# JSON Web Encryption (JWE)¶

JSON Web Encryption (JWE) represents encrypted content using JSON-based data structures.

It is assumed that you know all you need to know about key handling if not please spend some time reading keyhandling_ .

When it comes to JWE there are basically 2 things you want to be able to do: encrypt some data and decrypt some encrypted data. I’ll deal with them in that order.

## Encrypting a document¶

This is the high level way of doing things. There are a few steps you have to go through. Let us start with an example and then break it into its parts:

```
>>> from cryptojwt.jwk.rsa import RSAKey
>>> from cryptojwt.jwe.jwe import JWE
>>> priv_key = import_private_rsa_key_from_file(KEY)
>>> pub_key = priv_key.public_key()
>>> encryption_key = RSAKey(use="enc", pub_key=pub_key, kid="some-key-id")
>>> plain = b'Now is the time for all good men to come to the aid of ...'
>>> encryptor = JWE(plain, alg="RSA-OAEP", enc="A256CBC-HS512")
>>> jwe = encryptor.encrypt(keys=[encryption_key], kid="some-key-id")
```

The steps:

- You need an encryption key. The key
MUSTbe an instance of`cryptojwt.jwk.JWK`

.- You need the information that is to be signed. It must be in the form of a string.
- You initiate the encryptor, provide it with the message and other needed information.
- And then you encrypt as described in RFC7516 .

There is a lower level way of doing the same, it will look like this:

```
>>> from cryptojwt.jwk.rsa import import_private_rsa_key_from_file
>>> from cryptojwt.jwe.jwe_rsa import JWE_RSA
>>> priv_key = import_private_rsa_key_from_file('certs/key.pem')
>>> pub_key = priv_key.public_key()
>>> plain = b'Now is the time for all good men to come to the aid of ...'
>>> _rsa = JWE_RSA(plain, alg="RSA-OAEP", enc="A128CBC-HS256")
>>> jwe = _rsa.encrypt(pub_key)
```

Here the key is an cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey
instance and the encryptor is a `cryptojwt.jwe.jew_rsa.JWE_RSA`

instance.

## Decrypting something encrypted¶

Decrypting using the encrypted message above.

```
>>> from cryptojwt.jwe.jwe import factory
>>> from cryptojwt.jwk.rsa import RSAKey
```

```
>>> _decryptor = factory(jwe, alg="RSA-OAEP", enc="A128CBC-HS256")
>>> _dkey = RSAKey(priv_key=priv_key)
>>> msg = _decryptor.decrypt(jwe, [_dkey])
```

or if you know what you’re doing:

```
>>> _decryptor = JWE_RSA()
>>> msg = _decryptor.decrypt(jwe, priv_key)
```