Skip to main content

SigningAlgorithms Class

Abblix.Jwt

Abblix.Jwt

SigningAlgorithms Class

JWS signing algorithm identifiers ("alg" header values) defined in RFC 7518 Section 3. Used to indicate how a JWT was signed and to look up the matching signer or verifier.

public static class SigningAlgorithms

Inheritance System.Object → SigningAlgorithms

Fields

SigningAlgorithms.ES256 Field

ECDSA on curve P-256 with SHA-256 (RFC 7518 Section 3.4). Backed by .NET ECDsa using DSASignatureFormat.IeeeP1363FixedFieldConcatenation. Produces 64-byte signatures and is significantly smaller than RSA equivalents.

public const string ES256 = "ES256";

Field Value

System.String

SigningAlgorithms.ES384 Field

ECDSA on curve P-384 with SHA-384 (RFC 7518 Section 3.4). Backed by .NET ECDsa in IEEE P1363 format; produces 96-byte signatures.

public const string ES384 = "ES384";

Field Value

System.String

SigningAlgorithms.ES512 Field

ECDSA on curve P-521 with SHA-512 (RFC 7518 Section 3.4). Backed by .NET ECDsa in IEEE P1363 format; produces 132-byte signatures. Note that the curve is P-521 (521 bits) although the algorithm name is "ES512".

public const string ES512 = "ES512";

Field Value

System.String

SigningAlgorithms.HS256 Field

HMAC with SHA-256 (RFC 7518 Section 3.2). Backed by .NET HMACSHA256 with constant-time signature comparison. Requires a shared symmetric key of at least 256 bits. Suitable only when issuer and verifier can both be trusted with the secret.

public const string HS256 = "HS256";

Field Value

System.String

SigningAlgorithms.HS384 Field

HMAC with SHA-384 (RFC 7518 Section 3.2). Backed by .NET HMACSHA384; requires a shared symmetric key of at least 384 bits.

public const string HS384 = "HS384";

Field Value

System.String

SigningAlgorithms.HS512 Field

HMAC with SHA-512 (RFC 7518 Section 3.2). Backed by .NET HMACSHA512; requires a shared symmetric key of at least 512 bits.

public const string HS512 = "HS512";

Field Value

System.String

SigningAlgorithms.Known Field

The set of every alg identifier this library recognises. Per RFC 7515 §5.3 and §10.13 the comparison is byte-exact, so case-variants like None/NONE are not members of this set and must be rejected as unknown algorithms — not silently stream into the signature-verification path where they would surface as the (semantically incorrect) "invalid signature" failure.

public static readonly IReadOnlySet<string> Known;

Field Value

System.Collections.Generic.IReadOnlySet<System.String>

SigningAlgorithms.None Field

Unsecured JWS ("none") per RFC 7515 Section 6: no digital signature or MAC is applied. The token's integrity is therefore not protected; callers must reject unsigned tokens unless integrity is guaranteed by another channel.

public const string None = "none";

Field Value

System.String

SigningAlgorithms.PS256 Field

RSASSA-PSS with SHA-256 and MGF1 (RFC 7518 Section 3.5). Backed by .NET RSA with RSASignaturePadding.Pss. Preferred over RS256 when both sides support PSS, because PSS has a tighter security reduction.

public const string PS256 = "PS256";

Field Value

System.String

SigningAlgorithms.PS384 Field

RSASSA-PSS with SHA-384 and MGF1 (RFC 7518 Section 3.5). Backed by .NET RSA with RSASignaturePadding.Pss.

public const string PS384 = "PS384";

Field Value

System.String

SigningAlgorithms.PS512 Field

RSASSA-PSS with SHA-512 and MGF1 (RFC 7518 Section 3.5). Backed by .NET RSA with RSASignaturePadding.Pss.

public const string PS512 = "PS512";

Field Value

System.String

SigningAlgorithms.RS256 Field

RSASSA-PKCS1-v1_5 with SHA-256 (RFC 7518 Section 3.3). Backed by .NET RSA with RSASignaturePadding.Pkcs1. Widely deployed default for OIDC ID tokens.

public const string RS256 = "RS256";

Field Value

System.String

SigningAlgorithms.RS384 Field

RSASSA-PKCS1-v1_5 with SHA-384 (RFC 7518 Section 3.3). Same construction as RS256 with a stronger hash; backed by .NET RSA with RSASignaturePadding.Pkcs1.

public const string RS384 = "RS384";

Field Value

System.String

SigningAlgorithms.RS512 Field

RSASSA-PKCS1-v1_5 with SHA-512 (RFC 7518 Section 3.3). Same construction as RS256 with SHA-512; backed by .NET RSA with RSASignaturePadding.Pkcs1.

public const string RS512 = "RS512";

Field Value

System.String