Skip to content
nov edited this page Sep 9, 2015 · 7 revisions

JSON Web Signature (JWS)

Encrypting

Call JSON::JWT#encrypt(key, algorithm, encryption_method).

public_key = OpenSSL::PKey::RSA.new <<-PEM
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAx9vNhcvSrxjsegZAAo4OEuoZOV/oxINEeWneJYczS80/bQ1J6lSS
 :
-----END RSA PUBLIC KEY-----
PEM

jwe = jwt.encrypt(public_key, :'RSA-OAEP', :A256GCM)

Decrypting

JSON::JWT.decode(jwe_string, key) is for decoding and decrypting compact-seiralized JWE token.

After decryption, JSON::JWE#plain_text will return original input as String.

Usually the plain text is also a JWT/JWS token, so you'll need decode it.

private_key = OpenSSL::PKey::RSA.new <<-PEM
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzHEJiUJDN59jUomP1pl7r0AGKXJAgR2DjmBTbN4kpvjWqcRR
 :
-----END RSA PRIVATE KEY-----
PEM

jwe = JSON::JWT.decode 'eyJ...', private_key
jwe.plain_text # => 'eyJ..'

jws = JSON::JWT.decode jwe.plain_text, :skip_verification

You can also decode without decryption, then decrypt it later.

jwe = JSON::JWT.decode 'eyJ...', :skip_decription
jwe.plain_text # => nil

jwe.decrypt! private_key
jwe.plain_text # => 'eyJ..'

Serialization

Follow JWT's Serialization section.

jwe = jwt.encrypt(public_key)
jwe.to_s # => "eyJ..."

Supported Algorithms

Key Encryption Algorithms

These values are supported as key encryption algorithms.

  • RSA1_5 (default)
  • RSA-OAEP
  • dir

These are not supported.

  • A128KW
  • A256KW
  • ECDH-ES
  • ECDH-ES+A128KW
  • ECDH-ES+A256KW

For each algorithm details, read [RFC7518] JSON Web Algorithms (JWA).

Content Encryption Algorithms

These values are supported as content encryption algorithms.

  • A128GCM (default)
  • A256GCM
  • A128CBC-HS256
  • A256CBC-HS512

A192CBC-HS384 is not supported.

For each algorithm details, read [RFC7518] JSON Web Algorithms (JWA).

Key Representation

Follow JWS's Key Representation section.

Clone this wiki locally