jam.jose.jwe

jwe

Classes:

Name	Description
JWE	JWE (JSON Web Encryption) implementation - RFC 7516.

JWE

JWE(
    alg: str,
    enc: str,
    key: KeyLike | JWK,
    password: bytes | None = None,
    serializer: BaseEncoder
    | type[BaseEncoder] = JsonEncoder,
    logger: BaseLogger = logger,
)

Bases: BaseJWE

JWE (JSON Web Encryption) implementation - RFC 7516.

Provides encryption and decryption of data using JWK keys.

Example

>>> jwk = JWK.from_dict({"kty": "oct", "k": "your-secret-key"})
>>> jwe = JWE(alg="A128KW", enc="A128CBC-HS256", key=jwk)
>>> token = jwe.encrypt("secret data")
>>> plaintext = jwe.decrypt(token)

Parameters:

Name	Type	Description	Default
alg	str	Key management algorithm (e.g., "A128KW", "RSA-OAEP").	required
enc	str	Content encryption algorithm (e.g., "A128CBC-HS256", "A256GCM").	required
key	KeyLike | JWK	Key for encryption/decryption. Can be KeyLike or JWK.	required
password	bytes | None	Password for encrypted private keys.	None
serializer	BaseEncoder | type[BaseEncoder]	Encoder for serializing/deserializing JSON data.	JsonEncoder
logger	BaseLogger	Logger instance.	logger

Methods:

Name	Description
decrypt	Decrypt JWE token.
encrypt	Encrypt plaintext.

decrypt

decrypt(token: str) -> bytes

Decrypt JWE token.

Parameters:

Name	Type	Description	Default
token	str	JWE compact serialization string.	required

Returns:

Type	Description
bytes	Decrypted plaintext bytes.

Raises:

Type	Description
JamJWEDecryptionError	If decryption fails.

encrypt

encrypt(
    plaintext: bytes | str | dict[str, Any],
    header: dict[str, Any] | None = None,
) -> str

Encrypt plaintext.

Parameters:

Name	Type	Description	Default
plaintext	bytes | str | dict[str, Any]	Data to encrypt. If str, will be encoded to UTF-8. If dict, will be serialized using self._serializer.	required
header	dict[str, Any] | None	Additional JWE header.	None

Returns:

Type	Description
str	JWE compact serialization string.

Raises:

Type	Description
JamJWEEncryptionError	If encryption fails.