GitBook: [master] 6 pages modified

Author: Spomky

README.md

@@ -45,14 +45,14 @@ The [detached payload](https://tools.ietf.org/html/rfc7515#appendix-F) is suppor
 
 | Key Type | Supported | Comment |
 | --- | :---: | --- |
-| `oct` | YES | Symmetric keys |
-| `RSA` | YES | RSA based asymmetric keys |
-| `EC` | YES | Elliptic Curves based asymmetric keys |
-| `OKP` | YES | Octet Key Pair based asymmetric keys |
+| oct | YES | Symmetric keys |
+| RSA | YES | RSA based asymmetric keys |
+| EC | YES | Elliptic Curves based asymmetric keys |
+| OKP | YES | Octet Key Pair based asymmetric keys |
 
 JWK objects support JSON Web Key Thumbprint \([RFC 7638](https://tools.ietf.org/html/rfc7638)\).
 
-_Note: we use a _`none`_ key type for the _`none`_ algorithm only._
+_Note: we use a_ `none` _key type for the_ `none` _algorithm only._
 
 ### Key Sets \(JWKSet\)
 
@@ -62,52 +62,59 @@ JWKSet is fully supported.
 
 | Signature Algorithm | Supported | Comment |
 | --- | :---: | --- |
-| `HS256`, `HS384` and `HS512` | YES |  |
-| `HS256`, `ES384` and `ES512` | YES |  |
-| `RS256`, `RS384` and `RS512` | YES |  |
-| `PS256`, `PS384` and `PS512` | YES |  |
-| `none` | YES | **Please note that this is not a secured algorithm. USE IT WITH CAUTION!** |
-| `EdDSA`_ with _`Ed25519`_ curve_ | YES | [With PHP 7.1, third party extension highly recommended](https://github.com/jedisct1/libsodium-php) |
-| `EdDSA`_ with _`Ed448`_ curve_ | NO | No extension or built-in implementation available |
+| HS256, HS384 and HS512 | YES |  |
+| ES256, ES384 and ES512 | YES |  |
+| RS256, RS384 and RS512 | YES |  |
+| PS256, PS384 and PS512 | YES |  |
+| none | YES | **Please note that this is not a secured algorithm. USE IT WITH CAUTION!** |
+| EdDSA with Ed25519 curve | YES | [With PHP 7.1, third party extension highly recommended](https://github.com/jedisct1/libsodium-php) |
+| EdDSA with Ed448 curve | NO | No extension or built-in implementation available |
+| HS1 | YES | From v1.2. **Experimental. Not recommended ; for testing purpose or compatibility with old systems only.** |
+| RS1 | YES | From v1.2. **Experimental. Not recommended ; for testing purpose or compatibility with old systems only.** |
+| HS256/64 | YES | From v1.2. **Experimental. Not recommended ; for testing purpose or compatibility with old systems only.** |
 
 ### Supported Key Encryption Algorithms
 
 | Key Encryption Algorithm | Supported | Comment |
 | --- | :---: | --- |
-| `dir` | YES |  |
-| `RSA1_5`, `RSA-OAEP` and `RSA-OAEP-256` | YES | The algorithms `RSA1_5` and `RSA-OAEP`are now deprecated. Please use with caution. |
-| `ECDH-ES`, `ECDH-ES+A128KW`, `ECDH-ES+A192KW` and `ECDH-ES+A256KW` | YES |  |
-| `A128KW`, `A128KW` and `A128KW` | YES |  |
-| `PBES2-HS256+A128KW`, `PBES2-HS384+A192KW` and `PBES2-HS512+A256KW` | YES |  |
-| `A128GCMKW`, `A192GCMKW` and `A256GCMKW` | YES |  |
-| `EdDSA` with `X25519` curve | YES | [With PHP 7.1, third party extension highly recommended](https://github.com/jedisct1/libsodium-php) |
-| `EdDSA` with `X448` curve | NO | No extension or built-in implementation available |
+| dir | YES |  |
+| RSA1\_5, RSA-OAEP and RSA-OAEP-256 | YES | The algorithms RSA1\_5 and RSA-OAEP are now deprecated. Please use with caution. |
+| ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW and ECDH-ES+A256KW | YES |  |
+| A128KW, A192KW and A256KW | YES |  |
+| PBES2-HS256+A128KW, PBES2-HS384+A192KW and PBES2-HS512+A256KW | YES |  |
+| A128GCMKW, A192GCMKW and A256GCMKW | YES |  |
+| ECDH-ES with X25519 curve | YES | [With PHP 7.1, third party extension highly recommended](https://github.com/jedisct1/libsodium-php) |
+| ECDH-ES with X448 curve | NO | No extension or built-in implementation available |
+| RSA-OEAP-384 and RSA-OAEP-512 | YES | From v1.2. **Experimental. For testing purpose only.** |
+|  ChaCha20-Poly1305 | YES | From v1.2. **Experimental. For testing purpose only.** |
 
 ### Supported Content Encryption Algorithms
 
-| Content Encryption Algorithm | Supported |
+| Content Encryption Algorithm | Supported | Comment |
 | --- | :---: |
-| `A128CBC-HS256`, `A192CBC-HS384` and `A256CBC-HS512` | YES |
-| `A128GCM`, `A192GCM` and `A256GCM` | YES |
+| A128CBC-HS256, A192CBC+HS384 and A256CBC-HC512 | YES |  |
+| A128GCM, A192GCM and A256GCM | YES |  |
+| A128CTR, A192CTR and A256CTR | YES | From v1.2. **Not recommended. For testing purpose only.** |
 
 ## Prerequisites
 
 This framework needs at least:
 
 * ![PHP 7.1+](https://img.shields.io/badge/PHP-7.1%2B-ff69b4.svg),
-* OpenSSL extension.
 * GMP extension.
 * MBString extension.
 
-Please consider the following optional requirements:
+Depending on the algorithms you using, other PHP extensions may be required \(e.g. OpenSSL\).
+
+Please also consider the following optional requirements:
 
 * If you intent to use `EdDSA` or `ECDH-ES` algorithm with `Ed25519`/`X25519` curves on PHP 7.1, please install this [third party extension](https://github.com/jedisct1/libsodium-php)
 
 ## Continuous Integration
 
 It has been successfully tested using `PHP 7.1`, `PHP 7.2` and `nightly` with all algorithms.
 
-Tests vectors from the [RFC 7520](http://tools.ietf.org/html/rfc7520) are fully implemented and all tests pass.
+Tests vectors from the [RFC 7520](http://tools.ietf.org/html/rfc7520) are fully implemented and all tests pass. Other test vector sources may be used \(e.g. new algorithm specifications\).
 
 We also track bugs and code quality using [Scrutinizer-CI](https://scrutinizer-ci.com/g/web-token/jwt-framework) and [Sensio Insight](https://insight.sensiolabs.com/projects/b7efa68f-8962-41cf-a2e3-4444426bc95a).
 
@@ -123,7 +130,7 @@ Code coverage is analyzed by [Coveralls.io](https://coveralls.io/github/web-toke
 
 ## Security Recommendations
 
-**To avoid security issues on your application, please follow these **[**Security Recommendations**](security-recommendations.md)** carefully**.
+**To avoid security issues on your application, please follow these** [**Security Recommendations**](security-recommendations.md) **carefully**.
 
 ## Performances
 

advanced-topics/signed-tokens-and/unencoded-payload.md

@@ -19,5 +19,5 @@ $jws = $jwsBuilder
     ->build();
 ```
 
-_As a remainder, both _`b64`_ and _`crit`_ parameters MUST be in the protected header._
+_As a remainder, both_ `b64` _and_ `crit` _parameters MUST be in the protected header._
 

benchmarks/result-table.md

@@ -2,7 +2,7 @@
 
 The table hereafter is the result of all benchmarks _with our development environment_. It is given to help you to select the appropriate algorithms for your application.
 
-**The use of the algorithm **`ECDH-ES`** with curves **`P-256`**, **`P-384`** or **`P-521`** is not recommended**. The cryptographic operations with those curves are done using a pure PHP function and hence very slow.
+**The use of the algorithm** `ECDH-ES` **with curves** `P-256`**,** `P-384` **or** `P-521` **is not recommended**. The cryptographic operations with those curves are done using a pure PHP function and hence very slow.
 
 The use of the RSA algorithms with a very long key \(more that 4096 bits\) is quite slow, but offers a good protection.
 

components/key-jwk-and-key-set-jwkset/key-management.md

@@ -51,7 +51,7 @@ composer require web-token/jwt-key-mgmt
   * `EC` : Elliptic Curve key pair
   * `OKP`: Octet key pair
 
-_Note: for the _`none`_ algorithm, the framework needs a key of type _`none`_. This is a specific key type that must only be used with this algorithm._
+_Note: for the_ `none` _algorithm, the framework needs a key of type_ `none`_. This is a specific key type that must only be used with this algorithm._
 
 For all asymmetric keys, you will ALWAYS receive a private key.
 

components/signed-tokens-jws/signature-algorithms.md

@@ -21,7 +21,7 @@ This framework comes with several signature algorithms. These algorithms are in
   * `PS384`
   * `PS512`
 * Edwards-curve Digital Signature Algorithm \(EdDSA\)
-  * `EdDSA` \(_only with the _`Ed25519`_ curve_\)
+  * `EdDSA` \(_only with the_ `Ed25519` _curve_\)
 * Unsecured algorithm
   * `none`
 

migration/from-spomky-labs-jose/header-checking.md

@@ -41,5 +41,5 @@ $checkerManager->add(new AudienceChecker('My Service'));
 $checkerManager->addTokenTypeSupport(new TokenSupport());
 ```
 
-_Please note that the header _`crit`_ is always checked._
+_Please note that the header_ `crit` _is always checked._