The whole payload is signed - the whole plaintext is encrypted. ________________________________ From: Prabath Siriwardena<mailto:[email protected]> Sent: 6/6/2014 11:09 PM To: [email protected]<mailto:[email protected]>; Mike Jones<mailto:[email protected]> Subject: [jose] Can we do partial encryption/signing of the message payload...?
Going through the JWS specification I found that we can sign different parts of the JWS header... and kept some unsigned.. Going through the JWE specification I found that we can encrypt the content encryption key for different recipients using different keys... Something not clear to me is.. can we sign/encrypt just parts of the JSON payload ? (this is analogous to the partial encryption/signature in WS-Security)... Appreciate a lot your thoughts... Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +94 71 809 6732 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
