SSWG-0029: JWSETKit

Hey @ktoso (and SSWG team — cc @0xTim @graskind @lukasa),

Quick update on JWSETKit:

• CryptoSwift removed. The package now relies solely on swift-crypto to address the SSWG guidance to prefer the vetted crypto stack and to keep feature parity across platforms.

• RSA1_5 is marked deprecated to address this dangerous primitive that is frequently misused.

• PBKDF2 now uses _CryptoExtras rather than CryptoSwift.

• X.509 (swift-certificates) is opt-in. To avoid building BoringSSL on Darwin builds unnecessarily (since swift-certificates depends on _CryptoExtras unconditionally), X.509 support is gated behind the "X509" package trait(Swift 6.1+). Enable it like this:

.package(url: "https://github.com/amosavian/JWSETKit", from: "0.26.0", traits: ["X509"])

• This keeps default build times and binary size down on Apple platforms when X.509 isn’t needed.

• New (draft) standards support:

  • ML-DSA (JWS): Added experimental JWS support aligned with NIST FIPS-204 and the JOSE/COSE draft for ML-DSA.

  • HPKE (JWE): Added JWE modes following the JOSE WG HPKE draft.

These changes align with the acceptance note’s recommendations (use swift-crypto and ensure parity). Feedback welcome if any improvement is possible to done.