See also Algorithm Selection Guide.
What are the key/secret requirements for JOSE algorithms
JWS "alg"
The following table describes the requirements for a key/secret for the supported JWS Algorithms ("alg").
With asymmetric algorithms, the private key is used for signing, the public key is used for verification.
Note that JWK parameters such as "use", "alg", or "key_ops" may further restrict the use of a given key.
| JWS Algorithms |
requirement |
allowed key argument types |
Ed25519
EdDSA |
Ed25519 key |
CryptoKey, KeyObject, JSON Web Key |
| ES256 |
NIST P-256 elliptic curve key |
CryptoKey, KeyObject, JSON Web Key |
| ES384 |
NIST P-384 elliptic curve key |
CryptoKey, KeyObject, JSON Web Key |
| ES512 |
NIST P-521 elliptic curve key |
CryptoKey, KeyObject, JSON Web Key |
| HS256 |
256 bit (32 byte) secret |
Uint8Array, CryptoKey, KeyObject, JSON Web Key |
| HS384 |
384 bit (48 byte) secret |
Uint8Array, CryptoKey, KeyObject, JSON Web Key |
| HS512 |
512 bit (64 byte) secret |
Uint8Array, CryptoKey, KeyObject, JSON Web Key |
PS256
PS384
PS512 |
RSA key of at least 2048 bit modulus length |
CryptoKey, KeyObject, JSON Web Key |
RS256
RS384
RS512 |
RSA key of at least 2048 bit modulus length |
CryptoKey, KeyObject, JSON Web Key |
| ML-DSA-44 |
ML-DSA-44 key |
CryptoKey, KeyObject, JSON Web Key |
| ML-DSA-65 |
ML-DSA-65 key |
CryptoKey, KeyObject, JSON Web Key |
| ML-DSA-87 |
ML-DSA-87 key |
CryptoKey, KeyObject, JSON Web Key |
JWE "alg"
The following table describes the requirements for a key/secret for the supported JWE Key Management Algorithms ("alg")
With asymmetric algorithms, the recipient's public key is used for encryption, the private key is used for decryption.
Note that JWK parameters such as "use", "alg", or "key_ops" may further restrict the use of a given key.
| JWE Key Management Algorithms |
requirement |
allowed key argument types |
A128KW
A128GCMKW |
128 bit (16 byte) secret |
Uint8Array, CryptoKey, KeyObject, JSON Web Key |
A192KW
A192GCMKW |
192 bit (24 byte) secret |
Uint8Array, CryptoKey, KeyObject, JSON Web Key |
A256KW
A256GCMKW |
256 bit (32 byte) secret |
Uint8Array, CryptoKey, KeyObject, JSON Web Key |
| dir |
see JWE "enc" table below |
|
ECDH-ES
ECDH-ES+A128KW
ECDH-ES+A192KW
ECDH-ES+A256KW |
NIST P-256, P-384, or P-521 elliptic curve, or X25519 key |
CryptoKey, KeyObject, JSON Web Key |
PBES2-HS256+A128KW
PBES2-HS384+A192KW
PBES2-HS512+A256KW |
secret/password of any length |
Uint8Array, CryptoKey, KeyObject, JSON Web Key |
RSA-OAEP
RSA-OAEP-256
RSA-OAEP-384
RSA-OAEP-512 |
RSA key with modulus length at least 2048 bits |
CryptoKey, KeyObject, JSON Web Key |
JWE "enc"
The following table describes the requirements for a secret for the supported JWE Content Encryption Algorithms ("enc") used in Direct Encryption Mode ("alg": "dir")
Note that JWK parameters such as "use", "alg", or "key_ops" may further restrict the use of a given key.
| JWE Content Encryption Algorithms |
requirement |
allowed key argument types |
| A128GCM |
128 bit (16 byte) secret |
Uint8Array, CryptoKey, KeyObject, JSON Web Key |
| A192GCM |
192 bit (24 byte) secret |
Uint8Array, CryptoKey, KeyObject, JSON Web Key |
| A256GCM |
256 bit (32 byte) secret |
Uint8Array, CryptoKey, KeyObject, JSON Web Key |
| A128CBC-HS256 |
256 bit (32 byte) secret |
Uint8Array, KeyObject, JSON Web Key |
| A192CBC-HS384 |
384 bit (48 byte) secret |
Uint8Array, KeyObject, JSON Web Key |
| A256CBC-HS512 |
512 bit (64 byte) secret |
Uint8Array, KeyObject, JSON Web Key |
Key argument type notes
- CryptoKey is a representation of a key/secret available in all supported runtimes.
- KeyObject is a representation of a key/secret available in the Node.js runtime.
- Uint8Array is a typed array representing an array of 8-bit unsigned integers.
- JSON Web Key is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. It is defined in RFC7517
- In Node.js the Buffer class is a subclass of Uint8Array and so Buffer can be provided for secrets as well.
- Key Import Functions can be used to import PEM or JWK formatted asymmetric keys and certificates to the supported key input representations.
Supported Runtimes
Not all algorithms are available in all runtimes, see the issues linked below for details.
See also Algorithm Selection Guide.
What are the key/secret requirements for JOSE algorithms
JWS "alg"
The following table describes the requirements for a key/secret for the supported JWS Algorithms ("alg").
With asymmetric algorithms, the private key is used for signing, the public key is used for verification.
Note that JWK parameters such as "use", "alg", or "key_ops" may further restrict the use of a given key.
EdDSA
PS384
PS512
RS384
RS512
JWE "alg"
The following table describes the requirements for a key/secret for the supported JWE Key Management Algorithms ("alg")
With asymmetric algorithms, the recipient's public key is used for encryption, the private key is used for decryption.
Note that JWK parameters such as "use", "alg", or "key_ops" may further restrict the use of a given key.
A128GCMKW
A192GCMKW
A256GCMKW
ECDH-ES+A128KW
ECDH-ES+A192KW
ECDH-ES+A256KW
PBES2-HS384+A192KW
PBES2-HS512+A256KW
RSA-OAEP-256
RSA-OAEP-384
RSA-OAEP-512
JWE "enc"
The following table describes the requirements for a secret for the supported JWE Content Encryption Algorithms ("enc") used in Direct Encryption Mode (
"alg": "dir")Note that JWK parameters such as "use", "alg", or "key_ops" may further restrict the use of a given key.
Key argument type notes
Supported Runtimes
Not all algorithms are available in all runtimes, see the issues linked below for details.