-
-
Notifications
You must be signed in to change notification settings - Fork 81
JWE
nov edited this page Sep 9, 2015
·
7 revisions
Call JSON::JWT#encrypt(key, algorithm, encryption_method).
public_key = OpenSSL::PKey::RSA.new <<-PEM
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAx9vNhcvSrxjsegZAAo4OEuoZOV/oxINEeWneJYczS80/bQ1J6lSS
:
-----END RSA PUBLIC KEY-----
PEM
jwe = jwt.encrypt(public_key, :'RSA-OAEP', :A256GCM)JSON::JWT.decode(jwe_string, key) is for decoding and decrypting compact-seiralized JWE token.
After decryption, JSON::JWE#plain_text will return original input as String.
Usually the plain text is also a JWT/JWS token, so you'll need decode it.
private_key = OpenSSL::PKey::RSA.new <<-PEM
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzHEJiUJDN59jUomP1pl7r0AGKXJAgR2DjmBTbN4kpvjWqcRR
:
-----END RSA PRIVATE KEY-----
PEM
jwe = JSON::JWT.decode 'eyJ...', private_key
jwe.plain_text # => 'eyJ..'
jws = JSON::JWT.decode jwe.plain_text, :skip_verificationYou can also decode without decryption, then decrypt it later.
jwe = JSON::JWT.decode 'eyJ...', :skip_decription
jwe.plain_text # => nil
jwe.decrypt! private_key
jwe.plain_text # => 'eyJ..'Follow JWT's Serialization section.
jwe = jwt.encrypt(public_key)
jwe.to_s # => "eyJ..."These values are supported as key encryption algorithms.
-
RSA1_5(default) RSA-OAEPdir
These are not supported.
A128KWA256KWECDH-ESECDH-ES+A128KWECDH-ES+A256KW
For each algorithm details, read [RFC7518] JSON Web Algorithms (JWA).
These values are supported as content encryption algorithms.
-
A128GCM(default) A256GCMA128CBC-HS256A256CBC-HS512
A192CBC-HS384 is not supported.
For each algorithm details, read [RFC7518] JSON Web Algorithms (JWA).
Follow JWS's Key Representation section.