IETF logoNew versions of the IETF JSON Object Signing and Encryption (JOSE) specifications are now available that incorporate working group feedback since publication of the initial versions. They are:

  • JSON Web Signature (JWS) — Digital signature/HMAC specification
  • JSON Web Encryption (JWE) — Encryption specification
  • JSON Web Key (JWK) — Public key specification
  • JSON Web Algorithms (JWA) — Algorithms and identifiers specification

The most important changes are:

  • Added a separate integrity check for encryption algorithms without an integral integrity check.
  • Defined header parameters for including JWK public keys and X.509 certificate chains directly in the header.

See the Document History section in each specification for a more detailed list of changes.

Corresponding versions of the JSON Serialization specs, which use these JOSE drafts, are also available. Besides using JSON Serializations of the cryptographic results (rather than Compact Serializations using a series of base64url encoded values), these specifications also enable multiple digital signatures and/or HMACs to applied to the same message and enable the same plaintext to be encrypted to multiple recipients. They are:

  • JSON Web Signature JSON Serialization (JWS-JS)
  • JSON Web Encryption JSON Serialization (JWE-JS)

These specifications are available at:

HTML formatted versions are available at: