Skip to main content

EncryptionAlgorithms.KeyManagement Class

Abblix.Jwt

Abblix.Jwt.EncryptionAlgorithms

EncryptionAlgorithms.KeyManagement Class

Key management algorithms ("alg" parameter in the JWE header). These wrap or derive the Content Encryption Key (CEK) that is then used by a content encryption algorithm.

public static class EncryptionAlgorithms.KeyManagement

Inheritance System.Object → KeyManagement

Fields

EncryptionAlgorithms.KeyManagement.Aes128Gcmkw Field

AES-GCM Key Wrap with a 128-bit key (RFC 7518 Section 4.7). Backed by .NET AesGcm. The 96-bit IV and 128-bit authentication tag are carried in the JOSE header parameters iv and tag (RFC 7518 Section 4.7.1); the JWE Encrypted Key is the wrapped-CEK ciphertext.

public const string Aes128Gcmkw = "A128GCMKW";

Field Value

System.String

EncryptionAlgorithms.KeyManagement.Aes128KW Field

AES Key Wrap with 128-bit key. This algorithm uses the AES Key Wrap algorithm (RFC 3394) with a 128-bit key.

public const string Aes128KW = "A128KW";

Field Value

System.String

Remarks

NOT CURRENTLY SUPPORTED: Waiting for native .NET support of RFC 3394 (plain AES Key Wrap). .NET 10 provides RFC 5649 (AES Key Wrap with Padding) which is a different algorithm.

EncryptionAlgorithms.KeyManagement.Aes192Gcmkw Field

AES-GCM Key Wrap with a 192-bit key (RFC 7518 Section 4.7). Backed by .NET AesGcm.

public const string Aes192Gcmkw = "A192GCMKW";

Field Value

System.String

EncryptionAlgorithms.KeyManagement.Aes192KW Field

AES Key Wrap with 192-bit key. This algorithm uses the AES Key Wrap algorithm (RFC 3394) with a 192-bit key.

public const string Aes192KW = "A192KW";

Field Value

System.String

Remarks

NOT CURRENTLY SUPPORTED: Waiting for native .NET support of RFC 3394 (plain AES Key Wrap). .NET 10 provides RFC 5649 (AES Key Wrap with Padding) which is a different algorithm.

EncryptionAlgorithms.KeyManagement.Aes256Gcmkw Field

AES-GCM Key Wrap with a 256-bit key (RFC 7518 Section 4.7). Backed by .NET AesGcm. Recommended choice when both peers can share a symmetric key.

public const string Aes256Gcmkw = "A256GCMKW";

Field Value

System.String

EncryptionAlgorithms.KeyManagement.Aes256KW Field

AES Key Wrap with 256-bit key. This algorithm uses the AES Key Wrap algorithm (RFC 3394) with a 256-bit key.

public const string Aes256KW = "A256KW";

Field Value

System.String

Remarks

NOT CURRENTLY SUPPORTED: Waiting for native .NET support of RFC 3394 (plain AES Key Wrap). .NET 10 provides RFC 5649 (AES Key Wrap with Padding) which is a different algorithm.

EncryptionAlgorithms.KeyManagement.Dir Field

Direct use of a shared symmetric key as the Content Encryption Key (RFC 7518 Section 4.5). No key wrap is performed and the JWE "encrypted_key" is the empty octet sequence. The shared key length must match the key size required by the chosen content encryption algorithm.

public const string Dir = "dir";

Field Value

System.String

EncryptionAlgorithms.KeyManagement.EcdhEs Field

Elliptic Curve Diffie-Hellman Ephemeral Static key agreement. This algorithm uses ECDH-ES to establish a shared secret for key encryption.

public const string EcdhEs = "ECDH-ES";

Field Value

System.String

Remarks

NOT CURRENTLY SUPPORTED: Requires custom implementation of Concat KDF (NIST SP 800-56A). While .NET provides native ECDiffieHellman, the Concat KDF key derivation is not available.

EncryptionAlgorithms.KeyManagement.EcdhEsAes128KW Field

ECDH-ES with AES Key Wrap using 128-bit key. Combines ECDH-ES key agreement with AES-128 Key Wrap.

public const string EcdhEsAes128KW = "ECDH-ES+A128KW";

Field Value

System.String

Remarks

NOT CURRENTLY SUPPORTED: Requires both: 1. Custom Concat KDF (NIST SP 800-56A) for ECDH key derivation 2. Native .NET support of RFC 3394 (plain AES Key Wrap) .NET 10 provides RFC 5649 (AES Key Wrap with Padding) which is a different algorithm.

EncryptionAlgorithms.KeyManagement.EcdhEsAes192KW Field

ECDH-ES with AES Key Wrap using 192-bit key. Combines ECDH-ES key agreement with AES-192 Key Wrap.

public const string EcdhEsAes192KW = "ECDH-ES+A192KW";

Field Value

System.String

Remarks

NOT CURRENTLY SUPPORTED: Requires both: 1. Custom Concat KDF (NIST SP 800-56A) for ECDH key derivation 2. Native .NET support of RFC 3394 (plain AES Key Wrap) .NET 10 provides RFC 5649 (AES Key Wrap with Padding) which is a different algorithm.

EncryptionAlgorithms.KeyManagement.EcdhEsAes256KW Field

ECDH-ES with AES Key Wrap using 256-bit key. Combines ECDH-ES key agreement with AES-256 Key Wrap.

public const string EcdhEsAes256KW = "ECDH-ES+A256KW";

Field Value

System.String

Remarks

NOT CURRENTLY SUPPORTED: Requires both: 1. Custom Concat KDF (NIST SP 800-56A) for ECDH key derivation 2. Native .NET support of RFC 3394 (plain AES Key Wrap) .NET 10 provides RFC 5649 (AES Key Wrap with Padding) which is a different algorithm.

EncryptionAlgorithms.KeyManagement.Pbes2HmacSha256Aes128KW Field

PBES2 with HMAC SHA-256 and AES-128 Key Wrap (RFC 7518 Section 4.8).

public const string Pbes2HmacSha256Aes128KW = "PBES2-HS256+A128KW";

Field Value

System.String

Remarks

NOT CURRENTLY SUPPORTED: requires PBKDF2 plus AES Key Wrap (RFC 3394), neither of which is exposed natively by .NET in the form RFC 7518 mandates.

EncryptionAlgorithms.KeyManagement.Pbes2HmacSha384Aes192KW Field

PBES2 with HMAC SHA-384 and AES-192 Key Wrap (RFC 7518 Section 4.8).

public const string Pbes2HmacSha384Aes192KW = "PBES2-HS384+A192KW";

Field Value

System.String

Remarks

NOT CURRENTLY SUPPORTED. See Pbes2HmacSha256Aes128KW.

EncryptionAlgorithms.KeyManagement.Pbes2HmacSha512Aes256KW Field

PBES2 with HMAC SHA-512 and AES-256 Key Wrap (RFC 7518 Section 4.8).

public const string Pbes2HmacSha512Aes256KW = "PBES2-HS512+A256KW";

Field Value

System.String

Remarks

NOT CURRENTLY SUPPORTED. See Pbes2HmacSha256Aes128KW.

EncryptionAlgorithms.KeyManagement.Rsa1_5 Field

RSAES-PKCS1-v1_5 key encryption (RFC 7518 Section 4.2). Backed by .NET RSA with RSAEncryptionPadding.Pkcs1. Kept for interoperability with legacy peers; OAEP variants should be preferred because PKCS#1 v1.5 padding is vulnerable to chosen-ciphertext attacks (Bleichenbacher).

public const string Rsa1_5 = "RSA1_5";

Field Value

System.String

EncryptionAlgorithms.KeyManagement.RsaOaep Field

RSAES-OAEP with SHA-1 and MGF1-SHA-1 (RFC 7518 Section 4.3). Backed by .NET RSA with RSAEncryptionPadding.OaepSHA1. Use when interoperating with peers that have not adopted RSA-OAEP-256; otherwise prefer RsaOaep256.

public const string RsaOaep = "RSA-OAEP";

Field Value

System.String

EncryptionAlgorithms.KeyManagement.RsaOaep256 Field

RSAES-OAEP with SHA-256 and MGF1-SHA-256 (RFC 7518 Section 4.3). Backed by .NET RSA with RSAEncryptionPadding.OaepSHA256. Recommended choice for new RSA-based JWE deployments.

public const string RsaOaep256 = "RSA-OAEP-256";

Field Value

System.String