Available JWT encryption algorithms
- Last Updated: February 11, 2026
- 1 minute read
- OpenEdge
- Version 13.0
- Documentation
The OAuth2 keystore type selection requires the appropriate encryption
algorithm. PAS for OpenEdge OAuth2 encryption algorithms include:
- HMAC implements the Keyed-Hash Message Authentication Code (HMAC).
- RSA (Rivest–Shamir–Adleman) public and private key encryption.
Configure the HMAC or RSA type
Choose the JWT signature validation to be performed by setting the following property in the oeablSecurity.properties file:
|
Note: All
HSxxx types apply
to the HMAC signature algorithm. All RSxxx types apply to the RSA (public and
private) signature algorithm.Configure the HSxxx signature validation encryption key
The HSxxx encryption key is a single value configured in the
oeablSecurity.properties file:
|
- value
- A string value, either clear text or encoded text. Encoded text is the output of oe-install-dir/bin/stspwdutil
Note: Because the encryption key
is a single value, PAS for OpenEdge supports only one authorization server for each
OEABL web application configuration.
Configure the RSxxx signature validation encryption key
Support for accessing the RSA public keys includes:
- A Java (.p12) encrypted keystore file containing a digital certificate holding the single RSA public key
- A file system directory holding the single PEM-encoded RSA public key
- A JSON Web Key (JWK) set that holds multiple RSA public keys,
and is selected by the JWT header's
kidclaim