JSON Web Encryption
IETF standard for encrypted data From Wikipedia, the free encyclopedia
JSON Web Encryption (JWE) is an IETF standard providing a standardised syntax for the exchange of encrypted data, based on JSON and Base64.[1] It is defined by RFC 7516. Along with JSON Web Signature (JWS), it is one of the two possible formats of a JWT (JSON Web Token). JWE forms part of the JavaScript Object Signing and Encryption (JOSE) suite of protocols.[2]
| JSON Web Encryption (JWE) | |
| Abbreviation | JWE |
|---|---|
| Status | Proposed |
| Year started | 16 January 2012 |
| First published | 16 January 2012 |
| Latest version | May 2015 |
| Organization | IETF |
| Series | JOSE |
| Authors |
|
| Domain | Encryption, authentication |
| Website | datatracker |
Vulnerabilities
In March 2017, a serious flaw was discovered in many popular implementations of JWE, the invalid curve attack.[3]
One implementation of an early (pre-finalised) version of JWE also suffered from Bleichenbacher’s attack.[4]
References
Wikiwand - on
Seamless Wikipedia browsing. On steroids.