The JWT is encoded in a JSON Web Signature (JWS) as defined in RFC 7515 "JSON Web Signature (JWS)". Those "eleven JWT algorithms" that you mentioned, refer to the signature algorithm used for the JWS. Their values are defined in
3.1 "alg" (Algorithm) Header Parameter Values for JWS of RFC 7518 "JSON Web Algorithms (JWA)":
+--------------+-------------------------------+--------------------+
| "alg" Param | Digital Signature or MAC | Implementation |
| Value | Algorithm | Requirements |
+--------------+-------------------------------+--------------------+
| HS256 | HMAC using SHA-256 | Required |
| HS384 | HMAC using SHA-384 | Optional |
| HS512 | HMAC using SHA-512 | Optional |
| RS256 | RSASSA-PKCS1-v1_5 using | Recommended |
| | SHA-256 | |
| RS384 | RSASSA-PKCS1-v1_5 using | Optional |
| | SHA-384 | |
| RS512 | RSASSA-PKCS1-v1_5 using | Optional |
| | SHA-512 | |
| ES256 | ECDSA using P-256 and SHA-256 | Recommended+ |
| ES384 | ECDSA using P-384 and SHA-384 | Optional |
| ES512 | ECDSA using P-521 and SHA-512 | Optional |
| PS256 | RSASSA-PSS using SHA-256 and | Optional |
| | MGF1 with SHA-256 | |
| PS384 | RSASSA-PSS using SHA-384 and | Optional |
| | MGF1 with SHA-384 | |
| PS512 | RSASSA-PSS using SHA-512 and | Optional |
| | MGF1 with SHA-512 | |
| none | No digital signature or MAC | Optional |
| | performed | |
+--------------+-------------------------------+--------------------+
So these algorithms include more than just digest algorithms; they are combined with (asymmetric) signing algorithms. In most cases, OpenSSL is able to figure out which algorithm to use for the latter, because that information is stored in the private key that you feed it via the -sign
option as part of the command. If you check out the openssl dgst
manual, it mentions:
When signing a file, dgst will automatically determine the algorithm
(RSA, ECC, etc) to use for signing based on the private key's ASN.1
info.
Looking at the different JWA algorithms, I see some caveats:
- There is no particular file format to capture HMAC keys so for the
HS
types of algorithms you need to use the HMAC-related parameters to openssl dgst
, as documented in the manual. The question Explanation of -hmac flag in open SSL may be helpful.
- Quickly scanning the manual, I do not see any option to change the padding when running
openssl dgst
. If that is true then you may not be able to use it for the PS
types of algorithms because those use RSA signatures with PSS padding (as opposed to the "default" PKCS padding).
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…