-
-
Couldn't load subscription status.
- Fork 82
JWE
Call JSON::JWT#encrypt(key, algorithm, encryption_method).
When the given key is a JSON::JWK instance, and it has kid, then generated JSON::JWE instance has the same kid value in its header automatically.
public_key = OpenSSL::PKey::RSA.new <<-PEM
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAx9vNhcvSrxjsegZAAo4OEuoZOV/oxINEeWneJYczS80/bQ1J6lSS
:
-----END RSA PUBLIC KEY-----
PEM
jwe = jwt.encrypt(public_key, :'RSA-OAEP', :A256GCM)JSON::JWT.decode(jwe_string, key) is for decoding and decrypting compact-seiralized JWE token.
After decryption, JSON::JWE#plain_text will return original input as String.
Usually the plain text is also a JWT/JWS token, so you'll need decode it.
private_key = OpenSSL::PKey::RSA.new <<-PEM
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzHEJiUJDN59jUomP1pl7r0AGKXJAgR2DjmBTbN4kpvjWqcRR
:
-----END RSA PRIVATE KEY-----
PEM
jwe = JSON::JWT.decode 'eyJ...', private_key
jwe.plain_text # => 'eyJ..'
jws = JSON::JWT.decode jwe.plain_text, :skip_verificationYou can explicitly specify expected enc & alg.
If you didn't specify the alg, this gem automatically detect it from given JWT header and class of given public key / secret instance.
jwe = JSON::JWT.decode 'eyJ...', private_key, :'RSA-OAEP', :A256GCM You can also decode without decryption, then decrypt it later.
jwe = JSON::JWT.decode 'eyJ...', :skip_decryption
jwe.plain_text # => nil
jwe.decrypt! private_key
jwe.plain_text # => 'eyJ..'Follow JWT's Serialization section.
jwe = jwt.encrypt(public_key)
jwe.to_s # => "eyJ..."These values are supported as key encryption algorithms.
-
RSA1_5(default) RSA-OAEPdirA128KWA256KW
These are not supported.
ECDH-ESECDH-ES+A128KWECDH-ES+A256KW
For each algorithm details, read [RFC7518] JSON Web Algorithms (JWA).
These values are supported as content encryption algorithms.
-
A128GCM(default) A256GCMA128CBC-HS256A256CBC-HS512
A192CBC-HS384 is not supported.
For each algorithm details, read [RFC7518] JSON Web Algorithms (JWA).
Follow JWS's Key Representation section.