Sign in Subscribe
By Sahil Kapoor -

JWE

JSON Web Encryption (JWE) is the encryption counterpart to JWS. Where JWS proves integrity and authenticity but leaves the payload readable, JWE encrypts the payload so only the intended recipient can decrypt it. JWE is used when token contents must remain confidential in transit or at rest.

How it works

A compact JWE token has five Base64URL-encoded sections separated by dots: protected_header.encrypted_key.iv.ciphertext.tag. The header declares the key management algorithm (alg) and the content encryption algorithm (enc). A randomly generated content encryption key (CEK) encrypts the payload; the CEK itself is encrypted to the recipient's public key (or wrapped by a shared secret) and carried in the encrypted_key section.

Common algorithms

  • Key management (alg): RSA-OAEP, ECDH-ES, A128KW, A256KW, dir (direct shared secret)
  • Content encryption (enc): A128GCM, A256GCM, A128CBC-HS256, A256CBC-HS512

Authenticated encryption (GCM or CBC-HMAC) provides both confidentiality and integrity.

Specification

Defined by RFC 7516.

🔗
Related Terms
JWT, JWS, OAuth 2.0, OIDC.

Subscribe to Sahil's Playbook

Clear thinking on product, engineering, and building at scale. No noise. One email when there's something worth sharing.
[email protected]
Subscribe
Mastodon