JSON Web Encryption explained

JSON Web Encryption
Long Name:JSON Web Encryption (JWE)
Status:Proposed
Version:May 2015
Organization:IETF
Domain:Encryption, authentication
Abbreviation:JWE

JSON Web Encryption (JWE) is an IETF standard providing a standardised syntax for the exchange of encrypted data, based on JSON and Base64.[1] It is defined by . Along with JSON Web Signature (JWS), it is one of the two possible formats of a JWT (JSON Web Token). JWE forms part of the JavaScript Object Signing and Encryption (JOSE) suite of protocols.[2]

Vulnerabilities

In March 2017, a serious flaw was discovered in many popular implementations of JWE, the invalid curve attack.[3]

One implementation of an early (pre-finalised) version of JWE also suffered from Bleichenbacher’s attack.

Notes and References

  1. Book: Ng, Alex Chi Keung. Contemporary Identity and Access Management Architectures: Emerging Research and Opportunities. 26 January 2018. IGI Global. 978-1-5225-4829-4. 215. JWE is a means of representing encrypted content using JSON data structures..
  2. News: Developers getting JSON-based options for enterprise authentication. Fontana. John. January 21, 2013. ZDNet. 2018-06-08. en.
  3. News: Critical flaw alert! Stop using JSON encryption. Rashid. Fahmida. 27 March 2017. InfoWorld. 8 June 2018.

This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "JSON Web Encryption".

Except where otherwise indicated, Everything.Explained.Today is © Copyright 2009-2024, A B Cryer, All Rights Reserved. Cookie policy.