jose: Javascript Object Signing and Encryption and JSON Web Token library

[ apache, cryptography, library ] [ Propose Tags ]

An implementation of the Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) formats.

Web Encryption (JWE) is not yet implemented.

All JWS algorithms (HMAC, ECDSA, RSASSA-PKCS-v1_5 and RSASSA-PSS) are implemented, however, the ECDSA implementation is is vulnerable to timing attacks and should therefore only be used for JWS verification.

The version number tracks the IETF jose working group draft revisions. For now, expect breaking API changes on any version change except for the final (fourth) part being incremented.

[Skip to Readme]
Versions [faq],,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 0.8.3
Dependencies aeson (>=0.7 && <0.9), attoparsec, base (==4.*), base64-bytestring (==1.0.*), bifunctors (>=4.0), byteable (==0.1.*), bytestring (==0.10.*), certificate (==1.3.*), crypto-pubkey (>=0.2.3), crypto-pubkey-types (>=0.3.2), crypto-random (>=0.0.7 && <0.0.9), cryptohash (==0.11.*), data-default-class, lens (>=4.3), network-uri (>=2.6), semigroups (>=0.15), template-haskell (>=2.4), text (>=1.1), time (==1.4.*), unordered-containers (==0.2.*), vector [details]
License Apache-2.0
Copyright Copyright (C) 2013, 2014 Fraser Tweedale
Author Fraser Tweedale
Category Cryptography
Home page
Bug tracker
Source repo head: git clone
Uploaded by frasertweedale at 2014-12-15T05:41:28Z
Distributions Arch:0.8.3, LTSHaskell:, NixOS:0.8.3, Stackage:
Downloads 19943 total (929 in the last 30 days)
Rating 1.25 (votes: 1) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Hackage Matrix CI
Docs uploaded by user
Build status unknown [no reports yet]




Maintainer's Corner

For package maintainers and hackage trustees

Readme for jose-

[back to package description]

jose - Javascript Object Signing and Encryption & JWT (JSON Web Token)

jose is a Haskell implementation of Javascript Object Signing and Encryption and [JSON Web Token] (

Encryption (JWE) is not supported but signing is supported. All key types and algorithms are supported, but EC and symmetric key generation is not yet implemented.

Contributions are welcome.