Hey all, I'm working on a module for Flask that allows it to use JWE as a quick plugin. In my testing, I've run into a situation where I'm using RSAES (RSAES-OAEP, RSAES-1_5) and I want to return a JWS. It seems like there could be 2 ways of going about this, but I don't believe that the RFC addresses it:
1. RSAES one way, CEK-only on the way back 2. RSAES two way, with an EPK included on the originator's JWE sent to the remote end I like #2 myself because it uses a fresh CEK for each part of the request / response. It's possible I'm missing something in the RFC, but I'm still unable to find it after reading through it a few times, especially because EPK is specified only for use with ECDH-ES algorithms. Best, - Matt _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
