JWSETKit

0.27.0

Star

A full-featured Swift library for JOSE standards with first-class support for CryptoKit keys, providing JWS, JWT, and JWE with signing, encryption, and JWK key management.

jsonwebtoken jws jwt json-web-key jwk swift server-side-swift json-web-algorithms json-web-encryption json-web-token jwa jwe jose jose-jwt jose-swift

What's New

JWSETKit 0.27.0

2025-09-19T14:51:47Z

feat: JWS initializer from payload and algorithm
fix: Xcode 26 error for MLDSA
chore: Remove AnyCodable type as value of storage dictionary

JWSETKit

A library for working with JSON Web Signature (JWS) and . A modern, type-safe Swift library for JSON Web Token (JWT), JSON Web Signature (JWS), and JSON Web Encryption (JWE) with first-class Apple's CryptoKit support

Overview

Building secure authentication in Swift? JWSETKit is your complete solution for working with JSON Web Tokens (JWT), JSON Web Signatures (JWS), and JSON Web Encryption (JWE) with native Apple CryptoKit integration.

This module makes it possible to serialize, deserialize, create, and verify JWS/JWT messages.

📖 Table of Contents

🚀 Features

Core Capabilities

✅ JWT (JSON Web Tokens)

Create, sign, verify, and decode JWT tokens
Support for standard and custom claims
Expiration and validation handling

✅ JWS (JSON Web Signature)

Digital signatures with multiple algorithms
Message authentication codes (MACs)
Detached signature support

✅ JWE (JSON Web Encryption)

Content encryption with various algorithms
Key wrapping and management
Compact and JSON serialization

✅ JWK (JSON Web Keys)

Key generation and management
Key conversion and serialization
Support for key sets (JWKS)

Getting Started

Swift Package Manager

Add JWSETKit to your Package.swift:

dependencies: [
    .package(url: "https://github.com/amosavian/JWSETKit", from: "0.26.0")
]

Then add to your target:

dependencies: [
    .product(name: "JWSETKit", package: "JWSETKit"),
]

With X509 Support

For X509 certificate support (Swift 6.1+):

dependencies: [
    .package(url: "https://github.com/amosavian/JWSETKit", from: "0.26.0", traits: ["X509"])
]

Xcode

File → Add Package Dependencies
Enter: https://github.com/amosavian/JWSETKit
Select version and add to your target

Usage

For detailed usage and API documentation, check the documentation.

Creating and Verifying JWT Signature

import JWSETKit
import CryptoKit

// Create a JWT with claims
let key = SymmetricKey(size: .bits128)
let payload = try JSONWebTokenClaims {
    $0.issuedAt = .init()
    $0.expiry = .init(timeIntervalSinceNow: 3600)
    $0.jwtUUID = .init()
    $0.subject = "user123"
}
let jwt = try JSONWebToken(payload: payload, algorithm: .hmacSHA256, using: key)

// Verify and decode
let decodedJWT = try JSONWebToken(from: jwtString)
try decodedJWT.verifySignature(using: key)
print(decodedJWT.payload.subject) // "user123"

Basic JWT Authentication

// Initialize key
let key = try P256.Signing.PublicKey(pemRepresentation: publicKeyPEM)

// Verify incoming JWT
    
let token = try JSONWebToken(from: request.headers["Authorization"])
try token.verify(using: key, for: "audience-name")

Working with JWS

// Sign arbitrary data with JWS
let payload = "Important message"
let jws = try JSONWebSignaturePlain(
    payload: payload.utf8,
    algorithm: .ecdsaSignatureP256SHA256,
    using: key
)
try print(String(jws))

// Verify JWS signature
let verified = try JSONWebSignaturePlain(from: String(jws))
try verified.verifySignature(using: key)
let message = String(decoding: verified.payload, as: UTF8.self)

Encrypting with JWE

// Encrypt sensitive data
let sensitiveData = Data("Secret information".utf8)
let encryptionKey = JSONWebRSAPrivateKey(keySize: .bits2048) 
let jwe = try JSONWebEncryption(
    content: sensitiveData,
    keyEncryptingAlgorithm: .rsaEncryptionOAEP,
    keyEncryptionKey: encryptionKey.publicKey,
    contentEncryptionAlgorithm: .aesEncryptionGCM128
)
try print(String(jwe))

// Decrypt JWE
let jwe = try JSONWebEncryption(from: jweString)
let decrypted = jwe.decrypt(using: encryptionKey)
let secret = String(decoding: decrypted, as: UTF8.self)

Managing Keys with JWK

// Create CryptoKit key
let privateKey = P256.Signing.PrivateKey()

// Import and Export as JWK data
let jwkJSON = try JSONEncoder().encode(privateKey)
let importedJWK = try JSONDecoder().decode(P256.Signing.PrivateKey.self, from: jwkJSON)

// Import PKCS#8
let importedKey = try P256.Signing.PrivateKey(importing: pkcs8Data, format: .pkcs8)

📊 Comparison with Alternatives

Features

	JWSETKit	jwt-kit	JOSESwift	Auth0's JWTDecode
JSON Web Signature (JWS)	✅	❌	✅	❌
JWS Multiple Signatures	✅	❌	❌	❌
JWS Unencoded/Detached Payload	✅	❌	❌	❌
JSON Web Token (JWT)	✅	✅	✅	✅
JWT Signature Verification	✅	✅	✅	❌
JWT Expire/NotBefore Validity	✅	✅	✅	❌
JSON Web Encryption (JWE)	✅	❌	✅	❌
Support CommonCrypto Keys	✅	❌	❌	❌
Support CryptoKit Keys	✅	❌	❌	❌

Supported Algorithms

Signature/HMAC

	JWSETKit	jwt-kit	JOSESwift	Auth0's JWTDecode
HS256	✅	✅	✅	❌
HS384	✅	✅	✅	❌
HS512	✅	✅	✅	❌
RS256	✅	✅	✅	❌
RS384	✅	✅	✅	❌
RS512	✅	✅	✅	❌
ES256	✅	✅	✅	❌
ES384	✅	✅	✅	❌
ES512	✅	✅	✅	❌
PS256	✅	✅	✅	❌
PS384	✅	✅	✅	❌
PS512	✅	✅	✅	❌
PS512	✅	✅	✅	❌
EdDSA	✅	✅	❌	❌
Ed25519	✅	❌	❌	❌
Ed448	❌	❌	❌	❌
E256K	❌	❌	❌	❌
ML-DSA-44	❌	❌	❌	❌
ML-DSA-65	✅	❌	❌	❌
ML-DSA-87	✅	❌	❌	❌

Key Encryption

	JWSETKit	JOSESwift
RSA1_5	✅	✅
RSA-OAEP	✅	✅
RSA-OAEP-256	✅	✅
A128KW	✅	✅
A192KW	✅	✅
A256KW	✅	✅
dir	✅	✅
ECDH-ES	✅	✅
ECDH-ES+A128KW	✅	✅
ECDH-ES+A192KW	✅	✅
ECDH-ES+A256KW	✅	✅
A128GCMKW	✅	❌
A192GCMKW	✅	❌
A256GCMKW	✅	❌
PBES2-HS256+A128KW	✅	❌
PBES2-HS384+A192KW	✅	❌
HPKE-0 (P256)	✅	❌
HPKE-1 (P384)	✅	❌
HPKE-2 (P521)	✅	❌
HPKE-3 (X25519)	✅	❌
HPKE-4 (X25519/ChaCha)	✅	❌
HPKE-5 (X448)	❌	❌
HPKE-6 (X448/ChaCha)	❌	❌

Content Encryption

	JWSETKit	JOSESwift
A128CBC-HS256	✅	✅
A192CBC-HS384	✅	✅
A256CBC-HS512	✅	✅
A128GCM	✅	✅
A192GCM	✅	✅
A256GCM	✅	✅

🏗️ Use Cases

JWSETKit is perfect for:

🔑 API Authentication - Secure REST API authentication with JWT tokens
🌐 OAuth 2.0 / OpenID Connect - Implement modern authentication flows
📱 Mobile App Security - Token-based auth for iOS/macOS apps
🔄 Microservices - Service-to-service authentication
🎫 Session Management - Stateless session tokens
🔐 Data Encryption - Protect sensitive data with JWE

📚 Documentation

📖 Full Documentation

Browse our comprehensive guides:

🤝 Contributing

We welcome contributions!

How to Contribute

Fork the repository
Create your feature branch (git checkout -b feature/amazing-feature)
Commit your changes (git commit -m 'Add amazing feature')
Push to the branch (git push origin feature/amazing-feature)
Open a Pull Request

Development

# Clone the repository
git clone https://github.com/amosavian/JWSETKit.git

# Run tests
swift test

# Build the project
swift build

🌟 Support

📄 License

JWSETKit is released under the MIT License. See LICENSE for details.

🙏 Acknowledgments

This library implements the following JOSE standards:

RFC 7515 - JSON Web Signature (JWS)
RFC 7516 - JSON Web Encryption (JWE)
RFC 7517 - JSON Web Key (JWK)
RFC 7518 - JSON Web Algorithms (JWA)
RFC 7519 - JSON Web Token (JWT)
RFC 7520 - Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE)
RFC 7797 - JSON Web Signature (JWS) Unencoded Payload Option
RFC 7800 - Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
draft-ietf-jose-fully-specified-algorithms - Fully-Specified Algorithms for JOSE and COSE
draft-ietf-jose-hpke-encrypt - Use of Hybrid Public Key Encryption (HPKE) with JSON Object Signing and Encryption (JOSE)
draft-ietf-cose-dilithium - ML-DSA for JOSE and COSE
OIDC Core - OpenID Connect Core 1.0 incorporating errata set 2

Built with ❤️ using Swift

Description

Swift Tools 6.1.0

View More Packages from this Author

Dependencies

Last updated: Sat Oct 04 2025 10:25:25 GMT-0900 (Hawaii-Aleutian Daylight Time)