Skip to main content
Deno 2 is finally here 🎉️
Learn more
Module

x/jose/jwt/encrypt.ts>EncryptJWT

"JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes.
panva/jose
Extremely Popular
Go to Latest
class EncryptJWT
extends ProduceJWT
import { EncryptJWT } from "https://deno.land/x/jose@v4.13.0/jwt/encrypt.ts";

The EncryptJWT class is a utility for creating Compact JWE formatted JWT strings.

Examples

Usage

const secret = jose.base64url.decode('zH4NRP1HMALxxCFnRZABFA7GOJtzU_gIj02alfL1lvI')
const jwt = await new jose.EncryptJWT({ 'urn:example:claim': true })
  .setProtectedHeader({ alg: 'dir', enc: 'A128CBC-HS256' })
  .setIssuedAt()
  .setIssuer('urn:example:issuer')
  .setAudience('urn:example:audience')
  .setExpirationTime('2h')
  .encrypt(secret)

console.log(jwt)

Properties

private
_cek: Uint8Array
private
_iv: Uint8Array
private
_keyManagementParameters: JWEKeyManagementHeaderParameters
private
_protectedHeader: CompactJWEHeaderParameters
private
_replicateAudienceAsHeader: boolean
private
_replicateIssuerAsHeader: boolean
private
_replicateSubjectAsHeader: boolean

Methods

encrypt(key: KeyLike | Uint8Array, options?: EncryptOptions): Promise<string>

Encrypts and returns the JWT.

replicateAudienceAsHeader()

Replicates the "aud" (Audience) Claim as a JWE Protected Header Parameter as per RFC7519#section-5.3.

replicateIssuerAsHeader()

Replicates the "iss" (Issuer) Claim as a JWE Protected Header Parameter as per RFC7519#section-5.3.

replicateSubjectAsHeader()

Replicates the "sub" (Subject) Claim as a JWE Protected Header Parameter as per RFC7519#section-5.3.

deprecated
setContentEncryptionKey(cek: Uint8Array)

Sets a content encryption key to use, by default a random suitable one is generated for the JWE enc" (Encryption Algorithm) Header Parameter.

deprecated
setInitializationVector(iv: Uint8Array)

Sets the JWE Initialization Vector to use for content encryption, by default a random suitable one is generated for the JWE enc" (Encryption Algorithm) Header Parameter.

setKeyManagementParameters(parameters: JWEKeyManagementHeaderParameters)

Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is really only needed for ECDH based algorithms when utilizing the Agreement PartyUInfo or Agreement PartyVInfo parameters. Other parameters will always be randomly generated when needed and missing.

setProtectedHeader(protectedHeader: CompactJWEHeaderParameters)

Sets the JWE Protected Header on the EncryptJWT object.