1# JWE [](https://pkg.go.dev/github.com/lestrrat-go/jwx/jwe)
2
3Package jwe implements JWE as described in [RFC7516](https://tools.ietf.org/html/rfc7516)
4
5* Encrypt and Decrypt arbitrary data
6* Content compression and decompression
7* Add arbitrary fields in the JWE header object
8
9How-to style documentation can be found in the [docs directory](../docs).
10
11Examples are located in the examples directory ([jwe_example_test.go](../examples/jwe_example_test.go))
12
13Supported key encryption algorithm:
14
15| Algorithm | Supported? | Constant in [jwa](../jwa) |
16|:-----------------------------------------|:-----------|:-------------------------|
17| RSA-PKCS1v1.5 | YES | jwa.RSA1_5 |
18| RSA-OAEP-SHA1 | YES | jwa.RSA_OAEP |
19| RSA-OAEP-SHA256 | YES | jwa.RSA_OAEP_256 |
20| AES key wrap (128) | YES | jwa.A128KW |
21| AES key wrap (192) | YES | jwa.A192KW |
22| AES key wrap (256) | YES | jwa.A256KW |
23| Direct encryption | YES (1) | jwa.DIRECT |
24| ECDH-ES | YES (1) | jwa.ECDH_ES |
25| ECDH-ES + AES key wrap (128) | YES | jwa.ECDH_ES_A128KW |
26| ECDH-ES + AES key wrap (192) | YES | jwa.ECDH_ES_A192KW |
27| ECDH-ES + AES key wrap (256) | YES | jwa.ECDH_ES_A256KW |
28| AES-GCM key wrap (128) | YES | jwa.A128GCMKW |
29| AES-GCM key wrap (192) | YES | jwa.A192GCMKW |
30| AES-GCM key wrap (256) | YES | jwa.A256GCMKW |
31| PBES2 + HMAC-SHA256 + AES key wrap (128) | YES | jwa.PBES2_HS256_A128KW |
32| PBES2 + HMAC-SHA384 + AES key wrap (192) | YES | jwa.PBES2_HS384_A192KW |
33| PBES2 + HMAC-SHA512 + AES key wrap (256) | YES | jwa.PBES2_HS512_A256KW |
34
35* Note 1: Single-recipient only
36
37Supported content encryption algorithm:
38
39| Algorithm | Supported? | Constant in [jwa](../jwa) |
40|:----------------------------|:-----------|:--------------------------|
41| AES-CBC + HMAC-SHA256 (128) | YES | jwa.A128CBC_HS256 |
42| AES-CBC + HMAC-SHA384 (192) | YES | jwa.A192CBC_HS384 |
43| AES-CBC + HMAC-SHA512 (256) | YES | jwa.A256CBC_HS512 |
44| AES-GCM (128) | YES | jwa.A128GCM |
45| AES-GCM (192) | YES | jwa.A192GCM |
46| AES-GCM (256) | YES | jwa.A256GCM |
47
48# SYNOPSIS
49
50## Encrypt data
51
52```go
53func ExampleEncrypt() {
54 privkey, err := rsa.GenerateKey(rand.Reader, 2048)
55 if err != nil {
56 log.Printf("failed to generate private key: %s", err)
57 return
58 }
59
60 payload := []byte("Lorem Ipsum")
61
62 encrypted, err := jwe.Encrypt(payload, jwa.RSA1_5, &privkey.PublicKey, jwa.A128CBC_HS256, jwa.NoCompress)
63 if err != nil {
64 log.Printf("failed to encrypt payload: %s", err)
65 return
66 }
67 _ = encrypted
68 // OUTPUT:
69}
70```
71
72## Decrypt data
73
74```go
75func ExampleDecrypt() {
76 privkey, encrypted, err := exampleGenPayload()
77 if err != nil {
78 log.Printf("failed to generate encrypted payload: %s", err)
79 return
80 }
81
82 decrypted, err := jwe.Decrypt(encrypted, jwa.RSA1_5, privkey)
83 if err != nil {
84 log.Printf("failed to decrypt: %s", err)
85 return
86 }
87
88 if string(decrypted) != "Lorem Ipsum" {
89 log.Printf("WHAT?!")
90 return
91 }
92 // OUTPUT:
93}
94```
View as plain text