identity 1.0 documentation

JSON Web Encryption JSON Serialization (JWE-JS)

«  JSON Web Signature JSON Serialization (JWS-JS)   ::   Contents   ::   Use Cases and Requirements for JSON Object Signing and Encryption (JOSE)  »

JSON Web Encryption JSON Serialization (JWE-JS)

Abstract

The JSON Web Encryption JSON Serialization (JWE-JS) is a means of representing encrypted content using JSON data structures. This specification describes a means of representing secured content as a JSON data object (as opposed to the JWE specification, which uses a compact serialization with a URL-safe representation).

It enables the same content to be encrypted to multiple parties (unlike JWE). Cryptographic algorithms and identifiers used with this specification are enumerated in the separate JSON Web Algorithms (JWA) specification.

The JSON Serialization for related digital signature and HMAC functionality is described in the separate JSON Web Signature JSON Serialization (JWS-JS) specification.

(draft 01)

4. Example JWE-JS

This section contains an example using the JWE JSON Serialization. This example demonstrates the capability for encrypting the same plaintext to multiple recipients.

Two recipients are present in this example: the first using the RSA-PKCS1_1.5 algorithm to produce the JWE Encrypted Key and the second using the ECDH-ES algorithm to produce the JWE Encrypted Key.

The Plaintext is encrypted using the AES-256-CBC algorithm to produce the JWE Ciphertext.

The two Decoded JWE Header Segments used are:

{"alg":"RSA1_5",
 "enc":"A256CBC",
 "int":"HS256",
 "iv":"Mz-mW_4JHfg",
 "x5t":"7noOPq-hJ1_hCnvWh6IeYI2w9Q0"}
and:

{"alg":"ECDH-ES",
 "enc":"A256CBC",
 "epk":{
  "alg":"EC",
  "crv":"P-256",
  "x":"235RT7iKTI3KWvS4_mIwUhX6OC_X2I-bsOpS5w7MGA4",
  "y":"ZSv0dtvXs4o2XsIVhFzgiMTSg9uSsytaOvC-XRtfoIM"},
 "jku":"https://example.com/public_key.jwk"}

The complete JSON Web Encryption JSON Serialization (JWE-JS) for these values is as follows (with line breaks for display purposes only):

{"headers":[
  "eyJhbGciOiJSU0ExXzUiLA0KICJlbmMiOiJBMjU2Q0JDIiwNCiAiaW50IjoiS
FMyNTYiLA0KICJpdiI6Ik16LW1XXzRKSGZnIiwNCiAieDV0IjoiN25vT1BxLWhKM
V9oQ252V2g2SWVZSTJ3OVEwIn0",
  "eyJhbGciOiJFQ0RILUVTIiwNCiAiZW5jIjoiQTI1NkNCQyIsDQogImVwayI6e
w0KICAiYWxnIjoiRUMiLA0KICAiY3J2IjoiUC0yNTYiLA0KICAieCI6IjIzNVJUN
2lLVEkzS1d2UzRfbUl3VWhYNk9DX1gySS1ic09wUzV3N01HQTQiLA0KICAieSI6I
lpTdjBkdHZYczRvMlhzSVZoRnpnaU1UU2c5dVNzeXRhT3ZDLVhSdGZvSU0ifSwNC
iAiamt1IjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9wdWJsaWNfa2V5Lmp3ayJ9"],

 "encrypted_keys":[
  "TBD_encrypted_key_1_value_TBD",
  "TBD_encrypted_key_2_value_TBD"],

 "ciphertext":"TBD_ciphertext_value_TBD",
 "integrity_values":[
  "TBD_integrity_1_value_TBD",
  "TBD_integrity_2_value_TBD"]
}

TBD: Finish this example.

«  JSON Web Signature JSON Serialization (JWS-JS)   ::   Contents   ::   Use Cases and Requirements for JSON Object Signing and Encryption (JOSE)  »