0

I've been searching a lot but nothing hit the spot, they are questions about JWE key management.

Scenario:

Server wants to send sensitive data to client, and it chooses to encrypt the data with a symmetric algorithm by a symmetric key, i.e, Content Encryption Key (CEK).
Client will retrieve the CEK to decrypt the encrypted data, but the CEK can't be sent as a clear text together with the encrypted data, so the CEK will need to be encrypted.

Approach:

The JWE specification defines different key management modes as follows

  1. Key Wrapping: the CEK is encrypted for the intended recipient using a symmetric encryption algorithm.
    Key Wrapping Diagram

  2. Key Encryption: the CEK is encrypted for the intended recipient using an asymmetric encryption algorithm.
    Key Encryption Diagram

  3. Direct Key Agreement: a key agreement algorithm is used to pick the CEK.
    Direct Key Agreement Diagram

  4. Key Agreement with Key Wrapping: a key agreement algorithm is used to pick a symmetric CEK using a symmetric encryption algorithm.
    Key Agreement with Key Wrapping Diagram

  5. Direct Encryption: a user-defined symmetric shared key is used as the CEK (no key derivation or generation).
    Direct Encryption Diagram

Question:

  1. What are pros and cons of each mode?
  2. Under what circumstance will each mode be preferable?

Any help or advise would be appreciated, thank you very much.

adada
  • 1
  • There is no pros or cons with JWE Key Management Modes. The applicable mode only depends on the key encryption algorithm. You don't have to make a choice between those wodes… – Spomky-Labs Aug 11 '18 at 21:43
  • https://web-token.spomky-labs.com/advanced-topics/encrypted-tokens-and/multiple-recipients#key-management-modes – Spomky-Labs Aug 11 '18 at 21:46
  • Does this answer your question? [What are JWE Key Management Modes?](https://stackoverflow.com/questions/74259219/what-are-jwe-key-management-modes) – Marco Nov 15 '22 at 15:29

1 Answers1

0

See this answer for the difference between the key management modes and when to use each.

Marco
  • 5,555
  • 2
  • 17
  • 23