Questions tagged [jose]
JSON Object Signing and Encryption (JOSE) is a generic name for applications that use the JSON Web Signature and JSON Web Encryption (JWS and JWE) standards and derived technology such as JSON Web Token (JWT).
7 questions
3
votes
1
answer
130
views
Why do COSE and JOSE use their own format for SEC#1 and PKCS#1 keys?
PKCS#1 specify its keys as DER-encoded ASN.1 data structure types, so it's understandable to invent a format that admit lightweight parser with CBOR. But I don't see why it is necessary to invent key ...
4
votes
1
answer
2k
views
How does JOSE/JWE make use of ECDH when encrypting/decrypting messages?
Disclaimer: I first posted this question on security.stackexchange some minutes ago but deleted it, this is probably a better place for it.
My goal is to use JWE with hybrid encryption (ECDH+AES) for ...
1
vote
0
answers
120
views
Custom key for key wrapping using JOSE/JWK
I am trying to figure out how to use a custom password with a JWK that uses the password for key wrapping. The JWA spec contains for example "PBES2-HS512+A256KW", which does "PBES2 with ...
6
votes
1
answer
4k
views
How does the Concat KDF work?
I am writing an application using JSON Web Encryption with ECDH using the X25519 Curve. The RFC says that ECHD-ES derived secret is run through a Concat KDF.
Given ...
2
votes
1
answer
903
views
JWE between Android/iPhone and backend
I'm working on a solution where JWE is needed between an Android app and a backend written in Node.JS, using node-jose. I've been struggling a lot since it seems ...
1
vote
0
answers
189
views
Why doesn't the JOSE suite/JWA include ECIES?
The JOSE suite specifics use of RSA-OAEP (for when one party has an RSA key) and ECDH (for when two parties have EC keys) in JWA.
Why doesn't it include ECIES? It seems like a way to derive a key ...
3
votes
2
answers
2k
views
JSON AES-128: Security against known plaintext attack
I have a system where I am transmitting JSON messages securely (using for example AES-128), where each message has the same format.
For example:
...