-
Notifications
You must be signed in to change notification settings - Fork 116
A JSON Web Signature (JWS) represents content secured with digital signatures. It provides integrity protection for the content it represents. A JWS consists of two JSON-based data structures and a signature:
- Header
- Payload
- Signature
The JWS Header is a JSON object specifying the algorithm used to compute the signature of a JWS. Optionally it can contain additional properties of the JWS.
The following header specifies that the JWS' signature is computed with the RSASSA-PKCS1-v1_5 using SHA-512
algorithm.
{ "alg": "RS512" }
A detailed list describing possible header parameters can be found here.
The JWS Payload is the data being secured by the JWS.
The following string, encoded as UTF-8 data, is an example of a JWS Payload.
"Trumpets of Mexico 🏜"
The JWS Signature is a digital signature over the JWS Header and JWS Payload. It is computed using the algorithm specified in the JWS Header.
The signing input is the following concatenation:
ascii(base64URL(utf8(JWS Header)) + "." + base64url(payload))
The following is the signing input for the header and payload described above:
eyAiYWxnIjogIlJTNTEyIiB9.VHJ1bXBldHMgb2YgTWV4aWNvIPCfj5w
JOSESwift implements compact serialization for JWS. In this format, a JWS is the following concatenation:
base64url(header) + "." + base64url(payload) + "." base64url(signature)
Given the following header and payload:
// Header
{ "alg": "RS512" }
// Payload
"Trumpets of Mexico 🏜"
We get the following base64url encodings:
// base64url(header)
eyAiYWxnIjogIlJTNTEyIiB9
// base64url(payload)
VHJ1bXBldHMgb2YgTWV4aWNvIPCfj5w
// base64url(signature)
TwJS6...YvlTQ
Which yields the following JWS in compact serialization:
eyAiYWxnIjogIlJTNTEyIiB9.VHJ1bXBldHMgb2YgTWV4aWNvIPCfj5w.TwJS6...YvlTQ