Questions tagged [jwe]

JSON Web Encryption (JWE; RFC 7516) represents encrypted content using JSON-based data structures.

JSON Web Encryption (JWE) [RFC7516] represents encrypted content using JSON- based data structures [RFC7159]. The JWE cryptographic mechanisms encrypt and provide integrity protection for an arbitrary sequence of octets.

Two closely related serializations for JWEs are defined. The JWE Compact Serialization is a compact, URL-safe representation intended for space constrained environments such as HTTP Authorization headers and URI query parameters. The JWE JSON Serialization represents JWEs as JSON objects and enables the same content to be encrypted to multiple parties. Both share the same cryptographic underpinnings.

Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) [JWA] specification and IANA registries defined by that specification. Related digital signature and MAC capabilities are described in the separate JSON Web Signature (JWS) [JWS] specification.

Names defined by this specification are short because a core goal is for the resulting representations to be compact.

156 questions

votes

0 answers

How to convert JWE JSON to PEM

I want to convert JWE JSON into PEM format. I am using OpenSSL with Elliptic Curve Cryptography. Here is JSON {"kty":"EC","crv":"P-256","x":"0FwHzpaCfb2Assd1LA3kX9_UssnhX_XuciyZ0sdDMpLuPNk","y":"gf67dENsd12GnxEvABuDoZVbVw4KQ5kD9sduH7bCWPVI8aE"} Now…

asked Mar 02 '16 at 05:33

Ankit Thakur

4,739
1
19
35

votes

2 answers

Error Decrypting JWE

Kind of new to the JWE Decryption thing. I have a server that performs the JWE and sent it to client based on a key that is shared between server and client. I am using a Jose4j for decrypting and am getting this…

java encryption jwt jose4j jwe

asked Feb 10 '16 at 18:45

Aravind R

votes

1 answer

JOSE jwe/jws payload

Is it possible to have any kind of payload when using JOSE? I was thinking of doing something like: {"alg":"ES512", "cty":"XML" } and just make a string out of the XML file, on the server side I check cty and create the XML. I'm pretty sure its…

security jwt json-web-token jwe

asked Aug 11 '15 at 14:19

venito

vote

1 answer

Message Level Security in Rest Web services

I want to implement two level Security in my REST web services. Transport layer For point-to-point security (transport layer) i have decided to use HTTPS. Message layer (end to end) I need the json data(very sensitive) to be in encrypted form which…

json web-services security rest jwe

asked Mar 26 '12 at 09:40

shashankaholic

4,122
3
25
28

vote

1 answer

Exception: Cannot access a disposed object. Object name: 'RSACng'.Trying to decrypt JWE ciphertext using C# System.Security.Cryptography - .pem key

I'm trying to get the Ciphertext out of a JWE response using C# and a PKCS 8 private key and cannot find a good example that works. I created the public and private keys using: openssl genrsa -out private.pem 2048 && openssl rsa -in private.pem…

c# .net encryption-asymmetric jwe

asked Aug 18 '23 at 18:49

Adam Williams

vote

0 answers

How to manually generate JWE using jsrsasign?

I'm trying to manually build a JWE payload following https://www.rfc-editor.org/rfc/rfc7516#section-3 (so I an better learn it) in Javascript and for that I'm using the jsrsasign library. I've created a JOSE header and now I need to create a random…

javascript jwe

asked Mar 16 '23 at 04:25

epc

vote

1 answer

Decoding JWE with web-token/jwt-framework in PHP takes too much time

I need to solve how to decode a JWE encrypted with our public key in PHP. The case is that the userinfo of Oauth2 is encrypted and needs to be decrypted for the login to go through. With the current code the userifo is decrypted but it takes up to…

php decoding jwe

asked Feb 14 '23 at 09:58

Martin S

vote

1 answer

python-jose JWE: Unable to find an algorithm for key

I have been working on an authentication system and I need to encrypt some information. Currently I use the python-jose library and use the jwe.encrypt() function. On my computer it is working correctly but when I upload it to the AWS cloud as an…

python amazon-web-services aws-lambda serverless-framework jwe

asked Feb 09 '23 at 12:50

Sebatian Ayala

vote

2 answers

Isn't JWE an anti-pattern?

JWS uses server signed claims to verify the legitimacy of the claims made. The claims themselves are plain text but can't be tampered as the signature check would fail. The plain text nature of claims is not a concern assuming SSL is used. So from a…

ssl jwt api-design jwe

asked Jan 04 '23 at 07:18

Dojo

5,374
4
49
79

vote

2 answers

What are JWE Key Management Modes?

The JWE standard defines a concept called Key Management Mode. According to the RFC, there are five: Direct Encryption, Key Encryption, Direct Key Agreement, Key Wrapping, Key Agreement with Key Wrapping. What's the difference between them and…

jwe

asked Oct 31 '22 at 05:52

Marco

5,555
2
17
23

vote

1 answer

Any benefit of enabling JWE if I am using HttpOnly for JWT

Goal: When using JWT, I need to secure cookies and mitigate XSS attack vector in clients. I understand that a cookie with the HttpOnly attribute is inaccessible to the JavaScript Document.cookie API in the client. The server can access the cookie to…

javascript security jwt jwe

asked Oct 27 '22 at 05:09

JonasVan2023

vote

1 answer

How does encrypting JWT's payload improve security

On this website, it says: Do note that for signed tokens this information, though protected against tampering, is readable by anyone. Do not put secret information in the payload or header elements of a JWT unless it is encrypted. This part is…

security https jwt jwe

asked Oct 04 '22 at 10:21

mariusz96

vote

1 answer

JWT / Session Cookie Authentication Hybrid

I'm looking for some clarity regarding security concerns with just JWT in our current project. basically it is working right now like this: User authenticates with username + password at an authentication Service frontend gets JWT frontend can…

jwt api-gateway jwe

asked May 16 '22 at 17:55

Magned-devel

vote

1 answer

Decrypting and encrypting java JWEObject with algorithm RSA-OAEP-256 on python

I have a kafka message that was encrypted on java with the following code: private String decryptedMessage(String key, String encryptedMessage) throws NoSuchAlgorithmException, InvalidKeySpecException, ParseException, JOSEException { …

python java encryption rsa jwe

asked Apr 19 '22 at 16:55

Ema Il

vote

0 answers

Encrypting payload using JWE (Alg: ECDH_ES, Enc: A256GCM) .NET5

Is there a way to encrypt data using Alg: ECDH_ES, Enc: A256GCM in .NET 5 - OS: Linux? Data to encrypt: "{\"num\":\"1234567891234567\",\"ram\":\"1223\"}" What I tried: I used .NET jose-jwt library to encrypt a payload using Alg: ECDH_ES, Enc:…

c# encryption .net-5 jwe

asked Mar 21 '22 at 17:10

Daniel Botero Correa

Prev 1 2 3

…

10 11 Next