In JSON Web Encryption (JWE), the Content Encryption Key (CEK) plays a critical role in encrypting the actual payload. JWE secures the CEK using the following mechanisms:
1. CEK Encryption with Key Management Algorithm
The CEK is encrypted using a key management algorithm, which is specified in the alg header parameter of the JWE. This ensures the CEK is protected during transmission. The algorithm could be:
- RSA: Uses the recipient's public key to encrypt the CEK.
- ECDH-ES: Employs Elliptic Curve Diffie-Hellman for secure key agreement.
- Direct: No separate CEK encryption is used, as the pre-shared key directly acts as the CEK.
2. Layered Encryption
JWE uses two levels of encryption:
- The Content Encryption Key (CEK) encrypts the payload (data).
- The recipient's public key or agreed key encrypts the CEK itself. This layering ensures that even if the payload encryption is robust, the CEK adds another layer of security.
3. CEK Integrity with Authentication
Authenticated encryption modes like AES-GCM ensure that the CEK is not only encrypted but also authenticated. This prevents attackers from tampering with the encrypted CEK.
4. Compact and JSON Serialization
The encrypted CEK is included in the JWE object as a base64url-encoded string. This makes it easy to transmit securely, even over channels that might not support binary data.
5. Advantages of Securing the CEK
- Key Separation: The CEK is distinct from the keys used to encrypt it, isolating the payload's encryption from key management.
- Multiple Recipients: With JWE's ability to encrypt the CEK for multiple recipients, it supports secure sharing of the same payload.
By encrypting the CEK securely, JWE ensures the confidentiality and integrity of the payload, making it a reliable standard for secure data exchange.
