Looking at RFC 7515 and RFC 7516, I was trying to understand what the proper mime type for the JWE should be. It looks like JWE and JWS share the JOSE header information, and JWS defines its mime type as application/jose
. JWE has no explicit media type information. But since the name is "jose" and both use JOSE header, I assume both should use the same mime type (also because JOSE stands for ... Signing and Encryption).
In this case, how do I differentiate between signed and/or encrypted messages? By value of the alg
property? Or by presence/value of enc
property?
To summarize:
If I only paid more attention to the original RFC, I would have noticed that there is a section for this particular purpose (section 9).
In short, the code should examine presence of payload
, ciphertext
or enc
properties, or by checking the value of alg
. Alternatively, count period separators if compact serialization is used.
This also implies that the mime type for both is the same.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With