JWSETKit

0.27.0

A full-featured Swift library for JOSE standards with first-class support for CryptoKit keys, providing JWS, JWT, and JWE with signing, encryption, and JWK key management.
amosavian/JWSETKit

What's New

JWSETKit 0.27.0

2025-09-19T14:51:47Z
  • feat: JWS initializer from payload and algorithm
  • fix: Xcode 26 error for MLDSA
  • chore: Remove AnyCodable type as value of storage dictionary

JWSETKit

A library for working with JSON Web Signature (JWS) and . A modern, type-safe Swift library for JSON Web Token (JWT), JSON Web Signature (JWS), and JSON Web Encryption (JWE) with first-class Apple's CryptoKit support

Swift CodeQL License Release version

Lines of Code Duplicated Lines

Quality Gate Status Technical Debt Maintainability Rating Coverage

Overview

Building secure authentication in Swift? JWSETKit is your complete solution for working with JSON Web Tokens (JWT), JSON Web Signatures (JWS), and JSON Web Encryption (JWE) with native Apple CryptoKit integration.

This module makes it possible to serialize, deserialize, create, and verify JWS/JWT messages.

📖 Table of Contents

🚀 Features

Core Capabilities

JWT (JSON Web Tokens)

  • Create, sign, verify, and decode JWT tokens
  • Support for standard and custom claims
  • Expiration and validation handling

JWS (JSON Web Signature)

  • Digital signatures with multiple algorithms
  • Message authentication codes (MACs)
  • Detached signature support

JWE (JSON Web Encryption)

  • Content encryption with various algorithms
  • Key wrapping and management
  • Compact and JSON serialization

JWK (JSON Web Keys)

  • Key generation and management
  • Key conversion and serialization
  • Support for key sets (JWKS)

Getting Started

Swift Package Manager

Add JWSETKit to your Package.swift:

dependencies: [
    .package(url: "https://github.com/amosavian/JWSETKit", from: "0.26.0")
]

Then add to your target:

dependencies: [
    .product(name: "JWSETKit", package: "JWSETKit"),
]

With X509 Support

For X509 certificate support (Swift 6.1+):

dependencies: [
    .package(url: "https://github.com/amosavian/JWSETKit", from: "0.26.0", traits: ["X509"])
]

Xcode

  1. File → Add Package Dependencies
  2. Enter: https://github.com/amosavian/JWSETKit
  3. Select version and add to your target

Usage

For detailed usage and API documentation, check the documentation.

Creating and Verifying JWT Signature

import JWSETKit
import CryptoKit

// Create a JWT with claims
let key = SymmetricKey(size: .bits128)
let payload = try JSONWebTokenClaims {
    $0.issuedAt = .init()
    $0.expiry = .init(timeIntervalSinceNow: 3600)
    $0.jwtUUID = .init()
    $0.subject = "user123"
}
let jwt = try JSONWebToken(payload: payload, algorithm: .hmacSHA256, using: key)

// Verify and decode
let decodedJWT = try JSONWebToken(from: jwtString)
try decodedJWT.verifySignature(using: key)
print(decodedJWT.payload.subject) // "user123"

Basic JWT Authentication

// Initialize key
let key = try P256.Signing.PublicKey(pemRepresentation: publicKeyPEM)

// Verify incoming JWT
    
let token = try JSONWebToken(from: request.headers["Authorization"])
try token.verify(using: key, for: "audience-name")

Working with JWS

// Sign arbitrary data with JWS
let payload = "Important message"
let jws = try JSONWebSignaturePlain(
    payload: payload.utf8,
    algorithm: .ecdsaSignatureP256SHA256,
    using: key
)
try print(String(jws))

// Verify JWS signature
let verified = try JSONWebSignaturePlain(from: String(jws))
try verified.verifySignature(using: key)
let message = String(decoding: verified.payload, as: UTF8.self)

Encrypting with JWE

// Encrypt sensitive data
let sensitiveData = Data("Secret information".utf8)
let encryptionKey = JSONWebRSAPrivateKey(keySize: .bits2048) 
let jwe = try JSONWebEncryption(
    content: sensitiveData,
    keyEncryptingAlgorithm: .rsaEncryptionOAEP,
    keyEncryptionKey: encryptionKey.publicKey,
    contentEncryptionAlgorithm: .aesEncryptionGCM128
)
try print(String(jwe))

// Decrypt JWE
let jwe = try JSONWebEncryption(from: jweString)
let decrypted = jwe.decrypt(using: encryptionKey)
let secret = String(decoding: decrypted, as: UTF8.self)

Managing Keys with JWK

// Create CryptoKit key
let privateKey = P256.Signing.PrivateKey()

// Import and Export as JWK data
let jwkJSON = try JSONEncoder().encode(privateKey)
let importedJWK = try JSONDecoder().decode(P256.Signing.PrivateKey.self, from: jwkJSON)

// Import PKCS#8
let importedKey = try P256.Signing.PrivateKey(importing: pkcs8Data, format: .pkcs8)

📊 Comparison with Alternatives

Features

JWSETKit jwt-kit JOSESwift Auth0's JWTDecode
JSON Web Signature (JWS)
JWS Multiple Signatures
JWS Unencoded/Detached Payload
JSON Web Token (JWT)
JWT Signature Verification
JWT Expire/NotBefore Validity
JSON Web Encryption (JWE)
Support CommonCrypto Keys
Support CryptoKit Keys

Supported Algorithms

Signature/HMAC

JWSETKit jwt-kit JOSESwift Auth0's JWTDecode
HS256
HS384
HS512
RS256
RS384
RS512
ES256
ES384
ES512
PS256
PS384
PS512
PS512
EdDSA
Ed25519
Ed448
E256K
ML-DSA-44
ML-DSA-65
ML-DSA-87

Key Encryption

JWSETKit JOSESwift
RSA1_5
RSA-OAEP
RSA-OAEP-256
A128KW
A192KW
A256KW
dir
ECDH-ES
ECDH-ES+A128KW
ECDH-ES+A192KW
ECDH-ES+A256KW
A128GCMKW
A192GCMKW
A256GCMKW
PBES2-HS256+A128KW
PBES2-HS384+A192KW
HPKE-0 (P256)
HPKE-1 (P384)
HPKE-2 (P521)
HPKE-3 (X25519)
HPKE-4 (X25519/ChaCha)
HPKE-5 (X448)
HPKE-6 (X448/ChaCha)

Content Encryption

JWSETKit JOSESwift
A128CBC-HS256
A192CBC-HS384
A256CBC-HS512
A128GCM
A192GCM
A256GCM

🏗️ Use Cases

JWSETKit is perfect for:

  • 🔑 API Authentication - Secure REST API authentication with JWT tokens
  • 🌐 OAuth 2.0 / OpenID Connect - Implement modern authentication flows
  • 📱 Mobile App Security - Token-based auth for iOS/macOS apps
  • 🔄 Microservices - Service-to-service authentication
  • 🎫 Session Management - Stateless session tokens
  • 🔐 Data Encryption - Protect sensitive data with JWE

📚 Documentation

Browse our comprehensive guides:

🤝 Contributing

We welcome contributions!

How to Contribute

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

Development

# Clone the repository
git clone https://github.com/amosavian/JWSETKit.git

# Run tests
swift test

# Build the project
swift build

🌟 Support

📄 License

JWSETKit is released under the MIT License. See LICENSE for details.

🙏 Acknowledgments

This library implements the following JOSE standards:


Built with ❤️ using Swift

Star on GitHub

Description

  • Swift Tools 6.1.0
View More Packages from this Author

Dependencies

Last updated: Sat Oct 04 2025 10:25:25 GMT-0900 (Hawaii-Aleutian Daylight Time)