This page gives you an overview about the different standardized algorithms when using a JSON web token (JWT).
For a complete overview with much more explanations I recommend you to read the original docs - JSON Web Algorithms (JWA).
In the following tables "CPC solution" says if I'm providing a solution in one of my articles.
| short name | long name | CPC solution |
|---|---|---|
| HS256 | HMAC using SHA-256 | ❌ |
| HS384 | HMAC using SHA-384 | ❌ |
| HS512 | HMAC using SHA-512 | ❌ |
| RS256 | RSASSA-PKCS1-v1_5 using SHA-256 | ✅ |
| RS384 | RSASSA-PKCS1-v1_5 using SHA-384 | ❌ |
| RS512 | RSASSA-PKCS1-v1_5 using SHA-512 | ❌ |
| ES256 | ECDSA using P-256 and SHA-256 | ❌ |
| ES384 | ECDSA using P-384 and SHA-384 | ❌ |
| ES512 | ECDSA using P-521 and SHA-512 | ❌ |
| PS256 | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 | ✅ |
| PS384 | RSASSA-PSS using SHA-384 and MGF1 with SHA-384 | ❌ |
| PS512 | RSASSA-PSS using SHA-512 and MGF1 with SHA-512 | ❌ |
| none | No digital signature or MAC | ❌ |
| short name | long name | CPC solution |
|---|---|---|
| RSA1_5 | RSAES-PKCS1-v1_5 | ✅ |
| RSA-OAEP | RSAES OAEP using default parameters | ❌ |
| RSA-OAEP-256 | RSAES OAEP using SHA-256 and MGF1 with SHA-256 | ✅ |
| ... | much more algorithms | ❌ |
| short name | long name | CPC solution |
|---|---|---|
| A128CBC-HS256 | AES_128_CBC_HMAC_SHA_256 | ❌ |
| A192CBC-HS384 | AES_192_CBC_HMAC_SHA_384 | ❌ |
| A256CBC-HS512 | AES_256_CBC_HMAC_SHA_512 | ❌ |
| A128GCM | AES GCM using 128-bit key | ❌ |
| A192GCM | AES GCM using 192-bit key | ❌ |
| A256GCM | AES GCM using 256-bit key | ✅ |
Last update: Feb. 22nd 2021
Back to the main page: readme.md or back to the JSON web token overview page.