Questions tagged [jwe]

JSON Web Encryption (JWE; RFC 7516) represents encrypted content using JSON-based data structures.

JSON Web Encryption (JWE) [RFC7516] represents encrypted content using JSON- based data structures [RFC7159]. The JWE cryptographic mechanisms encrypt and provide integrity protection for an arbitrary sequence of octets.

Two closely related serializations for JWEs are defined. The JWE Compact Serialization is a compact, URL-safe representation intended for space constrained environments such as HTTP Authorization headers and URI query parameters. The JWE JSON Serialization represents JWEs as JSON objects and enables the same content to be encrypted to multiple parties. Both share the same cryptographic underpinnings.

Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) [JWA] specification and IANA registries defined by that specification. Related digital signature and MAC capabilities are described in the separate JSON Web Signature (JWS) [JWS] specification.

Names defined by this specification are short because a core goal is for the resulting representations to be compact.

156 questions

votes

1 answer

Why do JSON Web Encryptions (JWEs) not integrity protect the IV and content encryption key?

All JWEs are encrypted using authenticated encryption with associated data (AEAD) algorithms. Is there any reason why you would not want to include the IV and Encrypted Content Encryption Key (CEK) in the Additional Authenticated Data (AAD)? Would…

asked Apr 08 '15 at 12:48

k0mrade_kangaroo

votes

0 answers

Is it bad practice to store passwords in a JWE?

First of all, I know that passwords generally do not have to be stored in a JWT or JWS since the token in itself can be used to authenticate. My circumstances are very specific though. In my program, I need to startup a process as the user making a…

authentication security encryption jwt jwe

asked Jul 06 '23 at 12:09

JoffLobster

votes

1 answer

How to validate JWE token in Golang

I've got 2 questions but first I want to provide some context: On our webapp, we are using NextAuth to generate jwt tokens which then we attach to requests against our Golang server (for fetching resources). The generated tokens seem to be JWE…

go jwt next-auth jwe

asked Nov 27 '22 at 23:45

Martin

1,159
10
34

votes

0 answers

Decrypt and verify locally Play Integrity API Token

I'm trying to implement Play Integrity API in my project. I already implement the logic in an Android app and send the token to my server. I want to decrypt and verify locally because the server don't and won't have internet connection. So I'm…

java android jwe google-play-integrity-api

asked Sep 15 '22 at 04:02

Israel landeros Beltrán Eliot

votes

1 answer

How to set Dynamic IssuerSigningKey and TokenDecryptionKey in AddJwtBearer options in ConfigureServices method on Startup.cs file

I wrote an Authentication web api project with DotNet core 3.1 and Microsoft.IdentityModel.JsonWebTokens. I have 3 client app-android, app-pwa and admin-panel. each client has specific SigningCredentials and EncryptingCredentials key on…

c# jwt asp.net-core-3.1 jwe

asked Nov 09 '20 at 21:20

Mofid.Moghimi

votes

0 answers

How to use RSA to encrypt a JWT token?

I have a OpenSSL key pair that I use to create the RSA object: let getSigningKey (rsa:RSA) (key) = try rsa.ImportPkcs8PrivateKey( source = ReadOnlySpan(trimOpenSslPrivKey key), bytesRead = ref 0 ) Some rsa …

c# .net-core f# jwt jwe

asked Sep 17 '20 at 10:16

Istvan

7,500
9
59
109

votes

1 answer

Decrypting JWE token in golang

I have this problem, I created a JWE in node.js using node-jose by this way: const keystore = [ { kty: 'oct', kid: 'QLdRkgyMx_po0fPo5XnOzQQB4iTcyay36m_PA62SBiw', k:…

node.js go jwe jose node-jose

asked Jun 03 '20 at 13:05

Jorge Chiquín Valderrama

votes

1 answer

How to get client_assertion in signed JWT in KeyCloak

I try to login with signed JWT, I follow this example, https://github.com/thomasdarimont/spring-boot-keycloak-jwe-example. However when I try to get the token with curl with the following…

spring-boot jwt keycloak jwe

asked May 19 '20 at 14:32

user1106585

votes

1 answer

jose encryption returns binary string but decrypting with decoded string gives error in python

I am using jose for python jwe encryption. Here is my code from the example import jose from time import time from Crypto.PublicKey import RSA key = RSA.generate(2048) claims = {'name': 'Jack'} pub_jwk = {'k':…

python encryption jwe jose

asked Oct 24 '19 at 16:43

varad

7,309
20
60
112

votes

1 answer

How to capture the response of ResponseEntityExceptionHandler to create JWE encrypt

I have springboot based restful web-service. I have CryptoResponseBodyAdvice to capture the response from controller and create JWE out of response body and send JWE as API response. public class CryptoResponseBodyAdvice implements…

java spring-boot jwe controller-advice

asked Oct 18 '19 at 22:09

Ashish Garg

votes

1 answer

Different JSON Web Encryption(JWE) tokens generated for same key by Java and .Net 4.6

I have a requirement to generate JWE token from both Java and .Net 4.6 c# application (the JWE tokens will be passed between Java and .Net apps). Java application is using Nimbus Jose library and .Net application is using jose-jwt package available…

java c# .net-4.6 jwe jose

asked Jul 30 '19 at 13:27

Nilmi Nawalage

votes

1 answer

Decode with net core encrypted JWT issued by Apereo CAS

Apereo CAS Single-Sign-On issued the following…

.net-core jwt cas jwe

asked Jul 02 '19 at 21:15

Marcello

votes

1 answer

Is it Possible to Encrypt a JWT token in Php And Decrypt in Javascript?

I am Currently using two libraries for JWT . First one for server side jose php Library and the second one for client side jose js library I am creating a token based login system . All i want is to create a token at server side and after…

javascript php encryption jwt jwe

asked Oct 25 '16 at 05:34

Iññoceñt Ùšmâñ

votes

1 answer

How to generate a JWT/JWS with JWE

I am developing a j2ee authentication/authorization system. I want to use JWT tokens, sign the payload with JWS and encrypt it using JWE. I found a decent tutorial from bitbuckets jose4j This example shows them generating a JWK using…

jakarta-ee encryption jwt jwe jwk

asked Oct 01 '16 at 04:21

Nick H

8,897
9
41
64

votes

0 answers

JOSE_JS JWE The data that encrypted by javascript won't decrypt by go

Server side code for generating public key is: privateKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { return nil } publicKey := &privateKey.PublicKey publicKeyBytes, err :=…

javascript encryption go jwe jose

asked Sep 21 '16 at 12:04

Mohsen

4,000
8
42
73

Prev 1 2

…

10 11 Next