Skip to content

Commit 859c0c3

Browse files
terrafrostterrafrost
committed
add Examples: JWT page
1 parent ac59dd1 commit 859c0c3

File tree

2 files changed

+119
-1
lines changed

2 files changed

+119
-1
lines changed

docs/ec.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -144,7 +144,7 @@ SSH2-formatted signatures employee the format discussed in [RFC4253](https://too
144144

145145
### IEEE
146146

147-
This format used with [JSON Web Signatures](https://en.wikipedia.org/wiki/JSON_Web_Signature) (JWS; [RFC7515#page-45](https://datatracker.ietf.org/doc/html/rfc7515#page-45)), JavaScript's [Web Cryptography API](https://en.wikipedia.org/wiki/Web_Cryptography_API), et al. [SubtleCrypto: sign() method - Web APIs | MDN](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign#ecdsa) explains why IEEE is used as the name:
147+
This format used with [JSON Web Signatures](https://en.wikipedia.org/wiki/JSON_Web_Signature) (JWS; see [RFC7515#page-45](https://datatracker.ietf.org/doc/html/rfc7515#page-45)), JavaScript's [Web Cryptography API](https://en.wikipedia.org/wiki/Web_Cryptography_API), et al. [SubtleCrypto: sign() method - Web APIs | MDN](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign#ecdsa) explains why IEEE is used as the name:
148148

149149
> This encoding was also proposed by the [IEEE 1363-2000](https://standards.ieee.org/ieee/1363/2049/) standard, and is sometimes referred to as the IEEE P1363 format. It differs from the [X.509](https://www.itu.int/rec/T-REC-X.509) signature structure, which is the default format produced by some tools and libraries such as [OpenSSL](https://www.openssl.org/).
150150

docs/jwt.md

Lines changed: 118 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,118 @@
1+
---
2+
id: jwt
3+
title: Example: JWT
4+
---
5+
6+
A [JSON Web Token](https://en.wikipedia.org/wiki/JSON_Web_Token) consists of three parts - a header a payload and a signature - each encoded separately using [Base64url](https://en.wikipedia.org/wiki/Base64#URL_applications) (`\phpseclib3\Common\Functions\Strings::base64url_encode()`) and concatenated together using periods. eg.
7+
8+
```
9+
const token = base64urlEncoding(header) + '.' +
10+
base64urlEncoding(payload) + '.' +
11+
base64urlEncoding(signature)
12+
```
13+
The signature is created from the concatenation of the Base64url encoded header and payload. The algorithm used for the signature is specified in the header.
14+
15+
A list of all the algorithms and how to implement them with phpseclib is discussed below. In these examples `$header` and `$payload` are assumed to already be Base64url encoded and `Strings` is assumed to be namespaced to `\phpseclib3\Common\Functions\Strings`.
16+
17+
## ES256
18+
19+
```php
20+
assert($private instanceof \phpseclib3\Crypt\EC);
21+
assert($private->getCurve() == 'secp256r1');
22+
23+
$private = $private->withHash('sha256')->withSignatureFormat('IEEE');
24+
$sig = $private->sign("$header.$payload");
25+
$sig = Strings::base64url_encode($sig);
26+
```
27+
28+
## ES384
29+
30+
```php
31+
assert($private instanceof \phpseclib3\Crypt\EC);
32+
assert($private->getCurve() == 'secp384r1');
33+
34+
$private = $private->withHash('sha384')->withSignatureFormat('IEEE');
35+
$sig = $private->sign("$header.$payload");
36+
$sig = Strings::base64url_encode($sig);
37+
```
38+
39+
## ES512
40+
41+
```php
42+
assert($private instanceof \phpseclib3\Crypt\EC);
43+
assert($private->getCurve() == 'secp521r1');
44+
45+
$private = $private->withHash('sha512')->withSignatureFormat('IEEE');
46+
$sig = $private->sign("$header.$payload");
47+
$sig = Strings::base64url_encode($sig);
48+
```
49+
50+
## RS256
51+
52+
```php
53+
assert($private instanceof \phpseclib3\Crypt\RSA);
54+
55+
$private = $private->withHash('sha256')->withPadding(RSA::SIGNATURE_PKCS1);
56+
$sig = $private->sign("$header.$payload");
57+
$sig = Strings::base64url_encode($sig);
58+
```
59+
60+
## RS384
61+
62+
```php
63+
assert($private instanceof \phpseclib3\Crypt\RSA);
64+
65+
$private = $private->withHash('sha384')->withPadding(RSA::SIGNATURE_PKCS1);
66+
$sig = $private->sign("$header.$payload");
67+
$sig = Strings::base64url_encode($sig);
68+
```
69+
70+
## RS512
71+
72+
```php
73+
assert($private instanceof \phpseclib3\Crypt\RSA);
74+
75+
$private = $private->withHash('sha512')->withPadding(RSA::SIGNATURE_PKCS1);
76+
$sig = $private->sign("$header.$payload");
77+
$sig = Strings::base64url_encode($sig);
78+
```
79+
80+
## PS256
81+
82+
```php
83+
assert($private instanceof \phpseclib3\Crypt\RSA);
84+
85+
$private = $private->withHash('sha256')->withPadding(RSA::SIGNATURE_PSS);
86+
$sig = $private->sign("$header.$payload");
87+
$sig = Strings::base64url_encode($sig);
88+
```
89+
90+
## PS384
91+
92+
```php
93+
assert($private instanceof \phpseclib3\Crypt\RSA);
94+
95+
$private = $private->withHash('sha384')->withPadding(RSA::SIGNATURE_PSS);
96+
$sig = $private->sign("$header.$payload");
97+
$sig = Strings::base64url_encode($sig);
98+
```
99+
100+
## PS512
101+
102+
```php
103+
assert($private instanceof \phpseclib3\Crypt\RSA);
104+
105+
$private = $private->withHash('sha512')->withPadding(RSA::SIGNATURE_PSS);
106+
$sig = $private->sign("$header.$payload");
107+
$sig = Strings::base64url_encode($sig);
108+
```
109+
110+
## EdDSA
111+
112+
```php
113+
assert($private instanceof \phpseclib3\Crypt\EC);
114+
assert($private->getCurve() == 'Ed25519');
115+
116+
$sig = $private->sign("$header.$payload");
117+
$sig = Strings::base64url_encode($sig);
118+
```

0 commit comments

Comments
 (0)