Questions tagged [jwe]

JSON Web Encryption (JWE; RFC 7516) represents encrypted content using JSON-based data structures.

JSON Web Encryption (JWE) [RFC7516] represents encrypted content using JSON- based data structures [RFC7159]. The JWE cryptographic mechanisms encrypt and provide integrity protection for an arbitrary sequence of octets.

Two closely related serializations for JWEs are defined. The JWE Compact Serialization is a compact, URL-safe representation intended for space constrained environments such as HTTP Authorization headers and URI query parameters. The JWE JSON Serialization represents JWEs as JSON objects and enables the same content to be encrypted to multiple parties. Both share the same cryptographic underpinnings.

Cryptographic algorithms and identifiers for use with this specification are described in the separate JSON Web Algorithms (JWA) [JWA] specification and IANA registries defined by that specification. Related digital signature and MAC capabilities are described in the separate JSON Web Signature (JWS) [JWS] specification.

Names defined by this specification are short because a core goal is for the resulting representations to be compact.

156 questions

vote

0 answers

Wrong AES key length using Crypt::JWT

I'm attempting to generate a JWE with (5 parts) using Crypt::JWT. It's my first foray into perl. Following the example from the documentation: use Crypt::JWT qw(encode_jwt); my $claims = { iss => 'some issuer', cd => 'some cd' } my $jws_token…

perl crypt jwe

asked Jan 17 '22 at 17:23

user88659

vote

1 answer

How does one decrypt an encrypted Access Token? (OpenIddict 3.x)

OpenIddict, from version 3.x, encrypts access tokens by default, but you can disable this functionality. If the encryption is left re-enabled, is it possible for the client to decrypt the token or how would the client or relying party verify the…

c# jwt openid-connect openiddict jwe

asked Dec 29 '21 at 01:00

tmccal2

vote

1 answer

How can I overwrite the automatically calculated kid when importing a JWK from PEM

I am trying to create a JWE Token using the node-jose library's createEncrypt method. The problem is, I want to set the kid to a certain value. But when importing the key using the jose.JWK.asKey method, it's automatically calculating the kid and…

node.js jwt jwk jwe node-jose

asked Dec 23 '21 at 07:48

GAURAV KUMAR JHA

vote

1 answer

How to get token from JWE Encrypt method of Jose Sdk

I am new in C# jose jwt. I have been using JWE.Encrypt() method. AnyJson anyJson = new AnyJson(); anyJson.page = 2; anyJson.filters = new Filters(); anyJson.filters.startDate = DateTime.Now.Date; anyJson.filters.endDate = DateTime.Now.Date; string…

c# json jwt jwe jose

asked Dec 06 '21 at 14:14

Kryp2 Gemini

vote

2 answers

No Java-Jose-package supports my ECDHES Curve-algorithm

I'm trying set up a JWE encrypted with a given JWK using the ECDH-ES Algorithm and the curve brainpoolP256r1. I would really like to use a Jose package, like Nimbus Jose or jose4j. Unfortunately both don't support the brainpool-curve. I've searched…

encryption jwe ecdh jose

asked Oct 13 '21 at 13:57

Apertif

vote

2 answers

Send JWE, as request body, with Retrofit

I am using Retrofit to send request as encrypted JWT (JWE) to an API. My service interface is: interface APICallService { @Headers("Content-Type: application/jwt") @POST("/v1/api/dp_checkkyc") fun…

android jwt retrofit jwe

asked Jul 27 '21 at 13:46

Sparsh Dutta

2,450
4
27
54

vote

1 answer

Cannot resolve symbol 'encrypt' in nimbus-jose-jwt library

I am trying to generate an encrypted JWT in Android using 'nimbus-jose-jwt' library. But when I call the method 'encrypt()' of library, I get the error 'Cannot resolve symbol 'encrypt', even though the source code of library has the method…

android encryption jwt jwe nimbus-jose-jwt

asked Jul 26 '21 at 10:55

Sparsh Dutta

2,450
4
27
54

vote

1 answer

Does encrypting JWSs (Signed JWT) protect from finding the signing key?

One of the pros for using encrypted tokens is privacy - token content can't be read. I was wandering if there are other pros. One specific thought relates to signed token (JWS). Can attacker, having many JSWs, find out the signing key? This is…

security jwt jwe

asked Jun 22 '21 at 08:55

AlikElzin-kilaka

34,335
35
194
277

vote

1 answer

Migrate from JWT to Identity Server 4 without need to re-login website users after deployment

I have an API service that is currently secured using JWT. I'm going to replace JWT with Identity Server 4 and secure my API with Identity Server 4. I had a custom way of generating JWT tokens (JWE). How can I replace JWT with Identity Server 4…

jwt identityserver4 jwe

asked Apr 11 '21 at 15:43

Milad Rashidi

1,296
4
22
40

vote

2 answers

How to use RSA as kty jwk parameter (using jose4j)

I am using jose4j to encrypt a String with JWE, following this documentation https://bitbucket.org/b_c/jose4j/wiki/JWE%20Examples In the example, they used {\"kty\":\"oct\",\"k\":\"Fdh9u8rINxfivbrianbbVT1u232VQBZYKx1HGAGPt2I\"} It works well, but…

rsa jwk jwe jose4j

asked Jan 27 '21 at 10:10

Sushi

vote

1 answer

JWE and the key management modes

Wrapping my head around JWE and the key management modes. The point of JWE is to prevent third parties to see/change the token. Only the token issuer and resource server should be able to use it. (Is this correct?) To encrypt the token's payload, we…

security oauth-2.0 jwt jwe key-management

asked Jan 26 '21 at 02:25

whowhenhow

vote

1 answer

I have Modulus and Exponent how to generate JWE for some payload using JavaScript

We have a requirement where we will get modulus from service call to be used for encrypting (JWE) some data at client side Example of modulus, and exponent (cannot be changed formats) { "modulus":…

jwt rsa jwe jose jose4j

asked Nov 05 '20 at 11:17

Kiran

1,145
1
8
22

vote

0 answers

JWE nimbus-JOSE authenticity and JavaScript counterpart

I have chanced upon this wonderful library for java nimbus-JOSE for the use of JSON Web Encryption. This library is simple and requires few lines for JWE encryption and decryption like below shows JWE Encryption. EncryptedJWT jwt = new…

jwt public-key-encryption jwe authenticity nimbus-jose-jwt

asked Oct 05 '20 at 16:16

Kalainde V

vote

0 answers

How to pass claims and expiration time to a JWE?

I am playing with node-jose (https://github.com/cisco/node-jose) and it's not helping much. Should I wrap a JWE in a JWT payload (or the opposite) maybe? This is a sample code I am using to make some tests: const jwe = await…

jwt jwk jwe node-jose

asked Oct 02 '20 at 20:30

Victor Ferreira

6,151
13
64
120

vote

1 answer

Modify the JwtIssuer ClaimsProvider in the custom policy to achieve the JWE in AD B2C

I am using the AD B2C service for the authentication. AD B2C is generating the signed JWT tokens, but the claims information in the JWT token is exposed to the public. If anyone gets the token they can able to see the claims information. In my case…

jwt azure-ad-b2c jwe azure-ad-b2c-custom-policy

asked Oct 01 '20 at 03:06

Saravana Kumar

3,669
5
15
35

Prev 1 2 3

…

10 11 Next