JWE
What is JWE?
JWEJSON Web Encryption (RFC 7516) is a JOSE format that confidentially encapsulates a payload using authenticated encryption and either a key-wrapping or key-agreement scheme.
JWE (RFC 7516) defines how to encrypt arbitrary content so that only intended recipients can decrypt and verify it. The Compact Serialization has five Base64URL parts: protected header, encrypted key, IV, ciphertext, and authentication tag. The header's alg parameter selects the key-management mode, such as RSA-OAEP-256, ECDH-ES+A256KW, A256KW, or dir, while enc selects the AEAD bulk cipher, typically A256GCM or A128CBC-HS256. JWE underpins encrypted ID tokens, nested JWTs (JWS-then-JWE), and OpenID Connect for high-assurance flows. Implementers must use authenticated encryption, validate aud/iss claims of the inner JWS, prefer ECDH-ES with X25519 over RSA-OAEP for new deployments, and avoid the Bleichenbacher-style oracles of RSA1_5.
● Examples
- 01
An OpenID Connect ID token wrapped in a JWE so the IdP can hide claims from intermediate proxies.
- 02
A confidential message between two services encoded as a JWE with ECDH-ES+A256KW key agreement and A256GCM.
● Frequently asked questions
What is JWE?
JSON Web Encryption (RFC 7516) is a JOSE format that confidentially encapsulates a payload using authenticated encryption and either a key-wrapping or key-agreement scheme. It belongs to the Cryptography category of cybersecurity.
What does JWE mean?
JSON Web Encryption (RFC 7516) is a JOSE format that confidentially encapsulates a payload using authenticated encryption and either a key-wrapping or key-agreement scheme.
How does JWE work?
JWE (RFC 7516) defines how to encrypt arbitrary content so that only intended recipients can decrypt and verify it. The Compact Serialization has five Base64URL parts: protected header, encrypted key, IV, ciphertext, and authentication tag. The header's alg parameter selects the key-management mode, such as RSA-OAEP-256, ECDH-ES+A256KW, A256KW, or dir, while enc selects the AEAD bulk cipher, typically A256GCM or A128CBC-HS256. JWE underpins encrypted ID tokens, nested JWTs (JWS-then-JWE), and OpenID Connect for high-assurance flows. Implementers must use authenticated encryption, validate aud/iss claims of the inner JWS, prefer ECDH-ES with X25519 over RSA-OAEP for new deployments, and avoid the Bleichenbacher-style oracles of RSA1_5.
How do you defend against JWE?
Defences for JWE typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for JWE?
Common alternative names include: JSON Web Encryption.
● Related terms
- cryptography№ 565
JOSE
JavaScript Object Signing and Encryption: an IETF family of standards (RFC 7515-7520 and 8037) for representing signed and encrypted data using JSON.
- cryptography№ 573
JWS
JSON Web Signature (RFC 7515) is a JOSE format that protects the integrity and origin of arbitrary content using a digital signature or MAC over a Base64URL-encoded header and payload.
- cryptography№ 572
JWK
JSON Web Key, defined in RFC 7517, is a JSON object that represents a public or private cryptographic key for use in JOSE and OAuth-family protocols.
- identity-access№ 574
JWT (JSON Web Token)
Compact, URL-safe token format (RFC 7519) that carries signed JSON claims, widely used as access tokens, ID tokens, and session containers.
- identity-access№ 760
OpenID Connect (OIDC)
An identity layer built on top of OAuth 2.0 that lets clients verify a user's identity and obtain basic profile information via signed ID tokens.
● See also
- № 225COSE