NeilMadden
commented
2 years ago Right, JOSE is not based on the KEM/DEM paradigm. There is nothing equivalent to the more advanced KEMs. I created a draft some time ago to fit public key authenticated encryption into JOSE, but that is also not quite KEM/DEM based. IMO it's not that simple to retrofit these ideas into JOSE.
Hi Neil,
I just read https://neilmadden.blog/2021/01/22/hybrid-encryption-and-the-kem-dem-paradigm/ while I was experimenting with using encrypted JWKs to secure data encryption keys to encrypt data at rest.
I noticed that you said in the KEMs without RSA that this is roughly equivalent to ECDH-ES algorithm in JOSE.
Is it correct to say that the augmented KEMs you went into in part 2 and part 3 are not standardised under JOSE atm, and ECDH-ES is not sufficient?
Therefore the only way to make use of your augmented KEMs as described here https://neilmadden.blog/2021/02/16/when-a-kem-is-not-enough/ is to use direct algorithm in JOSE.