URL Link //n.sfs.tw/10097

2016-10-29 21:35:52 By 張○○

JWS (JSON Web Signatures) 定義在RFC7515[1]

   JSON Web Signature (JWS) represents content secured with digital
   signatures or Message Authentication Codes (MACs) using JSON-based
   data structures.

使用數位簽章 或 以Json為底的資料結構訊息認證碼[2] 來確保內容安全 的網頁簽章方式


   o  JOSE Header
   o  JWS Payload
   o  JWS Signature


   o  JWS Protected Header
   o  JWS Unprotected Header

JOSE (JSON Object Signing and Encryption)[5] 是JSON物件簽章和編碼的方法

JWE (JSON Web Encryption)定義在RFC7516[3]中:

   JSON Web Encryption (JWE) represents encrypted content using JSON-
   based data structures [RFC7159].  The JWE cryptographic mechanisms
   encrypt and provide integrity protection for an arbitrary sequence of

上面提到使用以Json為底的資料結構訊息認證碼加密後的內容就是 JWE

JWT ( JSON Web Token)定義在RFC7519[2]中:

   JSON Web Token (JWT) is a compact claims representation format
   intended for space constrained environments such as HTTP
   Authorization headers and URI query parameters.  JWTs encode claims
   to be transmitted as a JSON [RFC7159] object that is used as the
   payload of a JSON Web Signature (JWS) [JWS] structure or as the
   plaintext of a JSON Web Encryption (JWE) [JWE] structure, enabling
   the claims to be digitally signed or integrity protected with a
   Message Authentication Code (MAC) and/or encrypted.  JWTs are always
   represented using the JWS Compact Serialization or the JWE Compact

JWT是緊湊宣告表示格式,適用於空間受限的環境,像HTTP的授權表頭 或 URI的query參數。JWT可放在JWS的載體或JWE的文字方式承載。


在Nimbus JOSE+ JWT是有名的JAVA library [4],可以採用maven安裝,來看一下他的範例

// Create an HMAC-protected JWS object with some payload
JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.HS256),
                                    new Payload("Hello world!"));
// We need a 256-bit key for HS256 which must be pre-shared
byte[] sharedKey = new byte[32];
new SecureRandom().nextBytes(sharedKey);
// Apply the HMAC to the JWS object
jwsObject.sign(new MACSigner(sharedKey));
// Output to URL-safe format



[1] RFC7515 JWS https://tools.ietf.org/html/rfc7515
[2] RFC 7159 JWT RFC7159
[3] RFC7516 JWE https://tools.ietf.org/html/rfc7516
[4] Nimbus JOSE+JWT @connect2id
[5] JOSE https://datatracker.ietf.org/wg/jose/documents/