Skip to content

Commit ad2b119

Browse files
karen-avetisyan-mckaren-avetisyan-mc
committed
updating the README.md
1 parent 349bd4a commit ad2b119

File tree

1 file changed

+31
-10
lines changed

1 file changed

+31
-10
lines changed

README.md

Lines changed: 31 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -152,21 +152,42 @@ var config = JweConfigBuilder.AJweEncryptionConfig()
152152

153153
###### Supported Encryption Algorithms
154154

155-
The library supports the following JWE encryption algorithms:
155+
The library supports the following JWE encryption algorithms according to [RFC 7516](https://datatracker.ietf.org/doc/html/rfc7516):
156156

157-
**AES-GCM (Galois/Counter Mode):**
157+
**Key Encryption Algorithms (`alg` header):**
158158

159-
- `A128GCM` - AES-128 with GCM mode
160-
- `A192GCM` - AES-192 with GCM mode
161-
- `A256GCM` - AES-256 with GCM mode (default)
159+
| Algorithm | Description | Key Size |
160+
|-----------|-------------|----------|
161+
| `RSA-OAEP` | RSAES using Optimal Asymmetric Encryption Padding (OAEP) with SHA-1 and MGF1 | 2048+ bits |
162+
| `RSA-OAEP-256` | RSAES-OAEP using SHA-256 and MGF1 with SHA-256 | 2048+ bits |
162163

163-
**AES-CBC with HMAC (Cipher Block Chaining with HMAC authentication):**
164+
**Content Encryption Algorithms (`enc` header):**
164165

165-
- `A128CBC-HS256` - AES-128-CBC with HMAC-SHA256
166-
- `A192CBC-HS384` - AES-192-CBC with HMAC-SHA384
167-
- `A256CBC-HS512` - AES-256-CBC with HMAC-SHA512
166+
| Algorithm | Description | Key Size | Authentication |
167+
|-----------|-------------|----------|----------------|
168+
| `A128GCM` | AES-128 with Galois/Counter Mode | 128 bits | Built-in |
169+
| `A192GCM` | AES-192 with Galois/Counter Mode | 192 bits | Built-in |
170+
| `A256GCM` | AES-256 with Galois/Counter Mode (default) | 256 bits | Built-in |
171+
| `A128CBC-HS256` | AES-128-CBC with HMAC-SHA256 | 256 bits (128+128) | HMAC-SHA256 |
172+
| `A192CBC-HS384` | AES-192-CBC with HMAC-SHA384 | 384 bits (192+192) | HMAC-SHA384 |
173+
| `A256CBC-HS512` | AES-256-CBC with HMAC-SHA512 | 512 bits (256+256) | HMAC-SHA512 |
168174

169-
The encryption algorithm is determined by the `enc` header parameter in the JWE header.
175+
**Algorithm Selection:**
176+
177+
The encryption algorithm is determined by the `enc` parameter in the JWE header. For example:
178+
179+
```json
180+
{
181+
"alg": "RSA-OAEP-256",
182+
"enc": "A256GCM",
183+
"kid": "761b003c1eade3a5490e5000d37887baa5e6ec0e226c07706e599451fc032a79"
184+
}
185+
```
186+
187+
**GCM vs CBC-HMAC:**
188+
189+
- **AES-GCM (Recommended):** Provides both encryption and authentication in a single operation. Default choice for new implementations.
190+
- **AES-CBC-HMAC:** Provides encryption via CBC mode and authentication via HMAC. Requires two separate operations and proper HMAC verification configuration.
170191

171192
###### Configuring CBC-HMAC Verification
172193

0 commit comments

Comments
 (0)