SignatureAlgorithm (JJWT :: API 0.12.6 API)

java.lang.Object
- java.lang.Enum<SignatureAlgorithm>
- - io.jsonwebtoken.SignatureAlgorithm

All Implemented Interfaces:

Serializable, Comparable<SignatureAlgorithm>

Deprecated.
since 0.12.0; use Jwts.SIG instead.
```
@Deprecated
public enum SignatureAlgorithm
extends Enum<SignatureAlgorithm>
```
Type-safe representation of standard JWT signature algorithm names as defined in the JSON Web Algorithms specification.

Since:

0.1

Enum Constant Summary

Enum Constants
Enum Constant and Description
`ES256` Deprecated. JWA algorithm name for `ECDSA using P-256 and SHA-256`
`ES384` Deprecated. JWA algorithm name for `ECDSA using P-384 and SHA-384`
`ES512` Deprecated. JWA algorithm name for `ECDSA using P-521 and SHA-512`
`HS256` Deprecated. JWA algorithm name for `HMAC using SHA-256`
`HS384` Deprecated. JWA algorithm name for `HMAC using SHA-384`
`HS512` Deprecated. JWA algorithm name for `HMAC using SHA-512`
`NONE` Deprecated. JWA name for `No digital signature or MAC performed`
`PS256` Deprecated. JWA algorithm name for `RSASSA-PSS using SHA-256 and MGF1 with SHA-256`.
`PS384` Deprecated. JWA algorithm name for `RSASSA-PSS using SHA-384 and MGF1 with SHA-384`.
`PS512` Deprecated. JWA algorithm name for `RSASSA-PSS using SHA-512 and MGF1 with SHA-512`.
`RS256` Deprecated. JWA algorithm name for `RSASSA-PKCS-v1_5 using SHA-256`
`RS384` Deprecated. JWA algorithm name for `RSASSA-PKCS-v1_5 using SHA-384`
`RS512` Deprecated. JWA algorithm name for `RSASSA-PKCS-v1_5 using SHA-512`

Method Summary

If the Key is a: And: With a key size of: The returned SignatureAlgorithm will be: SecretKeygetAlgorithm().equals("HmacSHA256")¹ 256 <= size <= 383 ²HS256SecretKeygetAlgorithm().equals("HmacSHA384")¹ 384 <= size <= 511 HS384SecretKeygetAlgorithm().equals("HmacSHA512")¹ 512 <= size HS512ECKeyinstanceof PrivateKey 256 <= size <= 383 ³ES256ECKeyinstanceof PrivateKey 384 <= size <= 511 ES384ECKeyinstanceof PrivateKey 4096 <= size ES512RSAKeyinstanceof PrivateKey 2048 <= size <= 3071 ^4,5RS256RSAKeyinstanceof PrivateKey 3072 <= size <= 4095 ⁵RS384RSAKeyinstanceof PrivateKey 4096 <= size ⁵RS512

Methods
Modifier and Type	Method and Description
`void`	`assertValidSigningKey(Key key)` Deprecated. Returns quietly if the specified key is allowed to create signatures using this algorithm according to the JWT JWA Specification (RFC 7518) or throws an `InvalidKeyException` if the key is not allowed or not secure enough for this algorithm.
`void`	`assertValidVerificationKey(Key key)` Deprecated. Returns quietly if the specified key is allowed to verify signatures using this algorithm according to the JWT JWA Specification (RFC 7518) or throws an `InvalidKeyException` if the key is not allowed or not secure enough for this algorithm.
`static SignatureAlgorithm`	`forName(String value)` Deprecated. Looks up and returns the corresponding `SignatureAlgorithm` enum instance based on a case-insensitive name comparison.
`static SignatureAlgorithm`	`forSigningKey(Key key)` Deprecated. Returns the recommended signature algorithm to be used with the specified key according to the following heuristics:
`String`	`getDescription()` Deprecated. Returns the JWA algorithm description.
`String`	`getFamilyName()` Deprecated. Returns the cryptographic family name of the signature algorithm.
`String`	`getJcaName()` Deprecated. Returns the name of the JCA algorithm used to compute the signature.
`int`	`getMinKeyLength()` Deprecated. Returns the minimum key length in bits (not bytes) that may be used with this algorithm according to the JWT JWA Specification (RFC 7518).
`String`	`getValue()` Deprecated. Returns the JWA algorithm name constant.
`boolean`	`isEllipticCurve()` Deprecated. Returns `true` if the enum instance represents an Elliptic Curve ECDSA signature algorithm, `false` otherwise.
`boolean`	`isHmac()` Deprecated. Returns `true` if the enum instance represents an HMAC signature algorithm, `false` otherwise.
`boolean`	`isJdkStandard()` Deprecated. Returns `true` if the algorithm is supported by standard JDK distributions or `false` if the algorithm implementation is not in the JDK and must be provided by a separate runtime JCA Provider (like BouncyCastle for example).
`boolean`	`isRsa()` Deprecated. Returns `true` if the enum instance represents an RSA public/private key pair signature algorithm, `false` otherwise.
`static SignatureAlgorithm`	`valueOf(String name)` Deprecated. Returns the enum constant of this type with the specified name.
`static SignatureAlgorithm[]`	`values()` Deprecated. Returns an array containing the constants of this enum type, in the order they are declared.

Methods inherited from class java.lang.Enum
clone, compareTo, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf

Methods inherited from class java.lang.Object
getClass, notify, notifyAll, wait, wait, wait

Enum Constant Detail
- NONE
```
public static final SignatureAlgorithm NONE
```
  Deprecated.
  
  JWA name for No digital signature or MAC performed
- HS256
```
public static final SignatureAlgorithm HS256
```
  Deprecated.
  
  JWA algorithm name for HMAC using SHA-256
- HS384
```
public static final SignatureAlgorithm HS384
```
  Deprecated.
  
  JWA algorithm name for HMAC using SHA-384
- HS512
```
public static final SignatureAlgorithm HS512
```
  Deprecated.
  
  JWA algorithm name for HMAC using SHA-512
- RS256
```
public static final SignatureAlgorithm RS256
```
  Deprecated.
  
  JWA algorithm name for RSASSA-PKCS-v1_5 using SHA-256
- RS384
```
public static final SignatureAlgorithm RS384
```
  Deprecated.
  
  JWA algorithm name for RSASSA-PKCS-v1_5 using SHA-384
- RS512
```
public static final SignatureAlgorithm RS512
```
  Deprecated.
  
  JWA algorithm name for RSASSA-PKCS-v1_5 using SHA-512
- ES256
```
public static final SignatureAlgorithm ES256
```
  Deprecated.
  
  JWA algorithm name for ECDSA using P-256 and SHA-256
- ES384
```
public static final SignatureAlgorithm ES384
```
  Deprecated.
  
  JWA algorithm name for ECDSA using P-384 and SHA-384
- ES512
```
public static final SignatureAlgorithm ES512
```
  Deprecated.
  
  JWA algorithm name for ECDSA using P-521 and SHA-512
- PS256
```
public static final SignatureAlgorithm PS256
```
  Deprecated.
  
  JWA algorithm name for RSASSA-PSS using SHA-256 and MGF1 with SHA-256. This algorithm requires Java 11 or later or a JCA provider like BouncyCastle to be in the runtime classpath. If on Java 10 or earlier, BouncyCastle will be used automatically if found in the runtime classpath.
- PS384
```
public static final SignatureAlgorithm PS384
```
  Deprecated.
  
  JWA algorithm name for RSASSA-PSS using SHA-384 and MGF1 with SHA-384. This algorithm requires Java 11 or later or a JCA provider like BouncyCastle to be in the runtime classpath. If on Java 10 or earlier, BouncyCastle will be used automatically if found in the runtime classpath.
- PS512
```
public static final SignatureAlgorithm PS512
```
  Deprecated.
  
  JWA algorithm name for RSASSA-PSS using SHA-512 and MGF1 with SHA-512. This algorithm requires Java 11 or later or a JCA provider like BouncyCastle to be in the runtime classpath. If on Java 10 or earlier, BouncyCastle will be used automatically if found in the runtime classpath.

Method Detail

values
```
public static SignatureAlgorithm[] values()
```
Deprecated.
Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows:
```
for (SignatureAlgorithm c : SignatureAlgorithm.values())
    System.out.println(c);
```
Returns:
an array containing the constants of this enum type, in the order they are declared

valueOf
```
public static SignatureAlgorithm valueOf(String name)
```
Deprecated.

Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)

Parameters:
name - the name of the enum constant to be returned.

Returns:
the enum constant with the specified name

Throws:

IllegalArgumentException - if this enum type has no constant with the specified name

NullPointerException - if the argument is null

getValue
```
public String getValue()
```
Deprecated.

Returns the JWA algorithm name constant.

Returns:
the JWA algorithm name constant.

getDescription
```
public String getDescription()
```
Deprecated.

Returns the JWA algorithm description.

Returns:
the JWA algorithm description.

getFamilyName

public String getFamilyName()

Deprecated.

Returns the cryptographic family name of the signature algorithm. The value returned is according to the following table:

Crypto Family
SignatureAlgorithm	Family Name
HS256	HMAC
HS384	HMAC
HS512	HMAC
RS256	RSA
RS384	RSA
RS512	RSA
PS256	RSA
PS384	RSA
PS512	RSA
ES256	ECDSA
ES384	ECDSA
ES512	ECDSA

Returns:: Returns the cryptographic family name of the signature algorithm.
Since:: 0.5

getJcaName
```
public String getJcaName()
```
Deprecated.

Returns the name of the JCA algorithm used to compute the signature.

Returns:
the name of the JCA algorithm used to compute the signature.

isJdkStandard
```
public boolean isJdkStandard()
```
Deprecated.

Returns true if the algorithm is supported by standard JDK distributions or false if the algorithm implementation is not in the JDK and must be provided by a separate runtime JCA Provider (like BouncyCastle for example).

Returns:
true if the algorithm is supported by standard JDK distributions or false if the algorithm implementation is not in the JDK and must be provided by a separate runtime JCA Provider (like BouncyCastle for example).

isHmac
```
public boolean isHmac()
```
Deprecated.

Returns true if the enum instance represents an HMAC signature algorithm, false otherwise.

Returns:
true if the enum instance represents an HMAC signature algorithm, false otherwise.

isRsa
```
public boolean isRsa()
```
Deprecated.

Returns true if the enum instance represents an RSA public/private key pair signature algorithm, false otherwise.

Returns:
true if the enum instance represents an RSA public/private key pair signature algorithm, false otherwise.

isEllipticCurve
```
public boolean isEllipticCurve()
```
Deprecated.

Returns true if the enum instance represents an Elliptic Curve ECDSA signature algorithm, false otherwise.

Returns:
true if the enum instance represents an Elliptic Curve ECDSA signature algorithm, false otherwise.

getMinKeyLength
```
public int getMinKeyLength()
```
Deprecated.

Returns the minimum key length in bits (not bytes) that may be used with this algorithm according to the JWT JWA Specification (RFC 7518).

Returns:
the minimum key length in bits (not bytes) that may be used with this algorithm according to the JWT JWA Specification (RFC 7518).
Since:

0.10.0

assertValidSigningKey
```
public void assertValidSigningKey(Key key)
                           throws InvalidKeyException
```
Deprecated.

Returns quietly if the specified key is allowed to create signatures using this algorithm according to the JWT JWA Specification (RFC 7518) or throws an InvalidKeyException if the key is not allowed or not secure enough for this algorithm.

Parameters:
key - the key to check for validity.

Throws:

InvalidKeyException - if the key is not allowed or not secure enough for this algorithm.
Since:

0.10.0

assertValidVerificationKey
```
public void assertValidVerificationKey(Key key)
                                throws InvalidKeyException
```
Deprecated.

Returns quietly if the specified key is allowed to verify signatures using this algorithm according to the JWT JWA Specification (RFC 7518) or throws an InvalidKeyException if the key is not allowed or not secure enough for this algorithm.

Parameters:
key - the key to check for validity.

Throws:

InvalidKeyException - if the key is not allowed or not secure enough for this algorithm.
Since:

0.10.0

forSigningKey

public static SignatureAlgorithm forSigningKey(Key key)
                                        throws InvalidKeyException

Deprecated.

Returns the recommended signature algorithm to be used with the specified key according to the following heuristics:

Key Signature Algorithm
If the Key is a:	And:	With a key size of:	The returned SignatureAlgorithm will be:
`SecretKey`	`getAlgorithm().equals("HmacSHA256")`¹	256 <= size <= 383 ²	`HS256`
`SecretKey`	`getAlgorithm().equals("HmacSHA384")`¹	384 <= size <= 511	`HS384`
`SecretKey`	`getAlgorithm().equals("HmacSHA512")`¹	512 <= size	`HS512`
`ECKey`	`instanceof PrivateKey`	256 <= size <= 383 ³	`ES256`
`ECKey`	`instanceof PrivateKey`	384 <= size <= 511	`ES384`
`ECKey`	`instanceof PrivateKey`	4096 <= size	`ES512`
`RSAKey`	`instanceof PrivateKey`	2048 <= size <= 3071 ^4,5	`RS256`
`RSAKey`	`instanceof PrivateKey`	3072 <= size <= 4095 ⁵	`RS384`
`RSAKey`	`instanceof PrivateKey`	4096 <= size ⁵	`RS512`

Notes:

SecretKey instances must have an algorithm name equal to HmacSHA256, HmacSHA384 or HmacSHA512. If not, the key bytes might not be suitable for HMAC signatures will be rejected with a InvalidKeyException.
The JWT JWA Specification (RFC 7518, Section 3.2) mandates that HMAC-SHA-* signing keys MUST be 256 bits or greater. SecretKeys with key lengths less than 256 bits will be rejected with an WeakKeyException.
The JWT JWA Specification (RFC 7518, Section 3.4) mandates that ECDSA signing key lengths MUST be 256 bits or greater. ECKeys with key lengths less than 256 bits will be rejected with a WeakKeyException.
The JWT JWA Specification (RFC 7518, Section 3.3) mandates that RSA signing key lengths MUST be 2048 bits or greater. RSAKeys with key lengths less than 2048 bits will be rejected with a WeakKeyException.
Technically any RSA key of length >= 2048 bits may be used with the RS256, RS384, and RS512 algorithms, so we assume an RSA signature algorithm based on the key length to parallel similar decisions in the JWT specification for HMAC and ECDSA signature algorithms. This is not required - just a convenience.

This implementation does not return the PS256, PS256, PS256 RSA variant for any specified RSAKey because:

The JWT JWA Specification (RFC 7518, Section 3.1) indicates that RS256, RS384, and RS512 are recommended algorithms while the PS* variants are simply marked as optional.
The RS256, RS384, and RS512 algorithms are available in the JDK by default while the PS* variants require an additional JCA Provider (like BouncyCastle).

Finally, this method will throw an InvalidKeyException for any key that does not match the heuristics and requirements documented above, since that inevitably means the Key is either insufficient or explicitly disallowed by the JWT specification.

Parameters:: key - the key to inspect
Returns:: the recommended signature algorithm to be used with the specified key
Throws:: InvalidKeyException - for any key that does not match the heuristics and requirements documented above, since that inevitably means the Key is either insufficient or explicitly disallowed by the JWT specification.
Since:: 0.10.0

forName
```
public static SignatureAlgorithm forName(String value)
                                  throws SignatureException
```
Deprecated.

Looks up and returns the corresponding SignatureAlgorithm enum instance based on a case-insensitive name comparison.

Parameters:
value - The case-insensitive name of the SignatureAlgorithm instance to return

Returns:
the corresponding SignatureAlgorithm enum instance based on a case-insensitive name comparison.

Throws:

SignatureException - if the specified value does not match any SignatureAlgorithm name.

SignatureException

Enum SignatureAlgorithm

Enum Constant Summary

Method Summary

Methods inherited from class java.lang.Enum

Methods inherited from class java.lang.Object

Enum Constant Detail

NONE

HS256

HS384

HS512

RS256

RS384

RS512

ES256

ES384

ES512

PS256

PS384

PS512

Method Detail

values

valueOf

getValue

getDescription

getFamilyName

getJcaName

isJdkStandard

isHmac

isRsa

isEllipticCurve

getMinKeyLength

assertValidSigningKey

assertValidVerificationKey

forSigningKey

forName