Skip to content
Daniel edited this page Feb 23, 2018 · 24 revisions

A JSON Web Signature (JWS) represents content secured with digital signatures. It provides integrity protection for the content it represents. A JWS consists of two JSON-based data structures and a signature:

  1. Header
  2. Payload
  3. Signature

Header

The JWS Header is a JSON object specifying the algorithm used to compute the signature of a JWS. Optionally it can contain additional properties of the JWS.

Example

The following header specifies that the JWS' signature is computed with the RSASSA-PKCS1-v1_5 using SHA-512 algorithm.

{ "alg": "RS512" }

A detailed list describing possible header parameters can be found here.

Payload

The JWS Payload is the data being secured by the JWS.

Example

The following string, encoded as UTF-8 data, is an example of a JWS Payload.

"Trumpets of Mexico 🏜"

Signature

The JWS Signature is a digital signature over the JWS Header and JWS Payload. It is computed using the algorithm specified in the JWS Header.

The signing input is the following concatenation:

ascii(base64URL(utf8(JWS Header)) + "." + base64url(payload))

Example

The following is the signing input for the header and payload described above:

eyAiYWxnIjogIlJTNTEyIiB9.VHJ1bXBldHMgb2YgTWV4aWNvIPCfj5w

Serialization

JOSESwift implements compact serialization for JWS. In this format, a JWS is the following concatenation:

base64url(header) + "." + base64url(payload) + "." base64url(signature)

Example

Given the following header and payload:

// Header
{ "alg": "RS512" }

// Payload
"Trumpets of Mexico 🏜"

We get the following base64url encodings:

// base64url(header)
eyAiYWxnIjogIlJTNTEyIiB9

// base64url(payload)
VHJ1bXBldHMgb2YgTWV4aWNvIPCfj5w

// base64url(signature)
TwJS6...YvlTQ

Which yields the following JWS in compact serialization:

eyAiYWxnIjogIlJTNTEyIiB9.VHJ1bXBldHMgb2YgTWV4aWNvIPCfj5w.TwJS6...YvlTQ
Clone this wiki locally