Clone wiki

jose4j / Security Considerations via Axel Nennker‏


jose4j is a standards conform implementation of the JOSE working group's specification. You, the developer, can choose any of the provided signature and encryption algorithms.

Before doing so please evaluate whether your application is reinventing the wheel by e.g. re-implementing SSL on your application layer. Don't do that.

First look for available standards for your application security and available implementations before mixing your own security protocol!

In general get help from the experts when building web applications. Read e.g.: Read

Actually read the spec and write down why your choice of algorithm makes sense for your implementation.

Here are some general security guidelines when using jose4j:

  • Don't try to be helpful by returning explaining error messages.
  • check all inputs.
    • put length checks in place: Parameter too big or too small -> do not put it into jose4j but just bail out
    • whatever you receive from the outside could be forged. So when you are implementing a protocol that requires e.g. RSA_OAEP then you should check for this "alg" by using setAlgorithmConstraints.

Please also see the examples that jose4j provides.

RSA_OAEP Example with AES_256_GCM

  // verify that we can decrypt the encrypted key
  JsonWebEncryption jwe = new JsonWebEncryption();
  jwe.setAlgorithmConstraints(new AlgorithmConstraints(PERMIT, KeyManagementAlgorithmIdentifiers.RSA_OAEP));
  jwe.setContentEncryptionAlgorithmConstraints(new AlgorithmConstraints(PERMIT, ContentEncryptionAlgorithmIdentifiers.AES_256_GCM));

Symmetric Crypto usingn AES_128_CBC_HMAC_SHA_256

    // Set the algorithm constraints based on what is agreed upon or expected from the sender
    AlgorithmConstraints.ConstraintType wl = AlgorithmConstraints.ConstraintType.PERMIT;
    AlgorithmConstraints algConstraints = new AlgorithmConstraints(wl, KeyManagementAlgorithmIdentifiers.DIRECT);
    AlgorithmConstraints encConstraints = new AlgorithmConstraints(wl, ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256);