Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [jose]

JSON Object Signing and Encryption (JOSE) is a generic name for applications that use the JSON Web Signature and JSON Web Encryption (JWS and JWE) standards and derived technology such as JSON Web Token (JWT).

Note that JOSE stands for JSON Object Siging and Encryption, while JSON stands for JavaScript Object Notation, a specification that makes it easy to serialize JavaScript objects using a textual notation. JSON is by now supported by many other languages / runtimes as well.

This tag could be used for applications that use both JWS and JWE, otherwise it may be better to simply indicate or , especially when running out of tags. If something is about a particular algorithm definition, specify instead.

7 questions
6
votes
1 answer

How does the Concat KDF work?

I am writing an application using JSON Web Encryption with ECDH using the X25519 Curve. The RFC says that ECHD-ES derived secret is run through a Concat KDF. Given that many cryptographers seem to be bashing JWT and the JOSE standard for having too…
ams
  • 701
  • 1
  • 8
  • 14
4
votes
1 answer

How does JOSE/JWE make use of ECDH when encrypting/decrypting messages?

Disclaimer: I first posted this question on security.stackexchange some minutes ago but deleted it, this is probably a better place for it. My goal is to use JWE with hybrid encryption (ECDH+AES) for exchanging sensitive data with another party.…
ceaaj
  • 43
  • 4
3
votes
2 answers

JSON AES-128: Security against known plaintext attack

I have a system where I am transmitting JSON messages securely (using for example AES-128), where each message has the same format. For example: {"d":{"status":"success"}} {"d":{"error":"Message length too long"}} Where every plain-text message is…
Matthew
  • 247
  • 1
  • 11
3
votes
1 answer

Why do COSE and JOSE use their own format for SEC#1 and PKCS#1 keys?

PKCS#1 specify its keys as DER-encoded ASN.1 data structure types, so it's understandable to invent a format that admit lightweight parser with CBOR. But I don't see why it is necessary to invent key format to hold SEC#1 keys in COSE or JOSE, since…
DannyNiu
  • 10,640
  • 2
  • 27
  • 64
2
votes
1 answer

JWE between Android/iPhone and backend

I'm working on a solution where JWE is needed between an Android app and a backend written in Node.JS, using node-jose. I've been struggling a lot since it seems there is no out of the box compatibility between Android - if you want to use the HW…
JHH
  • 121
  • 4
1
vote
0 answers

Why doesn't the JOSE suite/JWA include ECIES?

The JOSE suite specifics use of RSA-OAEP (for when one party has an RSA key) and ECDH (for when two parties have EC keys) in JWA. Why doesn't it include ECIES? It seems like a way to derive a key when only one party has an EC key would be a common…
kag0
  • 115
  • 3
1
vote
0 answers

Custom key for key wrapping using JOSE/JWK

I am trying to figure out how to use a custom password with a JWK that uses the password for key wrapping. The JWA spec contains for example "PBES2-HS512+A256KW", which does "PBES2 with HMAC SHA-512 and 'A256KW' wrapping". So, if I understand…
enzian
  • 121
  • 3