RFC7516: JSON Web Encryption¶

API Reference¶

class authlib.jose.JsonWebEncryption(algorithms, private_headers=None)¶

REGISTERED_HEADER_PARAMETER_NAMES = frozenset({'jwk', 'crit', 'alg', 'x5t', 'typ', 'zip', 'kid', 'x5c', 'enc', 'x5u', 'cty', 'jku', 'x5t#S256'})¶

Registered Header Parameter Names defined by Section 4.1

JWE_AVAILABLE_ALGORITHMS = {'A128CBC-HS256': <authlib.jose.rfc7518._backends._jwe_enc_cryptography.CBCHS2EncAlgorithm object>, 'A128GCM': <authlib.jose.rfc7518._backends._jwe_enc_cryptography.GCMEncAlgorithm object>, 'A128GCMKW': <authlib.jose.rfc7518._backends._jwe_alg_cryptography.AESGCMAlgorithm object>, 'A128KW': <authlib.jose.rfc7518._backends._jwe_alg_cryptography.AESAlgorithm object>, 'A192CBC-HS384': <authlib.jose.rfc7518._backends._jwe_enc_cryptography.CBCHS2EncAlgorithm object>, 'A192GCM': <authlib.jose.rfc7518._backends._jwe_enc_cryptography.GCMEncAlgorithm object>, 'A192GCMKW': <authlib.jose.rfc7518._backends._jwe_alg_cryptography.AESGCMAlgorithm object>, 'A192KW': <authlib.jose.rfc7518._backends._jwe_alg_cryptography.AESAlgorithm object>, 'A256CBC-HS512': <authlib.jose.rfc7518._backends._jwe_enc_cryptography.CBCHS2EncAlgorithm object>, 'A256GCM': <authlib.jose.rfc7518._backends._jwe_enc_cryptography.GCMEncAlgorithm object>, 'A256GCMKW': <authlib.jose.rfc7518._backends._jwe_alg_cryptography.AESGCMAlgorithm object>, 'A256KW': <authlib.jose.rfc7518._backends._jwe_alg_cryptography.AESAlgorithm object>, 'DEF': <authlib.jose.rfc7518.jwe_algorithms.DeflateZipAlgorithm object>, 'ECDH-ES': <authlib.jose.rfc7518._backends._jwe_alg_cryptography.ECDHAlgorithm object>, 'ECDH-ES+A128KW': <authlib.jose.rfc7518._backends._jwe_alg_cryptography.ECDHAlgorithm object>, 'ECDH-ES+A192KW': <authlib.jose.rfc7518._backends._jwe_alg_cryptography.ECDHAlgorithm object>, 'ECDH-ES+A256KW': <authlib.jose.rfc7518._backends._jwe_alg_cryptography.ECDHAlgorithm object>, 'RSA-OAEP': <authlib.jose.rfc7518._backends._jwe_alg_cryptography.RSAAlgorithm object>, 'RSA-OAEP-256': <authlib.jose.rfc7518._backends._jwe_alg_cryptography.RSAAlgorithm object>, 'RSA1_5': <authlib.jose.rfc7518._backends._jwe_alg_cryptography.RSAAlgorithm object>, 'dir': <authlib.jose.rfc7518.jwe_algorithms.DirectAlgorithm object>}¶

Defined available JWS algorithms

register_algorithm(algorithm)¶

Register an algorithm for alg or enc or zip of JWE.

serialize_compact(protected, payload, key)¶

Generate a JWE Compact Serialization. The JWE Compact Serialization represents encrypted content as a compact, URL-safe string. This string is:

BASE64URL(UTF8(JWE Protected Header)) || ‘.’ || BASE64URL(JWE Encrypted Key) || ‘.’ || BASE64URL(JWE Initialization Vector) || ‘.’ || BASE64URL(JWE Ciphertext) || ‘.’ || BASE64URL(JWE Authentication Tag)

Only one recipient is supported by the JWE Compact Serialization and it provides no syntax to represent JWE Shared Unprotected Header, JWE Per-Recipient Unprotected Header, or JWE AAD values.

Parameters:	protected – A dict of protected header payload – A string/dict of payload key – Private key used to generate signature
Returns:	byte

deserialize_compact(s, key, decode=None)¶

Exact JWS Compact Serialization, and validate with the given key.

Parameters:	s – text of JWS Compact Serialization key – key used to verify the signature decode – a function to decode plaintext data
Returns:	dict

class authlib.jose.JWEAlgorithm¶

Interface for JWE algorithm. JWA specification (RFC7518) SHOULD implement the algorithms for JWE with this base implementation.

class authlib.jose.JWEEncAlgorithm¶

encrypt(msg, aad, iv, key)¶

Encrypt the given “msg” text.

Parameters:	msg – text to be encrypt in bytes aad – additional authenticated data in bytes iv – initialization vector in bytes key – encrypted key in bytes
Returns:	(ciphertext, iv, tag)

decrypt(ciphertext, aad, iv, tag, key)¶

Decrypt the given cipher text.

Parameters:	ciphertext – ciphertext in bytes aad – additional authenticated data in bytes iv – initialization vector in bytes tag – authentication tag in bytes key – encrypted key in bytes
Returns:	message

class authlib.jose.JWEZipAlgorithm¶