SigningAlgorithms Class
Abblix.Jwt
Abblix.Jwt
SigningAlgorithms Class
JWS signing algorithm identifiers ("alg" header values) defined in RFC 7518 Section 3. Used to indicate how a JWT was signed and to look up the matching signer or verifier.
public static class SigningAlgorithms
Inheritance System.Object → SigningAlgorithms
Fields
SigningAlgorithms.ES256 Field
ECDSA on curve P-256 with SHA-256 (RFC 7518 Section 3.4). Backed by .NET ECDsa
using DSASignatureFormat.IeeeP1363FixedFieldConcatenation.
Produces 64-byte signatures and is significantly smaller than RSA equivalents.
public const string ES256 = "ES256";
Field Value
SigningAlgorithms.ES384 Field
ECDSA on curve P-384 with SHA-384 (RFC 7518 Section 3.4). Backed by .NET ECDsa
in IEEE P1363 format; produces 96-byte signatures.
public const string ES384 = "ES384";
Field Value
SigningAlgorithms.ES512 Field
ECDSA on curve P-521 with SHA-512 (RFC 7518 Section 3.4). Backed by .NET ECDsa
in IEEE P1363 format; produces 132-byte signatures.
Note that the curve is P-521 (521 bits) although the algorithm name is "ES512".
public const string ES512 = "ES512";
Field Value
SigningAlgorithms.HS256 Field
HMAC with SHA-256 (RFC 7518 Section 3.2). Backed by .NET HMACSHA256 with
constant-time signature comparison. Requires a shared symmetric key of at least 256 bits.
Suitable only when issuer and verifier can both be trusted with the secret.
public const string HS256 = "HS256";
Field Value
SigningAlgorithms.HS384 Field
HMAC with SHA-384 (RFC 7518 Section 3.2). Backed by .NET HMACSHA384;
requires a shared symmetric key of at least 384 bits.
public const string HS384 = "HS384";
Field Value
SigningAlgorithms.HS512 Field
HMAC with SHA-512 (RFC 7518 Section 3.2). Backed by .NET HMACSHA512;
requires a shared symmetric key of at least 512 bits.
public const string HS512 = "HS512";
Field Value
SigningAlgorithms.Known Field
The set of every alg identifier this library recognises. Per RFC 7515 §5.3 and
§10.13 the comparison is byte-exact, so case-variants like None/NONE are
not members of this set and must be rejected as unknown algorithms — not silently
stream into the signature-verification path where they would surface as the
(semantically incorrect) "invalid signature" failure.
public static readonly IReadOnlySet<string> Known;
Field Value
System.Collections.Generic.IReadOnlySet<System.String>
SigningAlgorithms.None Field
Unsecured JWS ("none") per RFC 7515 Section 6: no digital signature or MAC is applied. The token's integrity is therefore not protected; callers must reject unsigned tokens unless integrity is guaranteed by another channel.
public const string None = "none";
Field Value
SigningAlgorithms.PS256 Field
RSASSA-PSS with SHA-256 and MGF1 (RFC 7518 Section 3.5). Backed by .NET RSA
with RSASignaturePadding.Pss. Preferred over RS256 when both sides support PSS,
because PSS has a tighter security reduction.
public const string PS256 = "PS256";
Field Value
SigningAlgorithms.PS384 Field
RSASSA-PSS with SHA-384 and MGF1 (RFC 7518 Section 3.5). Backed by .NET RSA
with RSASignaturePadding.Pss.
public const string PS384 = "PS384";
Field Value
SigningAlgorithms.PS512 Field
RSASSA-PSS with SHA-512 and MGF1 (RFC 7518 Section 3.5). Backed by .NET RSA
with RSASignaturePadding.Pss.
public const string PS512 = "PS512";
Field Value
SigningAlgorithms.RS256 Field
RSASSA-PKCS1-v1_5 with SHA-256 (RFC 7518 Section 3.3). Backed by .NET RSA
with RSASignaturePadding.Pkcs1. Widely deployed default for OIDC ID tokens.
public const string RS256 = "RS256";
Field Value
SigningAlgorithms.RS384 Field
RSASSA-PKCS1-v1_5 with SHA-384 (RFC 7518 Section 3.3). Same construction as RS256
with a stronger hash; backed by .NET RSA with RSASignaturePadding.Pkcs1.
public const string RS384 = "RS384";
Field Value
SigningAlgorithms.RS512 Field
RSASSA-PKCS1-v1_5 with SHA-512 (RFC 7518 Section 3.3). Same construction as RS256
with SHA-512; backed by .NET RSA with RSASignaturePadding.Pkcs1.
public const string RS512 = "RS512";