JSON Web Encryption


JSON Web Encryption is an IETF standard providing a standardised syntax for the exchange of encrypted data, based on JSON and Base64. It is defined by . Along with JSON Web Signature, it is one of the two possible formats of a JWT. JWE forms part of the JavaScript Object Signing and Encryption suite of protocols.

Vulnerabilities

In March 2017, a serious flaw was discovered in many popular implementations of JWE, the invalid curve attack.
One implementation of an early version of JWE also suffered from Bleichenbacher’s attack.