JSON Web Encryption

JSON Web Encryption (JWE) is an IETF standard providing a standardised syntax for the exchange of encrypted data, based on JSON and Base64. It is defined by RFC7516. Along with JSON Web Signature (JWS), it is one of the two possible formats of a JWT (JSON Web Token). In March 2017, a serious flaw was discovered in many popular implementations of JWE.^[1] JWE forms part of the JavaScript Object Signing and Encryption (JOSE) suite of protocols.^[2] Implementations of early (pre-finalised) versions of JWE also suffered from Bleichenbacher’s attack.^[3]

References

^ Rashid, Fahmida (27 March 2017). "Critical flaw alert! Stop using JSON encryption". InfoWorld. Retrieved 8 June 2018.
^ Fontana, John (January 21, 2013). "Developers getting JSON-based options for enterprise authentication | ZDNet". ZDNet. Retrieved 2018-06-08.
^ Jager, Tibor; Schinzel, Sebastian; Somorovsky, Juraj (2012), "Bleichenbacher's Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption", Computer Security – ESORICS 2012, Springer Berlin Heidelberg, pp. 752–769, CiteSeerX 10.1.1.696.5641, doi:10.1007/978-3-642-33167-1_43, ISBN 9783642331664, retrieved 2018-06-08

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

[1] Rashid, Fahmida (27 March 2017). "Critical flaw alert! Stop using JSON encryption". InfoWorld. Retrieved 8 June 2018.

[2] Fontana, John (January 21, 2013). "Developers getting JSON-based options for enterprise authentication | ZDNet". ZDNet. Retrieved 2018-06-08.

[3] Jager, Tibor; Schinzel, Sebastian; Somorovsky, Juraj (2012), "Bleichenbacher's Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption", Computer Security – ESORICS 2012, Springer Berlin Heidelberg, pp. 752–769, CiteSeerX 10.1.1.696.5641, doi:10.1007/978-3-642-33167-1_43, ISBN 9783642331664, retrieved 2018-06-08

[1]

[2]

[3]