JSON Web Encryption
===================

JSON Web Encryption (JWE) are used to encrypt a payload and represent it as a
compact URL-safe string.

Supported Content Encryption Algorithms
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The following algorithms are currently supported.

+------------------+------------------------------------------------+
| Encryption Value | Encryption Algorithm, Mode, and Auth Tag       |
+==================+================================================+
| A128CBC_HS256    | AES w/128 bit key in CBC mode w/SHA256 HMAC    |
+------------------+------------------------------------------------+
| A192CBC_HS384    | AES w/128 bit key in CBC mode w/SHA256 HMAC    |
+------------------+------------------------------------------------+
| A256CBC_HS512    | AES w/128 bit key in CBC mode w/SHA256 HMAC    |
+------------------+------------------------------------------------+
| A128GCM          | AES w/128 bit key in GCM mode and GCM auth tag |
+------------------+------------------------------------------------+
| A192GCM          | AES w/192 bit key in GCM mode and GCM auth tag |
+------------------+------------------------------------------------+
| A256GCM          | AES w/256 bit key in GCM mode and GCM auth tag |
+------------------+------------------------------------------------+

Supported Key Management Algorithms
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The following algorithms are currently supported.

+-----------------+------------------------------------------------+
| Algorithm Value | Key Wrap Algorithm                             |
+=================+================================================+
| DIR             | Direct (no key wrap)                           |
+-----------------+------------------------------------------------+
| RSA1_5          | RSAES with PKCS1 v1.5                          |
+-----------------+------------------------------------------------+
| RSA_OAEP        | RSAES OAEP using default parameters            |
+-----------------+------------------------------------------------+
| RSA_OAEP_256    | RSAES OAEP using SHA-256 and MGF1 with SHA-256 |
+-----------------+------------------------------------------------+
| A128KW          | AES Key Wrap with default IV using 128-bit key |
+-----------------+------------------------------------------------+
| A192KW   m      | AES Key Wrap with default IV using 192-bit key |
+-----------------+------------------------------------------------+
| A256KW          | AES Key Wrap with default IV using 256-bit key |
+-----------------+------------------------------------------------+

Examples
^^^^^^^^

Encrypting Payloads
-------------------

.. code:: python

        >>> from jose import jwe
        >>> jwe.encrypt('Hello, World!', 'asecret128bitkey', algorithm='dir', encryption='A128GCM')
        'eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4R0NNIn0..McILMB3dYsNJSuhcDzQshA.OfX9H_mcUpHDeRM4IA.CcnTWqaqxNsjT4eCaUABSg'


Decrypting Payloads
--------------------------

.. code:: python

        >>> from jose import jwe
        >>> jwe.decrypt('eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4R0NNIn0..McILMB3dYsNJSuhcDzQshA.OfX9H_mcUpHDeRM4IA.CcnTWqaqxNsjT4eCaUABSg', 'asecret128bitkey')
        'Hello, World!'
