>From your message I do not understand what you are trying to do. Send me off list mail with a fuller description and one I understand that I will be better able to answer your question.
Jim > -----Original Message----- > From: jose [mailto:[email protected]] On Behalf Of Matt David > Sent: Wednesday, July 20, 2016 12:59 AM > To: [email protected] > Subject: [jose] HTTP Request/Response using JWE with RSAES > > Hey all, > > I'm working on a module for Flask that allows it to use JWE as a quick plugin. In > my testing, I've run into a situation where I'm using RSAES (RSAES-OAEP, RSAES- > 1_5) and I want to return a JWS. It seems like there could be 2 ways of going > about this, but I don't believe that the RFC addresses it: > > 1. RSAES one way, CEK-only on the way back 2. RSAES two way, with an EPK > included on the originator's JWE sent to the remote end > > I like #2 myself because it uses a fresh CEK for each part of the request / > response. > > It's possible I'm missing something in the RFC, but I'm still unable to find it after > reading through it a few times, especially because EPK is specified only for use > with ECDH-ES algorithms. > > Best, > > - Matt > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
