JSON Web Encryption¶
JSON Web Encryption (JWE) are used to encrypt a payload and represent it as a compact URL-safe string.
Supported Content Encryption Algorithms¶
The following algorithms are currently supported.
| Encryption Value | Encryption Algorithm, Mode, and Auth Tag |
|---|---|
| A128CBC_HS256 | AES w/128 bit key in CBC mode w/SHA256 HMAC |
| A192CBC_HS384 | AES w/128 bit key in CBC mode w/SHA256 HMAC |
| A256CBC_HS512 | AES w/128 bit key in CBC mode w/SHA256 HMAC |
| A128GCM | AES w/128 bit key in GCM mode and GCM auth tag |
| A192GCM | AES w/192 bit key in GCM mode and GCM auth tag |
| A256GCM | AES w/256 bit key in GCM mode and GCM auth tag |
Supported Key Management Algorithms¶
The following algorithms are currently supported.
| Algorithm Value | Key Wrap Algorithm |
|---|---|
| DIR | Direct (no key wrap) |
| RSA1_5 | RSAES with PKCS1 v1.5 |
| RSA_OAEP | RSAES OAEP using default parameters |
| RSA_OAEP_256 | RSAES OAEP using SHA-256 and MGF1 with SHA-256 |
| A128KW | AES Key Wrap with default IV using 128-bit key |
| A192KW m | AES Key Wrap with default IV using 192-bit key |
| A256KW | AES Key Wrap with default IV using 256-bit key |
Examples¶
Encrypting Payloads¶
>>> from jose import jwe
>>> jwe.encrypt('Hello, World!', 'asecret128bitkey', algorithm='dir', encryption='A128GCM')
'eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4R0NNIn0..McILMB3dYsNJSuhcDzQshA.OfX9H_mcUpHDeRM4IA.CcnTWqaqxNsjT4eCaUABSg'
Decrypting Payloads¶
>>> from jose import jwe
>>> jwe.decrypt('eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4R0NNIn0..McILMB3dYsNJSuhcDzQshA.OfX9H_mcUpHDeRM4IA.CcnTWqaqxNsjT4eCaUABSg', 'asecret128bitkey')
'Hello, World!'