Is there any standard order for nesting JWS and JWE tokens?
I need to pass JSON-encoded signed (and sometimes additionally encrypted) objects between multiple instances of my software. The obvious choice here is JWT.
Yet, JWT allows apparently to both sign and encrypt a token (JWS and JWE) or nest JWS into a JWE (nested JWE).
While both approaches seem reasonable for me, is there a "standard" way of doing this? I haven't found any specifics on this.
Short answer
When both signing and encryption are necessary, you should first sign the message and then encrypt the result. That is, nesting a JWS into a JWE is a valid approach.
Long answer
JSON Web Token (JWT) is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWT is a generic name for the following types of token:
JSON Web Signature (JWS): The payload is encoded and signed so the integrity of the claims can be verified.
JSON Web Encryption (JWE): They payload is encrypted so the claims are hidden from other parties.
The image was extracted from this page.
JWT allows apparently to both sign and encrypt a token (JWS and JWE) or nest JWS into a JWE (nested JWE).
While both approaches seem reasonable for me, is there a "standard" way of doing this? I haven't found any specifics on this.
The concept of nested JWT is defined in the RFC 7519:
A JWT in which nested signing and/or encryption are employed. In Nested JWTs, a JWT is used as the payload or plaintext value of an enclosing JWS or JWE structure, respectively.
Regarding the order of the operations, it's advisable to first sign the message and then encrypt the result, as mentioned in the same document:
11.2. Signing and Encryption Order
While syntactically the signing and encryption operations for Nested JWTs may be applied in any order, if both signing and encryption are necessary, normally producers should sign the message and then encrypt the result (thus encrypting the signature). This prevents attacks in which the signature is stripped, leaving just an encrypted message, as well as providing privacy for the signer. Furthermore, signatures over encrypted text are not considered valid in many jurisdictions.
- How to convert a JSON string to a dictionary?
- How can I scrape data efficiently and clean it?
- How to convert CSV file to multiline JSON?
- Filter/Remove array object based on value, from nested JSON array object in JavaScript
- Jackson deserialize generic class with field T as POJO or String array
- How to parse nested dictionaries into Pandas DataFrame
- Serialize a Dictionary as JSON object using DataContractJsonSerializer
- How can I parse these hashes turned string, from my Ruby on Rails API so that it's accessible as an object in Javascript?
- How to configure JSON deserialization options in .NET minimal API project
- JSON schema validation of optional fields using Golang
- How to generate multi-level decision tree from a JSON structure using Python?
- Laravel sends JSON headers in body
- python + json file saving
- Rest Spring boot converts a response with duplicate object to id of that object
- How to map table references in a JSON file to corresponding values in an Excel file using Python?
- JavaScript Table Pagination Rendering JSON Data
- Iterating Json attributes and PSCustom Objects
- Pydantic v2 vs requests POST JSON - 'not serializable' nightmares
- JOLT to check the value if it is null keep it as it is else update the value based on the condition
- java json schema validation relative path not working (URI not found)
- Embedding a json image into a typst document
- How to import a JSON file in ECMAScript 6?
- Deserializing JSON list into class objects not able to extract attributes
- Array to JSON array of strings
- How to get JSON.NET to serialize date/time to ISO 8601?
- how to remove json object key and value.?
- Laravel casting JSON to array?
- Check for Table null in Jquery for JSON response
- Get Value From Json object contain table column using SQL Query
- How to specify the response_model in FastAPI on a non-default return?