 |
LibJWT 3.4.0
The C JSON Web Token Library +JWK +JWKS
|
|
LibJWT 3.4.0
The C JSON Web Token Library +JWK +JWKS
|
Create and consume JSON Web Encryption (JWE) tokens. More...
Topics | |
| Builder | |
| Create and encrypt JWE tokens. | |
| Checker | |
| Decrypt and authenticate JWE tokens. | |
Create and consume JSON Web Encryption (JWE) tokens.
JWE support is built around two objects that parallel the JWS jwt_builder_t / jwt_checker_t pair but are intentionally distinct types: a JWE is structurally and cryptographically different from a JWS, and keeping the types separate prevents accidentally treating one as the other.
Unlike JWS, JWE requires two algorithms: a key management algorithm (jwe_key_alg_t, the "alg" header) that produces or recovers the Content Encryption Key (CEK), and a content encryption algorithm (jwe_enc_t, the "enc" header) that authenticates and encrypts the payload with that CEK.
Both the Compact Serialization and the JSON Serialization are supported (jwe_serialization_t). The General JSON Serialization carries one or more recipients (jwe_builder_add_recipient): the plaintext is encrypted once with a single CEK and each recipient wraps that CEK independently, so any recipient's key can decrypt the token.
📄 RFC-7516
