# Install jose with Homebrew, apk, apt, dnf, Nix, pacman, zypper

C-language implementation of Javascript Object Signing and Encryption. Version 15 via Homebrew; verified 2026-06-08.

## Install

```sh
sudo av install brew:jose
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install jose
```

  Evidence: local Homebrew formula metadata

### Linux

- apk (92%):

```sh
sudo apk add jose
```

  Evidence: Alpine Linux edge package indexes: jose from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install jose
```

  Evidence: Debian stable package indexes: jose from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install jose
```

  Evidence: Fedora Rawhide package metadata: jose from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#jose
```

  Evidence: nixpkgs package indexes: pkgs/by-name/jo/jose/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S jose
```

  Evidence: Arch Linux sync databases: jose from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install jose
```

  Evidence: openSUSE Tumbleweed package metadata: jose from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

## Package facts

- **Package key:** brew:jose
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/jose>
- **Version:** 15
- **Source summary:** C-language implementation of Javascript Object Signing and Encryption
- **Homepage:** <https://github.com/latchset/jose>
- **Repository:** <https://github.com/latchset/jose>
- **Upstream docs:** <https://github.com/latchset/jose#readme>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/latchset/jose/releases/download/v15/jose-15.tar.xz>
- **Last updated:** 2026-06-08T14:32:19Z
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- jose (cli)
- jose (alias)

## Dependencies

- jansson
- openssl@4

## Build dependencies

- meson
- ninja
- pkgconf

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 15
- Package-manager updated: 2026-06-08
- Local data: ok
- Upstream repository: https://github.com/latchset/jose
- info: No cached GitHub release or tag data was available.
## Project history and usage

José is a C implementation and command-line utility for the IETF JSON Object Signing and Encryption family of standards, including JWS, JWE, JWK, JWA, JWT, JOSE examples, and JWK thumbprints. It gives systems programmers and shell users a native CLI for operations that are more often hidden inside web-framework libraries.

### Project history

The JOSE RFC set was published as proposed standards in May 2015. The latchset/jose repository followed in 2016, after the standards had stabilized, with a README positioning the project as a C-language implementation tested against RFC test vectors.

Early GitHub releases appeared in August 2016. Subsequent releases kept the project useful as a small, packaging-friendly crypto utility rather than a large application framework.

### Adoption history

The input package metadata records Jose across several Unix package families, including Homebrew, Debian, Fedora/DNF, Alpine, Arch, Nix, Ubuntu, and openSUSE. That breadth reflects a common packaging role: a compact CLI and C library for JWT, JWK, signing, encryption, and thumbprint tasks in scripts and system components.

### How it is used

The README documents key generation, extracting public JWKs, computing thumbprints, signing and verifying JWS payloads, and encrypting and decrypting JWE payloads from the shell. That makes Jose useful for testing identity-provider flows, debugging token material, and automating JOSE operations without writing an application.

### Why package nerds care

For package maintainers, Jose is interesting because it maps web-token standards into a traditional Unix tool shape: a C codebase, Meson build, OpenSSL/Jansson dependencies, manpage-style CLI behavior, and distro packages. It is the kind of small utility that becomes valuable glue in security packaging even when end users mostly know higher-level JWT libraries.

### Timeline

- 2015-05: RFC 7515 through RFC 7519 standardized the core JOSE/JWT documents.
- 2016-06: The latchset/jose repository was created on GitHub.
- 2016-08: v1 was published as an early GitHub release.
- 2021-05: v11 was published after Jose had already reached multiple distro package sets.
- 2026-06: v15 was published on GitHub.

### Related projects

- Jose belongs to the wider JOSE ecosystem alongside language-specific libraries such as go-jose, node-jose, and Python JOSE bindings. It is also tied directly to IETF standards work around JWS, JWE, JWK, JWA, JWT, and related examples and thumbprint specifications.

### Sources

- <https://datatracker.ietf.org/doc/rfc7515/>
- <https://datatracker.ietf.org/doc/rfc7519/>
- <https://formulae.brew.sh/formula/jose>
- <https://github.com/latchset/jose>
- <https://github.com/latchset/jose/releases>


## Security Notes

broad file, network, media, or database tool signal.

- **Geiger risk:** blue / medium
- broad file, network, media, or database tool signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** jose
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Debian apt - jose - 14-2: normalized package name match | Debian stable package indexes: jose from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | C implementation of Javascript Object Signing and Encryption standards | https://github.com/latchset/jose
- Debian apt - libjose-dev - 14-2: normalized package name match | Debian stable package indexes: libjose-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Javascript Object Signing and Encryption (José) - development files | https://github.com/latchset/jose
- Debian apt - libjose0 - 14-2: normalized package name match | Debian stable package indexes: libjose0 from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Javascript Object Signing and Encryption (José) - library | https://github.com/latchset/jose
- Nix - jose: normalized package name match | nixpkgs package indexes: pkgs/by-name/jo/jose/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - jose - 13-1: normalized package name match | Ubuntu 24.04 LTS package indexes: jose from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | C implementation of Javascript Object Signing and Encryption standards | https://github.com/latchset/jose
- Ubuntu apt - libjose-dev - 13-1: normalized package name match | Ubuntu 24.04 LTS package indexes: libjose-dev from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Javascript Object Signing and Encryption (José) - development files | https://github.com/latchset/jose
- Ubuntu apt - libjose0 - 13-1: normalized package name match | Ubuntu 24.04 LTS package indexes: libjose0 from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Javascript Object Signing and Encryption (José) - library | https://github.com/latchset/jose
- apk - jose - 14-r0: normalized package name match | Alpine Linux edge package indexes: jose from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | C-language implementation of Javascript Object Signing and Encryption | https://github.com/latchset/jose
- apk - jose-dev - 14-r0: normalized package name match | Alpine Linux edge package indexes: jose-dev from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | C-language implementation of Javascript Object Signing and Encryption (development files) | https://github.com/latchset/jose
- apk - jose-doc - 14-r0: normalized package name match | Alpine Linux edge package indexes: jose-doc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | C-language implementation of Javascript Object Signing and Encryption (documentation) | https://github.com/latchset/jose
- apk - libjose - 14-r0: normalized package name match | Alpine Linux edge package indexes: libjose from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | C-language implementation of Javascript Object Signing and Encryption (libraries) | https://github.com/latchset/jose
- dnf - jose - 14-6.fc44: normalized package name match | Fedora Rawhide package metadata: jose from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Tools for JSON Object Signing and Encryption (JOSE) | https://github.com/latchset/jose
- dnf - libjose - 14-6.fc44: normalized package name match | Fedora Rawhide package metadata: libjose from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Library implementing JSON Object Signing and Encryption | https://github.com/latchset/jose
- dnf - libjose-devel - 14-6.fc44: normalized package name match | Fedora Rawhide package metadata: libjose-devel from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Development files for libjose | https://github.com/latchset/jose
- pacman - jose - 15-2: normalized package name match | Arch Linux sync databases: jose from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | C-language implementation of Javascript Object Signing and Encryption | https://github.com/latchset/jose
- zypper - jose - 14-1.2: normalized package name match | openSUSE Tumbleweed package metadata: jose from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | C-language implementation of Javascript Object Signing and Encryption | https://github.com/latchset/jose


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Language runtime packages](https://www.automicvault.com/pkg/language-runtime-packages/) - Matched language runtime, compiler, or interpreter metadata.
- [openssl@4](https://www.automicvault.com/pkg/brew/openssl-4/) - Runtime dependency declared by Homebrew.
- [meson](https://www.automicvault.com/pkg/brew/meson/) - Build dependency declared by Homebrew.
- [ninja](https://www.automicvault.com/pkg/brew/ninja/) - Build dependency declared by Homebrew.
- [pkgconf](https://www.automicvault.com/pkg/brew/pkgconf/) - Build dependency declared by Homebrew.
- [libjwt](https://www.automicvault.com/pkg/brew/libjwt/) - Shares av.db curated category or tags: cli, cryptography, jwe, jws, jwt.
- [botan](https://www.automicvault.com/pkg/brew/botan/) - Shares av.db curated category or tags: cli, cryptography, security.
- [ccrypt](https://www.automicvault.com/pkg/brew/ccrypt/) - Shares av.db curated category or tags: cli, cryptography, security.
- [cfssl](https://www.automicvault.com/pkg/brew/cfssl/) - Shares av.db curated category or tags: cli, cryptography, security.
- [gmssl](https://www.automicvault.com/pkg/brew/gmssl/) - Shares av.db curated category or tags: cli, cryptography, security.
- [gnupg-pkcs11-scd](https://www.automicvault.com/pkg/brew/gnupg-pkcs11-scd/) - Shares av.db curated category or tags: cli, cryptography, security.
- [gnutls](https://www.automicvault.com/pkg/brew/gnutls/) - Shares av.db curated category or tags: cli, cryptography, security.
- [gpgme](https://www.automicvault.com/pkg/brew/gpgme/) - Shares av.db curated category or tags: cli, cryptography, security.
- [jwt-hack](https://www.automicvault.com/pkg/brew/jwt-hack/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, jwt, openssl, openssl-4, security.
- [bcryptjs](https://www.automicvault.com/pkg/npm/bcryptjs/) - Both packages touch the same language runtime or ecosystem. Shared terms: cli, cryptography, encryption, javascript, security.

## Combined YAML source

View the package source record on GitHub. [combined/jose.yml](https://github.com/automic-vault/db/blob/main/combined/jose.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
