There are many example JWEs both in the appendices of RFC 7516 at
https://tools.ietf.org/html/rfc7516#appendix-A and throughout RFC 7520
https://tools.ietf.org/html/rfc7520. I'd suggest having a look at those.
-- Mike
-----Original Message-----
From: jose [mailto:[email protected]] On Behalf Of Matt David
Sent: Wednesday, July 20, 2016 12:59 AM
To: [email protected]
Subject: [jose] HTTP Request/Response using JWE with RSAES
Hey all,
I'm working on a module for Flask that allows it to use JWE as a quick plugin.
In my testing, I've run into a situation where I'm using RSAES (RSAES-OAEP,
RSAES-1_5) and I want to return a JWS. It seems like there could be 2 ways of
going about this, but I don't believe that the RFC addresses it:
1. RSAES one way, CEK-only on the way back 2. RSAES two way, with an EPK
included on the originator's JWE sent to the remote end
I like #2 myself because it uses a fresh CEK for each part of the request /
response.
It's possible I'm missing something in the RFC, but I'm still unable to find it
after reading through it a few times, especially because EPK is specified only
for use with ECDH-ES algorithms.
Best,
- Matt
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
