-
-
Notifications
You must be signed in to change notification settings - Fork 81
JWE
Call JSON::JWT#encrypt(key, algorithm, encryption_method)
.
When the given key is a JSON::JWK
instance, and it has kid
, then generated JSON::JWE
instance has the same kid
value in its header automatically.
public_key = OpenSSL::PKey::RSA.new <<-PEM
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAx9vNhcvSrxjsegZAAo4OEuoZOV/oxINEeWneJYczS80/bQ1J6lSS
:
-----END RSA PUBLIC KEY-----
PEM
jwe = jwt.encrypt(public_key, :'RSA-OAEP', :A256GCM)
JSON::JWT.decode(jwe_string, key)
is for decoding and decrypting compact-seiralized JWE token.
After decryption, JSON::JWE#plain_text
will return original input as String
.
Usually the plain text is also a JWT/JWS token, so you'll need decode it.
private_key = OpenSSL::PKey::RSA.new <<-PEM
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzHEJiUJDN59jUomP1pl7r0AGKXJAgR2DjmBTbN4kpvjWqcRR
:
-----END RSA PRIVATE KEY-----
PEM
jwe = JSON::JWT.decode 'eyJ...', private_key
jwe.plain_text # => 'eyJ..'
jws = JSON::JWT.decode jwe.plain_text, :skip_verification
You can also decode without decryption, then decrypt it later.
jwe = JSON::JWT.decode 'eyJ...', :skip_decryption
jwe.plain_text # => nil
jwe.decrypt! private_key
jwe.plain_text # => 'eyJ..'
Follow JWT's Serialization section.
jwe = jwt.encrypt(public_key)
jwe.to_s # => "eyJ..."
These values are supported as key encryption algorithms.
-
RSA1_5
(default) RSA-OAEP
dir
These are not supported.
A128KW
A256KW
ECDH-ES
ECDH-ES+A128KW
ECDH-ES+A256KW
For each algorithm details, read [RFC7518] JSON Web Algorithms (JWA).
These values are supported as content encryption algorithms.
-
A128GCM
(default) A256GCM
A128CBC-HS256
A256CBC-HS512
A192CBC-HS384
is not supported.
For each algorithm details, read [RFC7518] JSON Web Algorithms (JWA).
Follow JWS's Key Representation section.