public interface MacAlgorithm extends SecureDigestAlgorithm<SecretKey,SecretKey>, KeyBuilderSupplier<SecretKey,SecretKeyBuilder>, KeyLengthSupplier
SecureDigestAlgorithm that uses symmetric SecretKeys to both compute and verify digests as
message authentication codes (MACs).
Standard Identifier
MacAlgorithm extends Identifiable: when a MacAlgorithm is used to compute the MAC of a
JWS, the value returned from macAlgorithm.getId() will be set as the JWS
"alg" protected header value.
Key Strength
MAC algorithm strength is in part attributed to how difficult it is to discover the secret key. As such, MAC algorithms usually require keys of a minimum length to ensure the keys are difficult to discover and the algorithm's security properties are maintained.
The MacAlgorithm interface extends the KeyLengthSupplier interface to represent
the length in bits (not bytes) a key must have to be used with its implementation. If you do not want to
worry about lengths and parameters of keys required for an algorithm, it is often easier to automatically generate
a key that adheres to the algorithms requirements, as discussed below.
Key Generation
MacAlgorithm extends KeyBuilderSupplier to enable SecretKey generation.
Each MacAlgorithm algorithm instance will return a KeyBuilder that ensures any created keys will
have a sufficient length and any algorithm parameters required by that algorithm. For example:
SecretKey key = macAlgorithm.key().build();
The resulting key is guaranteed to have the correct algorithm parameters and strength/length necessary for
that exact MacAlgorithm instance.
JWA Standard Implementations
Constant definitions and utility methods for all JWA (RFC 7518) standard MAC algorithms are
available via Jwts.SIG.
Jwts.SIGdigest, verifygetIdkeygetKeyBitLengthCopyright © 2014–2024 jsonwebtoken.io. All rights reserved.