As far as I know JWE (JSON Web Encryption) supports both integrity and confidentiality. I agree about the confedintiality because only the recepient with a private key can decrypt a message. What about the integrity? Given that the Content encryption key is encrypted using a public key, anyone (who knows the public key) can generate JWE and receipent won’t know for sure whether its coming from the specific sender.
Can a sender somehow sign the JWE using its own private key (note that this another key pair) so that the recipient can verify the integrity?
