jwt_simple/algorithms/jwe/
mod.rs

1//! JWE (JSON Web Encryption) key management algorithms.
2//!
3//! This module provides implementations of various JWE key management algorithms
4//! as specified in RFC 7518. Each key type is strongly typed to prevent misuse.
5//!
6//! # Supported Algorithms
7//!
8//! ## RSA Key Management
9//! - `RSA-OAEP` - RSA with OAEP using SHA-1
10//!
11//! Note: RSA-OAEP-256 (with SHA-256) is not currently supported because the underlying
12//! boring/superboring crates do not expose the API to specify the OAEP hash function.
13//!
14//! ## Symmetric Key Wrap
15//! - `A256KW` - AES-256 Key Wrap (recommended)
16//! - `A128KW` - AES-128 Key Wrap
17//!
18//! ## ECDH Key Agreement
19//! - `ECDH-ES+A256KW` - ECDH with AES-256 Key Wrap (recommended)
20//! - `ECDH-ES+A128KW` - ECDH with AES-128 Key Wrap
21//!
22//! # Content Encryption
23//!
24//! All key management algorithms support these content encryption algorithms:
25//! - `A256GCM` - AES-256-GCM (default, recommended)
26//! - `A128GCM` - AES-128-GCM
27//!
28//! # Examples
29//!
30//! ## RSA-OAEP
31//!
32//! ```rust
33//! use jwt_simple::prelude::*;
34//!
35//! // Generate a key pair
36//! let decryption_key = RsaOaepDecryptionKey::generate(2048).unwrap();
37//! let encryption_key = decryption_key.encryption_key();
38//!
39//! // Encrypt
40//! let claims = Claims::create(Duration::from_hours(1))
41//!     .with_subject("user@example.com");
42//! let token = encryption_key.encrypt(claims).unwrap();
43//!
44//! // Decrypt
45//! let claims = decryption_key.decrypt_token::<NoCustomClaims>(&token, None).unwrap();
46//! ```
47//!
48//! ## AES Key Wrap
49//!
50//! ```rust
51//! use jwt_simple::prelude::*;
52//!
53//! // Generate a symmetric key
54//! let key = A256KWKey::generate();
55//!
56//! // Encrypt
57//! let claims = Claims::create(Duration::from_hours(1));
58//! let token = key.encrypt(claims).unwrap();
59//!
60//! // Decrypt
61//! let claims = key.decrypt_token::<NoCustomClaims>(&token, None).unwrap();
62//! ```
63//!
64//! ## ECDH-ES+A256KW
65//!
66//! ```rust
67//! use jwt_simple::prelude::*;
68//!
69//! // Generate a key pair
70//! let decryption_key = EcdhEsA256KWDecryptionKey::generate();
71//! let encryption_key = decryption_key.encryption_key();
72//!
73//! // Encrypt
74//! let claims = Claims::create(Duration::from_hours(1));
75//! let token = encryption_key.encrypt(claims).unwrap();
76//!
77//! // Decrypt
78//! let claims = decryption_key.decrypt_token::<NoCustomClaims>(&token, None).unwrap();
79//! ```
80
81pub mod aes_kw;
82pub mod content;
83pub mod ecdh_es;
84pub mod rsa_oaep;
85
86pub use aes_kw::{A128KWKey, A256KWKey};
87pub use content::ContentEncryption;
88pub use ecdh_es::{
89    EcdhEsA128KWDecryptionKey, EcdhEsA128KWEncryptionKey, EcdhEsA256KWDecryptionKey,
90    EcdhEsA256KWEncryptionKey,
91};
92pub use rsa_oaep::{RsaOaepDecryptionKey, RsaOaepEncryptionKey};