node-red-contrib-fips-jwt-sign 1.0.0
Node-RED nodes for secure high-performance RS256 JWT signing and verification using FIPS-compatible OpenSSL crypto
node-red-contrib-fips-jwt-sign
🔐 FIPS-compatible RS256 JWT signing & verification nodes for Node-RED
Built for high-load financial / PSP / integrations.
jwt-sign– RS256 signing with a private RSA keyjwt-verify– RS256 verification with a public RSA key
All crypto is performed using Node.js crypto (OpenSSL 3.x),
fully in-memory and compatible with FIPS 140-3 when used with a FIPS-enabled OpenSSL build.
💡 Overview
This module is designed for secure, high-throughput JWT operations in:
- Payment Service Providers (PSP)
- Banking / fintech integrations
- PCI DSS 4.0 environments
- Backend-to-backend trusted communication
The module provides two Node-RED nodes:
- JWT Sign – create RS256-signed JWTs using a private RSA key
- JWT Verify – verify RS256 JWT signatures using a public RSA key
Both nodes:
- Use RSA-SHA256 + PKCS#1 v1.5 (standard RS256)
- Work 100% in memory (no temporary files, no subprocesses)
- Are optimized for high-load scenarios (RSA key objects cached in memory)
- Enforce strict signature rules (no alg:none, no algorithm downgrade)
🔐 Features
- RS256 (RSA-SHA256) JWT signing
- RS256 JWT verification
- PKCS#1 v1.5 padding (compatible with financial APIs)
- High-performance: key objects cached per node instance
- 100% in-memory cryptography using OpenSSL 3.x
- FIPS-compatible when Node.js uses a FIPS provider
- Node.js ≥ 18, Node-RED ≥ 3.0
- PCI DSS 4.0 friendly (Sections 3.5 / 3.6)
- Secure Base64URL handling
- Hardened JWT validation (header, payload, structure)
📦 Installation
npm install node-red-contrib-fips-jwt-sign
