Nimbus JOSE + JWT 2.15.1: Quicker loading of RSA encrypters

Nimbus JOSE + JWT 2.15.1 is a maintenance release of the Java library for signing and encrypting JSON Web Tokens (JWTs) and other payloads.

What’s in it?

  • Instantiation of RSAEncrypter and DirectEncrypter objects will now happen a lot faster. There is no further need to reuse these encrypter objects in order to maintain performance. Should you wish, you can now create a new encrypter object for each JWE message that needs to be produced, with virtually no performance penalty. This was achieved by making the SecureRandom PRNG for outputting IVs a static class member. The initial seeding of the PRNG is typically a time consuming process to guarantee sufficient entropy (we measured up to 1+ second for that in tests), so the logical solution was to move the seeding procedure out of the encrypter constructors. Thanks to Dr. Michael Scott from CertiVox and Juraj Somorovsky from Uni Bochum for checking that IV security was preserved while this was done.

  • You can now pass shared secrets encoded as UTF-8 strings to the MACSigner and MACVerifier.

  • The Base64URL class was refactored to extend the general Base64 class, which made the overall code leaner and simpler to maintain.

The library JAR is distributed via Maven Central. You can also get it from the download section of the Git repo for the JOSE+JWT library.