RFC7516: JSON Web Encryption¶
This section contains the generic implementation of RFC7516. Find how to use it in JWE Guide.
API Reference¶
-
class
authlib.jose.
JsonWebEncryption
(algorithms=None, private_headers=None)¶ -
REGISTERED_HEADER_PARAMETER_NAMES
= frozenset({'alg', 'crit', 'cty', 'enc', 'jku', 'jwk', 'kid', 'typ', 'x5c', 'x5t', 'x5t#S256', 'x5u', 'zip'})¶ Registered Header Parameter Names defined by Section 4.1
-
classmethod
register_algorithm
(algorithm)¶ Register an algorithm for
alg
orenc
orzip
of JWE.
-
serialize_compact
(protected, payload, key)¶ Generate a JWE Compact Serialization. The JWE Compact Serialization represents encrypted content as a compact, URL-safe string. This string is:
BASE64URL(UTF8(JWE Protected Header)) || ‘.’ || BASE64URL(JWE Encrypted Key) || ‘.’ || BASE64URL(JWE Initialization Vector) || ‘.’ || BASE64URL(JWE Ciphertext) || ‘.’ || BASE64URL(JWE Authentication Tag)
Only one recipient is supported by the JWE Compact Serialization and it provides no syntax to represent JWE Shared Unprotected Header, JWE Per-Recipient Unprotected Header, or JWE AAD values.
- Parameters
protected – A dict of protected header
payload – A string/dict of payload
key – Private key used to generate signature
- Returns
byte
-
deserialize_compact
(s, key, decode=None)¶ Exact JWS Compact Serialization, and validate with the given key.
- Parameters
s – text of JWS Compact Serialization
key – key used to verify the signature
decode – a function to decode plaintext data
- Returns
dict
-
-
class
authlib.jose.
JWEAlgorithm
¶ Interface for JWE algorithm. JWA specification (RFC7518) SHOULD implement the algorithms for JWE with this base implementation.
-
class
authlib.jose.
JWEEncAlgorithm
¶ -
encrypt
(msg, aad, iv, key)¶ Encrypt the given “msg” text.
- Parameters
msg – text to be encrypt in bytes
aad – additional authenticated data in bytes
iv – initialization vector in bytes
key – encrypted key in bytes
- Returns
(ciphertext, iv, tag)
-
decrypt
(ciphertext, aad, iv, tag, key)¶ Decrypt the given cipher text.
- Parameters
ciphertext – ciphertext in bytes
aad – additional authenticated data in bytes
iv – initialization vector in bytes
tag – authentication tag in bytes
key – encrypted key in bytes
- Returns
message
-
-
class
authlib.jose.
JWEZipAlgorithm
¶