Key Wrapping
Key Wrapping shares a symmetric key, kind of like Direct Key Encryption. However, instead of using the shared key as the CEK, it uses it to wrap the actual CEK, so that only a recipient with the correct KEK can unwrap the CEK and decrypt the token.
go
package main
import "github.com/a-novel-kit/jwt/jwe/jwek"
func main() {
// The KEK is shared directly between the producer and the recipient.
var kek []byte
keyDecoder := jwek.NewAESKWDecoder(
&jwek.AESKWDecoderConfig{WrapKey: kek},
jwek.A128KW,
)
}Available presets:
| Preset | Target "alg" |
|---|---|
jwek.A128KW | A128KW |
jwek.A192KW | A192KW |
jwek.A256KW | A256KW |