JSON Web Encryption

JSON Web Encryption
JSON Web Encryption
JSON Web Encryption (JWE)
Abbreviation	JWE
Status	Proposed
Year started	16 January 2012
First published	16 January 2012
Latest version	May 2015
Organization	IETF
Series	JOSE
Authors	Michael Jones; Joe Hildebrand;
Domain	Encryption, authentication
Website	datatracker.ietf.org/doc/html/rfc7516

JSON Web Encryption (JWE) is an IETF standard providing a standardized syntax for the exchange of encrypted data, based on JSON and Base64.^[1] It is defined by RFC 7516. Along with JSON Web Signature (JWS), it is one of the two possible formats of a JWT (JSON Web Token). JWE forms part of the JavaScript Object Signing and Encryption (JOSE) suite of protocols.^[2]

Vulnerabilities

In March 2017, a serious flaw was discovered in many popular implementations of JWE, the invalid curve attack.^[3]

One implementation of an early (pre-finalized) version of JWE also suffered from Bleichenbacher’s attack.^[4]

^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

v t e Data exchange formats
Human readable	Atom CSV EDIFACT JSON Web Encryption Web Token Web Signature Property list RDF Rebol TOML TOON XML YAML
Binary	AMF Ascii85 ASN.1 SMI Avro Base32 Base64 Bencode BSON UBJSON Cap'n Proto CBOR FlatBuffers MessagePack Property list Protocol Buffers Thrift Cyphal DSDL XDR uuencode yEnc
Comparison of data-serialization formats