JOSE

2 min read

The global jose variable provides support for the Javascript Object Signing and Encryption (JOSE) standard. Supported parts of this specification are:

  • Generating key sets (JWKs)
  • Signing and verifying JWS
  • Encrypting and decrypting JWE

You may be familiar with Json Web Tokens (JWT). These are based on the JWS standard, but with a predefined format for the payload. You can create a JWT with the jose.signJws method.

These methods use the PEM or JWK format for cryptographic keys. PEM keys are passed as strings. These are base64 encoded and start with "-----BEGIN PRIVATE KEY-----". Json Web Keys (JWKs) are objects with at least the kty (key type) and kid (key id) properties, as defined in the JOSE standard. A key set is an array containing such objects.

Json Web Key (JWT)

Generate a new public and private key pair using the jose.generateKey function.

generateKey(): Promise<{
  private: JsonWebKey;
  public: JsonWebKey;
}>;

Json Web Signature (JWS)

Sign and verify payloads using these methods.

signJws(payload: any, jwk: JsonWebKey | string): Promise<string>;
verifyJws(jws: string, jwks: JsonWebKeySet): Promise<any | null>;

Json Web Encryption (JWE)

Encrypt or decrypt data using these methods.

encryptJwe(payload: any, jwk: JsonWebKey | string): Promise<string>;
decryptJwe(jwe: string, jwks: JsonWebKeySet): Promise<any | null>;