Validating issuer of a security token encrypted with JSON Web Encryption (JWE)?

Question

I've been reading the JSON Web Encryption (JWE) specification, with the latest draft being 08, as we're looking at supporting JSON Web Tokens (JWT) in our authentication server.

Using the asymmetric encryption method it defines, the symmetric key (content master key) is encrypted using the recipients public key. This makes sense so that only the recipient can decrypt it and also be sure that the token was intended for them.

Normally I'd also expect to also see something that proves who the token is from, e.g. a signature created using the issuer's private key which can be verified using their public key. However, the signatures also appear to be derived from either the content master key or the recipient's public key, with no mention of the issuer's private key.

Without this, it seems to me like - as long as the format of token that was expected was known - anybody who has the recipient's public key (i.e. anybody) could generate a valid token; not just a trusted authentication server.

I'm not an expert on cryptography (far from it) so I'm sure I'm missing something here. How does the recipient verify that an asymmetrically encrypted token has come from a trusted issuer?

Given that the JSON Web Signatures (JWS) specification does define signatures that use the issuer's private key and can be validated with their public key, I'm wondering whether the idea is that the payload of the JWE token should be a JWS token?

Answer 1

JWT certainly allows for nested payloads. In fact there's a specific reference to that in the spec, where the cty (content-type) header parameter can be set to JWT to indicate that the payload is in fact another JWT.

So you would most likely create a JWE and wrap it in a JWS, signed with your private key. This also seems to be the conclusion (or at least one solution) from this thread on the JOSE mailing list. There's another related thread on reducing the payload size. In general that mailing list is probably worth keeping an eye on as it's where the people behind the spec hang out.