact:
'eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4.s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0',
json: {
payload:
'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4',
signatures: [
{
protected:
'eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9',
signature: 's0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0',
},
],
},
json_flat: {
payload:
'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4',
protected:
'eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9',
signature: 's0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0',
},
},
},
{
title: 'https://www.rfc-editor.org/rfc/rfc7520#section-4.6 - Protecting Specific Header Fields',
deterministic: true,
input: {
payload:
"It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there’s no knowing where you might be swept off to.",
key: {
kty: 'oct',
ext: false,
kid: '018c0ae5-4d9b-471b-bfd6-eef314bc7037',
use: 'sig',
alg: 'HS256',
k: 'hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg',
},
alg: 'HS256',
},
signing: {
protected: {
alg: 'HS256',
},
unprotected: {
kid: '018c0ae5-4d9b-471b-bfd6-eef314bc7037',
},
},
output: {
json: {
payload:
'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4',
signatures: [
{
protected: 'eyJhbGciOiJIUzI1NiJ9',
header: {
kid: '018c0ae5-4d9b-471b-bfd6-eef314bc7037',
},
signature: 'bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20',
},
],
},
json_flat: {
payload:
'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4',
protected: 'eyJhbGciOiJIUzI1NiJ9',
header: {
kid: '018c0ae5-4d9b-471b-bfd6-eef314bc7037',
},
signature: 'bWUSVaxorn7bEF1djytBd0kHv70Ly5pvbomzMWSOr20',
},
},
},
{
title: 'https://www.rfc-editor.org/rfc/rfc7520#section-4.7 - Protecting Content Only',
deterministic: true,
input: {
payload:
"It’s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there’s no knowing where you might be swept off to.",
key: {
kty: 'oct',
ext: false,
kid: '018c0ae5-4d9b-471b-bfd6-eef314bc7037',
use: 'sig',
alg: 'HS256',
k: 'hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg',
},
alg: 'HS256',
},
signing: {
unprotected: {
alg: 'HS256',
kid: '018c0ae5-4d9b-471b-bfd6-eef314bc7037',
},
},
output: {
json: {
payload:
'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4',
signatures: [
{
header: {
alg: 'HS256',
kid: '018c0ae5-4d9b-471b-bfd6-eef314bc7037',
},
signature: 'xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk',
},
],
},
json_flat: {
payload:
'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4',
header: {
alg: 'HS256',
kid: '018c0ae5-4d9b-471b-bfd6-eef314bc7037',
},
signature: 'xuLifqLGiblpv9zBpuZczWhNj1gARaLV3UxvxhJxZuk',
},
},
},
{
title: 'https://www.rfc-editor.org/rfc/rfc7797#section-4.1 - { "b64": false } JSON only',
deterministic: true,
input: {
payload: '$.02',
key: {
kty: 'oct',
ext: false,
alg: 'HS256',
k: 'AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow',
},
alg: 'HS256',
},
signing: {
protected: {
alg: 'HS256',
b64: false,
crit: ['b64'],
},
},
output: {
json: {
payload: '$.02',
signatures: [
{
protected: 'eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19',
signature: 'A5dxf2s96_n5FLueVuW1Z_vh161FwXZC4YLPff6dmDY',
},
],
},
json_flat: {
payload: '$.02',
protected: 'eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19',
signature: 'A5dxf2s96_n5FLueVuW1Z_vh161FwXZC4YLPff6dmDY',
},
},
},
{
title: 'ietf-cose-dilithium - ML-DSA-44',
deterministic: false,
input: {
payload: 'It’s a dangerous business, Frodo, going out your door.',
key: {
kty: 'AKP',
alg: 'ML-DSA-44',
pub: 'unH59k4RuutY-pxvu24U5h8YZD2rSVtHU5qRZsoBmBMcRPgmu9VuNOVdteXi1zNIXjnqJg_GAAxepLqA00Vc3lO0bzRIKu39VFD8Lhuk8l0V-cFEJC-zm7UihxiQMMUEmOFxe3x1ixkKZ0jqmqP3rKryx8tSbtcXyfea64QhT6XNje2SoMP6FViBDxLHBQo2dwjRls0k5a-XSQSu2OTOiHLoaWsLe8pQ5FLNfTDqmkrawDEdZyxr3oSWJAsHQxRjcIiVzZuvwxYy1zl2STiP2vy_fTBaPemkleynQzqPg7oPCyXEE8bjnJbrfWkbNNN8438e6tHPIX4l7zTuzz98YPhLjt_d6EBdT4MldsYe-Y4KLyjaGHcAlTkk9oa5RhRwW89T0z_t1DSO3dvfKLUGXh8gd1BD6Fz5MfgpF5NjoafnQEqDjsAAhrCXY4b-Y3yYJEdX4_dp3dRGdHG_rWcPmgX4JG7lCnser4f8QGnDriqiAzJYEXeS8LzUngg_0bx0lqv_KcyU5IaLISFO0xZSU5mmEPvdSoDnyAcV8pV44qhLtAvd29n0ehG259oRihtljTWeiu9V60a1N2tbZVl5mEqSK-6_xZvNYA1TCdzNctvweH24unV7U3wer9XA9Q6kvJWDVJ4oKaQsKMrCSMlteBJMRxWbGK7ddUq6F7GdQw-3j2M-qdJvVKm9UPjY9rc1lPgol25-oJxTu7nxGlbJUH-4m5pevAN6NyZ6lfhbjWTKlxkrEKZvQXs_Yf6cpXEwpI_ZJeriq1UC1XHIpRkDwdOY9MH3an4RdDl2r9vGl_IwlKPNdh_5aF3jLgn7PCit1FNJAwC8fIncAXgAlgcXIpRXdfJk4bBiO89GGccSyDh2EgXYdpG3XvNgGWy7npuSoNTE7WIyblAk13UQuO4sdCbMIuriCdyfE73mvwj15xgb07RZRQtFGlFTmnFcIdZ90zDrWXDbANntv7KCKwNvoTuv64bY3HiGbj-NQ-U9eMylWVpvr4hrXcES8c9K3PqHWADZC0iIOvlzFv4VBoc_wVflcOrL_SIoaNFCNBAZZq-2v5lAgpJTqVOtqJ_HVraoSfcKy5g45p-qULunXj6Jwq21fobQiKubBKKOZwcJFyJD7F4ACKXOrz-HIvSHMCWW_9dVrRuCpJw0s0aVFbRqopDNhu446nqb4_EDYQM1tTHMozPd_jKxRRD0sH75X8ZoToxFSpLBDbtdWcenxj-zBf6IGWfZnmaetjKEBYJWC7QDQx1A91pJVJCEgieCkoIfTqkeQuePpIyu48g2FG3P1zjRF-kumhUTfSjo5qS0YiZQy0E1BMs6M11EvuxXRsHClLHoy5nLYI2Sj4zjVjYyxSHyPRPGGo9hwB34yWxzYNtPPGiqXS_dNCpi_zRZwRY4lCGrQ-hYTEWIK1Dm5OlttvC4_eiQ1dv63NiGkLRJ5kJA3bICN0fzCDY-MBqnd1cWn8YVBijVkgtaoascjL9EywDgJdeHnXK0eeOvUxHHhXJVkNqcibn8O4RQdpVU60TSA-uiu675ytIjcBHC6kTv8A8pmkj_4oypPd-F92YIJC741swkYQoeIHj8rE-ThcMUkF7KqC5VORbZTRp8HsZSqgiJcIPaouuxd1-8Rxrid3fXkE6p8bkrysPYoxWEJgh7ZFsRCPDWX-yTeJwFN0PKFP1j0F6YtlLfK5wv-c4F8ZQHA_-yc_gODicy7KmWDZgbTP07e7gEWzw4MFRrndjbDQ',
priv: 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA',
},
alg: 'ML-DSA-44',
},
signing: {
protected: {
alg: 'ML-DSA-44',
},
},
output: {
compact:
'eyJhbGciOiJNTC1EU0EtNDQiLCJraWQiOiJUNHhsNzBTN01UNlplcTZyOVY5ZlBKR1ZuNzZ3Zm5YSjIxLWd5bzBHdTZvIn0.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4.knI1Q_9CIzLH5Xy94Kkc7WVKqZcAgtJ3mNf0GUj1uLA6YXAWFJfXkh-zQxUtEl3UIC7zPCiUwKTDR6ZsuUmFj8Ctb_6aH64hElN7weS_1m5okCy8GqHNL2lsfclCH3Y2f4QNP-DLVS1XsuboDA7Dw3ir2IdYKIfWJyIU7ROHgd24nuun1zJbxcLJC2EKt2M8R0wZudcIE9nm5oPzYXq0z-hPsKoXp9leVYkqgMmO9Lo8SP_1YYIEth3B8v-GuP249KDTFRKPjISmK4aPCknjtjihHsQVv2XePXxKExatHl4qhsiiW-y-EJXa1Kfw4WYpLA7B4_5Ids--cIJmIx7f6xxAWKh5qoBWq1QIOaaFuzsAraRW3NOEuzThew1En85gI3GcRTZGp-VDGyxHm0Al04cyWo2bxAVOF0fbDc265iP2mCNw6Qg10jIJeAhGB4OAMYcBUWJAG0l1MN1U_koEmGh5dXKnQTRl461ea_Cq3DLkcA2Dj2woWUFyDTmQ8oO_yheASfJacyRm7_suj88z5XFNo8F53P8OxTG9xUPlrwvH-TAq7AH3NU4SNXApyVKTU3zhx1tJ34nlTILcTujXVJVo_f0DZfUxr6JSCYqvy4z1Kl0wDQzd55aopyFtQxvOPhcCHbAN34g2Ug750Jm835fl7NOxcqoMbuTcgH68kr37M-Pdh2K9WazXUJgCupgdIWW8WjfOjmTiF59CrVtfVtK2qDzF40OENCfqtNPQlZe5cN5p0P8arj4USB8HCPh7NdqQBAeWrw0wsYhdiM39lrSkA8mLRYMhZnqKGCTPCrHXDdEjRKYRNaqIUT44laYl5c27K0v-ozjKPu6tzEhkYSC4XZ3LehEFtmAzOE0mHbhKMgXqjoPJjOrGIPibX3jwK8_Q5RmMOXtXo8R3vXfBaUdQoLeeyywNYE0nIcsl4z5a8_utwEFiVf0VK2pdviyiOPVSi3zOMAmqz6gFhVy8aMMQOWZAEAuTyDw7ZWG6diwptmrgSXZotW63I19S2ZH7keCXRIq_pFLuYhOuG6dD4MkouILRdC9bXZMLrNDq7COpUOO86aQVlYd0pR935WpUw-V6obSRnHlRFZSmUSIB7h1Q0ImciRzojN93Xhw7qpzGzdzDEO3OOTayXaSG_0YHQyy-eH4hBbmgt_LBx120g1eY4XHeHFRfTfetHkL5ZZusX1jQ_nk9ez4XBG_6hRtTNSuVBsYlH8-KUuR5-qTP8dkvRf8Wk2hHoUr2sz5YO_xDFCMMTrt8ahiMyfjo5ih5Fwo3riFbFUGKibniTLXspFd4spcNK_WchlZLRgkPK4jh6Z_X8JJkHxvQhpyouHQFyGxgBrl24x-_EB1zbWMhJthmm8DiKt-nzKaJz8Cju1-HwCpg76CRqRsEz2hyKEpbb4M5KQSj3AsENCroVmQ5QIv3K2XNRkve4vjBmP6sV2b6GSY_UeRvPElA7SUgBGTKbn-c0aYhBuB8plPhRTBa55_cFqAmNmavF1-fdMktJuIaH2f-K0zZCzbHw54998T7kIWgyMsyGCAvynEB_khOqwT7tCjg5HQ8SIjdnRYW0kjZfjt5LJbGA-PnRo8gPVQVGeYDP2vsSXhNJY94AitKCY1srcSsuYDrhNBKrnoJ1uEsMPVHsgFw_ZHMyAEaVQughSNW4fm8q6_1Nv4zLutDITzmAL6a6i6-WS6QRIs_4VUtwr5cXXIFDDeHVWeGcNivQ6W9urEUP4crguiq7z_DTiYaGfUksub-T7mw0zU8ZoOSd5pUTpJLv-IYIUAl6CscHvunnRLEKqpW1Sa1dcFZs5VP4AfR3mg7wX4Vlq1AHnpFxE2L1LZiKoTc9jDEOvTDkxr86gMkwMm6RdyPF_q48AVJ1br8Qp88-4B84X52zZ5cw-IJYe-HiVJ29LpeYm340_rWivpy-UB5i9TKlMrxf94y1okzZTPbP3_v1_XX0nE7RTLz98EA96euJ7l3EpbEqks7mh6i1FJNnvvlM_u29sYobJ6PUT-i1VlQnF_JBARKEz74pBXm1l5Y5Lo15rsIlaQHinUBCO8fHCHI59LAfKusN4JmodDqLYwkWijEL_sfrC6LtrbXqpM1pw09zSrs_tS1RQ-LnWHuPrU5KLCzv53JKrh8lU_cdBowe_F-Ib_Ui4bQ2FME-0mnyG0XijHUsrGMZ9dfowvIkr83JpqwlFOZAwMmSGPNPEJRw9kDshjotndUB5S1UCfv_U4IoVn7WgvxeCS-BBxqyWfh7YTdf73EnmGwVYxVjlXaHCeeTZmUacnT4MQUAcbFjTq6BBlboAQGWP2FZWpd6HNnruv744VeWmfgLk9z5567wFhwuXMkmE2xvDo4wP80xutjUfsePx5YkLxhY1XsWqTZr19tInxJWWq8RLZsWPmtq5wZ5ucBMasCLpOABenYZdSAcQNhC73wLS0Z2s1HQhBoIl7lr1p372LZs_Seu1u_8Fo7DoJqRpKaNoc2_JUMmn7TUZS8zLyzxgeq8R8iNbRP20DwDBNXocsTDBKaQrtB-QiEPySQtJa4G61XeNZyh5aGzfoWZ9OmjZG9pbbehcqwIrt-ESjPyeT6sfSrvOfTZr7fBXwpUs2rS4BrlNse5g_h8CQiik8aaOTOEPkXiyg4s5DewRlgDZHS-3g-YXPUIBNO62_HxknkMpkJvKW-tkvDbgtxvy4nG80ul6W_KeRsoEKDTRYNKZWxXjZITNa0h6agnwNCJKEbFg3Qhre394c0i60mfP
gitextract_gemcyrai/ ├── .electron_flags.sh ├── .github/ │ ├── ISSUE_TEMPLATE/ │ │ ├── bug-report.yml │ │ └── config.yml │ ├── dependabot.yml │ └── workflows/ │ ├── build.yml │ ├── lock.yml │ ├── release.yml │ ├── retry.yml │ └── test.yml ├── .gitignore ├── .node_flags.sh ├── .prettierignore ├── .prettierrc.json ├── .versionrc.json ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE.md ├── README.md ├── SECURITY.md ├── ava.config.mjs ├── cookbook/ │ ├── jwe.mjs │ └── jws.mjs ├── docs/ │ ├── README.md │ ├── jwe/ │ │ ├── compact/ │ │ │ ├── decrypt/ │ │ │ │ ├── README.md │ │ │ │ ├── functions/ │ │ │ │ │ └── compactDecrypt.md │ │ │ │ └── interfaces/ │ │ │ │ └── CompactDecryptGetKey.md │ │ │ └── encrypt/ │ │ │ ├── README.md │ │ │ └── classes/ │ │ │ └── CompactEncrypt.md │ │ ├── flattened/ │ │ │ ├── decrypt/ │ │ │ │ ├── README.md │ │ │ │ ├── functions/ │ │ │ │ │ └── flattenedDecrypt.md │ │ │ │ └── interfaces/ │ │ │ │ └── FlattenedDecryptGetKey.md │ │ │ └── encrypt/ │ │ │ ├── README.md │ │ │ └── classes/ │ │ │ └── FlattenedEncrypt.md │ │ └── general/ │ │ ├── decrypt/ │ │ │ ├── README.md │ │ │ ├── functions/ │ │ │ │ └── generalDecrypt.md │ │ │ └── interfaces/ │ │ │ └── GeneralDecryptGetKey.md │ │ └── encrypt/ │ │ ├── README.md │ │ ├── classes/ │ │ │ └── GeneralEncrypt.md │ │ └── interfaces/ │ │ └── Recipient.md │ ├── jwk/ │ │ ├── embedded/ │ │ │ ├── README.md │ │ │ └── functions/ │ │ │ └── EmbeddedJWK.md │ │ └── thumbprint/ │ │ ├── README.md │ │ └── functions/ │ │ ├── calculateJwkThumbprint.md │ │ └── calculateJwkThumbprintUri.md │ ├── jwks/ │ │ ├── local/ │ │ │ ├── README.md │ │ │ └── functions/ │ │ │ └── createLocalJWKSet.md │ │ └── remote/ │ │ ├── README.md │ │ ├── functions/ │ │ │ └── createRemoteJWKSet.md │ │ ├── interfaces/ │ │ │ ├── ExportedJWKSCache.md │ │ │ └── RemoteJWKSetOptions.md │ │ ├── type-aliases/ │ │ │ ├── FetchImplementation.md │ │ │ └── JWKSCacheInput.md │ │ └── variables/ │ │ ├── customFetch.md │ │ └── jwksCache.md │ ├── jws/ │ │ ├── compact/ │ │ │ ├── sign/ │ │ │ │ ├── README.md │ │ │ │ └── classes/ │ │ │ │ └── CompactSign.md │ │ │ └── verify/ │ │ │ ├── README.md │ │ │ ├── functions/ │ │ │ │ └── compactVerify.md │ │ │ └── interfaces/ │ │ │ └── CompactVerifyGetKey.md │ │ ├── flattened/ │ │ │ ├── sign/ │ │ │ │ ├── README.md │ │ │ │ └── classes/ │ │ │ │ └── FlattenedSign.md │ │ │ └── verify/ │ │ │ ├── README.md │ │ │ ├── functions/ │ │ │ │ └── flattenedVerify.md │ │ │ └── interfaces/ │ │ │ └── FlattenedVerifyGetKey.md │ │ └── general/ │ │ ├── sign/ │ │ │ ├── README.md │ │ │ ├── classes/ │ │ │ │ └── GeneralSign.md │ │ │ └── interfaces/ │ │ │ └── Signature.md │ │ └── verify/ │ │ ├── README.md │ │ ├── functions/ │ │ │ └── generalVerify.md │ │ └── interfaces/ │ │ └── GeneralVerifyGetKey.md │ ├── jwt/ │ │ ├── decrypt/ │ │ │ ├── README.md │ │ │ ├── functions/ │ │ │ │ └── jwtDecrypt.md │ │ │ └── interfaces/ │ │ │ ├── JWTDecryptGetKey.md │ │ │ └── JWTDecryptOptions.md │ │ ├── encrypt/ │ │ │ ├── README.md │ │ │ └── classes/ │ │ │ └── EncryptJWT.md │ │ ├── sign/ │ │ │ ├── README.md │ │ │ └── classes/ │ │ │ └── SignJWT.md │ │ ├── unsecured/ │ │ │ ├── README.md │ │ │ ├── classes/ │ │ │ │ └── UnsecuredJWT.md │ │ │ └── interfaces/ │ │ │ └── UnsecuredResult.md │ │ └── verify/ │ │ ├── README.md │ │ ├── functions/ │ │ │ └── jwtVerify.md │ │ └── interfaces/ │ │ ├── JWTVerifyGetKey.md │ │ └── JWTVerifyOptions.md │ ├── key/ │ │ ├── export/ │ │ │ ├── README.md │ │ │ └── functions/ │ │ │ ├── exportJWK.md │ │ │ ├── exportPKCS8.md │ │ │ └── exportSPKI.md │ │ ├── generate_key_pair/ │ │ │ ├── README.md │ │ │ ├── functions/ │ │ │ │ └── generateKeyPair.md │ │ │ └── interfaces/ │ │ │ ├── GenerateKeyPairOptions.md │ │ │ └── GenerateKeyPairResult.md │ │ ├── generate_secret/ │ │ │ ├── README.md │ │ │ ├── functions/ │ │ │ │ └── generateSecret.md │ │ │ └── interfaces/ │ │ │ └── GenerateSecretOptions.md │ │ └── import/ │ │ ├── README.md │ │ ├── functions/ │ │ │ ├── importJWK.md │ │ │ ├── importPKCS8.md │ │ │ ├── importSPKI.md │ │ │ └── importX509.md │ │ └── interfaces/ │ │ └── KeyImportOptions.md │ ├── types/ │ │ ├── README.md │ │ ├── interfaces/ │ │ │ ├── CompactDecryptResult.md │ │ │ ├── CompactJWEHeaderParameters.md │ │ │ ├── CompactJWSHeaderParameters.md │ │ │ ├── CompactVerifyResult.md │ │ │ ├── CritOption.md │ │ │ ├── DecryptOptions.md │ │ │ ├── EncryptOptions.md │ │ │ ├── FlattenedDecryptResult.md │ │ │ ├── FlattenedJWE.md │ │ │ ├── FlattenedJWS.md │ │ │ ├── FlattenedJWSInput.md │ │ │ ├── FlattenedVerifyResult.md │ │ │ ├── GeneralDecryptResult.md │ │ │ ├── GeneralJWE.md │ │ │ ├── GeneralJWS.md │ │ │ ├── GeneralJWSInput.md │ │ │ ├── GeneralVerifyResult.md │ │ │ ├── GetKeyFunction.md │ │ │ ├── JSONWebKeySet.md │ │ │ ├── JWEHeaderParameters.md │ │ │ ├── JWEKeyManagementHeaderParameters.md │ │ │ ├── JWK.md │ │ │ ├── JWKParameters.md │ │ │ ├── JWK_AKP_Private.md │ │ │ ├── JWK_AKP_Public.md │ │ │ ├── JWK_EC_Private.md │ │ │ ├── JWK_EC_Public.md │ │ │ ├── JWK_OKP_Private.md │ │ │ ├── JWK_OKP_Public.md │ │ │ ├── JWK_RSA_Private.md │ │ │ ├── JWK_RSA_Public.md │ │ │ ├── JWK_oct.md │ │ │ ├── JWSHeaderParameters.md │ │ │ ├── JWTClaimVerificationOptions.md │ │ │ ├── JWTDecryptResult.md │ │ │ ├── JWTHeaderParameters.md │ │ │ ├── JWTPayload.md │ │ │ ├── JWTVerifyResult.md │ │ │ ├── JoseHeaderParameters.md │ │ │ ├── KeyObject.md │ │ │ ├── ProduceJWT.md │ │ │ ├── ResolvedKey.md │ │ │ ├── SignOptions.md │ │ │ └── VerifyOptions.md │ │ └── type-aliases/ │ │ └── CryptoKey.md │ └── util/ │ ├── base64url/ │ │ ├── README.md │ │ └── functions/ │ │ ├── decode.md │ │ └── encode.md │ ├── decode_jwt/ │ │ ├── README.md │ │ └── functions/ │ │ └── decodeJwt.md │ ├── decode_protected_header/ │ │ ├── README.md │ │ ├── functions/ │ │ │ └── decodeProtectedHeader.md │ │ └── type-aliases/ │ │ └── ProtectedHeaderParameters.md │ └── errors/ │ ├── README.md │ └── classes/ │ ├── JOSEAlgNotAllowed.md │ ├── JOSEError.md │ ├── JOSENotSupported.md │ ├── JWEDecryptionFailed.md │ ├── JWEInvalid.md │ ├── JWKInvalid.md │ ├── JWKSInvalid.md │ ├── JWKSMultipleMatchingKeys.md │ ├── JWKSNoMatchingKey.md │ ├── JWKSTimeout.md │ ├── JWSInvalid.md │ ├── JWSSignatureVerificationFailed.md │ ├── JWTClaimValidationFailed.md │ ├── JWTExpired.md │ └── JWTInvalid.md ├── jsr.json ├── package.json ├── patches/ │ ├── typedoc-plugin-markdown+4.11.0.patch │ └── typedoc-plugin-mdn-links+5.1.1.patch ├── playwright.config.ts ├── src/ │ ├── index.ts │ ├── jwe/ │ │ ├── compact/ │ │ │ ├── decrypt.ts │ │ │ └── encrypt.ts │ │ ├── flattened/ │ │ │ ├── decrypt.ts │ │ │ └── encrypt.ts │ │ └── general/ │ │ ├── decrypt.ts │ │ └── encrypt.ts │ ├── jwk/ │ │ ├── embedded.ts │ │ └── thumbprint.ts │ ├── jwks/ │ │ ├── local.ts │ │ └── remote.ts │ ├── jws/ │ │ ├── compact/ │ │ │ ├── sign.ts │ │ │ └── verify.ts │ │ ├── flattened/ │ │ │ ├── sign.ts │ │ │ └── verify.ts │ │ └── general/ │ │ ├── sign.ts │ │ └── verify.ts │ ├── jwt/ │ │ ├── decrypt.ts │ │ ├── encrypt.ts │ │ ├── sign.ts │ │ ├── unsecured.ts │ │ └── verify.ts │ ├── key/ │ │ ├── export.ts │ │ ├── generate_key_pair.ts │ │ ├── generate_secret.ts │ │ └── import.ts │ ├── lib/ │ │ ├── aesgcmkw.ts │ │ ├── aeskw.ts │ │ ├── asn1.ts │ │ ├── base64.ts │ │ ├── buffer_utils.ts │ │ ├── check_key_type.ts │ │ ├── content_encryption.ts │ │ ├── crypto_key.ts │ │ ├── deflate.ts │ │ ├── ecdhes.ts │ │ ├── helpers.ts │ │ ├── invalid_key_input.ts │ │ ├── is_key_like.ts │ │ ├── jwk_to_key.ts │ │ ├── jwt_claims_set.ts │ │ ├── key_management.ts │ │ ├── key_to_jwk.ts │ │ ├── normalize_key.ts │ │ ├── pbes2kw.ts │ │ ├── rsaes.ts │ │ ├── signing.ts │ │ ├── type_checks.ts │ │ ├── validate_algorithms.ts │ │ └── validate_crit.ts │ ├── types.d.ts │ └── util/ │ ├── base64url.ts │ ├── decode_jwt.ts │ ├── decode_protected_header.ts │ └── errors.ts ├── tap/ │ ├── .browser.ts │ ├── .browsers.sh │ ├── .bun.sh │ ├── .deno.sh │ ├── .electron.sh │ ├── .node.sh │ ├── .workerd.sh │ ├── aes.ts │ ├── aeskw.ts │ ├── cookbook.ts │ ├── ecdh.ts │ ├── encrypt.ts │ ├── env.ts │ ├── fixtures.ts │ ├── generate_options.ts │ ├── hmac.ts │ ├── jwk.ts │ ├── jwks.ts │ ├── jws.ts │ ├── keyobject-stub.ts │ ├── noop.ts │ ├── pbes2.ts │ ├── pem.ts │ ├── rsaes.ts │ ├── run-browser.ts │ ├── run-bun.ts │ ├── run-deno.ts │ ├── run-electron.ts │ ├── run-node.ts │ ├── run-workerd.ts │ ├── run.ts │ ├── sign.ts │ └── tsconfig.json ├── test/ │ ├── jwe/ │ │ ├── compact.decrypt.test.ts │ │ ├── compact.encrypt.test.ts │ │ ├── flattened.decrypt.test.ts │ │ ├── flattened.encrypt.test.ts │ │ ├── general.test.ts │ │ └── zip.test.ts │ ├── jwk/ │ │ ├── embedded.test.ts │ │ ├── issue-459.test.ts │ │ ├── jwk2key.test.ts │ │ └── thumbprint.test.ts │ ├── jwks/ │ │ ├── local.test.ts │ │ └── remote.test.ts │ ├── jws/ │ │ ├── compact.sign.test.ts │ │ ├── compact.verify.test.ts │ │ ├── crit.test.ts │ │ ├── flattened.sign.test.ts │ │ ├── flattened.verify.test.ts │ │ ├── general.test.ts │ │ ├── restrictions.test.ts │ │ └── unencoded.test.ts │ ├── jwt/ │ │ ├── decrypt.test.ts │ │ ├── encrypt.test.ts │ │ ├── sign.test.ts │ │ ├── time_setters.ts │ │ ├── unsecured.test.ts │ │ └── verify.test.ts │ ├── tsconfig.json │ ├── unit/ │ │ ├── buffer_utils.test.ts │ │ ├── cek.test.ts │ │ ├── check_iv_length.test.ts │ │ ├── check_key_type.test.ts │ │ ├── check_key_type_jwk.test.ts │ │ ├── iv.test.ts │ │ └── secs.test.ts │ └── util/ │ ├── decode_jwt.test.ts │ └── decode_protected_header.test.ts ├── tools/ │ ├── postbump.cjs │ ├── prebump.cjs │ ├── publish.cjs │ └── release-notes.cjs ├── tsconfig/ │ └── types.json ├── tsconfig.json └── typedoc.json
SYMBOL INDEX (392 symbols across 80 files)
FILE: src/jwe/compact/decrypt.ts
type CompactDecryptGetKey (line 16) | interface CompactDecryptGetKey extends types.GetKeyFunction<
function compactDecrypt (line 60) | async function compactDecrypt(
FILE: src/jwe/compact/encrypt.ts
class CompactEncrypt (line 28) | class CompactEncrypt {
method constructor (line 36) | constructor(plaintext: Uint8Array) {
method setContentEncryptionKey (line 49) | setContentEncryptionKey(cek: Uint8Array): this {
method setInitializationVector (line 63) | setInitializationVector(iv: Uint8Array): this {
method setProtectedHeader (line 73) | setProtectedHeader(protectedHeader: types.CompactJWEHeaderParameters):...
method setKeyManagementParameters (line 86) | setKeyManagementParameters(parameters: types.JWEKeyManagementHeaderPar...
method encrypt (line 98) | async encrypt(
FILE: src/jwe/flattened/decrypt.ts
type FlattenedDecryptGetKey (line 27) | interface FlattenedDecryptGetKey extends types.GetKeyFunction<
function flattenedDecrypt (line 81) | async function flattenedDecrypt(
FILE: src/jwe/flattened/encrypt.ts
class FlattenedEncrypt (line 39) | class FlattenedEncrypt {
method constructor (line 61) | constructor(plaintext: Uint8Array) {
method setKeyManagementParameters (line 76) | setKeyManagementParameters(parameters: types.JWEKeyManagementHeaderPar...
method setProtectedHeader (line 87) | setProtectedHeader(protectedHeader: types.JWEHeaderParameters): this {
method setSharedUnprotectedHeader (line 98) | setSharedUnprotectedHeader(sharedUnprotectedHeader: types.JWEHeaderPar...
method setUnprotectedHeader (line 109) | setUnprotectedHeader(unprotectedHeader: types.JWEHeaderParameters): th...
method setAdditionalAuthenticatedData (line 120) | setAdditionalAuthenticatedData(aad: Uint8Array): this {
method setContentEncryptionKey (line 134) | setContentEncryptionKey(cek: Uint8Array): this {
method setInitializationVector (line 149) | setInitializationVector(iv: Uint8Array): this {
method encrypt (line 162) | async encrypt(
FILE: src/jwe/general/decrypt.ts
type GeneralDecryptGetKey (line 16) | interface GeneralDecryptGetKey extends types.GetKeyFunction<
function generalDecrypt (line 81) | async function generalDecrypt(
FILE: src/jwe/general/encrypt.ts
type Recipient (line 20) | interface Recipient {
class IndividualRecipient (line 48) | class IndividualRecipient implements Recipient {
method constructor (line 55) | constructor(
method setUnprotectedHeader (line 65) | setUnprotectedHeader(unprotectedHeader: types.JWEHeaderParameters): th...
method setKeyManagementParameters (line 71) | setKeyManagementParameters(parameters: types.JWEKeyManagementHeaderPar...
method addRecipient (line 77) | addRecipient(...args: Parameters<GeneralEncrypt['addRecipient']>) {
method encrypt (line 81) | encrypt(...args: Parameters<GeneralEncrypt['encrypt']>) {
method done (line 85) | done() {
class GeneralEncrypt (line 112) | class GeneralEncrypt {
method constructor (line 128) | constructor(plaintext: Uint8Array) {
method addRecipient (line 139) | addRecipient(
method setProtectedHeader (line 153) | setProtectedHeader(protectedHeader: types.JWEHeaderParameters): this {
method setSharedUnprotectedHeader (line 164) | setSharedUnprotectedHeader(sharedUnprotectedHeader: types.JWEHeaderPar...
method setAdditionalAuthenticatedData (line 175) | setAdditionalAuthenticatedData(aad: Uint8Array): this {
method encrypt (line 181) | async encrypt(): Promise<types.GeneralJWE> {
FILE: src/jwk/embedded.ts
function EmbeddedJWK (line 36) | async function EmbeddedJWK(
FILE: src/jwk/thumbprint.ts
function calculateJwkThumbprint (line 50) | async function calculateJwkThumbprint(
function calculateJwkThumbprintUri (line 134) | async function calculateJwkThumbprintUri(
FILE: src/jwks/local.ts
function getKtyFromAlg (line 17) | function getKtyFromAlg(alg: unknown) {
type Cache (line 33) | interface Cache {
function isJWKSLike (line 37) | function isJWKSLike(jwks: unknown): jwks is types.JSONWebKeySet {
function isJWKLike (line 48) | function isJWKLike(key: unknown) {
class LocalJWKSet (line 52) | class LocalJWKSet {
method constructor (line 57) | constructor(jwks: unknown) {
method jwks (line 65) | jwks(): types.JSONWebKeySet {
method getKey (line 69) | async getKey(
function importWithAlgCache (line 146) | async function importWithAlgCache(cache: WeakMap<types.JWK, Cache>, jwk:...
function createLocalJWKSet (line 244) | function createLocalJWKSet(
FILE: src/jwks/remote.ts
function isCloudflareWorkers (line 13) | function isCloudflareWorkers() {
constant USER_AGENT (line 27) | let USER_AGENT: string
type FetchImplementation (line 152) | type FetchImplementation = (
function fetchJwks (line 167) | async function fetchJwks(
type RemoteJWKSetOptions (line 254) | interface RemoteJWKSetOptions {
type ExportedJWKSCache (line 284) | interface ExportedJWKSCache {
type JWKSCacheInput (line 292) | type JWKSCacheInput = ExportedJWKSCache | Record<string, never>
function isFreshJwksCache (line 294) | function isFreshJwksCache(input: unknown, cacheMaxAge: number): input is...
class RemoteJWKSet (line 315) | class RemoteJWKSet {
method constructor (line 336) | constructor(url: unknown, options?: RemoteJWKSetOptions) {
method pendingFetch (line 368) | pendingFetch(): boolean {
method coolingDown (line 372) | coolingDown(): boolean {
method fresh (line 378) | fresh(): boolean {
method jwks (line 384) | jwks(): types.JSONWebKeySet | undefined {
method getKey (line 389) | async getKey(
method reload (line 410) | async reload() {
function createRemoteJWKSet (line 511) | function createRemoteJWKSet(
FILE: src/jws/compact/sign.ts
class CompactSign (line 28) | class CompactSign {
method constructor (line 36) | constructor(payload: Uint8Array) {
method setProtectedHeader (line 45) | setProtectedHeader(protectedHeader: types.CompactJWSHeaderParameters):...
method sign (line 57) | async sign(
FILE: src/jws/compact/verify.ts
type CompactVerifyGetKey (line 18) | interface CompactVerifyGetKey extends types.GenericGetKeyFunction<
function compactVerify (line 63) | async function compactVerify(
FILE: src/jws/flattened/sign.ts
class FlattenedSign (line 37) | class FlattenedSign {
method constructor (line 49) | constructor(payload: Uint8Array) {
method setProtectedHeader (line 61) | setProtectedHeader(protectedHeader: types.JWSHeaderParameters): this {
method setUnprotectedHeader (line 72) | setUnprotectedHeader(unprotectedHeader: types.JWSHeaderParameters): th...
method sign (line 85) | async sign(
FILE: src/jws/flattened/verify.ts
type FlattenedVerifyGetKey (line 27) | interface FlattenedVerifyGetKey extends types.GenericGetKeyFunction<
function flattenedVerify (line 77) | async function flattenedVerify(
FILE: src/jws/general/sign.ts
type Signature (line 13) | interface Signature {
class IndividualSignature (line 38) | class IndividualSignature implements Signature {
method constructor (line 46) | constructor(
method setProtectedHeader (line 56) | setProtectedHeader(protectedHeader: types.JWSHeaderParameters) {
method setUnprotectedHeader (line 62) | setUnprotectedHeader(unprotectedHeader: types.JWSHeaderParameters) {
method addSignature (line 68) | addSignature(...args: Parameters<GeneralSign['addSignature']>) {
method sign (line 72) | sign(...args: Parameters<GeneralSign['sign']>) {
method done (line 76) | done() {
class GeneralSign (line 102) | class GeneralSign {
method constructor (line 112) | constructor(payload: Uint8Array) {
method addSignature (line 123) | addSignature(
method sign (line 133) | async sign(): Promise<types.GeneralJWS> {
FILE: src/jws/general/verify.ts
type GeneralVerifyGetKey (line 18) | interface GeneralVerifyGetKey extends types.GenericGetKeyFunction<
function generalVerify (line 79) | async function generalVerify(
FILE: src/jwt/decrypt.ts
type JWTDecryptOptions (line 13) | interface JWTDecryptOptions
type JWTDecryptGetKey (line 20) | interface JWTDecryptGetKey extends types.GetKeyFunction<
function jwtDecrypt (line 69) | async function jwtDecrypt(
FILE: src/jwt/encrypt.ts
class EncryptJWT (line 33) | class EncryptJWT implements types.ProduceJWT {
method constructor (line 55) | constructor(payload: types.JWTPayload = {}) {
method setIssuer (line 59) | setIssuer(issuer: string): this {
method setSubject (line 64) | setSubject(subject: string): this {
method setAudience (line 69) | setAudience(audience: string | string[]): this {
method setJti (line 74) | setJti(jwtId: string): this {
method setNotBefore (line 79) | setNotBefore(input: number | string | Date): this {
method setExpirationTime (line 84) | setExpirationTime(input: number | string | Date): this {
method setIssuedAt (line 89) | setIssuedAt(input?: number | string | Date): this {
method setProtectedHeader (line 100) | setProtectedHeader(protectedHeader: types.CompactJWEHeaderParameters):...
method setKeyManagementParameters (line 114) | setKeyManagementParameters(parameters: types.JWEKeyManagementHeaderPar...
method setContentEncryptionKey (line 129) | setContentEncryptionKey(cek: Uint8Array): this {
method setInitializationVector (line 144) | setInitializationVector(iv: Uint8Array): this {
method replicateIssuerAsHeader (line 155) | replicateIssuerAsHeader(): this {
method replicateSubjectAsHeader (line 165) | replicateSubjectAsHeader(): this {
method replicateAudienceAsHeader (line 175) | replicateAudienceAsHeader(): this {
method encrypt (line 187) | async encrypt(
FILE: src/jwt/sign.ts
class SignJWT (line 116) | class SignJWT implements types.ProduceJWT {
method constructor (line 126) | constructor(payload: types.JWTPayload = {}) {
method setIssuer (line 130) | setIssuer(issuer: string): this {
method setSubject (line 135) | setSubject(subject: string): this {
method setAudience (line 140) | setAudience(audience: string | string[]): this {
method setJti (line 145) | setJti(jwtId: string): this {
method setNotBefore (line 150) | setNotBefore(input: number | string | Date): this {
method setExpirationTime (line 155) | setExpirationTime(input: number | string | Date): this {
method setIssuedAt (line 160) | setIssuedAt(input?: number | string | Date): this {
method setProtectedHeader (line 170) | setProtectedHeader(protectedHeader: types.JWTHeaderParameters): this {
method sign (line 182) | async sign(
FILE: src/jwt/unsecured.ts
type UnsecuredResult (line 15) | interface UnsecuredResult<PayloadType = types.JWTPayload> {
class UnsecuredJWT (line 54) | class UnsecuredJWT implements types.ProduceJWT {
method constructor (line 62) | constructor(payload: types.JWTPayload = {}) {
method encode (line 67) | encode(): string {
method setIssuer (line 74) | setIssuer(issuer: string): this {
method setSubject (line 79) | setSubject(subject: string): this {
method setAudience (line 84) | setAudience(audience: string | string[]): this {
method setJti (line 89) | setJti(jwtId: string): this {
method setNotBefore (line 94) | setNotBefore(input: number | string | Date): this {
method setExpirationTime (line 99) | setExpirationTime(input: number | string | Date): this {
method setIssuedAt (line 104) | setIssuedAt(input?: number | string | Date): this {
method decode (line 115) | static decode<PayloadType = types.JWTPayload>(
FILE: src/jwt/verify.ts
type JWTVerifyOptions (line 13) | interface JWTVerifyOptions extends types.VerifyOptions, types.JWTClaimVe...
type JWTVerifyGetKey (line 21) | interface JWTVerifyGetKey extends types.GenericGetKeyFunction<
function jwtVerify (line 144) | async function jwtVerify(
FILE: src/key/export.ts
function exportSPKI (line 28) | async function exportSPKI(key: types.CryptoKey | types.KeyObject): Promi...
function exportPKCS8 (line 48) | async function exportPKCS8(key: types.CryptoKey | types.KeyObject): Prom...
function exportJWK (line 70) | async function exportJWK(
FILE: src/key/generate_key_pair.ts
type GenerateKeyPairResult (line 12) | interface GenerateKeyPairResult {
type GenerateKeyPairOptions (line 21) | interface GenerateKeyPairOptions {
function getModulusLengthOption (line 50) | function getModulusLengthOption(options?: GenerateKeyPairOptions) {
function generateKeyPair (line 83) | async function generateKeyPair(
FILE: src/key/generate_secret.ts
type GenerateSecretOptions (line 12) | interface GenerateSecretOptions {
function generateSecret (line 47) | async function generateSecret(
FILE: src/key/import.ts
type KeyImportOptions (line 16) | interface KeyImportOptions {
function importSPKI (line 50) | async function importSPKI(
function importX509 (line 93) | async function importX509(
function importPKCS8 (line 131) | async function importPKCS8(
function importJWK (line 185) | async function importJWK(
FILE: src/lib/aesgcmkw.ts
function wrap (line 4) | async function wrap(alg: string, key: unknown, cek: Uint8Array, iv?: Uin...
function unwrap (line 16) | async function unwrap(
FILE: src/lib/aeskw.ts
function checkKeySize (line 4) | function checkKeySize(key: types.CryptoKey, alg: string) {
function getCryptoKey (line 10) | function getCryptoKey(key: types.CryptoKey | Uint8Array, alg: string, us...
function wrap (line 18) | async function wrap(alg: string, key: types.CryptoKey | Uint8Array, cek:...
function unwrap (line 35) | async function unwrap(
FILE: src/lib/asn1.ts
type ExportOptions (line 22) | interface ExportOptions {
type ExtractableKeyObject (line 27) | interface ExtractableKeyObject extends types.KeyObject {
type ASN1State (line 76) | interface ASN1State {
function parsePKCS8Header (line 133) | function parsePKCS8Header(state: ASN1State) {
function parseSPKIHeader (line 152) | function parseSPKIHeader(state: ASN1State) {
type PEMImportFunction (line 282) | type PEMImportFunction = (
function spkiFromX509 (line 335) | function spkiFromX509(buf: Uint8Array): Uint8Array {
function extractX509SPKI (line 372) | function extractX509SPKI(x509: string): Uint8Array {
FILE: src/lib/base64.ts
function encodeBase64 (line 1) | function encodeBase64(input: Uint8Array): string {
function decodeBase64 (line 17) | function decodeBase64(encoded: string): Uint8Array {
FILE: src/lib/buffer_utils.ts
constant MAX_INT32 (line 4) | const MAX_INT32 = 2 ** 32
function concat (line 6) | function concat(...buffers: Uint8Array[]): Uint8Array {
function writeUInt32BE (line 17) | function writeUInt32BE(buf: Uint8Array, value: number, offset?: number) {
function uint64be (line 24) | function uint64be(value: number) {
function uint32be (line 33) | function uint32be(value: number) {
function encode (line 40) | function encode(string: string): Uint8Array {
FILE: src/lib/check_key_type.ts
type Usage (line 142) | type Usage = 'sign' | 'verify' | 'encrypt' | 'decrypt'
function checkKeyType (line 144) | function checkKeyType(alg: string, key: unknown, usage: Usage): void {
FILE: src/lib/content_encryption.ts
function cekLength (line 10) | function cekLength(alg: string) {
function checkCekLength (line 31) | function checkCekLength(cek: Uint8Array, expected: number) {
function ivBitLength (line 42) | function ivBitLength(alg: string) {
function checkIvLength (line 63) | function checkIvLength(enc: string, iv: Uint8Array) {
function cbcKeySetup (line 71) | async function cbcKeySetup(
function cbcHmacTag (line 100) | async function cbcHmacTag(
function cbcEncrypt (line 115) | async function cbcEncrypt(
function timingSafeEqual (line 141) | async function timingSafeEqual(a: Uint8Array, b: Uint8Array): Promise<bo...
function cbcDecrypt (line 168) | async function cbcDecrypt(
function gcmEncrypt (line 212) | async function gcmEncrypt(
function gcmDecrypt (line 252) | async function gcmDecrypt(
function encrypt (line 296) | async function encrypt(
function decrypt (line 339) | async function decrypt(
FILE: src/lib/crypto_key.ts
function getHashLength (line 11) | function getHashLength(hash: KeyAlgorithm) {
function checkHashLength (line 15) | function checkHashLength(algorithm: { hash: KeyAlgorithm }, expected: nu...
function getNamedCurve (line 20) | function getNamedCurve(alg: string) {
function checkUsage (line 33) | function checkUsage(key: types.CryptoKey, usage?: KeyUsage) {
function checkSigCryptoKey (line 41) | function checkSigCryptoKey(key: types.CryptoKey, alg: string, usage: Key...
function checkEncCryptoKey (line 92) | function checkEncCryptoKey(key: types.CryptoKey, alg: string, usage?: Ke...
FILE: src/lib/deflate.ts
function supported (line 4) | function supported(name: 'CompressionStream' | 'DecompressionStream') {
function compress (line 12) | async function compress(input: Uint8Array): Promise<Uint8Array> {
function decompress (line 31) | async function decompress(input: Uint8Array, maxLength: number): Promise...
FILE: src/lib/ecdhes.ts
function lengthAndInput (line 6) | function lengthAndInput(input: Uint8Array) {
function concatKdf (line 17) | async function concatKdf(Z: Uint8Array, L: number, OtherInfo: Uint8Array) {
function deriveKey (line 55) | async function deriveKey(
function getEcdhBitLength (line 91) | function getEcdhBitLength(publicKey: CryptoKey) {
function allowed (line 101) | function allowed(key: types.CryptoKey) {
FILE: src/lib/helpers.ts
function assertNotSet (line 5) | function assertNotSet(value: unknown, name: string): void {
function decodeBase64url (line 11) | function decodeBase64url(
function digest (line 23) | async function digest(
FILE: src/lib/invalid_key_input.ts
function message (line 1) | function message(msg: string, actual: unknown, ...types: Array<string | ...
FILE: src/lib/is_key_like.ts
function assertCryptoKey (line 3) | function assertCryptoKey(key: unknown): asserts key is types.CryptoKey {
FILE: src/lib/jwk_to_key.ts
function subtleMapping (line 6) | function subtleMapping(jwk: types.JWK): {
function jwkToKey (line 105) | async function jwkToKey(jwk: types.JWK): Promise<types.CryptoKey> {
FILE: src/lib/jwt_claims_set.ts
constant REGEX (line 14) | const REGEX =
function secs (line 17) | function secs(str: string): number {
function validateInput (line 74) | function validateInput(label: string, input: number) {
function validateClaimsSet (line 104) | function validateClaimsSet(
class JWTClaimsBuilder (line 258) | class JWTClaimsBuilder {
method constructor (line 261) | constructor(payload: types.JWTPayload) {
method data (line 268) | data(): Uint8Array {
method iss (line 272) | get iss(): string | undefined {
method iss (line 276) | set iss(value: string) {
method sub (line 280) | get sub(): string | undefined {
method sub (line 284) | set sub(value: string) {
method aud (line 288) | get aud(): string | string[] | undefined {
method aud (line 292) | set aud(value: string | string[]) {
method jti (line 296) | set jti(value: string) {
method nbf (line 300) | set nbf(value: number | string | Date) {
method exp (line 310) | set exp(value: number | string | Date) {
method iat (line 320) | set iat(value: number | string | Date | undefined) {
FILE: src/lib/key_management.ts
function assertEncryptedKey (line 20) | function assertEncryptedKey(
function decryptKeyManagement (line 26) | async function decryptKeyManagement(
function encryptKeyManagement (line 155) | async function encryptKeyManagement(
FILE: src/lib/key_to_jwk.ts
type ExportOptions (line 6) | interface ExportOptions {
type ExtractableKeyObject (line 10) | interface ExtractableKeyObject extends types.KeyObject {
function keyToJWK (line 15) | async function keyToJWK(key: unknown): Promise<types.JWK> {
FILE: src/lib/normalize_key.ts
type ConvertableKeyObject (line 11) | interface ConvertableKeyObject extends types.KeyObject {
function normalizeKey (line 199) | async function normalizeKey(
FILE: src/lib/pbes2kw.ts
function getCryptoKey (line 8) | function getCryptoKey(key: types.CryptoKey | Uint8Array, alg: string) {
function deriveKey (line 22) | async function deriveKey(
function wrap (line 46) | async function wrap(
function unwrap (line 60) | async function unwrap(
FILE: src/lib/rsaes.ts
function encrypt (line 20) | async function encrypt(alg: string, key: types.CryptoKey, cek: Uint8Arra...
function decrypt (line 29) | async function decrypt(alg: string, key: types.CryptoKey, encryptedKey: ...
FILE: src/lib/signing.ts
function checkKeyLength (line 6) | function checkKeyLength(alg: string, key: types.CryptoKey) {
function subtleAlgorithm (line 15) | function subtleAlgorithm(alg: string, algorithm: KeyAlgorithm | EcKeyAlg...
function getSigKey (line 48) | async function getSigKey(alg: string, key: types.CryptoKey | Uint8Array,...
function sign (line 66) | async function sign(alg: string, key: types.CryptoKey | Uint8Array, data...
function verify (line 77) | async function verify(
FILE: src/lib/type_checks.ts
function isObject (line 5) | function isObject<T = object>(input: unknown): input is T {
function isDisjoint (line 19) | function isDisjoint(...headers: Array<object | undefined>) {
FILE: src/lib/validate_algorithms.ts
function validateAlgorithms (line 1) | function validateAlgorithms(option: string, algorithms?: string[]) {
FILE: src/lib/validate_crit.ts
type CritCheckHeader (line 3) | interface CritCheckHeader {
function validateCrit (line 9) | function validateCrit(
FILE: src/types.d.ts
type JWKParameters (line 2) | interface JWKParameters {
type JWK_OKP_Public (line 30) | interface JWK_OKP_Public extends JWKParameters {
type JWK_OKP_Private (line 38) | interface JWK_OKP_Private extends JWK_OKP_Public {
type JWK_AKP_Public (line 44) | interface JWK_AKP_Public extends JWKParameters {
type JWK_AKP_Private (line 52) | interface JWK_AKP_Private extends JWK_AKP_Public {
type JWK_EC_Public (line 58) | interface JWK_EC_Public extends JWKParameters {
type JWK_EC_Private (line 68) | interface JWK_EC_Private extends JWK_EC_Public {
type JWK_RSA_Public (line 74) | interface JWK_RSA_Public extends JWKParameters {
type JWK_RSA_Private (line 82) | interface JWK_RSA_Private extends JWK_RSA_Public {
type JWK_oct (line 98) | interface JWK_oct extends JWKParameters {
type JWK (line 117) | interface JWK extends JWKParameters {
type GenericGetKeyFunction (line 163) | interface GenericGetKeyFunction<IProtectedHeader, IToken, ReturnKeyTypes> {
type GetKeyFunction (line 182) | interface GetKeyFunction<IProtectedHeader, IToken> extends GenericGetKey...
type FlattenedJWSInput (line 192) | interface FlattenedJWSInput {
type GeneralJWSInput (line 222) | interface GeneralJWSInput {
type FlattenedJWS (line 241) | interface FlattenedJWS extends Partial<FlattenedJWSInput> {
type GeneralJWS (line 250) | interface GeneralJWS {
type JoseHeaderParameters (line 256) | interface JoseHeaderParameters {
type JWSHeaderParameters (line 283) | interface JWSHeaderParameters extends JoseHeaderParameters {
type JWEKeyManagementHeaderParameters (line 305) | interface JWEKeyManagementHeaderParameters {
type FlattenedJWE (line 340) | interface FlattenedJWE {
type GeneralJWE (line 394) | interface GeneralJWE extends Omit<FlattenedJWE, 'encrypted_key' | 'heade...
type JWEHeaderParameters (line 399) | interface JWEHeaderParameters extends JoseHeaderParameters {
type CritOption (line 432) | interface CritOption {
type DecryptOptions (line 457) | interface DecryptOptions extends CritOption {
type EncryptOptions (line 491) | interface EncryptOptions extends CritOption {}
type JWTClaimVerificationOptions (line 494) | interface JWTClaimVerificationOptions {
type VerifyOptions (line 559) | interface VerifyOptions extends CritOption {
type SignOptions (line 571) | interface SignOptions extends CritOption {}
type JWTPayload (line 574) | interface JWTPayload {
type FlattenedDecryptResult (line 629) | interface FlattenedDecryptResult {
type GeneralDecryptResult (line 647) | interface GeneralDecryptResult extends FlattenedDecryptResult {}
type CompactDecryptResult (line 650) | interface CompactDecryptResult {
type FlattenedVerifyResult (line 659) | interface FlattenedVerifyResult {
type GeneralVerifyResult (line 671) | interface GeneralVerifyResult extends FlattenedVerifyResult {}
type CompactVerifyResult (line 674) | interface CompactVerifyResult {
type JWTVerifyResult (line 683) | interface JWTVerifyResult<PayloadType = JWTPayload> {
type JWTDecryptResult (line 692) | interface JWTDecryptResult<PayloadType = JWTPayload> {
type ResolvedKey (line 701) | interface ResolvedKey {
type CompactJWSHeaderParameters (line 707) | interface CompactJWSHeaderParameters extends JWSHeaderParameters {
type JWTHeaderParameters (line 712) | interface JWTHeaderParameters extends CompactJWSHeaderParameters {
type CompactJWEHeaderParameters (line 717) | interface CompactJWEHeaderParameters extends JWEHeaderParameters {
type JSONWebKeySet (line 723) | interface JSONWebKeySet {
type KeyObject (line 732) | interface KeyObject {
type CryptoKey (line 742) | type CryptoKey = Extract<
type ProduceJWT (line 748) | interface ProduceJWT {
FILE: src/util/base64url.ts
function decode (line 11) | function decode(input: Uint8Array | string): Uint8Array {
function encode (line 33) | function encode(input: Uint8Array | string): string {
FILE: src/util/decode_jwt.ts
function decodeJwt (line 31) | function decodeJwt<PayloadType = types.JWTPayload>(
FILE: src/util/decode_protected_header.ts
type ProtectedHeaderParameters (line 13) | type ProtectedHeaderParameters = types.JWSHeaderParameters & types.JWEHe...
function decodeProtectedHeader (line 30) | function decodeProtectedHeader(token: string | object): ProtectedHeaderP...
FILE: src/util/errors.ts
class JOSEError (line 22) | class JOSEError extends Error {
method constructor (line 34) | constructor(message?: string, options?: { cause?: unknown }) {
class JWTClaimValidationFailed (line 65) | class JWTClaimValidationFailed extends JOSEError {
method constructor (line 87) | constructor(
class JWTExpired (line 123) | class JWTExpired extends JOSEError implements JWTClaimValidationFailed {
method constructor (line 145) | constructor(
class JOSEAlgNotAllowed (line 181) | class JOSEAlgNotAllowed extends JOSEError {
class JOSENotSupported (line 213) | class JOSENotSupported extends JOSEError {
class JWEDecryptionFailed (line 244) | class JWEDecryptionFailed extends JOSEError {
method constructor (line 252) | constructor(message = 'decryption operation failed', options?: { cause...
class JWEInvalid (line 280) | class JWEInvalid extends JOSEError {
class JWSInvalid (line 311) | class JWSInvalid extends JOSEError {
class JWTInvalid (line 342) | class JWTInvalid extends JOSEError {
class JWKInvalid (line 373) | class JWKInvalid extends JOSEError {
class JWKSInvalid (line 404) | class JWKSInvalid extends JOSEError {
class JWKSNoMatchingKey (line 435) | class JWKSNoMatchingKey extends JOSEError {
method constructor (line 443) | constructor(
class JWKSMultipleMatchingKeys (line 474) | class JWKSMultipleMatchingKeys extends JOSEError {
method constructor (line 485) | constructor(
class JWKSTimeout (line 516) | class JWKSTimeout extends JOSEError {
method constructor (line 524) | constructor(message = 'request timed out', options?: { cause?: unknown...
class JWSSignatureVerificationFailed (line 552) | class JWSSignatureVerificationFailed extends JOSEError {
method constructor (line 560) | constructor(message = 'signature verification failed', options?: { cau...
FILE: tap/aes.ts
function title (line 23) | function title(algorithm: string, supported = true) {
function secretsFor (line 32) | function secretsFor(enc: string) {
FILE: tap/aeskw.ts
function title (line 16) | function title(algorithm: string, supported = true) {
function secretsFor (line 25) | function secretsFor(alg: string) {
FILE: tap/cookbook.ts
function supported (line 36) | function supported(vector: any) {
function supported (line 134) | function supported(vector: any) {
FILE: tap/ecdh.ts
type Vector (line 16) | type Vector = [string, jose.GenerateKeyPairOptions]
function curve (line 24) | function curve(options?: jose.GenerateKeyPairOptions) {
function title (line 28) | function title(vector: Vector, supported = true) {
FILE: tap/encrypt.ts
type keyType (line 4) | type keyType = Uint8Array | jose.CryptoKey | jose.KeyObject | jose.Gener...
function isKeyPair (line 6) | function isKeyPair(input: keyType): input is jose.GenerateKeyPairResult {
function getKeys (line 20) | async function getKeys(
function jwkWithProps (line 36) | function jwkWithProps(jwk: jose.JWK, alg: string, enc: string) {
function jwe (line 69) | async function jwe(
function jwt (line 135) | async function jwt(
FILE: tap/env.ts
constant BOWSER (line 20) | const BOWSER = 'https://cdn.jsdelivr.net/npm/bowser@2.11.0/src/bowser.js'
function parseUserAgent (line 23) | async function parseUserAgent() {
function isEngine (line 29) | async function isEngine(engine: string) {
function isBrowserVersionAtLeast (line 34) | function isBrowserVersionAtLeast(version: number) {
function isNodeVersionAtLeast (line 45) | function isNodeVersionAtLeast(major: number, minor: number) {
function supported (line 50) | function supported(identifier?: string, op?: string) {
FILE: tap/fixtures.ts
constant KEYS (line 1) | const KEYS = {
FILE: tap/hmac.ts
function digestSizeSecretsFor (line 15) | function digestSizeSecretsFor(alg: string) {
function nonDigestSizeSecretFor (line 22) | function nonDigestSizeSecretFor(alg: string) {
FILE: tap/jwk.ts
type Vector (line 14) | type Vector = [string, JsonWebKey]
function publicJwk (line 41) | function publicJwk(jwk: JsonWebKey) {
function title (line 50) | function title(alg: string, jwk: JsonWebKey, supported = true) {
FILE: tap/jws.ts
function title (line 33) | function title(alg: string, supported = true) {
FILE: tap/keyobject-stub.ts
method exportJWK (line 14) | exportJWK(key) {
method importJWK (line 26) | importJWK(jwk) {
method generateSecret (line 36) | generateSecret(alg) {
method generateKeyPair (line 65) | async generateKeyPair(alg, options) {
FILE: tap/pbes2.ts
function title (line 16) | function title(alg: string, supported = true) {
FILE: tap/pem.ts
function normalize (line 6) | function normalize(pem: string) {
type Vector (line 18) | type Vector = [string | string[], string]
function title (line 84) | function title(alg: string, crv: string | undefined, pem: string, suppor...
FILE: tap/rsaes.ts
function title (line 18) | function title(alg: string, supported = true) {
FILE: tap/run-workerd.ts
method test (line 6) | async test() {
FILE: tap/sign.ts
type keyType (line 4) | type keyType = Uint8Array | jose.CryptoKey | jose.KeyObject | jose.Gener...
function isKeyPair (line 6) | function isKeyPair(input: keyType): input is jose.GenerateKeyPairResult {
function getKeys (line 20) | async function getKeys(
function jwkWithProps (line 36) | function jwkWithProps(jwk: jose.JWK, alg: string) {
function jws (line 51) | async function jws(
function jwt (line 112) | async function jwt(
FILE: test/jwk/embedded.test.ts
function pubjwk (line 5) | function pubjwk(jwk) {
FILE: test/jwks/remote.test.ts
type WithServer (line 23) | interface WithServer {
method headers (line 132) | headers(headers) {
FILE: test/jws/restrictions.test.ts
function pubjwk (line 15) | function pubjwk(jwk) {
function testRSAsig (line 47) | async function testRSAsig(t, alg) {
function testRSAenc (line 69) | async function testRSAenc(t, alg) {
function testECDSASigEncoding (line 91) | async function testECDSASigEncoding(t, alg) {
FILE: test/jwt/decrypt.test.ts
function numericDateNumber (line 292) | async function numericDateNumber(t, claim) {
function failingNumericDate (line 317) | async function failingNumericDate(t, claims, assertion, decryptOptions) {
function replicatedClaimCheck (line 401) | async function replicatedClaimCheck(t, claim) {
FILE: test/jwt/encrypt.test.ts
type Context (line 9) | interface Context {
function testJWTsetFunction (line 79) | async function testJWTsetFunction(t, method, claim, value, duplicate = f...
FILE: test/jwt/sign.test.ts
function testJWTsetFunction (line 84) | async function testJWTsetFunction(t, method, claim, value, expected = va...
FILE: test/jwt/time_setters.ts
function setters (line 1) | function setters(now) {
FILE: test/jwt/unsecured.test.ts
function testJWTsetFunction (line 49) | async function testJWTsetFunction(t, method, claim, value, expected = va...
FILE: test/jwt/verify.test.ts
function numericDateNumber (line 303) | async function numericDateNumber(t, claim) {
function failingNumericDate (line 324) | async function failingNumericDate(t, claims, assertion, verifyOptions) {
FILE: tools/postbump.cjs
method filter (line 30) | filter(loc) {
function filterExamples (line 71) | function filterExamples(file) {
function trimExcessComment (line 89) | function trimExcessComment(file) {
Condensed preview — 309 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (1,092K chars).
[
{
"path": ".electron_flags.sh",
"chars": 303,
"preview": "echo $(electron -i <<< 'process.exit(0)' 2> /dev/null | grep \"Using\" | awk '{$1=$1};1' | sed -r \"s/\\x1B\\[([0-9]{1,3}(;[0"
},
{
"path": ".github/ISSUE_TEMPLATE/bug-report.yml",
"chars": 1914,
"preview": "name: 🐞Bug report\ndescription: There's a bug I want to report\nlabels:\n - triage\nbody:\n - type: markdown\n attributes"
},
{
"path": ".github/ISSUE_TEMPLATE/config.yml",
"chars": 669,
"preview": "blank_issues_enabled: false\ncontact_links:\n - name: ❓ Question\n url: https://github.com/panva/jose/discussions/new?c"
},
{
"path": ".github/dependabot.yml",
"chars": 180,
"preview": "version: 2\nupdates:\n - package-ecosystem: \"github-actions\"\n directory: \"/\"\n schedule:\n interval: \"monthly\"\n "
},
{
"path": ".github/workflows/build.yml",
"chars": 1269,
"preview": "name: Build\n\npermissions: {}\n\non:\n workflow_call:\n outputs:\n cache-key:\n value: ${{ jobs.build.outputs.c"
},
{
"path": ".github/workflows/lock.yml",
"chars": 565,
"preview": "name: \"Lock threads\"\n\npermissions: {}\n\non:\n schedule:\n - cron: '11 11 * * 1'\n\njobs:\n lock:\n permissions:\n i"
},
{
"path": ".github/workflows/release.yml",
"chars": 2454,
"preview": "name: Release\n\npermissions: {}\n\non:\n push:\n tags: ['v6.[0-9]+.[0-9]+']\n\njobs:\n build:\n uses: ./.github/workflows"
},
{
"path": ".github/workflows/retry.yml",
"chars": 482,
"preview": "name: Retry\n\npermissions: {}\n\non:\n workflow_run:\n workflows:\n - Test\n types:\n - completed\n\njobs:\n retr"
},
{
"path": ".github/workflows/test.yml",
"chars": 4360,
"preview": "name: Test\n\npermissions: {}\n\non:\n push:\n branches: [main]\n pull_request:\n branches: [main]\n schedule:\n - cro"
},
{
"path": ".gitignore",
"chars": 2051,
"preview": "# Logs\nlogs\n*.log\nnpm-debug.log*\nyarn-debug.log*\nyarn-error.log*\nlerna-debug.log*\n\n# Diagnostic reports (https://nodejs."
},
{
"path": ".node_flags.sh",
"chars": 189,
"preview": "echo \"Using Node.js $(node --version)\"\n\nnode -e 'process.exit(parseInt(process.versions.node, 10))' &> /dev/null\nNODE_VE"
},
{
"path": ".prettierignore",
"chars": 40,
"preview": "# Ignore artifacts:\nbuild\ndist\ncoverage\n"
},
{
"path": ".prettierrc.json",
"chars": 248,
"preview": "{\n \"trailingComma\": \"all\",\n \"singleQuote\": true,\n \"printWidth\": 100,\n \"semi\": false,\n \"plugins\": [\"prettier-plugin-"
},
{
"path": ".versionrc.json",
"chars": 898,
"preview": "{\n \"commit-all\": true,\n \"scripts\": {\n \"prerelease\": \"node ./tools/prebump.cjs && npm run-script build-all\",\n \"po"
},
{
"path": "CHANGELOG.md",
"chars": 89079,
"preview": "# Changelog\n\nAll notable changes to this project will be documented in this file. See [standard-version](https://github."
},
{
"path": "CODE_OF_CONDUCT.md",
"chars": 5486,
"preview": "# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nWe as members, contributors, and leaders pledge to make participa"
},
{
"path": "CONTRIBUTING.md",
"chars": 946,
"preview": "# Contributing to jose\n\nPlease note we have a [code of conduct][coc], please follow it in all your interactions with the"
},
{
"path": "LICENSE.md",
"chars": 1079,
"preview": "The MIT License (MIT)\n\nCopyright (c) 2018 Filip Skokan\n\nPermission is hereby granted, free of charge, to any person obta"
},
{
"path": "README.md",
"chars": 9476,
"preview": "# jose\n\n`jose` is a JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT"
},
{
"path": "SECURITY.md",
"chars": 9362,
"preview": "# Security Policy\n\n## Supported Versions\n\nThe following major versions are currently supported with security updates.\n\n|"
},
{
"path": "ava.config.mjs",
"chars": 254,
"preview": "const files = ['test/**/*.test.ts']\n\nif ('CITGM' in process.env) {\n files.push(\"!**/remote.test.ts\")\n}\n\nexport default "
},
{
"path": "cookbook/jwe.mjs",
"chars": 41160,
"preview": "export default [\n {\n title:\n 'https://www.rfc-editor.org/rfc/rfc7520#section-5.2 - Key Encryption using RSA-OAE"
},
{
"path": "cookbook/jws.mjs",
"chars": 72587,
"preview": "export default [\n {\n title: 'https://www.rfc-editor.org/rfc/rfc7520#section-4.1 - RSA v1.5 Signature',\n determini"
},
{
"path": "docs/README.md",
"chars": 5996,
"preview": "# `jose` API Documentation\n\n`jose` is JavaScript module for JSON Object Signing and Encryption, providing support for JS"
},
{
"path": "docs/jwe/compact/decrypt/README.md",
"chars": 225,
"preview": "# jwe/compact/decrypt\n\nDecrypting JSON Web Encryption (JWE) in Compact Serialization\n\n## Interfaces\n\n- [CompactDecryptGe"
},
{
"path": "docs/jwe/compact/decrypt/functions/compactDecrypt.md",
"chars": 3527,
"preview": "# Function: compactDecrypt()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to "
},
{
"path": "docs/jwe/compact/decrypt/interfaces/CompactDecryptGetKey.md",
"chars": 2370,
"preview": "# Interface: CompactDecryptGetKey()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the commun"
},
{
"path": "docs/jwe/compact/encrypt/README.md",
"chars": 144,
"preview": "# jwe/compact/encrypt\n\nEncrypting JSON Web Encryption (JWE) in Compact Serialization\n\n## Classes\n\n- [CompactEncrypt](cla"
},
{
"path": "docs/jwe/compact/encrypt/classes/CompactEncrypt.md",
"chars": 4350,
"preview": "# Class: CompactEncrypt\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to conti"
},
{
"path": "docs/jwe/flattened/decrypt/README.md",
"chars": 242,
"preview": "# jwe/flattened/decrypt\n\nDecrypting JSON Web Encryption (JWE) in Flattened JSON Serialization\n\n## Interfaces\n\n- [Flatten"
},
{
"path": "docs/jwe/flattened/decrypt/functions/flattenedDecrypt.md",
"chars": 3695,
"preview": "# Function: flattenedDecrypt()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community t"
},
{
"path": "docs/jwe/flattened/decrypt/interfaces/FlattenedDecryptGetKey.md",
"chars": 2377,
"preview": "# Interface: FlattenedDecryptGetKey()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the comm"
},
{
"path": "docs/jwe/flattened/encrypt/README.md",
"chars": 157,
"preview": "# jwe/flattened/encrypt\n\nEncrypting JSON Web Encryption (JWE) in Flattened JSON Serialization\n\n## Classes\n\n- [FlattenedE"
},
{
"path": "docs/jwe/flattened/encrypt/classes/FlattenedEncrypt.md",
"chars": 5800,
"preview": "# Class: FlattenedEncrypt\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to con"
},
{
"path": "docs/jwe/general/decrypt/README.md",
"chars": 230,
"preview": "# jwe/general/decrypt\n\nDecrypting JSON Web Encryption (JWE) in General JSON Serialization\n\n## Interfaces\n\n- [GeneralDecr"
},
{
"path": "docs/jwe/general/decrypt/functions/generalDecrypt.md",
"chars": 4182,
"preview": "# Function: generalDecrypt()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to "
},
{
"path": "docs/jwe/general/decrypt/interfaces/GeneralDecryptGetKey.md",
"chars": 2356,
"preview": "# Interface: GeneralDecryptGetKey()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the commun"
},
{
"path": "docs/jwe/general/encrypt/README.md",
"chars": 204,
"preview": "# jwe/general/encrypt\n\nEncrypting JSON Web Encryption (JWE) in General JSON Serialization\n\n## Classes\n\n- [GeneralEncrypt"
},
{
"path": "docs/jwe/general/encrypt/classes/GeneralEncrypt.md",
"chars": 3856,
"preview": "# Class: GeneralEncrypt\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to conti"
},
{
"path": "docs/jwe/general/encrypt/interfaces/Recipient.md",
"chars": 2789,
"preview": "# Interface: Recipient\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to contin"
},
{
"path": "docs/jwk/embedded/README.md",
"chars": 123,
"preview": "# jwk/embedded\n\nVerification using a JWK Embedded in a JWS Header\n\n## Functions\n\n- [EmbeddedJWK](functions/EmbeddedJWK.m"
},
{
"path": "docs/jwk/embedded/functions/EmbeddedJWK.md",
"chars": 2108,
"preview": "# Function: EmbeddedJWK()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to con"
},
{
"path": "docs/jwk/thumbprint/README.md",
"chars": 223,
"preview": "# jwk/thumbprint\n\nJSON Web Key Thumbprint and JSON Web Key Thumbprint URI\n\n## Functions\n\n- [calculateJwkThumbprint](func"
},
{
"path": "docs/jwk/thumbprint/functions/calculateJwkThumbprint.md",
"chars": 1606,
"preview": "# Function: calculateJwkThumbprint()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the commu"
},
{
"path": "docs/jwk/thumbprint/functions/calculateJwkThumbprintUri.md",
"chars": 1652,
"preview": "# Function: calculateJwkThumbprintUri()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the co"
},
{
"path": "docs/jwks/local/README.md",
"chars": 146,
"preview": "# jwks/local\n\nVerification using a JSON Web Key Set (JWKS) available locally\n\n## Functions\n\n- [createLocalJWKSet](functi"
},
{
"path": "docs/jwks/local/functions/createLocalJWKSet.md",
"chars": 3602,
"preview": "# Function: createLocalJWKSet()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community "
},
{
"path": "docs/jwks/remote/README.md",
"chars": 514,
"preview": "# jwks/remote\n\nVerification using a JSON Web Key Set (JWKS) available on an HTTP(S) URL\n\n## Interfaces\n\n- [ExportedJWKSC"
},
{
"path": "docs/jwks/remote/functions/createRemoteJWKSet.md",
"chars": 3375,
"preview": "# Function: createRemoteJWKSet()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community"
},
{
"path": "docs/jwks/remote/interfaces/ExportedJWKSCache.md",
"chars": 573,
"preview": "# Interface: ExportedJWKSCache\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community t"
},
{
"path": "docs/jwks/remote/interfaces/RemoteJWKSetOptions.md",
"chars": 1506,
"preview": "# Interface: RemoteJWKSetOptions\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community"
},
{
"path": "docs/jwks/remote/type-aliases/FetchImplementation.md",
"chars": 1527,
"preview": "# Type Alias: FetchImplementation\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the communit"
},
{
"path": "docs/jwks/remote/type-aliases/JWKSCacheInput.md",
"chars": 552,
"preview": "# Type Alias: JWKSCacheInput\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to "
},
{
"path": "docs/jwks/remote/variables/customFetch.md",
"chars": 3233,
"preview": "# Variable: customFetch\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to conti"
},
{
"path": "docs/jwks/remote/variables/jwksCache.md",
"chars": 2265,
"preview": "# Variable: jwksCache\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continu"
},
{
"path": "docs/jws/compact/sign/README.md",
"chars": 131,
"preview": "# jws/compact/sign\n\nSigning JSON Web Signature (JWS) in Compact Serialization\n\n## Classes\n\n- [CompactSign](classes/Compa"
},
{
"path": "docs/jws/compact/sign/classes/CompactSign.md",
"chars": 2465,
"preview": "# Class: CompactSign\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue"
},
{
"path": "docs/jws/compact/verify/README.md",
"chars": 218,
"preview": "# jws/compact/verify\n\nVerifying JSON Web Signature (JWS) in Compact Serialization\n\n## Interfaces\n\n- [CompactVerifyGetKey"
},
{
"path": "docs/jws/compact/verify/functions/compactVerify.md",
"chars": 3185,
"preview": "# Function: compactVerify()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to c"
},
{
"path": "docs/jws/compact/verify/interfaces/CompactVerifyGetKey.md",
"chars": 2510,
"preview": "# Interface: CompactVerifyGetKey()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the communi"
},
{
"path": "docs/jws/flattened/sign/README.md",
"chars": 144,
"preview": "# jws/flattened/sign\n\nSigning JSON Web Signature (JWS) in Flattened JSON Serialization\n\n## Classes\n\n- [FlattenedSign](cl"
},
{
"path": "docs/jws/flattened/sign/classes/FlattenedSign.md",
"chars": 2966,
"preview": "# Class: FlattenedSign\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to contin"
},
{
"path": "docs/jws/flattened/verify/README.md",
"chars": 235,
"preview": "# jws/flattened/verify\n\nVerifying JSON Web Signature (JWS) in Flattened JSON Serialization\n\n## Interfaces\n\n- [FlattenedV"
},
{
"path": "docs/jws/flattened/verify/functions/flattenedVerify.md",
"chars": 3213,
"preview": "# Function: flattenedVerify()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to"
},
{
"path": "docs/jws/flattened/verify/interfaces/FlattenedVerifyGetKey.md",
"chars": 2517,
"preview": "# Interface: FlattenedVerifyGetKey()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the commu"
},
{
"path": "docs/jws/general/sign/README.md",
"chars": 191,
"preview": "# jws/general/sign\n\nSigning JSON Web Signature (JWS) in General JSON Serialization\n\n## Classes\n\n- [GeneralSign](classes/"
},
{
"path": "docs/jws/general/sign/classes/GeneralSign.md",
"chars": 2497,
"preview": "# Class: GeneralSign\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue"
},
{
"path": "docs/jws/general/sign/interfaces/Signature.md",
"chars": 2524,
"preview": "# Interface: Signature\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to contin"
},
{
"path": "docs/jws/general/verify/README.md",
"chars": 223,
"preview": "# jws/general/verify\n\nVerifying JSON Web Signature (JWS) in General JSON Serialization\n\n## Interfaces\n\n- [GeneralVerifyG"
},
{
"path": "docs/jws/general/verify/functions/generalVerify.md",
"chars": 3709,
"preview": "# Function: generalVerify()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to c"
},
{
"path": "docs/jws/general/verify/interfaces/GeneralVerifyGetKey.md",
"chars": 2496,
"preview": "# Interface: GeneralVerifyGetKey()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the communi"
},
{
"path": "docs/jwt/decrypt/README.md",
"chars": 249,
"preview": "# jwt/decrypt\n\nJSON Web Token (JWT) Decryption (JWT is in JWE format)\n\n## Interfaces\n\n- [JWTDecryptGetKey](interfaces/JW"
},
{
"path": "docs/jwt/decrypt/functions/jwtDecrypt.md",
"chars": 3904,
"preview": "# Function: jwtDecrypt()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to cont"
},
{
"path": "docs/jwt/decrypt/interfaces/JWTDecryptGetKey.md",
"chars": 2324,
"preview": "# Interface: JWTDecryptGetKey()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community "
},
{
"path": "docs/jwt/decrypt/interfaces/JWTDecryptOptions.md",
"chars": 5417,
"preview": "# Interface: JWTDecryptOptions\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community t"
},
{
"path": "docs/jwt/encrypt/README.md",
"chars": 121,
"preview": "# jwt/encrypt\n\nJSON Web Token (JWT) Encryption (JWT is in JWE format)\n\n## Classes\n\n- [EncryptJWT](classes/EncryptJWT.md)"
},
{
"path": "docs/jwt/encrypt/classes/EncryptJWT.md",
"chars": 10492,
"preview": "# Class: EncryptJWT\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue "
},
{
"path": "docs/jwt/sign/README.md",
"chars": 109,
"preview": "# jwt/sign\n\nJSON Web Token (JWT) Signing (JWT is in JWS format)\n\n## Classes\n\n- [SignJWT](classes/SignJWT.md)\n"
},
{
"path": "docs/jwt/sign/classes/SignJWT.md",
"chars": 11994,
"preview": "# Class: SignJWT\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue mai"
},
{
"path": "docs/jwt/unsecured/README.md",
"chars": 196,
"preview": "# jwt/unsecured\n\nUnsecured (unsigned & unencrypted) JSON Web Tokens (JWT)\n\n## Classes\n\n- [UnsecuredJWT](classes/Unsecure"
},
{
"path": "docs/jwt/unsecured/classes/UnsecuredJWT.md",
"chars": 7387,
"preview": "# Class: UnsecuredJWT\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continu"
},
{
"path": "docs/jwt/unsecured/interfaces/UnsecuredResult.md",
"chars": 735,
"preview": "# Interface: UnsecuredResult\\<PayloadType\\>\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from th"
},
{
"path": "docs/jwt/verify/README.md",
"chars": 244,
"preview": "# jwt/verify\n\nJSON Web Token (JWT) Verification (JWT is in JWS format)\n\n## Interfaces\n\n- [JWTVerifyGetKey](interfaces/JW"
},
{
"path": "docs/jwt/verify/functions/jwtVerify.md",
"chars": 6742,
"preview": "# Function: jwtVerify()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to conti"
},
{
"path": "docs/jwt/verify/interfaces/JWTVerifyGetKey.md",
"chars": 2447,
"preview": "# Interface: JWTVerifyGetKey()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community t"
},
{
"path": "docs/jwt/verify/interfaces/JWTVerifyOptions.md",
"chars": 4347,
"preview": "# Interface: JWTVerifyOptions\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to"
},
{
"path": "docs/key/export/README.md",
"chars": 184,
"preview": "# key/export\n\nCryptographic key export functions\n\n## Functions\n\n- [exportJWK](functions/exportJWK.md)\n- [exportPKCS8](fu"
},
{
"path": "docs/key/export/functions/exportJWK.md",
"chars": 1544,
"preview": "# Function: exportJWK()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to conti"
},
{
"path": "docs/key/export/functions/exportPKCS8.md",
"chars": 1266,
"preview": "# Function: exportPKCS8()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to con"
},
{
"path": "docs/key/export/functions/exportSPKI.md",
"chars": 1257,
"preview": "# Function: exportSPKI()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to cont"
},
{
"path": "docs/key/generate_key_pair/README.md",
"chars": 262,
"preview": "# key/generate\\_key\\_pair\n\nAsymmetric key generation\n\n## Interfaces\n\n- [GenerateKeyPairOptions](interfaces/GenerateKeyPa"
},
{
"path": "docs/key/generate_key_pair/functions/generateKeyPair.md",
"chars": 1782,
"preview": "# Function: generateKeyPair()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to"
},
{
"path": "docs/key/generate_key_pair/interfaces/GenerateKeyPairOptions.md",
"chars": 1266,
"preview": "# Interface: GenerateKeyPairOptions\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the commun"
},
{
"path": "docs/key/generate_key_pair/interfaces/GenerateKeyPairResult.md",
"chars": 672,
"preview": "# Interface: GenerateKeyPairResult\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the communi"
},
{
"path": "docs/key/generate_secret/README.md",
"chars": 191,
"preview": "# key/generate\\_secret\n\nSymmetric key generation\n\n## Interfaces\n\n- [GenerateSecretOptions](interfaces/GenerateSecretOpti"
},
{
"path": "docs/key/generate_secret/functions/generateSecret.md",
"chars": 2005,
"preview": "# Function: generateSecret()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to "
},
{
"path": "docs/key/generate_secret/interfaces/GenerateSecretOptions.md",
"chars": 793,
"preview": "# Interface: GenerateSecretOptions\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the communi"
},
{
"path": "docs/key/import/README.md",
"chars": 293,
"preview": "# key/import\n\nCryptographic key import functions\n\n## Interfaces\n\n- [KeyImportOptions](interfaces/KeyImportOptions.md)\n\n#"
},
{
"path": "docs/key/import/functions/importJWK.md",
"chars": 2807,
"preview": "# Function: importJWK()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to conti"
},
{
"path": "docs/key/import/functions/importPKCS8.md",
"chars": 1917,
"preview": "# Function: importPKCS8()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to con"
},
{
"path": "docs/key/import/functions/importSPKI.md",
"chars": 1842,
"preview": "# Function: importSPKI()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to cont"
},
{
"path": "docs/key/import/functions/importX509.md",
"chars": 2215,
"preview": "# Function: importX509()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to cont"
},
{
"path": "docs/key/import/interfaces/KeyImportOptions.md",
"chars": 603,
"preview": "# Interface: KeyImportOptions\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to"
},
{
"path": "docs/types/README.md",
"chars": 2388,
"preview": "# types\n\n## Interfaces\n\n- [CompactDecryptResult](interfaces/CompactDecryptResult.md)\n- [CompactJWEHeaderParameters](inte"
},
{
"path": "docs/types/interfaces/CompactDecryptResult.md",
"chars": 642,
"preview": "# Interface: CompactDecryptResult\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the communit"
},
{
"path": "docs/types/interfaces/CompactJWEHeaderParameters.md",
"chars": 2161,
"preview": "# Interface: CompactJWEHeaderParameters\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the co"
},
{
"path": "docs/types/interfaces/CompactJWSHeaderParameters.md",
"chars": 1870,
"preview": "# Interface: CompactJWSHeaderParameters\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the co"
},
{
"path": "docs/types/interfaces/CompactVerifyResult.md",
"chars": 641,
"preview": "# Interface: CompactVerifyResult\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community"
},
{
"path": "docs/types/interfaces/CritOption.md",
"chars": 1527,
"preview": "# Interface: CritOption\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to conti"
},
{
"path": "docs/types/interfaces/DecryptOptions.md",
"chars": 2834,
"preview": "# Interface: DecryptOptions\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to c"
},
{
"path": "docs/types/interfaces/EncryptOptions.md",
"chars": 1461,
"preview": "# Interface: EncryptOptions\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to c"
},
{
"path": "docs/types/interfaces/FlattenedDecryptResult.md",
"chars": 1183,
"preview": "# Interface: FlattenedDecryptResult\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the commun"
},
{
"path": "docs/types/interfaces/FlattenedJWE.md",
"chars": 2637,
"preview": "# Interface: FlattenedJWE\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to con"
},
{
"path": "docs/types/interfaces/FlattenedJWS.md",
"chars": 1611,
"preview": "# Interface: FlattenedJWS\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to con"
},
{
"path": "docs/types/interfaces/FlattenedJWSInput.md",
"chars": 1753,
"preview": "# Interface: FlattenedJWSInput\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community t"
},
{
"path": "docs/types/interfaces/FlattenedVerifyResult.md",
"chars": 810,
"preview": "# Interface: FlattenedVerifyResult\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the communi"
},
{
"path": "docs/types/interfaces/GeneralDecryptResult.md",
"chars": 1179,
"preview": "# Interface: GeneralDecryptResult\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the communit"
},
{
"path": "docs/types/interfaces/GeneralJWE.md",
"chars": 2166,
"preview": "# Interface: GeneralJWE\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to conti"
},
{
"path": "docs/types/interfaces/GeneralJWS.md",
"chars": 720,
"preview": "# Interface: GeneralJWS\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to conti"
},
{
"path": "docs/types/interfaces/GeneralJWSInput.md",
"chars": 1341,
"preview": "# Interface: GeneralJWSInput\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to "
},
{
"path": "docs/types/interfaces/GeneralVerifyResult.md",
"chars": 806,
"preview": "# Interface: GeneralVerifyResult\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community"
},
{
"path": "docs/types/interfaces/GetKeyFunction.md",
"chars": 2176,
"preview": "# Interface: GetKeyFunction()\\<IProtectedHeader, IToken\\>\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nS"
},
{
"path": "docs/types/interfaces/JSONWebKeySet.md",
"chars": 381,
"preview": "# Interface: JSONWebKeySet\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to co"
},
{
"path": "docs/types/interfaces/JWEHeaderParameters.md",
"chars": 2172,
"preview": "# Interface: JWEHeaderParameters\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community"
},
{
"path": "docs/types/interfaces/JWEKeyManagementHeaderParameters.md",
"chars": 1878,
"preview": "# Interface: JWEKeyManagementHeaderParameters\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from "
},
{
"path": "docs/types/interfaces/JWK.md",
"chars": 3251,
"preview": "# Interface: JWK\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue mai"
},
{
"path": "docs/types/interfaces/JWKParameters.md",
"chars": 1351,
"preview": "# Interface: JWKParameters\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to co"
},
{
"path": "docs/types/interfaces/JWK_AKP_Private.md",
"chars": 1437,
"preview": "# Interface: JWK\\_AKP\\_Private\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community t"
},
{
"path": "docs/types/interfaces/JWK_AKP_Public.md",
"chars": 1354,
"preview": "# Interface: JWK\\_AKP\\_Public\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to"
},
{
"path": "docs/types/interfaces/JWK_EC_Private.md",
"chars": 1646,
"preview": "# Interface: JWK\\_EC\\_Private\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to"
},
{
"path": "docs/types/interfaces/JWK_EC_Public.md",
"chars": 1573,
"preview": "# Interface: JWK\\_EC\\_Public\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to "
},
{
"path": "docs/types/interfaces/JWK_OKP_Private.md",
"chars": 1603,
"preview": "# Interface: JWK\\_OKP\\_Private\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community t"
},
{
"path": "docs/types/interfaces/JWK_OKP_Public.md",
"chars": 1529,
"preview": "# Interface: JWK\\_OKP\\_Public\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to"
},
{
"path": "docs/types/interfaces/JWK_RSA_Private.md",
"chars": 1979,
"preview": "# Interface: JWK\\_RSA\\_Private\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community t"
},
{
"path": "docs/types/interfaces/JWK_RSA_Public.md",
"chars": 1501,
"preview": "# Interface: JWK\\_RSA\\_Public\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to"
},
{
"path": "docs/types/interfaces/JWK_oct.md",
"chars": 1423,
"preview": "# Interface: JWK\\_oct\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continu"
},
{
"path": "docs/types/interfaces/JWSHeaderParameters.md",
"chars": 1868,
"preview": "# Interface: JWSHeaderParameters\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community"
},
{
"path": "docs/types/interfaces/JWTClaimVerificationOptions.md",
"chars": 2614,
"preview": "# Interface: JWTClaimVerificationOptions\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the c"
},
{
"path": "docs/types/interfaces/JWTDecryptResult.md",
"chars": 742,
"preview": "# Interface: JWTDecryptResult\\<PayloadType\\>\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from t"
},
{
"path": "docs/types/interfaces/JWTHeaderParameters.md",
"chars": 1859,
"preview": "# Interface: JWTHeaderParameters\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community"
},
{
"path": "docs/types/interfaces/JWTPayload.md",
"chars": 1547,
"preview": "# Interface: JWTPayload\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to conti"
},
{
"path": "docs/types/interfaces/JWTVerifyResult.md",
"chars": 726,
"preview": "# Interface: JWTVerifyResult\\<PayloadType\\>\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from th"
},
{
"path": "docs/types/interfaces/JoseHeaderParameters.md",
"chars": 1254,
"preview": "# Interface: JoseHeaderParameters\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the communit"
},
{
"path": "docs/types/interfaces/KeyObject.md",
"chars": 885,
"preview": "# Interface: KeyObject\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to contin"
},
{
"path": "docs/types/interfaces/ProduceJWT.md",
"chars": 5608,
"preview": "# Interface: ProduceJWT\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to conti"
},
{
"path": "docs/types/interfaces/ResolvedKey.md",
"chars": 639,
"preview": "# Interface: ResolvedKey\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to cont"
},
{
"path": "docs/types/interfaces/SignOptions.md",
"chars": 1455,
"preview": "# Interface: SignOptions\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to cont"
},
{
"path": "docs/types/interfaces/VerifyOptions.md",
"chars": 1764,
"preview": "# Interface: VerifyOptions\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to co"
},
{
"path": "docs/types/type-aliases/CryptoKey.md",
"chars": 1177,
"preview": "# Type Alias: CryptoKey\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to conti"
},
{
"path": "docs/util/base64url/README.md",
"chars": 139,
"preview": "# util/base64url\n\nBase64URL encoding and decoding utilities\n\n## Functions\n\n- [decode](functions/decode.md)\n- [encode](fu"
},
{
"path": "docs/util/base64url/functions/decode.md",
"chars": 763,
"preview": "# Function: decode()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue"
},
{
"path": "docs/util/base64url/functions/encode.md",
"chars": 592,
"preview": "# Function: encode()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue"
},
{
"path": "docs/util/decode_jwt/README.md",
"chars": 153,
"preview": "# util/decode\\_jwt\n\nJSON Web Token (JWT) Claims Set Decoding (no validation, no signature checking)\n\n## Functions\n\n- [de"
},
{
"path": "docs/util/decode_jwt/functions/decodeJwt.md",
"chars": 1353,
"preview": "# Function: decodeJwt()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to conti"
},
{
"path": "docs/util/decode_protected_header/README.md",
"chars": 272,
"preview": "# util/decode\\_protected\\_header\n\nJOSE Protected Header Decoding (JWE, JWS, all serialization syntaxes)\n\n## Type Aliases"
},
{
"path": "docs/util/decode_protected_header/functions/decodeProtectedHeader.md",
"chars": 1037,
"preview": "# Function: decodeProtectedHeader()\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the commun"
},
{
"path": "docs/util/decode_protected_header/type-aliases/ProtectedHeaderParameters.md",
"chars": 536,
"preview": "# Type Alias: ProtectedHeaderParameters\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the co"
},
{
"path": "docs/util/errors/README.md",
"chars": 789,
"preview": "# util/errors\n\nJOSE module errors and error codes\n\n## Classes\n\n- [JOSEAlgNotAllowed](classes/JOSEAlgNotAllowed.md)\n- [JO"
},
{
"path": "docs/util/errors/classes/JOSEAlgNotAllowed.md",
"chars": 789,
"preview": "# Class: JOSEAlgNotAllowed\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to co"
},
{
"path": "docs/util/errors/classes/JOSEError.md",
"chars": 591,
"preview": "# Class: JOSEError\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue m"
},
{
"path": "docs/util/errors/classes/JOSENotSupported.md",
"chars": 818,
"preview": "# Class: JOSENotSupported\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to con"
},
{
"path": "docs/util/errors/classes/JWEDecryptionFailed.md",
"chars": 774,
"preview": "# Class: JWEDecryptionFailed\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to "
},
{
"path": "docs/util/errors/classes/JWEInvalid.md",
"chars": 710,
"preview": "# Class: JWEInvalid\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue "
},
{
"path": "docs/util/errors/classes/JWKInvalid.md",
"chars": 710,
"preview": "# Class: JWKInvalid\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue "
},
{
"path": "docs/util/errors/classes/JWKSInvalid.md",
"chars": 716,
"preview": "# Class: JWKSInvalid\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue"
},
{
"path": "docs/util/errors/classes/JWKSMultipleMatchingKeys.md",
"chars": 799,
"preview": "# Class: JWKSMultipleMatchingKeys\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the communit"
},
{
"path": "docs/util/errors/classes/JWKSNoMatchingKey.md",
"chars": 758,
"preview": "# Class: JWKSNoMatchingKey\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to co"
},
{
"path": "docs/util/errors/classes/JWKSTimeout.md",
"chars": 722,
"preview": "# Class: JWKSTimeout\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue"
},
{
"path": "docs/util/errors/classes/JWSInvalid.md",
"chars": 710,
"preview": "# Class: JWSInvalid\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue "
},
{
"path": "docs/util/errors/classes/JWSSignatureVerificationFailed.md",
"chars": 830,
"preview": "# Class: JWSSignatureVerificationFailed\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the co"
},
{
"path": "docs/util/errors/classes/JWTClaimValidationFailed.md",
"chars": 1364,
"preview": "# Class: JWTClaimValidationFailed\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the communit"
},
{
"path": "docs/util/errors/classes/JWTExpired.md",
"chars": 1267,
"preview": "# Class: JWTExpired\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue "
},
{
"path": "docs/util/errors/classes/JWTInvalid.md",
"chars": 710,
"preview": "# Class: JWTInvalid\n\n## [💗 Help the project](https://github.com/sponsors/panva)\n\nSupport from the community to continue "
},
{
"path": "jsr.json",
"chars": 1782,
"preview": "{\n \"$schema\": \"https://jsr.io/schema/config-file.v1.json\",\n \"name\": \"@panva/jose\",\n \"version\": \"6.2.2\",\n \"exports\": "
},
{
"path": "package.json",
"chars": 8037,
"preview": "{\n \"name\": \"jose\",\n \"version\": \"6.2.2\",\n \"description\": \"JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudfla"
},
{
"path": "patches/typedoc-plugin-markdown+4.11.0.patch",
"chars": 5652,
"preview": "diff --git a/node_modules/typedoc-plugin-markdown/dist/libs/utils/escape-chars.js b/node_modules/typedoc-plugin-markdown"
},
{
"path": "patches/typedoc-plugin-mdn-links+5.1.1.patch",
"chars": 898,
"preview": "diff --git a/node_modules/typedoc-plugin-mdn-links/data/web-api.json b/node_modules/typedoc-plugin-mdn-links/data/web-ap"
},
{
"path": "playwright.config.ts",
"chars": 350,
"preview": "import { defineConfig, devices } from '@playwright/test'\n\nexport default defineConfig({\n testDir: './tap',\n testMatch:"
},
{
"path": "src/index.ts",
"chars": 3947,
"preview": "export { compactDecrypt } from './jwe/compact/decrypt.js'\nexport type { CompactDecryptGetKey } from './jwe/compact/decry"
},
{
"path": "src/jwe/compact/decrypt.ts",
"chars": 3455,
"preview": "/**\n * Decrypting JSON Web Encryption (JWE) in Compact Serialization\n *\n * @module\n */\n\nimport { flattenedDecrypt } from"
},
{
"path": "src/jwe/compact/encrypt.ts",
"chars": 3324,
"preview": "/**\n * Encrypting JSON Web Encryption (JWE) in Compact Serialization\n *\n * @module\n */\n\nimport type * as types from '../"
},
{
"path": "src/jwe/flattened/decrypt.ts",
"chars": 10054,
"preview": "/**\n * Decrypting JSON Web Encryption (JWE) in Flattened JSON Serialization\n *\n * @module\n */\n\nimport type * as types fr"
},
{
"path": "src/jwe/flattened/encrypt.ts",
"chars": 9689,
"preview": "/**\n * Encrypting JSON Web Encryption (JWE) in Flattened JSON Serialization\n *\n * @module\n */\n\nimport { encode as b64u }"
},
{
"path": "src/jwe/general/decrypt.ts",
"chars": 4275,
"preview": "/**\n * Decrypting JSON Web Encryption (JWE) in General JSON Serialization\n *\n * @module\n */\n\nimport { flattenedDecrypt }"
},
{
"path": "src/jwe/general/encrypt.ts",
"chars": 10890,
"preview": "/**\n * Encrypting JSON Web Encryption (JWE) in General JSON Serialization\n *\n * @module\n */\n\nimport type * as types from"
},
{
"path": "src/jwk/embedded.ts",
"chars": 2089,
"preview": "/**\n * Verification using a JWK Embedded in a JWS Header\n *\n * @module\n */\n\nimport type * as types from '../types.d.ts'\n"
},
{
"path": "src/jwk/thumbprint.ts",
"chars": 4527,
"preview": "/**\n * JSON Web Key Thumbprint and JSON Web Key Thumbprint URI\n *\n * @module\n */\n\nimport { digest } from '../lib/helpers"
},
{
"path": "src/jwks/local.ts",
"chars": 7573,
"preview": "/**\n * Verification using a JSON Web Key Set (JWKS) available locally\n *\n * @module\n */\n\nimport type * as types from '.."
},
{
"path": "src/jwks/remote.ts",
"chars": 16645,
"preview": "/**\n * Verification using a JSON Web Key Set (JWKS) available on an HTTP(S) URL\n *\n * @module\n */\n\nimport type * as type"
},
{
"path": "src/jws/compact/sign.ts",
"chars": 1902,
"preview": "/**\n * Signing JSON Web Signature (JWS) in Compact Serialization\n *\n * @module\n */\n\nimport type * as types from '../../t"
},
{
"path": "src/jws/compact/verify.ts",
"chars": 3120,
"preview": "/**\n * Verifying JSON Web Signature (JWS) in Compact Serialization\n *\n * @module\n */\n\nimport type * as types from '../.."
},
{
"path": "src/jws/flattened/sign.ts",
"chars": 4871,
"preview": "/**\n * Signing JSON Web Signature (JWS) in Flattened JSON Serialization\n *\n * @module\n */\n\nimport type * as types from '"
},
{
"path": "src/jws/flattened/verify.ts",
"chars": 6638,
"preview": "/**\n * Verifying JSON Web Signature (JWS) in Flattened JSON Serialization\n *\n * @module\n */\n\nimport type * as types from"
},
{
"path": "src/jws/general/sign.ts",
"chars": 4726,
"preview": "/**\n * Signing JSON Web Signature (JWS) in General JSON Serialization\n *\n * @module\n */\n\nimport type * as types from '.."
},
{
"path": "src/jws/general/verify.ts",
"chars": 3779,
"preview": "/**\n * Verifying JSON Web Signature (JWS) in General JSON Serialization\n *\n * @module\n */\n\nimport type * as types from '"
},
{
"path": "src/jwt/decrypt.ts",
"chars": 4050,
"preview": "/**\n * JSON Web Token (JWT) Decryption (JWT is in JWE format)\n *\n * @module\n */\n\nimport type * as types from '../types.d"
},
{
"path": "src/jwt/encrypt.ts",
"chars": 6323,
"preview": "/**\n * JSON Web Token (JWT) Encryption (JWT is in JWE format)\n *\n * @module\n */\n\nimport type * as types from '../types.d"
},
{
"path": "src/jwt/sign.ts",
"chars": 7491,
"preview": "/**\n * JSON Web Token (JWT) Signing (JWT is in JWS format)\n *\n * @module\n */\n\nimport { CompactSign } from '../jws/compac"
},
{
"path": "src/jwt/unsecured.ts",
"chars": 3537,
"preview": "/**\n * Unsecured (unsigned & unencrypted) JSON Web Tokens (JWT)\n *\n * @module\n */\n\nimport * as b64u from '../util/base64"
},
{
"path": "src/jwt/verify.ts",
"chars": 6660,
"preview": "/**\n * JSON Web Token (JWT) Verification (JWT is in JWS format)\n *\n * @module\n */\n\nimport { compactVerify } from '../jws"
}
]
// ... and 109 more files (download for full content)
About this extraction
This page contains the full source code of the panva/jose GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 309 files (1014.6 KB), approximately 361.4k tokens, and a symbol index with 392 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.