Algorithms

AlgorithmPurposeOTP 17OTP 18OTP 19FallbackDefinition
AES CBC 128-bitEncryptionXXXjose_jwa_aesNIST.800-38A
AES CBC 192-bitEncryptionXjose_jwa_aesNIST.800-38A
AES CBC 256-bitEncryptionXXXjose_jwa_aesNIST.800-38A
AES CTR 128-bitEncryptionXXXNIST.800-38A
AES CTR 192-bitEncryptionXXXNIST.800-38A
AES CTR 256-bitEncryptionXXXNIST.800-38A
AES ECB 128-bitEncryptionXXjose_jwa_aesNIST.800-38A
AES ECB 192-bitEncryptionXjose_jwa_aesNIST.800-38A
AES ECB 256-bitEncryptionXXjose_jwa_aesNIST.800-38A
AES GCM 128-bitEncryptionXXjose_jwa_aesNIST.800-38D
AES GCM 192-bitEncryptionXXjose_jwa_aesNIST.800-38D
AES GCM 256-bitEncryptionXXjose_jwa_aesNIST.800-38D
ChaCha20/Poly1305Encryptionjose_jwa_chacha20_poly1305RFC 7539
RSAES-OAEPEncryptionXXXjose_jwa_pkcs1RFC 3447
RSAES-OAEP-256Encryptionjose_jwa_pkcs1RFC 3447
RSAES-PKCS1-v1_5EncryptionXXXjose_jwa_pkcs1RFC 3447
RSASSA-PKCS1-v1_5SignatureXXXjose_jwa_pkcs1RFC 3447
RSASSA-PSSSignaturejose_jwa_pkcs1RFC 3447

There are also several "helper" algorithms used with the above that have no native implementations currently in OTP:

AlgorithmPurposeFallbackDefinition
AES Key WrapKey Wrapjose_jwa_aes_kwRFC 3394
Concat KDFKey Derivationjose_jwa_concat_kdfNIST.800-56A
MGF1Mask Generationjose_jwa_pkcs1RFC 3447
PBKDF1Key Derivationjose_jwa_pkcs5RFC 2898
PBKDF2Key Derivationjose_jwa_pkcs5RFC 2898
PKCS #7 PaddingPaddingjose_jwa_pkcs7RFC 2315

The following are algorithms related to the draft CFRG ECDH and signatures in JOSE:

AlgorithmPurposeExternalFallbackDefinition
Ed25519Signaturelibdecaf, libsodiumjose_jwa_curve25519EdDSA
Ed25519phSignaturelibdecaf, libsodiumjose_jwa_curve25519EdDSA
Ed448Signaturelibdecafjose_jwa_curve448EdDSA
Ed448phSignaturelibdecafjose_jwa_curve448EdDSA
SHAKE256Hashkeccakf1600, libdecafjose_jwa_sha3FIPS 202
X25519Key Exchangelibsodiumjose_jwa_curve25519RFC 7748
X448Key Exchangelibdecafjose_jwa_curve448RFC 7748