hi *, in the JWT specification [0] there is an example of a JWE that use A128CBC-HS256 for content encrpyption. Now I am not a cryptographer my self but IIUC the same CEK is used for encrypting with AES and authentication HMAC.
AFAIK is better to use two different keys for those 2 different primitives (this will not obviously apply to AES_GCM). Unless I am missing something... :) regards antonio [0] http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#appendix-A.1 [1] http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-24#appendix-A.2 _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
