Encrypting base64url encoded JWTs?

decentralized-identity / papers

Notes, ideas, and write-ups from DIF members and collaborators

Apache License 2.0

40 stars 7 forks source link

Encrypting base64url encoded JWTs? #40

Closed coder5876 closed 4 years ago

coder5876 commented 4 years ago

When encrypting a message using JWE where the message is a JWT with header and signature, should we use the base64url encoding of the JWT as the message to encrypt, or use the regular ASCII encoding?

tplooker commented 4 years ago

What you are describing I believe is a "nested JWT" (e.g JWS wrapped by a JWE), for this to be valid the inner JWS must be expressed in JWS compact serialisation (base64url safe period delimited form) as that is the only form of JWS that is valid in the JWT specification. The outer JWE must also be expressed in JWE compact serialization.

coder5876 commented 4 years ago

@tplooker Ok great, thanks! That answers my question!

tplooker commented 4 years ago

Cool! @christianlundkvist @awoie shall we close this one then or do we need to amend the specification text to make this clearer?

awoie commented 4 years ago

Yes, we can close that issue.