Search code examples
jwtjwejose

Why does the client need to decrypt JWE?

If I'm using JWE to send an encrypted JSON message, which will be stored on the client-side, for use with authorization, why would the client need to decrypt this message?

Client attaches the JWE token to all requests. Server identifies client using JWE token and responds or denies request. Throughout, only the server can decrypt.

If there's no problem with this structure, what's the best way to implement it? Should I use asymmetric encryption and not provide a public key (is this possible within the JWE spec)?

Along these lines, what's the best way to ensure the JWE token hasn't been intercepted and, though not decrypted, attached to a malicious server request, effectively allowing an attacker to impersonate the client?

Also, are there any other security concerns I'm missing?

Solution

  • If I'm using JWE to send an encrypted JSON message, which will be stored on the client-side, for use with authorization, why would the client need to decrypt this message?

    When the client needs to read some data contained in the JWT, such as the user id or the expiration date. This is not needed in all scenarios.

    Client attaches the JWE token to all requests. Server identifies client using JWE token and responds or denies request.

    Yes, this is the usual authorization flow

    Throughout, only the server can decrypt.

    Not necessarily. The server can encrypt the encryption key with the recipient's public key using for example RSAES-OAEP. Then the recipient will be able to decrypt the JWT with his private key

    If there's no problem with this structure, what's the best way to implement it? Should I use asymmetric encryption and not provide a public key (is this possible within the JWE spec)?

    It depends on your requirement. If you want that a client could decrypt the JWT you need to provide the key or use assymetric encryption and encrypt the message to the recipient

    Along these lines, what's the best way to ensure the JWE token hasn't been intercepted and, though not decrypted, attached to a malicious server request, effectively allowing an attacker to impersonate the client?

    Posession of JWT is the proof-of-authentication. If a token is stolen then the attacker can impersonate user. So you need to protect it to mitigate the risk:

    • Mainly use HTTPS to encrypt the communication channel

    • Store it securely on the client.