I understand the use case of Asymmetric Encryption using a private and public key. A client side Web Application can encrypt a JWE using a servers public key and the server uses its private key to decrypt the encrypted message.
Is it possible for a Web client to receive an encrypted message from a server encrypted by the Web Clients public key and have its own private key to decrypt the servers encrypted message?
From what I understand about security the browser is not a safe place to hold keys since an experienced person can read them if they wanted.
So is the encryption and decryption with JWE only possible in one (server to client) direction? Or is it possible for a Web client to hold a private key for decryption for encrypted messages from a server safely?
