JSON Web Encryption
   HOME

TheInfoList



Click Here for Items Related To - JSON Web Encryption
OR:
JSON Web Encryption on:   [Wikipedia]   [Google]   [Amazon]

JSON Web Encryption (JWE) is an
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...
standard providing a standardised syntax for the exchange of encrypted data, based on
JSON JSON (JavaScript Object Notation, pronounced ; also ) is an open standard file format and data interchange format that uses human-readable text to store and transmit data objects consisting of attribute–value pairs and arrays (or other s ...
and
Base64 In computer programming, Base64 is a group of binary-to-text encoding schemes that represent binary data (more specifically, a sequence of 8-bit bytes) in sequences of 24 bits that can be represented by four 6-bit Base64 digits. Common to all bina ...
. It is defined by . Along with JSON Web Signature (JWS), it is one of the two possible formats of a JWT (
JSON Web Token JSON Web Token (JWT, pronounced , same as the word "jot") is a proposed Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed ei ...
). JWE forms part of the
JavaScript Object Signing and Encryption JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of websites use JavaScript on the client side for webpage behavior, often ...
(JOSE) suite of protocols.


Vulnerabilities

In March 2017, a serious flaw was discovered in many popular implementations of JWE, the invalid curve attack. One implementation of an early (pre-finalised) version of JWE also suffered from
Bleichenbacher’s attack An adaptive chosen-ciphertext attack (abbreviated as CCA2) is an interactive form of chosen-ciphertext attack in which an attacker first sends a number of ciphertexts to be decrypted chosen adaptively, and then uses the results to distinguish a ta ...
.


References

{{Data exchange JSON Internet Standards Cryptographic protocols