1# JWE [![Go Reference](https://pkg.go.dev/badge/github.com/lestrrat-go/jwx/jwe.svg)](https://pkg.go.dev/github.com/lestrrat-go/jwx/jwe) 2 3Package jwe implements JWE as described in [RFC7516](https://tools.ietf.org/html/rfc7516) 4 5* Encrypt and Decrypt arbitrary data 6* Content compression and decompression 7* Add arbitrary fields in the JWE header object 8 9How-to style documentation can be found in the [docs directory](../docs). 10 11Examples are located in the examples directory ([jwe_example_test.go](../examples/jwe_example_test.go)) 12 13Supported key encryption algorithm: 14 15| Algorithm | Supported? | Constant in [jwa](../jwa) | 16|:-----------------------------------------|:-----------|:-------------------------| 17| RSA-PKCS1v1.5 | YES | jwa.RSA1_5 | 18| RSA-OAEP-SHA1 | YES | jwa.RSA_OAEP | 19| RSA-OAEP-SHA256 | YES | jwa.RSA_OAEP_256 | 20| AES key wrap (128) | YES | jwa.A128KW | 21| AES key wrap (192) | YES | jwa.A192KW | 22| AES key wrap (256) | YES | jwa.A256KW | 23| Direct encryption | YES (1) | jwa.DIRECT | 24| ECDH-ES | YES (1) | jwa.ECDH_ES | 25| ECDH-ES + AES key wrap (128) | YES | jwa.ECDH_ES_A128KW | 26| ECDH-ES + AES key wrap (192) | YES | jwa.ECDH_ES_A192KW | 27| ECDH-ES + AES key wrap (256) | YES | jwa.ECDH_ES_A256KW | 28| AES-GCM key wrap (128) | YES | jwa.A128GCMKW | 29| AES-GCM key wrap (192) | YES | jwa.A192GCMKW | 30| AES-GCM key wrap (256) | YES | jwa.A256GCMKW | 31| PBES2 + HMAC-SHA256 + AES key wrap (128) | YES | jwa.PBES2_HS256_A128KW | 32| PBES2 + HMAC-SHA384 + AES key wrap (192) | YES | jwa.PBES2_HS384_A192KW | 33| PBES2 + HMAC-SHA512 + AES key wrap (256) | YES | jwa.PBES2_HS512_A256KW | 34 35* Note 1: Single-recipient only 36 37Supported content encryption algorithm: 38 39| Algorithm | Supported? | Constant in [jwa](../jwa) | 40|:----------------------------|:-----------|:--------------------------| 41| AES-CBC + HMAC-SHA256 (128) | YES | jwa.A128CBC_HS256 | 42| AES-CBC + HMAC-SHA384 (192) | YES | jwa.A192CBC_HS384 | 43| AES-CBC + HMAC-SHA512 (256) | YES | jwa.A256CBC_HS512 | 44| AES-GCM (128) | YES | jwa.A128GCM | 45| AES-GCM (192) | YES | jwa.A192GCM | 46| AES-GCM (256) | YES | jwa.A256GCM | 47 48# SYNOPSIS 49 50## Encrypt data 51 52```go 53func ExampleEncrypt() { 54 privkey, err := rsa.GenerateKey(rand.Reader, 2048) 55 if err != nil { 56 log.Printf("failed to generate private key: %s", err) 57 return 58 } 59 60 payload := []byte("Lorem Ipsum") 61 62 encrypted, err := jwe.Encrypt(payload, jwa.RSA1_5, &privkey.PublicKey, jwa.A128CBC_HS256, jwa.NoCompress) 63 if err != nil { 64 log.Printf("failed to encrypt payload: %s", err) 65 return 66 } 67 _ = encrypted 68 // OUTPUT: 69} 70``` 71 72## Decrypt data 73 74```go 75func ExampleDecrypt() { 76 privkey, encrypted, err := exampleGenPayload() 77 if err != nil { 78 log.Printf("failed to generate encrypted payload: %s", err) 79 return 80 } 81 82 decrypted, err := jwe.Decrypt(encrypted, jwa.RSA1_5, privkey) 83 if err != nil { 84 log.Printf("failed to decrypt: %s", err) 85 return 86 } 87 88 if string(decrypted) != "Lorem Ipsum" { 89 log.Printf("WHAT?!") 90 return 91 } 92 // OUTPUT: 93} 94``` 95