1# JWE [![Go Reference](https://pkg.go.dev/badge/github.com/lestrrat-go/jwx/jwe.svg)](https://pkg.go.dev/github.com/lestrrat-go/jwx/jwe)
2
3Package jwe implements JWE as described in [RFC7516](https://tools.ietf.org/html/rfc7516)
4
5* Encrypt and Decrypt arbitrary data
6* Content compression and decompression
7* Add arbitrary fields in the JWE header object
8
9How-to style documentation can be found in the [docs directory](../docs).
10
11Examples are located in the examples directory ([jwe_example_test.go](../examples/jwe_example_test.go))
12
13Supported key encryption algorithm:
14
15| Algorithm                                | Supported? | Constant in [jwa](../jwa) |
16|:-----------------------------------------|:-----------|:-------------------------|
17| RSA-PKCS1v1.5                            | YES        | jwa.RSA1_5               |
18| RSA-OAEP-SHA1                            | YES        | jwa.RSA_OAEP             |
19| RSA-OAEP-SHA256                          | YES        | jwa.RSA_OAEP_256         |
20| AES key wrap (128)                       | YES        | jwa.A128KW               |
21| AES key wrap (192)                       | YES        | jwa.A192KW               |
22| AES key wrap (256)                       | YES        | jwa.A256KW               |
23| Direct encryption                        | YES (1)    | jwa.DIRECT               |
24| ECDH-ES                                  | YES (1)    | jwa.ECDH_ES              |
25| ECDH-ES + AES key wrap (128)             | YES        | jwa.ECDH_ES_A128KW       |
26| ECDH-ES + AES key wrap (192)             | YES        | jwa.ECDH_ES_A192KW       |
27| ECDH-ES + AES key wrap (256)             | YES        | jwa.ECDH_ES_A256KW       |
28| AES-GCM key wrap (128)                   | YES        | jwa.A128GCMKW            |
29| AES-GCM key wrap (192)                   | YES        | jwa.A192GCMKW            |
30| AES-GCM key wrap (256)                   | YES        | jwa.A256GCMKW            |
31| PBES2 + HMAC-SHA256 + AES key wrap (128) | YES        | jwa.PBES2_HS256_A128KW   |
32| PBES2 + HMAC-SHA384 + AES key wrap (192) | YES        | jwa.PBES2_HS384_A192KW   |
33| PBES2 + HMAC-SHA512 + AES key wrap (256) | YES        | jwa.PBES2_HS512_A256KW   |
34
35* Note 1: Single-recipient only
36
37Supported content encryption algorithm:
38
39| Algorithm                   | Supported? | Constant in [jwa](../jwa) |
40|:----------------------------|:-----------|:--------------------------|
41| AES-CBC + HMAC-SHA256 (128) | YES        | jwa.A128CBC_HS256         |
42| AES-CBC + HMAC-SHA384 (192) | YES        | jwa.A192CBC_HS384         |
43| AES-CBC + HMAC-SHA512 (256) | YES        | jwa.A256CBC_HS512         |
44| AES-GCM (128)               | YES        | jwa.A128GCM               |
45| AES-GCM (192)               | YES        | jwa.A192GCM               |
46| AES-GCM (256)               | YES        | jwa.A256GCM               |
47
48# SYNOPSIS
49
50## Encrypt data
51
52```go
53func ExampleEncrypt() {
54  privkey, err := rsa.GenerateKey(rand.Reader, 2048)
55  if err != nil {
56    log.Printf("failed to generate private key: %s", err)
57    return
58  }
59
60  payload := []byte("Lorem Ipsum")
61
62  encrypted, err := jwe.Encrypt(payload, jwa.RSA1_5, &privkey.PublicKey, jwa.A128CBC_HS256, jwa.NoCompress)
63  if err != nil {
64    log.Printf("failed to encrypt payload: %s", err)
65    return
66  }
67  _ = encrypted
68  // OUTPUT:
69}
70```
71
72## Decrypt data
73
74```go
75func ExampleDecrypt() {
76  privkey, encrypted, err := exampleGenPayload()
77  if err != nil {
78    log.Printf("failed to generate encrypted payload: %s", err)
79    return
80  }
81
82  decrypted, err := jwe.Decrypt(encrypted, jwa.RSA1_5, privkey)
83  if err != nil {
84    log.Printf("failed to decrypt: %s", err)
85    return
86  }
87
88  if string(decrypted) != "Lorem Ipsum" {
89    log.Printf("WHAT?!")
90    return
91  }
92  // OUTPUT:
93}
94```
95