JSON Web Encryption (JWE)

JSON Web Encryption (JWE) is a standard (RFC 7516) for encrypting content to be represented as a JSON-based data structure. While JWS provides integrity and authentication, JWE adds confidentiality by encrypting the payload.

Structure

JWE tokens have five Base64URL-encoded parts:

header.encrypted_key.iv.ciphertext.tag

eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.
OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe...
48V1_ALb6US04U3b.
5eym8TW_c8SuK0ltJ3rpYI...
XFBoMYUZodetZdvTiFvSkQ

Components

• Header: Encryption algorithm (alg) and content encryption (enc)
• Encrypted Key: Content encryption key encrypted with recipient's key
• IV: Initialization vector for content encryption
• Ciphertext: Encrypted payload
• Authentication Tag: Integrity protection

Common Algorithms

// Key encryption (alg)
RSA-OAEP, RSA1_5, A256KW, dir

// Content encryption (enc)
A256GCM, A128CBC-HS256

When to Use

• Tokens contain sensitive data (PII, secrets)
• Payload should not be readable by client
• Defense in depth alongside HTTPS

Security Considerations

• Choose strong encryption algorithms
• Validate algorithm headers to prevent downgrade
• Properly manage encryption keys
• Consider using nested JWE+JWS for signed encryption

PentesterLab Exercises

• JWE Exercises

See Also

• JSON Web Token (JWT)
• JSON Web Signature (JWS)
• Galois/Counter Mode (GCM)