### Create, Sign, and Verify RSA JWS in Java Source: https://github.com/felx/nimbus-jose-jwt-wiki/blob/master/JWS with RSA signature.md This Java code snippet demonstrates the complete lifecycle of a JWS object using RSA signatures. It involves generating an RSA key pair, creating a signer with the private key, signing a JWS object with a string payload, serializing it, parsing it back, and finally verifying the signature using the public key. Dependencies include Nimbus JOSE+JWT library. ```java import com.nimbusds.jose.JWSAlgorithm; import com.nimbusds.jose.JWSHeader; import com.nimbusds.jose.JWSObject; import com.nimbusds.jose.Payload; import com.nimbusds.jose.crypto.RSASSASigner; import com.nimbusds.jose.crypto.RSASSAVerifier; import com.nimbusds.jose.jwk.JWK; import com.nimbusds.jose.jwk.RSAKey; import com.nimbusds.jose.proc.SecurityContext; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; // ... (rest of the class) // RSA signatures require a public and private RSA key pair, // the public key must be made known to the JWS recipient in // order to verify the signatures KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA"); keyGenerator.initialize(1024); KeyPair kp = keyGenerator.genKeyPair(); RSAPublicKey publicKey = (RSAPublicKey)kp.getPublic(); RSAPrivateKey privateKey = (RSAPrivateKey)kp.getPrivate(); // Create RSA-signer with the private key JWSSigner signer = new RSASSASigner(privateKey); // Prepare JWS object with simple string as payload JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.RS256), new Payload("In RSA we trust!")); // Compute the RSA signature jwsObject.sign(signer); assertTrue(jwsObject.getState().equals(JWSObject.State.SIGNED)); // To serialize to compact form, produces something like // eyJhbGciOiJSUzI1NiJ9.SW4gUlNBIHdlIHRydXN0IQ.IRMQENi4nJyp4er2L // mZq3ivwoAjqa1uUkSBKFIX7ATndFF5ivnt-m8uApHO4kfIFOrW7w2Ezmlg3Qd // maXlS9DhN0nUk_hGI3amEjkKd0BWYCB8vfUbUv0XGjQip78AI4z1PrFRNidm7 // -jPDm5Iq0SZnjKjCNS5Q15fokXZc8u0A String s = jwsObject.serialize(); // To parse the JWS and verify it, e.g. on client-side jwsObject = JWSObject.parse(s); JWSVerifier verifier = new RSASSAVerifier(publicKey); assertTrue(jwsObject.verify(verifier)); assertEquals("In RSA we trust!", jwsObject.getPayload().toString()); ``` -------------------------------- ### Create, Sign, and Verify JWS with EC Signature (Java) Source: https://github.com/felx/nimbus-jose-jwt-wiki/blob/master/JWS with EC signature.md This Java code snippet demonstrates the full lifecycle of a JWS object using EC signatures. It includes key generation, JWS object creation, signing with ECDSASigner, serialization, and verification using ECDSAVerifier. The payload is a simple string, and the example uses JWSAlgorithm.ES256. ```Java import java.math.BigInteger; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.security.spec.ECParameterSpec; import com.nimbusds.jose.JWSAlgorithm; import com.nimbusds.jose.JWSHeader; import com.nimbusds.jose.JWSObject; import com.nimbusds.jose.Payload; import com.nimbusds.jose.crypto.ECDSASigner; import com.nimbusds.jose.crypto.ECDSAVerifier; import com.nimbusds.jose.JWSVerifier; import com.nimbusds.jose.JWSSigner; // ... (assuming necessary imports and context) // Create the public and private EC keys KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("EC"); keyGenerator.initialize(new ECParameterSpec(/*...*/)); // Placeholder for actual EC parameters KeyPair keyPair = keyGenerator.generateKeyPair(); ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic(); ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate(); // Create the EC signer JWSSigner signer = new ECDSASigner(privateKey.getS()); // Creates the JWS object with payload JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.ES256), new Payload("Elliptic cure")); // Compute the EC signature jwsObject.sign(signer); // assertEquals(JWSObject.State.SIGNED, jwsObject.getState()); // Assertion example // Serialize the JWS to compact form String s = jwsObject.serialize(); // The recipient must create a verifier with the public 'x' and 'y' EC params BigInteger x = publicKey.getW().getAffineX(); BigInteger y = publicKey.getW().getAffineY(); JWSVerifier verifier = new ECDSAVerifier(x, y); // Verify the EC signature // assertTrue("EC256 signature verified", jwsObject.verify(verifier)); // Assertion example // assertEquals("Elliptic cure", jwsObject.getPayload().toString()); // Assertion example ``` -------------------------------- ### Create and Verify JWS with HMAC Protection in Java Source: https://context7.com/felx/nimbus-jose-jwt-wiki/llms.txt Demonstrates how to sign and verify a JWS object using a shared secret key with HMAC-based algorithms like HS256. This process involves generating a signer, creating the JWS object, serializing it, and verifying the signature using a MACVerifier. ```java import com.nimbusds.jose.*; import com.nimbusds.jose.crypto.*; import java.security.SecureRandom; // Generate random 32-bit shared secret SecureRandom random = new SecureRandom(); byte[] sharedSecret = new byte[32]; random.nextBytes(sharedSecret); // Create HMAC signer JWSSigner signer = new MACSigner(sharedSecret); // Prepare JWS object with "Hello, world!" payload JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.HS256), new Payload("Hello, world!")); // Apply the HMAC jwsObject.sign(signer); assertTrue(jwsObject.getState().equals(JWSObject.State.SIGNED)); // To serialize to compact form String s = jwsObject.serialize(); // To parse the JWS and verify it jwsObject = JWSObject.parse(s); JWSVerifier verifier = new MACVerifier(sharedSecret); assertTrue(jwsObject.verify(verifier)); assertEquals("Hello, world!", jwsObject.getPayload().toString()); ``` -------------------------------- ### Create and Verify JWS with ES256 using Elliptic Curve in Java Source: https://context7.com/felx/nimbus-jose-jwt-wiki/llms.txt Demonstrates the creation and verification of a JWS object using the ES256 algorithm with Elliptic Curve cryptography in Java. It involves generating EC key pairs, creating a JWSSigner and JWSVerifier, signing the payload, and verifying the signature. Dependencies include Nimbus JOSE+JWT libraries. ```java import com.nimbusds.jose.*; import com.nimbusds.jose.crypto.*; import java.security.*; import java.security.interfaces.*; import java.security.spec.*; import java.math.BigInteger; // Create the public and private EC keys KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("EC"); keyGenerator.initialize(new ECGenParameterSpec("secp256r1")); KeyPair keyPair = keyGenerator.generateKeyPair(); ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic(); ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate(); // Create the EC signer JWSSigner signer = new ECDSASigner(privateKey.getS()); // Creates the JWS object with payload JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.ES256), new Payload("Elliptic cure")); // Compute the EC signature jwsObject.sign(signer); assertEquals(JWSObject.State.SIGNED, jwsObject.getState()); // Serialize the JWS to compact form String s = jwsObject.serialize(); // The recipient must create a verifier with the public 'x' and 'y' EC params BigInteger x = publicKey.getW().getAffineX(); BigInteger y = publicKey.getW().getAffineY(); JWSVerifier verifier = new ECDSAVerifier(x, y); // Verify the EC signature assertTrue("EC256 signature verified", jwsObject.verify(verifier)); assertEquals("Elliptic cure", jwsObject.getPayload().toString()); ``` -------------------------------- ### Sign and Verify JWS with HMAC using Nimbus JOSE+JWT Source: https://github.com/felx/nimbus-jose-jwt-wiki/blob/master/JWS with HMAC protection.md This snippet demonstrates the full lifecycle of a JWS object using HMAC. It includes generating a secure random key, signing a string payload with HS256, serializing the object, and verifying the signature upon parsing. ```java // Generate random 32-bit shared secret SecureRandom random = new SecureRandom(); byte[] sharedSecret = new byte[32]; random.nextBytes(sharedSecret); // Create HMAC signer JWSSigner signer = new MACSigner(sharedSecret); // Prepare JWS object with "Hello, world!" payload JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.HS256), new Payload("Hello, world!")); // Apply the HMAC jwsObject.sign(signer); assertTrue(jwsObject.getState().equals(JWSObject.State.SIGNED)); // To serialize to compact form String s = jwsObject.serialize(); // To parse the JWS and verify it jwsObject = JWSObject.parse(s); JWSVerifier verifier = new MACVerifier(sharedSecret); assertTrue(jwsObject.verify(verifier)); assertEquals("Hello, world!", jwsObject.getPayload().toString()); ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.