node-jose

A JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. This library implements (wherever possible) all algorithms, formats, and options in JWS, JWE, JWK, and JWA and uses native cryptographic support (WebCrypto API or node.js' "crypto" module) where feasible.

• Installing
• Basics
• Keys and Key Stores
  • Obtaining a KeyStore
  • Exporting a KeyStore
  • Retrieving Keys
  • Searching for Keys
  • Managing Keys
  • Importing and Exporting a Single Key
  • Obtaining a Key's Thumbprint
• Signatures
  • Keys Used for Signing and Verifying
  • Signing Content
  • Verifying a JWS
    • Allowing (or Disallowing) Signature Algorithms
    • Handling crit Header Members
• Encryption
  • Keys Used for Encrypting and Decrypting
  • Encrypting Content
  • Decrypting a JWE
    • Allowing (or Disallowing) Encryption Algorithms
    • Handling crit Header Members
• Useful Utilities
  • Converting to Buffer
  • URI-Safe Base64
  • Random Bytes

Installing

To install the latest from NPM:

  npm install node-jose

Or to install a specific release:

  npm install node-jose@0.3.0

Alternatively, the latest unpublished code can be installed directly from the repository:

  npm install git+https://github.com/cisco/node-jose.git

Basics

Require the library as normal:

var jose = require('node-jose');

This library uses Promises for nearly every operation.

This library supports Browserify and Webpack. To use in a web browser, require('node-jose') and bundle with the rest of your app.

The content to be signed/encrypted -- or returned from being verified/decrypted -- are Buffer objects.

Keys and Key Stores

The jose.JWK namespace deals with JWK and JWK-sets.

• jose.JWK.Key is a logical representation of a JWK, and is the "raw" entry point for various cryptographic operations (e.g., sign, verify, encrypt, decrypt).
• jose.JWK.KeyStore represents a collection of Keys.

Creating a JWE or JWS ultimately require one or more explicit Key objects.

Processing a JWE or JWS relies on a KeyStore.

Obtaining a KeyStore

To create an empty keystore:

keystore = jose.JWK.createKeyStore();

To import a JWK-set as a keystore:

// {input} is a String or JSON object representing the JWK-set
jose.JWK.asKeyStore(input).
     then(function(result) {
       // {result} is a jose.JWK.KeyStore
       keystore = result;
     });

Exporting a KeyStore

To export the public keys of a keystore as a JWK-set:

output = keystore.toJSON();

To export all the keys of a keystore:

output = keystore.toJSON(true);

Retrieving Keys

To retrieve a key from a keystore:

// by 'kid'
key = keystore.get(kid);

This retrieves the first key that matches the given {kid}. If multiple keys have the same {kid}, you can further narrow what to retrieve:

// ... and by 'kty'
key = keystore.get(kid, { kty: 'RSA' });

// ... and by 'use'
key = keystore.get(kid, { use: 'enc' });

// ... and by 'alg'
key = keystore.get(kid, { use: 'RSA-OAEP' });

// ... and by 'kty' and 'use'
key = keystore.get(kid, { kty: 'RSA', use: 'enc' });

// same as above, but with a single {props} argument
key = keystore.get({ kid: kid, kty: 'RSA', use: 'enc' });

Searching for Keys

To retrieve all the keys from a keystore:

everything = keystore.all();

all() can be filtered much like get():

// filter by 'kid'
everything = keystore.all({ kid: kid });

// filter by 'kty'
everything = keystore.all({ kty: 'RSA' });

// filter by 'use'
everything = keystore.all({ use: 'enc' });

// filter by 'alg'
everything = keystore.all({ alg: 'RSA-OAEP' });

// filter by 'kid' + 'kty' + 'alg'
everything = keystore.all({ kid: kid, kty: 'RSA', alg: 'RSA-OAEP' });

Managing Keys

To import an existing Key (as a JSON object or Key instance):

// input is either a:
// *  jose.JWK.Key to copy from; or
// *  JSON object representing a JWK; or
keystore.add(input).
        then(function(result) {
          // {result} is a jose.JWK.Key
          key = result;
        });

To import and existing Key from a PEM or DER:

// input is either a:
// *  String serialization of a JSON JWK/(base64-encoded) PEM/(binary-encoded) DER
// *  Buffer of a JSON JWK/(base64-encoded) PEM/(binary-encoded) DER
// form is either a:
// * "json" for a JSON stringified JWK
// * "private" for a DER encoded 'raw' private key
// * "pkcs8" for a DER encoded (unencrypted!) PKCS8 private key
// * "public" for a DER encoded SPKI public key (alternate to 'spki')
// * "spki" for a DER encoded SPKI public key
// * "pkix" for a DER encoded PKIX X.509 certificate
// * "x509" for a DER encoded PKIX X.509 certificate
// * "pem" for a PEM encoded of PKCS8 / SPKI / PKIX
keystore.add(input, form).
        then(function(result) {
          // {result} is a jose.JWK.Key
        });

To generate a new Key:

// first argument is the key type (kty)
// second is the key size (in bits) or named curve ('crv') for "EC"
keystore.generate("oct", 256).
        then(function(result) {
          // {result} is a jose.JWK.Key
          key = result;
        });

// ... with properties
var props = {
  kid: 'gBdaS-G8RLax2qgObTD94w',
  alg: 'A256GCM',
  use: 'enc'
};
keystore.generate("oct", 256, props).
        then(function(result) {
          // {result} is a jose.JWK.Key
          key = result;
        });

To remove a Key from its Keystore:

keystore.remove(key);
// NOTE: key.keystore does not change!!

Importing and Exporting a Single Key

To create a single "stand alone" key:

jose.JWK.createKey("oct", 256, { alg: "A256GCM" }).
         then(function(result) {
           // {result} is a jose.JWK.Key
           // {result.keystore} is a unique jose.JWK.KeyStore
         });

To import a single Key:

// where input is either a:
// *  jose.JWK.Key instance
// *  JSON Object representation of a JWK
jose.JWK.asKey(input).
        then(function(result) {
          // {result} is a jose.JWK.Key
          // {result.keystore} is a unique jose.JWK.KeyStore
        });

// where input is either a:
// *  String serialization of a JSON JWK/(base64-encoded) PEM/(binary-encoded) DER
// *  Buffer of a JSON JWK/(base64-encoded) PEM/(binary-encoded) DER
// form is either a:
// * "json" for a JSON stringified JWK
// * "pkcs8" for a DER encoded (unencrypted!) PKCS8 private key
// * "spki" for a DER encoded SPKI public key
// * "pkix" for a DER encoded PKIX X.509 certificate
// * "x509" for a DER encoded PKIX X.509 certificate
// * "pem" for a PEM encoded of PKCS8 / SPKI / PKIX
jose.JWK.asKey(input, form).
        then(function(result) {
          // {result} is a jose.JWK.Key
          // {result.keystore} is a unique jose.JWK.KeyStore
        });

To export the public portion of a Key as a JWK:

var output = key.toJSON();

To export the public and private portions of a Key:

var output = key.toJSON(true);

Obtaining a Key's Thumbprint

To get or calculate a RFC 7638 thumbprint for a key:

// where hash is a supported algorithm, currently one of:
// * SHA-1
// * SHA-256
// * SHA-384
// * SHA-512
key.thumbprint(hash).
    then(function(print) {
      // {print} is a Buffer containing the thumbprint binary value
    });

When importing or generating a key that does not have a "kid" defined, a "SHA-256" thumbprint is calculated and used as the "kid".

Signatures

Keys Used for Signing and Verifying

When signing content, the key is expected to meet one of the following:

1. A secret key (e.g, "kty":"oct")
2. The private key from a PKI ("kty":"EC" or "kty":"RSA") key pair

When verifying content, the key is expected to meet one of the following:

1. A secret key (e.g, "kty":"oct")
2. The public key from a PKI ("kty":"EC" or "kty":"RSA") key pair

Signing Content

At its simplest, to create a JWS:

// {input} is a Buffer
jose.JWS.createSign(key).
        update(input).
        final().
        then(function(result) {
          // {result} is a JSON object -- JWS using the JSON General Serialization
        });

The JWS is signed using the preferred algorithm appropriate for the given Key. The preferred algorithm is the first item returned by key.algorithms("sign").

To create a JWS using another serialization format:

jose.JWS.createSign({ format: 'flattened' }, key).
        update(input).
        final().
        then(function(result) {
          // {result} is a JSON object -- JWS using the JSON Flattened Serialization
        });

jose.JWS.createSign({ format: 'compact' }, key).
        update(input).
        final().
        then(function(result) {
          // {result} is a String -- JWS using the Compact Serialization
        });

To create a JWS using a specific algorithm:

jose.JWS.createSign({ fields: { alg: 'PS256' } }, key).
        update(input).
        final().
        then(function(result) {
          // ....
        });

To create a JWS for a specified content type:

jose.JWS.createSign({ fields: { cty: 'jwk+json' } }, key).
        update(input).
        final().
        then(function(result) {
          // ....
        });

To create a JWS from String content:

jose.JWS.createSign(key).
        update(input, "utf8").
        final().
        then(function(result) {
          // ....
        });

To create a JWS with multiple signatures:

// {keys} is an Array of jose.JWK.Key instances
jose.JWS.createSign(keys).
        update(input).
        final().
        then(function(result) {
          // ....
        });

Verifying a JWS

To verify a JWS, and retrieve the payload:

jose.JWS.createVerify(keystore).
        verify(input).
        then(function(result) {
          // {result} is a Object with:
          // *  header: the combined 'protected' and 'unprotected' header members
          // *  payload: Buffer of the signed content
          // *  signature: Buffer of the verified signature
          // *  key: The key used to verify the signature
        });

To verify using an implied Key:

// {key} can be:
// *  jose.JWK.Key
// *  JSON object representing a JWK
jose.JWS.createVerify(key).
        verify(input).
        then(function(result) {
          // ...
        });

To verify using a key embedded in the JWS:

jose.JWS.createVerify().
        verify(input, { allowEmbeddedKey: true }).
        then(function(result) {
          // ...
        });

Alternatively, a cached createVerify() can be configured to allow an embedded key:

var verifier = jose.JWS.createVerify({ allowEmbeddedKey: true });

verifier.verify(input).
         then(function(result) {
           // ...
         });

The key can be embedded using either 'jwk' or 'x5c', and can be located in either the JWS Unprotected Header or JWS Protected Header.

NOTE: verify() will use the embedded key (if found and permitted) instead of any other key.

Allowing (or Disallowing) Signature Algorithms

To restrict what signature algorithms are allowed when verifying, add the algorithms member to the options Object. The algorithms member is either a string or an array of strings, where the string value(s) can be one of the following:

• "*": accept all supported algorithms
• <alg name> (e.g., "PS256"): accept the specific algorithm (can have a single '*' to match a range of algorithms)
• !<alg name> (e.g., "!RS256"): do not accept the specific algorithm (can have a single '*' to match a range of algorithms)

The negation is intended to be used with the wildcard accept string, and disallow takes precedence over allowed.

To only accept RSA-PSS sigatures:

var opts = {
  algorithms: ["PS*"]
};
jose.JWS.createVerify(key, opts).
        verify(input).
        then(function(result) {
          // ...
        });

To accept any algorithm, but disallow HMAC-based signatures:

var opts = {
  algorithms: ["*", "!HS*"]
};
jose.JWS.createVerify(key, opts).
        verify(input).
        then(function(result) {
          // ...
        });

Handling crit Header Members

To accept 'crit' field members, add the handlers member to the options Object. The handlers member is itself an Object, where its member names are the crit header member, and the value is one of:

• Function: takes the JWE decrypt output (just prior to decrypting) and returns a Promise for the processing of the member.
• Object: An object with the following Function members:
  • "prepare" -- takes the JWE decrypt output (just prior to decrypting) and returns a Promise for the processing of the member.
  • "complete" -- takes the JWE decrypt output (immediately after decrypting) and returns a Promise for the processing of the member.

NOTE If the handler function returns a promise, the fulfilled value is ignored. It is expected these handler functions will modify the provided value directly.

To perform additional (pre-verify) processing on a crit header member:

var opts = {
  handlers: {
    "exp": function(jws) {
      // {jws} is the JWS verify output, pre-verification
      jws.header.exp = new Date(jws.header.exp);
    }
  }
};
jose.JWS.createVerify(key, opts).
        verify(input).
        then(function(result) {
          // ...
        });

To perform additional (post-verify) processing on a crit header member:

var opts = {
  handlers: {
    "exp": {
      complete: function(jws) {
        // {jws} is the JWS verify output, post-verification
        jws.header.exp = new Date(jws.header.exp);
      }
    }
  }
};
jose.JWS.createVerify(key, opts).
        verify(input).
        then(function(result) {
          // ...
        });

Encryption

Keys Used for Encrypting and Decrypting

When encrypting content, the key is expected to meet one of the following:

1. A secret key (e.g, "kty":"oct")
2. The public key from a PKI ("kty":"EC" or "kty":"RSA") key pair

When decrypting content, the key is expected to meet one of the following:

1. A secret key (e.g, "kty":"oct")
2. The private key from a PKI ("kty":"EC" or "kty":"RSA") key pair

Encrypting Content

At its simplest, to create a JWE:

// {input} is a Buffer
jose.JWE.createEncrypt(key).
        update(input).
        final().
        then(function(result) {
          // {result} is a JSON Object -- JWE using the JSON General Serialization
        });

How the JWE content is encrypted depends on the provided Key.

• If the Key only supports content encryption algorithms, then the preferred algorithm is used to encrypt the content and the key encryption algorithm (i.e., the "alg" member) is set to "dir". The preferred algorithm is the first item returned by key.algorithms("encrypt").
• If the Key supports key management algorithms, then the JWE content is encrypted using "A128CBC-HS256" by default, and the Content Encryption Key is encrypted using the preferred algorithms for the given Key. The preferred algorithm is the first item returned by key.algorithms("wrap").

To create a JWE using a different serialization format:

jose.JWE.createEncrypt({ format: 'compact' }, key).
        update(input).
        final().
        then(function(result) {
          // {result} is a String -- JWE using the Compact Serialization
        });

jose.JWE.createEncrypt({ format: 'flattened' }, key).
        update(input).
        final().
        then(function(result) {
          // {result} is a JSON Object -- JWE using the JSON Flattened Serialization
        });

To create a JWE and compressing the content before encrypting:

jose.JWE.createEncrypt({ zip: true }, key).
        update(input).
        final().
        then(function(result) {
          // ....
        });

To create a JWE for a specific content type:

jose.JWE.createEncrypt({ fields: { cty : 'jwk+json' } }, key).
        update(input).
        final().
        then(function(result) {
          // ....
        });

To create a JWE with multiple recipients:

// {keys} is an Array of jose.JWK.Key instances
jose.JWE.createEncrypt(keys).
        update(input).
        final().
        then(function(result) {
          // ....
        });

Decrypting a JWE

To decrypt a JWE, and retrieve the plaintext:

jose.JWE.createDecrypt(keystore).
        decrypt(input).
        then(function(result) {
          // {result} is a Object with:
          // *  header: the combined 'protected' and 'unprotected' header members
          // *  protected: an array of the member names from the "protected" member
          // *  key: Key used to decrypt
          // *  payload: Buffer of the decrypted content
          // *  plaintext: Buffer of the decrypted content (alternate)
        });

To decrypt a JWE using an implied key:

jose.JWE.createDecrypt(key).
        decrypt(input).
        then(function(result) {
          // ....
        });

Allowing (or Disallowing) Encryption Algorithms

To restrict what encryption algorithms are allowed when verifying, add the algorithms member to the options Object. The algorithms member is either a string or an array of strings, where the string value(s) can be one of the following:

• "*": accept all supported algorithms
• <alg name> (e.g., "A128KW"): accept the specific algorithm (can have a single '*' to match a range of similar algorithms)
• !<alg name> (e.g., "!RSA1_5"): do not accept the specific algorithm (can have a single '*' to match a range of similar algorithms)

The negation is intended to be used with the wildcard accept string, and disallow takes precedence over allowed.

To only accept "dir" and AES-GCM encryption:

var opts = {
  algorithms: ["dir", "A*GCM"]
};
jose.JWE.createDecrypt(key, opts).
        decrypt(input).
        then(function(result) {
          // ...
        });

To accept any algorithm, but disallow RSA-based encryption:

var opts = {
  algorithms: ["*", "!RSA*"]
};
jose.JWS.createVerify(key, opts).
        verify(input).
        then(function(result) {
          // ...
        });

Handling crit Header Members

To accept 'crit' field members, add the handlers member to the options Object. The handlers member is itself an Object, where its member names are the crit header member, and the value is one of:

• Function: takes the JWE decrypt output (just prior to decrypting) and returns a Promise for the processing of the member.
• Object: An object with the following Function members:
  • "prepare" -- takes the JWE decrypt output (just prior to decrypting) and returns a Promise for the processing of the member.
  • "complete" -- takes the JWE decrypt output (immediately after decrypting) and returns a Promise for the processing of the member.

NOTE If the handler function returns a promise, the fulfilled value is ignored. It is expected these handler functions will modify the provided value directly.

To perform additional (pre-decrypt) processing on a crit header member:

var opts = {
  handlers: {
    "exp": function(jwe) {
      // {jwe} is the JWE decrypt output, pre-decryption
      jwe.header.exp = new Date(jwe.header.exp);
    }
  }
};
jose.JWE.createDecrypt(key, opts).
        decrypt(input).
        then(function(result) {
          // ...
        });

To perform additional (post-decrypt) processing on a crit header member:

var opts = {
  handlers: {
    "exp": {
      complete: function(jwe) {
        // {jwe} is the JWE decrypt output, post-decryption
        jwe.header.exp = new Date(jwe.header.exp);
      }
    }
  }
};
jose.JWE.createDecrypt(key, opts).
        decrypt(input).
        then(function(result) {
          // ...
        });

Useful Utilities

Converting to Buffer

To convert a Typed Array, ArrayBuffer, or Array of Numbers to a Buffer:

buff = jose.util.asBuffer(input);

URI-Safe Base64

This exposes urlsafe-base64's encode and decode methods as encode and decode (respectively).

To convert from a Buffer to a base64uri-encoded String:

var output = jose.util.base64url.encode(input);

To convert a String to a base64uri-encoded String:

// explicit encoding
output = jose.util.base64url.encode(input, "utf8");

// implied "utf8" encoding
output = jose.util.base64url.encode(input);

To convert a base64uri-encoded String to a Buffer:

var output = jose.util.base64url.decode(input);

Random Bytes

To generate a Buffer of octets, regardless of platform:

// argument is size (in bytes)
var rnd = jose.util.randomBytes(32);

This function uses:

• crypto.randomBytes() on node.js
• crypto.getRandomValues() on modern browsers
• A PRNG based on AES and SHA-1 for older platforms

Release Notes

2.0.1 (2021-11-15)

The changes in this release are only dependency updates.

Update

• update dependencies using minor releases for buffer, and lodash
• updated devDependencies using minor releases for bowser, browserify-istanbul, chai, gulp-eslint, gulp-istanbul, gulp-rename, json-loader, karma, karma-chrome-launcher, karma-coverage, karma-firefox-launcher, karma-mocha-reporter, karma-safari-applescript-launcher, karma-sauce-launcher, karma-sourcemap-loader, mocha, run-sequence, webpack-stream, and yargs
• updated devDependencies use major release for webpack, and karma-webpack

2.0.0 (2020-09-20)

While all of the changes in this release are only dependency updates and otherwise patch-level changes, it does break compatibility with versions of node.js older than version 10.

Update

• switch to karma-safari-applescript-launcher for improved local Safari testing (a0db723)
• update dependencies for karma, karma-mocha, mocha, webpack-stream, and yargs (96ee8ff)
• update node-forge to latest (shahar-h)(277aab5)
• cherry-pick lodash modules to effect smaller footprint (tychenjianjun)(003ef1c)
• replace browserify-zlib with pako (taymoork2)(85610d6)

1.1.4 (2020-03-26)

Bug Fixes

• fixed issues when used in react-native (8126622)
• fixed incorrect usage of node-forge buffers (7e46c1f) (4014f5c)
• updated dependencies.

Style

• avoid using var shorthands for UglifyJS's sake (44edb0a)

1.1.3 (2019-03-18)

• fail to verify PS signatures with incorrect padding in node (93399b6)

1.1.2 (2019-02-28)

• replaced outdated vulnerable lodash dependencies (b9c4f0e)

1.1.1 (2019-02-01)

• Update node-forge (6b0bc94)

1.1.0 (2018-11-05)

Bug Fixes

• remove setImmediate/nextTick hack (fixes #203) (4e24931)
• correct jws verify input validation check (fixes #210) (be66519)
• [node] use native crypto for RS signing (fixes #202) (59636c3)

Features

• [node] use native crypto for AES-KW Key-Wrapping (f18011f)
• [node] use native crypto for RSA-OAEP and RSA1_5 encryption (bba0a13)
• [node] use native crypto for RSA1_5 decryption (2a9e48a)
• [node] use native crypto for RSA-PSS (8a05f35)
• [node] use native crypto for ECDSA (aa5a48d)

1.0.0 (2018-05-30)

Update

• Create a Key without first creating a KeyStore (#170) (d5971e46253b311ea8a8b1a1967133867f6f6deb), closes #170
• support RSA-PSS in WebCrypto (#171) (f47abe731796c061a80240706a0c21e35062d975), closes #171
• generate and apply header values when key wrapping (#189) (370baa4aeee99dc3e4244fbe3cd92fcf4dff80d8), closes #189
• use safe Buffer allocators instead of unsafe constructor (#184) (0e066babef1d85bcd7066095ba20734b40898f1d), closes #184

Fix

• better error when given key does not support requested algorithms (#186) (70b0d76b48f8ae069c4357d65bb1b44f3a6d8e9a), closes #186

Build

• update supported test platforms (#188) (da9a9f24edb8054c41b1d7090eb4e7003e12aed6), closes #188
• use headless firefox for Travis (#156) (2008bf46ee299d44d164c8a3147e65b5147384bb), closes #156

Package

• Fix wrong repository URL syntax (from @sschuberth) (#160) (0e4dcbaef2cfa66a4520f4510c205c8c4b68707e), closes #160

0.11.1 (2018-05-15)

NOTE: This is a security patch, replacing base64url with b64u to address a vulnerability in the previous dependency.

Chore

• replace base64url with b64u (#179) (7f88049af5de3593adc00d886150bf2fa8f1ecd4), closes #179

0.11.0 (2017-11-30)

NOTICE This release includes a potentially breaking change. The default of jose.JWS.Verifier.verify() before 0.11.0 was to successfully verify if an embedded key was present and verification succeeds. Now the default is to instead fail verification. Applications that rely on embedded keys for JWS verification now must provide an opts Object to either jose.JWS.createVerify() or jose.JWS.Verifier.verify(), with the member allowEmbeddedKeys set to true.

Update

• configure if embedded keys can be used for signature verification; contributed by Fraser Winterborn of BlackBerry's Security Research Group (959a61d707ed2c8cf6582139a5605119283e4acb)
• configure option for allowed algorithm (9a86dd6dac3687ab58c806dfed6deca5a7d73dbb)

Doc

• Enable syntax highlighting on code areas in README (be18233154544cd160c185077cfaf77abea27507)

0.10.0 (2017-09-29)

Update

• alias JWS.createVerify to construct a sentence (2ed035a90c4ff74b210a8341292b3f9d6444a68d)
• Provide PBKDF2-based algorithms publicly (0a6e324eb5d163d69a58c5cf592cde84057faa40)

Fix

• HMAC minimum length checks should be better enforced (859539895b5f63f63c48e1d3871d1e052291af4e)
• prevent JWK.KeyStore#add from modifying jwk input (d1b8d882a1e4735434a317be8e6422bf259eed5d)

Build

• exclude old browsers from SL tests (20fe41ee982368123173995ba667c053608ff0bb)

0.9.5 (2017-08-07)

Update

• prevent embedding 'oct' keys in JWS objects (9e0c4dd81315306dc3e857142c84d69fba5c9519)

Fix

• coerce "kid" during lookup (bbe4d739e04e2b8a9e49c1e9235fc057dc952364), closes #109
• regression errors with Safari (7d8070cba5891506e0b5e978948ef9d1ba98a81f), closes #123 #125

Doc

• Add key hints and status badges to README (57916db0133d5ee97c5a34f32b80a46b6d63cb3a)

Build

• bundle package-lock.json for devel (3491d882b68270091ced996728b669a1c10086ef)
• support node-v8 in travis (60ba1e7312423ab3d1dee1f3f53c997f5b6f0d34)

0.9.4 (2017-04-13)

Update

• Use native RSA/OpenSSL crypto whenever possible (0d1a8cdc351988d74ac42398c3d973902db3d808)
• use npm-published base64url implementation (c6b30c91502ffef9b9d3addc8bdb1b8b0cc36e69), closes #96
• use npm-published node-forge implementation (0f4e0ab57839eaf6dd40c46be511afe3aec9ca44), closes #96
• Use WebCrypto API for PBKDF2 (5e5b9d376f334fa50bb69331e3065e2011c8e9c7)

Doc

• Fix wrong links to JWA and JWK specifications (538829dd4af480989422efec20a2c60f809d8d5c), closes #102

Build

• sourcemaps for karma tests (a571bd107d87df12bd9f076ade2a875c01b4b24d)
• update karma-firefox-launcher to version 1.0.1 (84f5f531783e4e50674532fa5c809dff4e6dc25c)
• update travis-ci for newer environments (55b91bb0b4bb158d9275dfc89c1de688e14163ed)
• update yargs to version 7.0.1 (af24f9e951b1078a088caf50acc13296c0076f68)

0.9.3 (2017-02-20)

Update

• maintain dependencies via Greenkeeper (2fde860746b009b6522fd9a990b4a62c34d034e4)
• update jsbn to version 1.1.0 (8a83b10c860e3c36aa581e890f5eeea7db23ec35)

Fix

• Validate EC public key is on configured curve (f92cffb4a0398b4b1158be98423369233282e0af)

Doc

• note webpack support (b011c001958c2e346b522e87cdb107f01e584da9)

Build

• additional tests on ECDH failures (af19f289811e75522bb8de662e76b1aef15a95fa)
• update gulp-mocha to latest version 🚀 (1e44875e9c1cad370cc44808bddf5fab99226eb0)
• Update webpack to the latest version 🚀 (bb513056143ad2ecf7b44862d3d7ac00e80852eb)

0.9.2 (2016-12-29)

Build

• include browser tests in travis-ci (4005f315f880add9aba33c1cbc7fb2c0a3a7a3d5)

Fix

• improper call to base64url.decode (e15d17c342c5374c8e953a2aa975c1a9daf1766a), closes #80
• node v6+ emits UnhandledPromiseRejectionWarning (6b5dbdfa9e9907ae547a6bce2a918fcc6c25368e), closes #79

0.9.1 (2016-08-23)

Build

• upgrade build environment (8f625984d668c160db0fea7ba48413b3e9320766)

0.9.0 (2016-07-17)

Update

• find keys embedded in JWS header (445381dd628936a9a3d4b8ff59794f96a0f34adb), closes #65

Fix

• incorrect member name for unprotected JWS header (6c6028c1619a500cb098b68fed0b83c52029823f)

0.8.1 (2016-07-13)

Fix

• Documentation typo (c8e27f517ce444ac13a8602f4e83da664c6fb34e)
• Issues with latest browserify-buffer (476e4d7fe743a50b6fd62ef1259d2db03d2313eb)
• Typo in lib/algorithms/constants (480721085b405c24349d5ead321c01d92941bdd2)
• Remove warnings from webpack (5056b6e29168ff147a948da908f305f90b60c45e)

Build

• Further restrict what is published (8e8f779cf84fe4d359123fa502276dfcad47ba0b)
• Reconcile git-prefixed dependencies (2b6bd1ec3f61ae301c9d631c1ff623b480ddd31b)

0.8.0 (2016-04-18)

Update

• support 'crit' header member (2a05a6700b5828a32d5b51e707b4c171a08d3ec4)

Fix

• failures on different browser platforms (d06fe17ae791f14d777e2492cefffd79404e199f)

Build

• integrate travis-ci (7dc80e735579c0f612256db7dd242b415520707f)

0.7.1 (2016-02-09)

Fix

• fix throws and rejects to be error objects and consistent (89325da4b183817a7c412af98f2aa2b9dce97ff9)
• only honor isPrivate in JWK.toJSON() if it is actually a Boolean (9f2f813fc5a10e0d477d5c06e4e719027b6cddbb)

0.7.0 (2016-01-14)

Update

• implement JWK thumbprint support [RFC 7638] (e57384cbf84cc30d8cc0be2b1f881107c4c74577)
• support Microsoft Edge (5ea3c881045388992511f61c9bfc17c8ab62f066)

0.6.0 (2015-12-12)

Update

• export EC keys as PEM (71d382ef06112dd6f71f7feec8c017b72695d20f)
• export RSA keys as PEM (e6ef2ef9aeddb0afc92d55222ae7669c87a3f6f1)
• import EC and RSA keys from "raw" PEM (f7a6dcab643209347b7bf68cb014d12e1698e8ff)
• import EC and RSA "raw" private keys from DER (f3cd2679317cec5a8a80f0634f777e4bc8ace4cd)
• harmonize output from JWE.decrypt and JWS.verify (ed0ea52e4fc4cc70920f2ce39bda11b09c45f214)

0.5.2 (2015-11-30)

Fix

• polyfill should not override native Promise (7ff0d4e6828e9b21ed12f98118a630d195ed7c9b)

Doc

• fix wrong decryption sample code in README.md (733d23f012b90a1b15f5474b7d25b7523d1a6e66)

Build

• add code coverage for node + browsers (4638bd52f81d2163df0aea71e09c4bd564dcee14)
• add code coverage for node + browsers (df7d8cd0e28e6f381194fb27ea9b5df3a2968b60)

0.5.1 (2015-11-19)

Fix

• 'stack exceeded' error on node.js 0.10 (4ad481210adae7cdc2a06a6c25ddcefe33eff395)
• address errors with setImmediate in IE (caa32813dfb059955f0069f76cfee44c40c35c55)

Build

• add CGMKW test (3643a9c5bc476c9ff2423858c772401b0b06557d)
• expand the saucelabs platforms (5eef84db07cfb8069853b2ee072d5888aaf16106)

0.5.0 (2015-10-31)

Update

• Support extra fields and x5t generation when importing a cert (0d52aa5dabe6af29a08c2e299fc6be9ff5e81fca)
• Support deprecated A*CBC+HS* algorithms (aka the "plus" algorithms) (d682e2920eeb9ff6599d7115f2dfbd705104603f)

Fix

• base64url does not work on IE (1ab757265ff2a160e49e870231590b2a47a4537b), closes #16
• When an assumed key is provided, use it over any others (9df51df13c153958661b7f76c7f1f2c3d322c109), fixes #14

0.4.0 (2015-10-12)

Breaking

• Use external implementation of base64url (78009311235006e1a2c76e1dadd78e200d4f954b)

Update

• Import a RSA or EC key from ASN.1 (PEM or DER) (cab7fc1e6e2551e5bebda0ec0ab0e6340ed564f3)
• Include key in JWS.verify result (d1267b29a120499d3a86b7213e7db6855c61d6c3)

0.3.1 (2015-10-06)

Fix

• JWE encryption fails for ECDH keys (3ecb7be38c237b09866b1ab3e7525dd6351e8153), closes #3

• proper name for file header (6364553ddf581c7628f4ea79877fec57545dff92)

Update

• provide a generic parse() method to see header(s) and generically unwrap (ecc859691395114cd7db644171e2c1b2e1015c8b)
• support parsing Buffer (580f763d0dfc63d5f6fdbde3bfec6f52a5218636)

Doc

• fix code blocks to render as blocks consistently (5f1a7ace4c8871065c3a9d09d8f38f09b8096413)
• update readme to reflect NPM publication (936058bc9ff19049327486842335324e34f1d73e)

Build

• browserify is only a devDependency (17880c401daea03f26af6438b2681232e3654a58)

[0.3.0] (2015-09-11)

Initial public release.