All notable changes to this project will be documented in this file. See standard-version for commit guidelines.
2.0.7 (2024-03-07)
- add a maxOutputLength option to zlib inflate (02a6579)
2.0.6 (2022-09-01)
- limit default PBES2 alg's computational expense (c1512be)
2.0.5 (2021-04-09)
- defer AES CBC w/ HMAC decryption after tag verification passes (812e03f)
2.0.4 (2021-01-18)
- improve base64url encoding when available in Node.js (d5af559)
2.0.3 (2020-10-29)
- allow stubbing of the JWT.decode function (6c3b92f)
2.0.2 (2020-09-14)
- esm: include esm files in the published package (1956746)
2.0.1 (2020-09-10)
- allow plugins such as jose-chacha to work in newer node runtime (30f1dc2)
2.0.0 (2020-09-08)
- the
JWE.decrypt
optionalgorithms
was removed and replaced with contentEncryptionAlgorithms (handlesenc
allowlist) and keyManagementAlgorithms (handlesalg
allowlist) - the
JWT.verify
profile option was removed, use e.g.JWT.IdToken.verify
instead. - removed the
maxAuthAge
JWT.verify
option, this option is now only present at the specific JWT profile APIs where theauth_time
property applies. - removed the
nonce
JWT.verify
option, this option is now only present at the specific JWT profile APIs where thenonce
property applies. - the
acr
,amr
,nonce
andazp
claim value types will only be checked when verifying a specific JWT profile using its dedicated API. - using the draft implementing APIs will emit a one-time
warning per process using
process.emitWarning
JWT.sign
function options no longer accept anonce
property. To create a JWT with anonce
just pass the value to the payload.- due to added ESM module support Node.js version with
ESM implementation bugs are no longer supported, this only affects early
v13.x versions. The resulting Node.js semver range is
>=10.13.0 < 13 || >=13.7.0
- deprecated method
JWK.importKey
was removed - deprecated method
JWKS.KeyStore.fromJWKS
was removed - the use of unregistered curve name P-256K for secp256k1 was removed
- jose.JWE.Encrypt constructor aad and unprotectedHeader arguments swapped places
- jose.JWE.encrypt.flattened header (unprotectedHeader) and aad arguments swapped places
- jose.JWE.encrypt.general header (unprotectedHeader) and aad arguments swapped places
- JWS.verify returned payloads are now always buffers
- JWS.verify options
encoding
andparse
were removed
- added support for ESM (ECMAScript modules) (1aa9035)
- decrypt allowlists for both key management and content encryption (30e5c46)
- typescript: allow Buffer when verifying detached signature (cadbd04)
- typescript: properly type all decode/verify/decrypt fn options (4c23bd6)
- encrypt APIs unprotectedHeader and aad arguments swapped (70bd4ae)
- move JWT profile specifics outside of generic JWT (fd69d7f)
- removed
nonce
option fromJWT.sign
(c4267cc) - removed deprecated methods and utilities (6c35c51)
- removed payload parsing from JWS.verify (ba5c897)
1.28.0 (2020-08-10)
1.27.3 (2020-08-04)
- do not mutate unencoded payload when signing for multiple parties (1695423), closes #89
- ensure "b64" is the same for all recipients edge cases (d56ec9f)
1.27.2 (2020-07-01)
1.27.1 (2020-06-01)
- allow any JSON numeric value for timestamp values (7ba4922)
1.27.0 (2020-05-05)
- add opt-in objects to verify using embedded JWS Header public keys (7c1cab1)
1.26.1 (2020-04-27)
- typescript: types of key generate functions without overloads (7e60722), closes #80
- "typ" content-type validation, case insensitive and handled prefix (0691586)
1.26.0 (2020-04-16)
- update JWT Profile for OAuth 2.0 Access Tokens to latest draft (8c0a8a9)
at+JWT
JWT draft profile - in the draft's Section 2.2 the claimsiat
andjti
are now REQUIRED (was RECOMMENDED).
1.25.2 (2020-04-15)
- build: don't publish junk files (6e98c1a)
1.25.1 (2020-04-15)
- use native openssl AES Key Wrap 🤦 (dcf8d75)
1.25.0 (2020-03-11)
- update JWT Profile for OAuth 2.0 Access Tokens to latest draft (bc77a15)
1.24.1 (2020-03-05)
- allow importing simpler passphrases as
oct
keys (f86bda3)
1.24.0 (2020-02-25)
- add JWT.verify "typ" option for checking JWT Type Header parameter (fc08426)
1.23.0 (2020-02-18)
- add ECDH-ES with X25519 and X448 OKP keys (38369ea)
- add RSA-OAEP-384 and RSA-OAEP-512 JWE Key Management Algorithms (7477f08)
1.22.2 (2020-02-06)
- various codepaths refactored (3e3d7dd)
1.22.1 (2020-02-03)
- actually remove the base64url proper encoding check (eae01b5)
1.22.0 (2020-01-29)
- keystore filtering by JWK Key thumbprint (a9f6f71)
- base64url decode, JWT.verify, JWK.Key instance re-use (470b4c7)
1.21.1 (2020-01-25)
- contactKDF iteration count fixed for key sizes larger than 256 bits (70ff222)
1.21.0 (2020-01-23)
- typescript: don't expose non existant classes, fix decode key (0f8bf88)
- add opt-in support for Unsecured JWS algorithm "none" (3a6d17f)
1.20.0 (2020-01-16)
1.19.0 (2020-01-13)
- exposed shorthands for JWT verification profiles (b1864e3)
1.18.2 (2020-01-08)
- ensure asn1.js version to remove Buffer deprecation notice (13b1106)
- expose JOSENotSupported key import errors on unsupported runtimes (bc81e5d)
- typo in JOSENotSupported error when x509 certs are not supported (bb58c9c)
1.18.1 (2020-01-01)
- force iat past check when maxTokenAge option is used + JWT refactor (828ad5a)
1.18.0 (2019-12-31)
- add JWT validation profiles for Access Tokens and Logout Tokens (7bb5c95)
1.17.2 (2019-12-17)
- skip validating iat is in the past when exp is present (0ed5025)
1.17.1 (2019-12-10)
- properly fail to import unsupported openssh keys (bee5744)
1.17.0 (2019-12-10)
1.16.2 (2019-12-05)
1.16.1 (2019-12-05)
- allow PBES2 for the correct JWK
use
values (f0d7194)
1.16.0 (2019-12-04)
1.15.1 (2019-11-30)
- typescript: export Key Input types (0277fcd)
1.15.0 (2019-11-27)
- default JWT.sign
kid
option value is false for HMAC signatures (ce77388)
- allow JWK.asKey inputs for sign/verify/encrypt/decrypt operations (5e1009a)
1.14.0 (2019-11-26)
- allow JWKS.KeyStore .all and .get to filter for key curves (ea60338)
1.13.0 (2019-11-23)
- return the CEK from JWE.decrypt operation with { complete: true } (c3eb845)
1.12.1 (2019-11-14)
1.12.0 (2019-11-05)
- add JWS.verify encoding and parsing options (6bb66d4)
1.11.0 (2019-11-03)
- expose crypto.KeyObject instances in supported runtimes (8ea9683)
1.10.2 (2019-10-29)
- only use secp256k1 keys for signing/verification (9588223)
1.10.1 (2019-10-04)
1.10.0 (2019-10-01)
- rename package (26f4cf2)
1.9.2 (2019-09-16)
1.9.1 (2019-09-10)
1.9.0 (2019-08-24)
- allow JWKS.asKeyStore to swallow errors (78398d3)
1.8.0 (2019-08-22)
- added Node.js lts/dubnium support for runtime supported features (67a8601)
1.7.0 (2019-08-20)
1.6.1 (2019-07-29)
- properly pad calculated RSA primes (dd121ce)
1.6.0 (2019-07-27)
- use the correct ECPrivateKey version when importing EC JWK (24acd20)
- electron v6.x support (e7ad82c)
1.5.2 (2019-07-27)
- importing x5c in electron requires the input split (181fd09)
1.5.1 (2019-07-27)
- correctly pad integers when importing RSA JWK (1dc7f35)
1.5.0 (2019-07-23)
- validate JWTs according to a JWT profile - ID Token (6c98b61)
1.4.1 (2019-07-14)
1.4.0 (2019-07-08)
- add secp256k1 EC Key curve and ES256K (211d7af)
1.3.0 (2019-06-21)
- compute private RSA key p, q, dp, dq, qi when omitted (6e3d6fd), closes #26
- add support for JWK x5c, x5t and x5t#S256 (9d46c48)
- instances of JWKS.KeyStore are now iterable (e.g. for ... of) (2eae293)
- limit calculation of missing RSA private components (5b53cb0)
- reject rsa keys without all factors and exponents with a specific message (b0ff436)
- this deprecates the use of
JWK.importKey
in favor ofJWK.asKey
- this deprecates the use of
JWKS.KeyStore.fromJWKS
in favor ofJWKS.asKeyStore
Both JWK.importKey
and JWKS.KeyStore.fromJWKS
could have resulted
in the process getting blocked when large bitsize RSA private keys
were missing their components and could also result in an endless
calculation loop when the private key's private exponent was outright
invalid or tampered with.
The new methods still allow to import private RSA keys with these optimization key parameters missing but it is disabled by default and one should choose to enable it when working with keys from trusted sources
It is recommended not to use jose
versions with this feature in
its original on-by-default form - v1.1.0 and v1.2.0
1.0.2 (2019-05-13)
1.0.1 (2019-04-27)
- oct key ts "k" type fix (0750d2c)
1.0.0 (2019-04-23)
- fail to import invalid PEM formatted strings and buffers (857dc2b)
- add JWK key_ops support, fix .algorithms() op returns (23b874c)
- add key.toPEM() export function with optional encryption (1159b0d)
- add OKP Key and EdDSA sign/verify support (2dbd3ed), closes #12
- key.algorithms(op) un+wrapKey was split into correct wrapKey/unwrapKey/deriveKey returns
- keystore.all and keystore.get
operation
option was removed,key_ops: string[]
supersedes it - Node.js minimal version is now v12.0.0 due to its added EdDSA support (crypto.sign, crypto.verify and eddsa key objects)
0.12.0 (2019-04-07)
- add EC P-256K JWK and ES256K sign/verify support (e21fea1)
- removing ES256K alg and EC P-256K crv support until the IETF WG decides on what the final names will be.
0.11.5 (2019-04-04)
- add key.secret and key.type for completeness (2dd7053)
- add key.thumbprint always returning the JWK Thumbprint (RFC7638) (65db7e0)
0.11.4 (2019-03-28)
- properly restrict EC curves in generate(Sync) (764b863)
- remove unintended exposure of private material via enumerables (946d9df)
0.11.3 (2019-03-27)
- throw on unsupported EC curves (cfa4222)
- add EC P-256K JWK and ES256K sign/verify support (2e33e1c)
0.11.2 (2019-03-19)
- internal symbol method is now really a symbol (925d47c)
- key.toJWK() fixed on windows (57f1692), closes #17
0.11.1 (2019-03-17)
- restrict RS key algorithms by the key's bit size (9af295b)
0.11.0 (2019-03-16)
- all JWA defined RSA operations require key of 2048 or more (cc70c5d)
- use correct salt length for RSASSA-PSS (e936d54)
- all JWA defined RSA based operations require key size of 2048 bits or more.
0.10.0 (2019-03-12)
- do not list "dir" under wrap/unwrapKey operations (17b37d3)
- keystore .all and .get operation option (d349ba9)
- "dir" is no longer returned as wrap/unwrapKey key operation
0.9.2 (2019-03-05)
- "dir" is only available on keys with correct lengths (6854860)
- do not 'in' operator when importing keys as string (be3f4e4)
0.9.1 (2019-03-02)
- only import RSA, EC and oct successfully (e5e02fc)
Initial release
- JSON Web Signature (JWS) - RFC7515
- JSON Web Encryption (JWE) - RFC7516
- JSON Web Key (JWK) - RFC7517
- JSON Web Algorithms (JWA) - RFC7518
- JSON Web Token (JWT) - RFC7519
- JSON Web Key (JWK) Thumbprint - RFC7638
- JWS Unencoded Payload Option - RFC7797
JWK Key Types | Supported | |
---|---|---|
RSA | ✓ | RSA |
Elliptic Curve | ✓ | EC |
Octet sequence | ✓ | oct |
Serialization | JWS Sign | JWS Verify | JWE Encrypt | JWE Decrypt |
---|---|---|---|---|
Compact | ✓ | ✓ | ✓ | ✓ |
General JSON | ✓ | ✓ | ✓ | ✓ |
Flattened JSON | ✓ | ✓ | ✓ | ✓ |
JWS Algorithms | Supported | |
---|---|---|
RSASSA-PKCS1-v1_5 | ✓ | RS256, RS384, RS512 |
RSASSA-PSS | ✓ | PS256, PS384, PS512 |
ECDSA | ✓ | ES256, ES384, ES512 |
HMAC with SHA-2 | ✓ | HS256, HS384, HS512 |
JWE Key Management Algorithms | Supported | |
---|---|---|
AES | ✓ | A128KW, A192KW, A256KW |
AES GCM | ✓ | A128GCMKW, A192GCMKW, A256GCMKW |
Direct Key Agreement | ✓ | dir |
RSAES OAEP | ✓* | RSA-OAEP (*RSA-OAEP-256 is not supported due to its lack of support in Node.js) |
RSAES-PKCS1-v1_5 | ✓ | RSA1_5 |
PBES2 | ✓ | PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW |
ECDH-ES | ✓ | ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW |
JWE Content Encryption Algorithms | Supported | |
---|---|---|
AES GCM | ✓ | A128GCM, A192GCM, A256GCM |
AES_CBC_HMAC_SHA2 | ✓ | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 |