Replies: 1 comment
-
It isn't once you consider the fact that the JWE token contains the protected header (base64url encoded JSON with used algorithms and key wrapping params), an actual CEK, the used iv, authentication tag and then the ciphertext itself.
Unable? It's right in the readme. https://github.com/panva/jose#detailed-support-matrix
I think you'd be better of with a 32 byte secret instead of this random length one. What happens with these "passwords" is that PBES2 is used to derive the key wrapping secret. Please see the supported algorithms, understand what they do and use one appropriate for you. You probably want to use an AES based key wrap. |
Beta Was this translation helpful? Give feedback.
-
Hello, @panva. I hope you are well and safe. Thanks for the effort placed on creating this library. I recently found it trying to switch from manually encrypting JWT to the JOSE standard.
I have created an example (using a symmetric key) which I want to share in case it is useful for other users. I would also love to have some feedback to ensure this is the way the library should be consumed.
Some specific questions:
{ foo: 'bar' }
) results in a 147 bytes JWT (expected) and 417 bytes after encryption. Am I doing something wrong here? It seems to be a huge overhead just for encryption.Thanks.
The output is this:
Beta Was this translation helpful? Give feedback.
All reactions