		@@ -5,2 +5,16 @@ # Change Log

		# [1.21.0](https://github.com/panva/jose/compare/v1.20.0...v1.21.0) (2020-01-23)


		### Bug Fixes

		* typescript: don't expose non existant classes, fix decode key ([0f8bf88](https://github.com/panva/jose/commit/0f8bf886da1b5d02cd0d968d0ec02a58673df258))


		### Features

		* add opt-in support for Unsecured JWS algorithm "none" ([3a6d17f](https://github.com/panva/jose/commit/3a6d17fdd18d8bbd074c07c2dd08f0406c16a8f1))



		# [1.20.0](https://github.com/panva/jose/compare/v1.19.0...v1.20.0) (2020-01-16)
		@@ -7,0 +21,0 @@

lib/jwa/index.js

		@@ -12,2 +12,3 @@ const { JWKKeySupport, JOSENotSupported } = require('../errors')
		require('./rsassa')(JWA, JWK)
		require('./none')(JWA)

		@@ -14,0 +15,0 @@ // encrypt, decrypt

lib/jwk/index.js

		const Key = require('./key/base')
		const None = require('./key/none')
		const importKey = require('./import')
		const { generate, generateSync } = require('./generate')
		const generate = require('./generate')

		module.exports.asKey = importKey
		module.exports.generate = generate
		module.exports.generateSync = generateSync
		module.exports.isKey = input => input instanceof Key
		module.exports = {
		...generate,
		asKey: importKey,
		isKey: input => input instanceof Key,
		None
		}

		@@ -10,0 +13,0 @@ /* deprecated */

lib/jwks/keystore.js

		@@ -5,5 +5,4 @@ const { deprecate, inspect } = require('util')
		const { generate, generateSync } = require('../jwk/generate')
		const Key = require('../jwk/key/base')
		const importKey = require('../jwk/import')
		const { USES_MAPPING } = require('../help/consts')
		const { None, isKey, asKey: importKey } = require('../jwk')

		@@ -49,4 +48,4 @@ const keyscore = (key, { alg, use, ops }) => {
		}
		if (keys.some(k => !(k instanceof Key))) {
		throw new TypeError('all keys must be an instances of a key instantiated by JWK.asKey')
		if (keys.some(k => !isKey(k) \|\| k === None)) {
		throw new TypeError('all keys must be instances of a key instantiated by JWK.asKey')
		}
		@@ -118,3 +117,3 @@
		add (key) {
		if (!(key instanceof Key)) {
		if (!isKey(key) \|\| key === None) {
		throw new TypeError('key must be an instance of a key instantiated by JWK.asKey')
		@@ -127,3 +126,3 @@ }
		remove (key) {
		if (!(key instanceof Key)) {
		if (!isKey(key)) {
		throw new TypeError('key must be an instance of a key instantiated by JWK.asKey')
		@@ -130,0 +129,0 @@ }

package.json

		{
		"name": "jose",
		"version": "1.20.0",
		"version": "1.21.0",
		"description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies",
		@@ -5,0 +5,0 @@ "keywords": [

165

README.md

		@@ -31,78 +31,2 @@ # jose

		<details>
		<summary><em><strong>Detailed feature matrix</strong></em> (Click to expand)</summary><br>

		Legend:
		- ✓ Implemented
		- ✕ Missing node crypto support / won't implement
		- ◯ TBD

		\| JWK Key Types \| Supported \| `kty` \|
		\| -- \| -- \| -- \|
		\| RSA \| ✓ \| RSA \|
		\| Elliptic Curve \| ✓ \| EC (P-256, secp256k1, P-384, P-521) \|
		\| Octet Key Pair \| ✓ \| OKP (Ed25519, Ed448, X25519, X448) \|
		\| Octet sequence \| ✓ \| oct \|

		\| Serialization \| JWS Sign \| JWS Verify \| JWE Encrypt \| JWE Decrypt \|
		\| -- \| -- \| -- \| -- \| -- \|
		\| Compact \| ✓ \| ✓ \| ✓ \| ✓ \|
		\| General JSON \| ✓ \| ✓ \| ✓ \| ✓ \|
		\| Flattened JSON \| ✓ \| ✓ \| ✓ \| ✓ \|

		\| JWS Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| RSASSA-PKCS1-v1_5 \| ✓ \| RS256, RS384, RS512 \|
		\| RSASSA-PSS \| ✓ \| PS256, PS384, PS512 \|
		\| ECDSA \| ✓ \| ES256, ES256K, ES384, ES512 \|
		\| Edwards-curve DSA \| ✓ \| EdDSA \|
		\| HMAC with SHA-2 \| ✓ \| HS256, HS384, HS512 \|

		\| JWE Key Management Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| AES \| ✓ \| A128KW, A192KW, A256KW \|
		\| AES GCM \| ✓ \| A128GCMKW, A192GCMKW, A256GCMKW \|
		\| Direct Key Agreement \| ✓ \| dir \|
		\| RSAES OAEP \| ✓ \| RSA-OAEP, RSA-OAEP-256 \|
		\| RSAES-PKCS1-v1_5 \| ✓ \| RSA1_5 \|
		\| PBES2 \| ✓ \| PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW \|
		\| ECDH-ES (for all EC keys) \| ✓ \| ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW \|
		\| ECDH-ES (for OKP X25519) \| ✓ via [plugin][plugin-x25519] \| ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW \|
		\| ECDH-ES (for OKP X448) \| ✕ \|\|
		\| (X)ChaCha \| ✓ via [plugin][plugin-chacha] \| C20PKW, X20CPKW, ECDH-ES+C20PKW, ECDH-ES+XC20PKW \|

		\| JWE Content Encryption Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| AES GCM \| ✓ \| A128GCM, A192GCM, A256GCM \|
		\| AES_CBC_HMAC_SHA2 \| ✓ \| A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 \|
		\| (X)ChaCha \| ✓ via [plugin][plugin-chacha] \| C20P, X20CP \|

		\| JWT profile validation \| Supported \| profile option value \|
		\| -- \| -- \| -- \|
		\| ID Token - [OpenID Connect Core 1.0][spec-oidc-id_token] \| ✓ \| `id_token` \|
		\| JWT Access Tokens [JWT Profile for OAuth 2.0 Access Tokens][draft-ietf-oauth-access-token-jwt] \| ✓ \| `at+JWT` \|
		\| Logout Token - [OpenID Connect Back-Channel Logout 1.0][spec-oidc-logout_token] \| ✓ \| `logout_token` \|
		\| JARM - [JWT Secured Authorization Response Mode for OAuth 2.0][draft-jarm] \| ◯ \|\|

		Notes
		- RSA-OAEP-256 JWE algorithm is only supported when Node.js >= 12.9.0 runtime is detected
		- Importing X.509 certificates and handling `x5c` is only supported when Node.js >= 12.0.0 runtime is detected
		- OKP keys are only supported when Node.js >= 12.0.0 runtime is detected
		- See [#electron-support](#electron-support) for electron exceptions

		---

		Pending Node.js Support 🤞:
		- ECDH-ES with X25519 and X448 - see [nodejs/node#26626](https://github.com/nodejs/node/pull/26626)

		Won't implement:
		- ✕ JWS embedded key / referenced verification
		- one can decode the header and pass the (`x5c`, `jwk`) to `JWK.asKey` and validate with that
		key, similarly the application can handle fetching and then instantiating the referenced `x5u`
		or `jku` in its own code. This way you opt-in to these behaviours.
		- ✕ "none" alg support
		- no crypto, no use

		</details>

		<br>
		@@ -132,11 +56,2 @@

		## Plugins

		There are two plugin extensions with functionality which is either not available in Node.js `crypto`
		module yet and therefore needs a crypto polyfill (libsodium), or are not IETF WG standards/drafts
		"worthy" of landing in the core library.

		- [jose-chacha][plugin-chacha] adds aead_chacha20_poly1305 and aead_xchacha20_poly1305 based algorithms (individual draft)
		- [jose-x25519-ecdh][plugin-x25519] adds OKP X25519 curve keys ECDH-ES support (missing Node.js `crypto` support)

		## Usage
		@@ -361,14 +276,63 @@

		#### Electron Support
		## Detailed Support Matrix

		Electron >=6.0.0 runtime is supported to the extent of the crypto engine BoringSSL feature parity
		with standard Node.js OpenSSL. The following is disabled in Electron runtime because of its lack of
		[support](https://github.com/panva/jose/blob/master/test/electron/electron.test.js).
		\| JWK Key Types \| Supported \| `kty` value \| `crv` values \|
		\| -- \| -- \| -- \| -- \|
		\| RSA \| ✓ \| RSA \|\|
		\| Elliptic Curve \| ✓ \| EC \| P-256, secp256k1<sup>[1]</sup>, P-384, P-521 \|
		\| Octet Key Pair \| ✓ \| OKP \| Ed25519, Ed448<sup>[1]</sup>, X25519<sup>[1]</sup>, X448<sup>[1]</sup> \|
		\| Octet sequence \| ✓ \| oct \|\|

		- JWE `A128KW`, `A192KW` and `A256KW` algorithms are not available, this also means that other JWAs
		depending on those are not working, those are `ECDH-ES+A128KW`, `ECDH-ES+A192KW`,
		`ECDH-ES+A256KW`, `PBES2-HS256+A128KW`, `PBES2-HS384+A192KW`, `PBES2-HS512+A256KW`)
		- OKP curves `Ed448`, `X25519` and `X448` are not supported
		- EC curve `secp256k1` is not supported
		\| Serialization \| JWS Sign \| JWS Verify \| JWE Encrypt \| JWE Decrypt \|
		\| -- \| -- \| -- \| -- \| -- \|
		\| Compact \| ✓ \| ✓ \| ✓ \| ✓ \|
		\| General JSON \| ✓ \| ✓ \| ✓ \| ✓ \|
		\| Flattened JSON \| ✓ \| ✓ \| ✓ \| ✓ \|

		\| JWS Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| RSASSA-PKCS1-v1_5 \| ✓ \| RS256, RS384, RS512 \|
		\| RSASSA-PSS \| ✓ \| PS256, PS384, PS512 \|
		\| ECDSA \| ✓ \| ES256, ES256K<sup>[1]</sup>, ES384, ES512 \|
		\| Edwards-curve DSA \| ✓ \| EdDSA \|
		\| HMAC with SHA-2 \| ✓ \| HS256, HS384, HS512 \|
		\| Unsecured JWS \| ✓ \| none<sup>[2]</sup> \|

		\| JWE Key Management Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| AES \| ✓ \| A128KW<sup>[1]</sup>, A192KW<sup>[1]</sup>, A256KW<sup>[1]</sup> \|
		\| AES GCM \| ✓ \| A128GCMKW, A192GCMKW, A256GCMKW \|
		\| Direct Key Agreement \| ✓ \| dir \|
		\| RSAES OAEP \| ✓ \| RSA-OAEP, RSA-OAEP-256<sup>[3]</sup> \|
		\| RSAES-PKCS1-v1_5 \| ✓ \| RSA1_5 \|
		\| PBES2 \| ✓ \| PBES2-HS256+A128KW<sup>[1]</sup>, PBES2-HS384+A192KW<sup>[1]</sup>, PBES2-HS512+A256KW<sup>[1]</sup> \|
		\| ECDH-ES (for all EC keys) \| ✓ \| ECDH-ES, ECDH-ES+A128KW<sup>[1]</sup>, ECDH-ES+A192KW<sup>[1]</sup>, ECDH-ES+A256KW<sup>[1]</sup> \|
		\| ECDH-ES (for OKP X25519) \| ✓ <sup>via [plugin][plugin-x25519]</sup> \| ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW \|
		\| ECDH-ES (for OKP X448) \| ✕ \|\|
		\| (X)ChaCha \| ✓ <sup>via [plugin][plugin-chacha]</sup> \| C20PKW, XC20PKW, ECDH-ES+C20PKW, ECDH-ES+XC20PKW \|

		\| JWE Content Encryption Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| AES GCM \| ✓ \| A128GCM, A192GCM, A256GCM \|
		\| AES_CBC_HMAC_SHA2 \| ✓ \| A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 \|
		\| (X)ChaCha \| ✓ <sup>via [plugin][plugin-chacha]</sup> \| C20P, X20CP \|

		\| JWT profile validation \| Supported \| profile option value \|
		\| -- \| -- \| -- \|
		\| ID Token - [OpenID Connect Core 1.0][spec-oidc-id_token] \| ✓ \| `id_token` \|
		\| JWT Access Tokens [JWT Profile for OAuth 2.0 Access Tokens][draft-ietf-oauth-access-token-jwt] \| ✓ \| `at+JWT` \|
		\| Logout Token - [OpenID Connect Back-Channel Logout 1.0][spec-oidc-logout_token] \| ✓ \| `logout_token` \|
		\| JARM - [JWT Secured Authorization Response Mode for OAuth 2.0][draft-jarm] \| ◯ \|\|

		Legend:
		- ✓ Implemented
		- ✕ Missing node crypto support / won't implement
		- ◯ TBD

		<sup>1</sup> Not supported in Electron due to Electron's use of BoringSSL
		<sup>2</sup> Unsecured JWS is [supported][documentation-none] for the JWS and JWT sign and verify
		operations but it is an entirely opt-in behaviour, downgrade attacks are prevented by the required
		use of a special `JWK.Key` instance that cannot be instantiated through the key import API.
		<sup>3</sup> RSA-OAEP-256 is only supported when Node.js >= 12.9.0 runtime is detected

		## FAQ
		@@ -424,8 +388,9 @@
		[bug]: https://github.com/panva/jose/issues/new?labels=bug&template=bug-report.md&title=bug%3A+
		[documentation-jwe]: https://github.com/panva/jose/blob/master/docs/README.md#jwe-json-web-encryption
		[documentation-jwk]: https://github.com/panva/jose/blob/master/docs/README.md#jwk-json-web-key
		[documentation-jwks]: https://github.com/panva/jose/blob/master/docs/README.md#jwks-json-web-key-set
		[documentation-jws]: https://github.com/panva/jose/blob/master/docs/README.md#jws-json-web-signature
		[documentation-jwt]: https://github.com/panva/jose/blob/master/docs/README.md#jwt-json-web-token
		[documentation]: https://github.com/panva/jose/blob/master/docs/README.md
		[documentation-jwe]: /docs/README.md#jwe-json-web-encryption
		[documentation-jwk]: /docs/README.md#jwk-json-web-key
		[documentation-jwks]: /docs/README.md#jwks-json-web-key-set
		[documentation-jws]: /docs/README.md#jws-json-web-signature
		[documentation-jwt]: /docs/README.md#jwt-json-web-token
		[documentation-none]: /docs/README.md#jwknone
		[documentation]: /docs/README.md
		[node-jose]: https://github.com/cisco/node-jose
		@@ -432,0 +397,0 @@ [security-vulnerability]: https://github.com/panva/jose/issues/new?template=security-vulnerability.md

types/index.d.ts

		@@ -30,2 +30,5 @@ /// <reference types="node" />
		export type ConsumeKeyInput = ProduceKeyInput \| JWKS.KeyStore;
		export type NoneKey = JWK.NoneKey;
		export type ProduceKeyInputWithNone = ProduceKeyInput \| NoneKey;
		export type ConsumeKeyInputWithNone = ConsumeKeyInput \| NoneKey;

		@@ -81,3 +84,3 @@ export interface JWKOctKey extends BasicParameters { // no x5c

		class Key {
		interface Key {
		kty: keyType;
		@@ -103,3 +106,3 @@ type: keyObjectTypes;

		class RSAKey extends Key {
		interface RSAKey extends Key {
		kty: 'RSA';
		@@ -120,3 +123,3 @@ type: asymmetricKeyObjectTypes;

		class ECKey extends Key {
		interface ECKey extends Key {
		kty: 'EC';
		@@ -133,3 +136,3 @@ secret: false;

		class OKPKey extends Key {
		interface OKPKey extends Key {
		kty: 'OKP';
		@@ -145,3 +148,3 @@ secret: false;

		class OctKey extends Key {
		interface OctKey extends Key {
		kty: 'oct';
		@@ -157,2 +160,10 @@ type: 'secret';

		interface NoneKey {
		type: 'unsecured';
		alg: 'none';
		algorithms(operation?: keyOperation): Set<string>;
		}

		const None: NoneKey;

		function isKey(object: any): boolean;
		@@ -249,3 +260,3 @@

		recipient(key: ProduceKeyInput, protected?: object, header?: object): void;
		recipient(key: ProduceKeyInputWithNone, protected?: object, header?: object): void;

		@@ -257,6 +268,6 @@ sign(serialization: 'compact'): string;

		function sign(payload: string \| Buffer \| object, key: ProduceKeyInput, protected?: object): string;
		function sign(payload: string \| Buffer \| object, key: ProduceKeyInputWithNone, protected?: object): string;
		namespace sign {
		function flattened(payload: string \| Buffer \| object, key: ProduceKeyInput, protected?: object, header?: object): FlattenedJWS;
		function general(payload: string \| Buffer \| object, key: ProduceKeyInput, protected?: object, header?: object): GeneralJWS;
		function flattened(payload: string \| Buffer \| object, key: ProduceKeyInputWithNone, protected?: object, header?: object): FlattenedJWS;
		function general(payload: string \| Buffer \| object, key: ProduceKeyInputWithNone, protected?: object, header?: object): GeneralJWS;
		}
		@@ -272,5 +283,5 @@

		interface completeVerification<T> {
		interface completeVerification<T, T2> {
		payload: T;
		key: JWK.Key;
		key: T2;
		protected?: object;
		@@ -280,6 +291,8 @@ header?: object;

		function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: ConsumeKeyInput, options?: VerifyOptions): string \| object;
		function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: ConsumeKeyInput, options?: VerifyOptions<false, false>): Buffer;
		function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: ConsumeKeyInput, options?: VerifyOptions<true>): completeVerification<string \| object>;
		function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: ConsumeKeyInput, options?: VerifyOptions<true, false>): completeVerification<Buffer>;
		function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: ConsumeKeyInputWithNone, options?: VerifyOptions): string \| object;
		function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: ConsumeKeyInputWithNone, options?: VerifyOptions<false, false>): Buffer;
		function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: ConsumeKeyInput, options?: VerifyOptions<true>): completeVerification<string \| object, JWK.Key>;
		function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: ConsumeKeyInput, options?: VerifyOptions<true, false>): completeVerification<Buffer, JWK.Key>;
		function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: NoneKey, options?: VerifyOptions<true>): completeVerification<string \| object, NoneKey>;
		function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: NoneKey, options?: VerifyOptions<true, false>): completeVerification<Buffer, NoneKey>;
		}
		@@ -345,7 +358,7 @@
		export namespace JWT {
		interface completeResult {
		interface completeResult<T = JWK.Key> {
		payload: object;
		header: object;
		signature: string;
		key: JWK.Key;
		key: T;
		}
		@@ -358,3 +371,3 @@
		function decode(jwt: string, options?: DecodeOptions<false>): object;
		function decode(jwt: string, options?: DecodeOptions<true>): completeResult;
		function decode(jwt: string, options?: DecodeOptions<true>): completeResult<undefined>;

		@@ -380,4 +393,5 @@ interface VerifyOptions<komplet> {

		function verify(jwt: string, key: ConsumeKeyInput, options?: VerifyOptions<false>): object;
		function verify(jwt: string, key: ConsumeKeyInputWithNone, options?: VerifyOptions<false>): object;
		function verify(jwt: string, key: ConsumeKeyInput, options?: VerifyOptions<true>): completeResult;
		function verify(jwt: string, key: NoneKey, options?: VerifyOptions<true>): completeResult<NoneKey>;

		@@ -399,3 +413,3 @@ interface SignOptions {

		function sign(payload: object, key: ProduceKeyInput, options?: SignOptions): string;
		function sign(payload: object, key: ProduceKeyInputWithNone, options?: SignOptions): string;

		@@ -409,14 +423,17 @@ interface VerifyProfileOptions<profile> {
		namespace IdToken {
		function verify(jwt: string, key: ConsumeKeyInput, options: VerifyOptions<false> & VerifyProfileOptions<'id_token'>): object;
		function verify(jwt: string, key: ConsumeKeyInputWithNone, options: VerifyOptions<false> & VerifyProfileOptions<'id_token'>): object;
		function verify(jwt: string, key: ConsumeKeyInput, options: VerifyOptions<true> & VerifyProfileOptions<'id_token'>): completeResult;
		function verify(jwt: string, key: NoneKey, options: VerifyOptions<true> & VerifyProfileOptions<'id_token'>): completeResult<NoneKey>;
		}

		namespace LogoutToken {
		function verify(jwt: string, key: ConsumeKeyInput, options: VerifyOptions<false> & VerifyProfileOptions<'logout_token'>): object;
		function verify(jwt: string, key: ConsumeKeyInputWithNone, options: VerifyOptions<false> & VerifyProfileOptions<'logout_token'>): object;
		function verify(jwt: string, key: ConsumeKeyInput, options: VerifyOptions<true> & VerifyProfileOptions<'logout_token'>): completeResult;
		function verify(jwt: string, key: NoneKey, options: VerifyOptions<true> & VerifyProfileOptions<'logout_token'>): completeResult<NoneKey>;
		}

		namespace AccessToken {
		function verify(jwt: string, key: ConsumeKeyInput, options: VerifyOptions<false> & VerifyProfileOptions<'at+JWT'>): object;
		function verify(jwt: string, key: ConsumeKeyInputWithNone, options: VerifyOptions<false> & VerifyProfileOptions<'at+JWT'>): object;
		function verify(jwt: string, key: ConsumeKeyInput, options: VerifyOptions<true> & VerifyProfileOptions<'at+JWT'>): completeResult;
		function verify(jwt: string, key: NoneKey, options: VerifyOptions<true> & VerifyProfileOptions<'at+JWT'>): completeResult<NoneKey>;
		}
		@@ -423,0 +440,0 @@ }

		@@ -31,78 +31,2 @@ # jose

		<details>
		<summary><em><strong>Detailed feature matrix</strong></em> (Click to expand)</summary><br>

		Legend:
		- ✓ Implemented
		- ✕ Missing node crypto support / won't implement
		- ◯ TBD

		\| JWK Key Types \| Supported \| `kty` \|
		\| -- \| -- \| -- \|
		\| RSA \| ✓ \| RSA \|
		\| Elliptic Curve \| ✓ \| EC (P-256, secp256k1, P-384, P-521) \|
		\| Octet Key Pair \| ✓ \| OKP (Ed25519, Ed448, X25519, X448) \|
		\| Octet sequence \| ✓ \| oct \|

		\| Serialization \| JWS Sign \| JWS Verify \| JWE Encrypt \| JWE Decrypt \|
		\| -- \| -- \| -- \| -- \| -- \|
		\| Compact \| ✓ \| ✓ \| ✓ \| ✓ \|
		\| General JSON \| ✓ \| ✓ \| ✓ \| ✓ \|
		\| Flattened JSON \| ✓ \| ✓ \| ✓ \| ✓ \|

		\| JWS Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| RSASSA-PKCS1-v1_5 \| ✓ \| RS256, RS384, RS512 \|
		\| RSASSA-PSS \| ✓ \| PS256, PS384, PS512 \|
		\| ECDSA \| ✓ \| ES256, ES256K, ES384, ES512 \|
		\| Edwards-curve DSA \| ✓ \| EdDSA \|
		\| HMAC with SHA-2 \| ✓ \| HS256, HS384, HS512 \|

		\| JWE Key Management Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| AES \| ✓ \| A128KW, A192KW, A256KW \|
		\| AES GCM \| ✓ \| A128GCMKW, A192GCMKW, A256GCMKW \|
		\| Direct Key Agreement \| ✓ \| dir \|
		\| RSAES OAEP \| ✓ \| RSA-OAEP, RSA-OAEP-256 \|
		\| RSAES-PKCS1-v1_5 \| ✓ \| RSA1_5 \|
		\| PBES2 \| ✓ \| PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW \|
		\| ECDH-ES (for all EC keys) \| ✓ \| ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW \|
		\| ECDH-ES (for OKP X25519) \| ✓ via [plugin][plugin-x25519] \| ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW \|
		\| ECDH-ES (for OKP X448) \| ✕ \|\|
		\| (X)ChaCha \| ✓ via [plugin][plugin-chacha] \| C20PKW, X20CPKW, ECDH-ES+C20PKW, ECDH-ES+XC20PKW \|

		\| JWE Content Encryption Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| AES GCM \| ✓ \| A128GCM, A192GCM, A256GCM \|
		\| AES_CBC_HMAC_SHA2 \| ✓ \| A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 \|
		\| (X)ChaCha \| ✓ via [plugin][plugin-chacha] \| C20P, X20CP \|

		\| JWT profile validation \| Supported \| profile option value \|
		\| -- \| -- \| -- \|
		\| ID Token - [OpenID Connect Core 1.0][spec-oidc-id_token] \| ✓ \| `id_token` \|
		\| JWT Access Tokens [JWT Profile for OAuth 2.0 Access Tokens][draft-ietf-oauth-access-token-jwt] \| ✓ \| `at+JWT` \|
		\| Logout Token - [OpenID Connect Back-Channel Logout 1.0][spec-oidc-logout_token] \| ✓ \| `logout_token` \|
		\| JARM - [JWT Secured Authorization Response Mode for OAuth 2.0][draft-jarm] \| ◯ \|\|

		Notes
		- RSA-OAEP-256 JWE algorithm is only supported when Node.js >= 12.9.0 runtime is detected
		- Importing X.509 certificates and handling `x5c` is only supported when Node.js >= 12.0.0 runtime is detected
		- OKP keys are only supported when Node.js >= 12.0.0 runtime is detected
		- See [#electron-support](#electron-support) for electron exceptions

		---

		Pending Node.js Support 🤞:
		- ECDH-ES with X25519 and X448 - see [nodejs/node#26626](https://github.com/nodejs/node/pull/26626)

		Won't implement:
		- ✕ JWS embedded key / referenced verification
		- one can decode the header and pass the (`x5c`, `jwk`) to `JWK.asKey` and validate with that
		key, similarly the application can handle fetching and then instantiating the referenced `x5u`
		or `jku` in its own code. This way you opt-in to these behaviours.
		- ✕ "none" alg support
		- no crypto, no use

		</details>

		<br>
		@@ -132,11 +56,2 @@

		## Plugins

		There are two plugin extensions with functionality which is either not available in Node.js `crypto`
		module yet and therefore needs a crypto polyfill (libsodium), or are not IETF WG standards/drafts
		"worthy" of landing in the core library.

		- [jose-chacha][plugin-chacha] adds aead_chacha20_poly1305 and aead_xchacha20_poly1305 based algorithms (individual draft)
		- [jose-x25519-ecdh][plugin-x25519] adds OKP X25519 curve keys ECDH-ES support (missing Node.js `crypto` support)

		## Usage
		@@ -361,14 +276,63 @@

		#### Electron Support
		## Detailed Support Matrix

		Electron >=6.0.0 runtime is supported to the extent of the crypto engine BoringSSL feature parity
		with standard Node.js OpenSSL. The following is disabled in Electron runtime because of its lack of
		[support](https://github.com/panva/jose/blob/master/test/electron/electron.test.js).
		\| JWK Key Types \| Supported \| `kty` value \| `crv` values \|
		\| -- \| -- \| -- \| -- \|
		\| RSA \| ✓ \| RSA \|\|
		\| Elliptic Curve \| ✓ \| EC \| P-256, secp256k1<sup>[1]</sup>, P-384, P-521 \|
		\| Octet Key Pair \| ✓ \| OKP \| Ed25519, Ed448<sup>[1]</sup>, X25519<sup>[1]</sup>, X448<sup>[1]</sup> \|
		\| Octet sequence \| ✓ \| oct \|\|

		- JWE `A128KW`, `A192KW` and `A256KW` algorithms are not available, this also means that other JWAs
		depending on those are not working, those are `ECDH-ES+A128KW`, `ECDH-ES+A192KW`,
		`ECDH-ES+A256KW`, `PBES2-HS256+A128KW`, `PBES2-HS384+A192KW`, `PBES2-HS512+A256KW`)
		- OKP curves `Ed448`, `X25519` and `X448` are not supported
		- EC curve `secp256k1` is not supported
		\| Serialization \| JWS Sign \| JWS Verify \| JWE Encrypt \| JWE Decrypt \|
		\| -- \| -- \| -- \| -- \| -- \|
		\| Compact \| ✓ \| ✓ \| ✓ \| ✓ \|
		\| General JSON \| ✓ \| ✓ \| ✓ \| ✓ \|
		\| Flattened JSON \| ✓ \| ✓ \| ✓ \| ✓ \|

		\| JWS Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| RSASSA-PKCS1-v1_5 \| ✓ \| RS256, RS384, RS512 \|
		\| RSASSA-PSS \| ✓ \| PS256, PS384, PS512 \|
		\| ECDSA \| ✓ \| ES256, ES256K<sup>[1]</sup>, ES384, ES512 \|
		\| Edwards-curve DSA \| ✓ \| EdDSA \|
		\| HMAC with SHA-2 \| ✓ \| HS256, HS384, HS512 \|
		\| Unsecured JWS \| ✓ \| none<sup>[2]</sup> \|

		\| JWE Key Management Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| AES \| ✓ \| A128KW<sup>[1]</sup>, A192KW<sup>[1]</sup>, A256KW<sup>[1]</sup> \|
		\| AES GCM \| ✓ \| A128GCMKW, A192GCMKW, A256GCMKW \|
		\| Direct Key Agreement \| ✓ \| dir \|
		\| RSAES OAEP \| ✓ \| RSA-OAEP, RSA-OAEP-256<sup>[3]</sup> \|
		\| RSAES-PKCS1-v1_5 \| ✓ \| RSA1_5 \|
		\| PBES2 \| ✓ \| PBES2-HS256+A128KW<sup>[1]</sup>, PBES2-HS384+A192KW<sup>[1]</sup>, PBES2-HS512+A256KW<sup>[1]</sup> \|
		\| ECDH-ES (for all EC keys) \| ✓ \| ECDH-ES, ECDH-ES+A128KW<sup>[1]</sup>, ECDH-ES+A192KW<sup>[1]</sup>, ECDH-ES+A256KW<sup>[1]</sup> \|
		\| ECDH-ES (for OKP X25519) \| ✓ <sup>via [plugin][plugin-x25519]</sup> \| ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW \|
		\| ECDH-ES (for OKP X448) \| ✕ \|\|
		\| (X)ChaCha \| ✓ <sup>via [plugin][plugin-chacha]</sup> \| C20PKW, XC20PKW, ECDH-ES+C20PKW, ECDH-ES+XC20PKW \|

		\| JWE Content Encryption Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| AES GCM \| ✓ \| A128GCM, A192GCM, A256GCM \|
		\| AES_CBC_HMAC_SHA2 \| ✓ \| A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 \|
		\| (X)ChaCha \| ✓ <sup>via [plugin][plugin-chacha]</sup> \| C20P, X20CP \|

		\| JWT profile validation \| Supported \| profile option value \|
		\| -- \| -- \| -- \|
		\| ID Token - [OpenID Connect Core 1.0][spec-oidc-id_token] \| ✓ \| `id_token` \|
		\| JWT Access Tokens [JWT Profile for OAuth 2.0 Access Tokens][draft-ietf-oauth-access-token-jwt] \| ✓ \| `at+JWT` \|
		\| Logout Token - [OpenID Connect Back-Channel Logout 1.0][spec-oidc-logout_token] \| ✓ \| `logout_token` \|
		\| JARM - [JWT Secured Authorization Response Mode for OAuth 2.0][draft-jarm] \| ◯ \|\|

		Legend:
		- ✓ Implemented
		- ✕ Missing node crypto support / won't implement
		- ◯ TBD

		<sup>1</sup> Not supported in Electron due to Electron's use of BoringSSL
		<sup>2</sup> Unsecured JWS is [supported][documentation-none] for the JWS and JWT sign and verify
		operations but it is an entirely opt-in behaviour, downgrade attacks are prevented by the required
		use of a special `JWK.Key` instance that cannot be instantiated through the key import API.
		<sup>3</sup> RSA-OAEP-256 is only supported when Node.js >= 12.9.0 runtime is detected

		## FAQ
		@@ -424,8 +388,9 @@
		[bug]: https://github.com/panva/jose/issues/new?labels=bug&template=bug-report.md&title=bug%3A+
		[documentation-jwe]: https://github.com/panva/jose/blob/master/docs/README.md#jwe-json-web-encryption
		[documentation-jwk]: https://github.com/panva/jose/blob/master/docs/README.md#jwk-json-web-key
		[documentation-jwks]: https://github.com/panva/jose/blob/master/docs/README.md#jwks-json-web-key-set
		[documentation-jws]: https://github.com/panva/jose/blob/master/docs/README.md#jws-json-web-signature
		[documentation-jwt]: https://github.com/panva/jose/blob/master/docs/README.md#jwt-json-web-token
		[documentation]: https://github.com/panva/jose/blob/master/docs/README.md
		[documentation-jwe]: /docs/README.md#jwe-json-web-encryption
		[documentation-jwk]: /docs/README.md#jwk-json-web-key
		[documentation-jwks]: /docs/README.md#jwks-json-web-key-set
		[documentation-jws]: /docs/README.md#jws-json-web-signature
		[documentation-jwt]: /docs/README.md#jwt-json-web-token
		[documentation-none]: /docs/README.md#jwknone
		[documentation]: /docs/README.md
		[node-jose]: https://github.com/cisco/node-jose
		@@ -432,0 +397,0 @@ [security-vulnerability]: https://github.com/panva/jose/issues/new?template=security-vulnerability.md

jose - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics