JWE specifies how to encrypt content and encode associated metadata. It is defined in RFC 7516: JSON Web Encryption (JWE).
As indicated in section 3 of the RFC, "JWE represents encrypted content using JSON data structures and base64url encoding." This standard focuses on authenticated encryption.
The structures defined are:
- JOSE Header:
- JWE Encrypted Key
- JWE Initialization Vector
- JWE AAD
- JWE Ciphertext
- JWE Authentication Tag
which can be combined to a higher level protocol:
- JWE Protected Header
- JWE Shared Unprotected Header
- JWE Per-Recipient Unprotected Header
The algorithms to be used are defined in RFC 7518: JSON Web Algorithms (JWA), section 4