I am playing with node-jose
(https://github.com/cisco/node-jose) and it's not helping much.
Should I wrap a JWE in a JWT payload (or the opposite) maybe?
This is a sample code I am using to make some tests:
const jwe = await jose.JWE.createEncrypt(standaloneKey).
update(Buffer.from(JSON.stringify({ somePayloadKey: 'somePayloadValue' }))).
final();
Generates an object like this:
{ recipients:
[ { encrypted_key: '...' } ],
protected: '...',
iv: '...',
ciphertext: '...',
tag: '...' }
Questions
1- How do I pass claims like aud
for example to this generated JWE?
2- And how do I make it valid for a period of time, let's say one hour?
3- What should I pass to the client? The whole object with recipients
, protected
etc?