A library for working with JSON Web Signature (JWS) and . A modern, type-safe Swift library for JSON Web Token (JWT), JSON Web Signature (JWS), and JSON Web Encryption (JWE) with first-class Apple's CryptoKit support
Building secure authentication in Swift? JWSETKit is your complete solution for working with JSON Web Tokens (JWT), JSON Web Signatures (JWS), and JSON Web Encryption (JWE) with native Apple CryptoKit integration.
This module makes it possible to serialize, deserialize, create, and verify JWS/JWT messages.
✅ JWT (JSON Web Tokens)
- Create, sign, verify, and decode JWT tokens
- Support for standard and custom claims
- Expiration and validation handling
✅ JWS (JSON Web Signature)
- Digital signatures with multiple algorithms
- Message authentication codes (MACs)
- Detached signature support
✅ JWE (JSON Web Encryption)
- Content encryption with various algorithms
- Key wrapping and management
- Compact and JSON serialization
✅ JWK (JSON Web Keys)
- Key generation and management
- Key conversion and serialization
- Support for key sets (JWKS)
Add JWSETKit to your Package.swift
:
dependencies: [
.package(url: "https://github.com/amosavian/JWSETKit", from: "0.26.0")
]
Then add to your target:
dependencies: [
.product(name: "JWSETKit", package: "JWSETKit"),
]
For X509 certificate support (Swift 6.1+):
dependencies: [
.package(url: "https://github.com/amosavian/JWSETKit", from: "0.26.0", traits: ["X509"])
]
- File → Add Package Dependencies
- Enter:
https://github.com/amosavian/JWSETKit
- Select version and add to your target
For detailed usage and API documentation, check the documentation.
import JWSETKit
import CryptoKit
// Create a JWT with claims
let key = SymmetricKey(size: .bits128)
let payload = try JSONWebTokenClaims {
$0.issuedAt = .init()
$0.expiry = .init(timeIntervalSinceNow: 3600)
$0.jwtUUID = .init()
$0.subject = "user123"
}
let jwt = try JSONWebToken(payload: payload, algorithm: .hmacSHA256, using: key)
// Verify and decode
let decodedJWT = try JSONWebToken(from: jwtString)
try decodedJWT.verifySignature(using: key)
print(decodedJWT.payload.subject) // "user123"
// Initialize key
let key = try P256.Signing.PublicKey(pemRepresentation: publicKeyPEM)
// Verify incoming JWT
let token = try JSONWebToken(from: request.headers["Authorization"])
try token.verify(using: key, for: "audience-name")
// Sign arbitrary data with JWS
let payload = "Important message"
let jws = try JSONWebSignaturePlain(
payload: payload.utf8,
algorithm: .ecdsaSignatureP256SHA256,
using: key
)
try print(String(jws))
// Verify JWS signature
let verified = try JSONWebSignaturePlain(from: String(jws))
try verified.verifySignature(using: key)
let message = String(decoding: verified.payload, as: UTF8.self)
// Encrypt sensitive data
let sensitiveData = Data("Secret information".utf8)
let encryptionKey = JSONWebRSAPrivateKey(keySize: .bits2048)
let jwe = try JSONWebEncryption(
content: sensitiveData,
keyEncryptingAlgorithm: .rsaEncryptionOAEP,
keyEncryptionKey: encryptionKey.publicKey,
contentEncryptionAlgorithm: .aesEncryptionGCM128
)
try print(String(jwe))
// Decrypt JWE
let jwe = try JSONWebEncryption(from: jweString)
let decrypted = jwe.decrypt(using: encryptionKey)
let secret = String(decoding: decrypted, as: UTF8.self)
// Create CryptoKit key
let privateKey = P256.Signing.PrivateKey()
// Import and Export as JWK data
let jwkJSON = try JSONEncoder().encode(privateKey)
let importedJWK = try JSONDecoder().decode(P256.Signing.PrivateKey.self, from: jwkJSON)
// Import PKCS#8
let importedKey = try P256.Signing.PrivateKey(importing: pkcs8Data, format: .pkcs8)
JWSETKit | jwt-kit | JOSESwift | Auth0's JWTDecode | |
---|---|---|---|---|
JSON Web Signature (JWS) | ✅ | ❌ | ✅ | ❌ |
JWS Multiple Signatures | ✅ | ❌ | ❌ | ❌ |
JWS Unencoded/Detached Payload | ✅ | ❌ | ❌ | ❌ |
JSON Web Token (JWT) | ✅ | ✅ | ✅ | ✅ |
JWT Signature Verification | ✅ | ✅ | ✅ | ❌ |
JWT Expire/NotBefore Validity | ✅ | ✅ | ✅ | ❌ |
JSON Web Encryption (JWE) | ✅ | ❌ | ✅ | ❌ |
Support CommonCrypto Keys | ✅ | ❌ | ❌ | ❌ |
Support CryptoKit Keys | ✅ | ❌ | ❌ | ❌ |
JWSETKit | jwt-kit | JOSESwift | Auth0's JWTDecode | |
---|---|---|---|---|
HS256 | ✅ | ✅ | ✅ | ❌ |
HS384 | ✅ | ✅ | ✅ | ❌ |
HS512 | ✅ | ✅ | ✅ | ❌ |
RS256 | ✅ | ✅ | ✅ | ❌ |
RS384 | ✅ | ✅ | ✅ | ❌ |
RS512 | ✅ | ✅ | ✅ | ❌ |
ES256 | ✅ | ✅ | ✅ | ❌ |
ES384 | ✅ | ✅ | ✅ | ❌ |
ES512 | ✅ | ✅ | ✅ | ❌ |
PS256 | ✅ | ✅ | ✅ | ❌ |
PS384 | ✅ | ✅ | ✅ | ❌ |
PS512 | ✅ | ✅ | ✅ | ❌ |
PS512 | ✅ | ✅ | ✅ | ❌ |
EdDSA | ✅ | ✅ | ❌ | ❌ |
Ed25519 | ✅ | ❌ | ❌ | ❌ |
Ed448 | ❌ | ❌ | ❌ | ❌ |
E256K | ❌ | ❌ | ❌ | ❌ |
ML-DSA-44 | ❌ | ❌ | ❌ | ❌ |
ML-DSA-65 | ✅ | ❌ | ❌ | ❌ |
ML-DSA-87 | ✅ | ❌ | ❌ | ❌ |
JWSETKit | JOSESwift | |
---|---|---|
RSA1_5 | ✅ | ✅ |
RSA-OAEP | ✅ | ✅ |
RSA-OAEP-256 | ✅ | ✅ |
A128KW | ✅ | ✅ |
A192KW | ✅ | ✅ |
A256KW | ✅ | ✅ |
dir | ✅ | ✅ |
ECDH-ES | ✅ | ✅ |
ECDH-ES+A128KW | ✅ | ✅ |
ECDH-ES+A192KW | ✅ | ✅ |
ECDH-ES+A256KW | ✅ | ✅ |
A128GCMKW | ✅ | ❌ |
A192GCMKW | ✅ | ❌ |
A256GCMKW | ✅ | ❌ |
PBES2-HS256+A128KW | ✅ | ❌ |
PBES2-HS384+A192KW | ✅ | ❌ |
HPKE-0 (P256) | ✅ | ❌ |
HPKE-1 (P384) | ✅ | ❌ |
HPKE-2 (P521) | ✅ | ❌ |
HPKE-3 (X25519) | ✅ | ❌ |
HPKE-4 (X25519/ChaCha) | ✅ | ❌ |
HPKE-5 (X448) | ❌ | ❌ |
HPKE-6 (X448/ChaCha) | ❌ | ❌ |
JWSETKit | JOSESwift | |
---|---|---|
A128CBC-HS256 | ✅ | ✅ |
A192CBC-HS384 | ✅ | ✅ |
A256CBC-HS512 | ✅ | ✅ |
A128GCM | ✅ | ✅ |
A192GCM | ✅ | ✅ |
A256GCM | ✅ | ✅ |
JWSETKit is perfect for:
- 🔑 API Authentication - Secure REST API authentication with JWT tokens
- 🌐 OAuth 2.0 / OpenID Connect - Implement modern authentication flows
- 📱 Mobile App Security - Token-based auth for iOS/macOS apps
- 🔄 Microservices - Service-to-service authentication
- 🎫 Session Management - Stateless session tokens
- 🔐 Data Encryption - Protect sensitive data with JWE
Browse our comprehensive guides:
We welcome contributions!
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature
) - Commit your changes (
git commit -m 'Add amazing feature'
) - Push to the branch (
git push origin feature/amazing-feature
) - Open a Pull Request
# Clone the repository
git clone https://github.com/amosavian/JWSETKit.git
# Run tests
swift test
# Build the project
swift build
- 🐛 Report Issues
- 💬 Discussions
- 📧 Contact
JWSETKit is released under the MIT License. See LICENSE for details.
This library implements the following JOSE standards:
- RFC 7515 - JSON Web Signature (JWS)
- RFC 7516 - JSON Web Encryption (JWE)
- RFC 7517 - JSON Web Key (JWK)
- RFC 7518 - JSON Web Algorithms (JWA)
- RFC 7519 - JSON Web Token (JWT)
- RFC 7520 - Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE)
- RFC 7797 - JSON Web Signature (JWS) Unencoded Payload Option
- RFC 7800 - Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
- draft-ietf-jose-fully-specified-algorithms - Fully-Specified Algorithms for JOSE and COSE
- draft-ietf-jose-hpke-encrypt - Use of Hybrid Public Key Encryption (HPKE) with JSON Object Signing and Encryption (JOSE)
- draft-ietf-cose-dilithium - ML-DSA for JOSE and COSE
- OIDC Core - OpenID Connect Core 1.0 incorporating errata set 2