EncryptionAlgorithms.KeyManagement Class
Abblix.Jwt
Abblix.Jwt.EncryptionAlgorithms
EncryptionAlgorithms.KeyManagement Class
Key management algorithms ("alg" parameter in the JWE header). These wrap or derive the Content Encryption Key (CEK) that is then used by a content encryption algorithm.
public static class EncryptionAlgorithms.KeyManagement
Inheritance System.Object → KeyManagement
Fields
EncryptionAlgorithms.KeyManagement.Aes128Gcmkw Field
AES-GCM Key Wrap with a 128-bit key (RFC 7518 Section 4.7). Backed by .NET AesGcm.
The 96-bit IV and 128-bit authentication tag are carried in the JOSE header parameters
iv and tag (RFC 7518 Section 4.7.1); the JWE Encrypted Key is the wrapped-CEK ciphertext.
public const string Aes128Gcmkw = "A128GCMKW";
Field Value
EncryptionAlgorithms.KeyManagement.Aes128KW Field
AES Key Wrap with 128-bit key. This algorithm uses the AES Key Wrap algorithm (RFC 3394) with a 128-bit key.
public const string Aes128KW = "A128KW";
Field Value
Remarks
NOT CURRENTLY SUPPORTED: Waiting for native .NET support of RFC 3394 (plain AES Key Wrap). .NET 10 provides RFC 5649 (AES Key Wrap with Padding) which is a different algorithm.
EncryptionAlgorithms.KeyManagement.Aes192Gcmkw Field
AES-GCM Key Wrap with a 192-bit key (RFC 7518 Section 4.7). Backed by .NET AesGcm.
public const string Aes192Gcmkw = "A192GCMKW";
Field Value
EncryptionAlgorithms.KeyManagement.Aes192KW Field
AES Key Wrap with 192-bit key. This algorithm uses the AES Key Wrap algorithm (RFC 3394) with a 192-bit key.
public const string Aes192KW = "A192KW";
Field Value
Remarks
NOT CURRENTLY SUPPORTED: Waiting for native .NET support of RFC 3394 (plain AES Key Wrap). .NET 10 provides RFC 5649 (AES Key Wrap with Padding) which is a different algorithm.
EncryptionAlgorithms.KeyManagement.Aes256Gcmkw Field
AES-GCM Key Wrap with a 256-bit key (RFC 7518 Section 4.7). Backed by .NET AesGcm.
Recommended choice when both peers can share a symmetric key.
public const string Aes256Gcmkw = "A256GCMKW";
Field Value
EncryptionAlgorithms.KeyManagement.Aes256KW Field
AES Key Wrap with 256-bit key. This algorithm uses the AES Key Wrap algorithm (RFC 3394) with a 256-bit key.
public const string Aes256KW = "A256KW";
Field Value
Remarks
NOT CURRENTLY SUPPORTED: Waiting for native .NET support of RFC 3394 (plain AES Key Wrap). .NET 10 provides RFC 5649 (AES Key Wrap with Padding) which is a different algorithm.
EncryptionAlgorithms.KeyManagement.Dir Field
Direct use of a shared symmetric key as the Content Encryption Key (RFC 7518 Section 4.5). No key wrap is performed and the JWE "encrypted_key" is the empty octet sequence. The shared key length must match the key size required by the chosen content encryption algorithm.
public const string Dir = "dir";
Field Value
EncryptionAlgorithms.KeyManagement.EcdhEs Field
Elliptic Curve Diffie-Hellman Ephemeral Static key agreement. This algorithm uses ECDH-ES to establish a shared secret for key encryption.
public const string EcdhEs = "ECDH-ES";
Field Value
Remarks
NOT CURRENTLY SUPPORTED: Requires custom implementation of Concat KDF (NIST SP 800-56A). While .NET provides native ECDiffieHellman, the Concat KDF key derivation is not available.
EncryptionAlgorithms.KeyManagement.EcdhEsAes128KW Field
ECDH-ES with AES Key Wrap using 128-bit key. Combines ECDH-ES key agreement with AES-128 Key Wrap.
public const string EcdhEsAes128KW = "ECDH-ES+A128KW";
Field Value
Remarks
NOT CURRENTLY SUPPORTED: Requires both: 1. Custom Concat KDF (NIST SP 800-56A) for ECDH key derivation 2. Native .NET support of RFC 3394 (plain AES Key Wrap) .NET 10 provides RFC 5649 (AES Key Wrap with Padding) which is a different algorithm.
EncryptionAlgorithms.KeyManagement.EcdhEsAes192KW Field
ECDH-ES with AES Key Wrap using 192-bit key. Combines ECDH-ES key agreement with AES-192 Key Wrap.
public const string EcdhEsAes192KW = "ECDH-ES+A192KW";
Field Value
Remarks
NOT CURRENTLY SUPPORTED: Requires both: 1. Custom Concat KDF (NIST SP 800-56A) for ECDH key derivation 2. Native .NET support of RFC 3394 (plain AES Key Wrap) .NET 10 provides RFC 5649 (AES Key Wrap with Padding) which is a different algorithm.
EncryptionAlgorithms.KeyManagement.EcdhEsAes256KW Field
ECDH-ES with AES Key Wrap using 256-bit key. Combines ECDH-ES key agreement with AES-256 Key Wrap.
public const string EcdhEsAes256KW = "ECDH-ES+A256KW";
Field Value
Remarks
NOT CURRENTLY SUPPORTED: Requires both: 1. Custom Concat KDF (NIST SP 800-56A) for ECDH key derivation 2. Native .NET support of RFC 3394 (plain AES Key Wrap) .NET 10 provides RFC 5649 (AES Key Wrap with Padding) which is a different algorithm.
EncryptionAlgorithms.KeyManagement.Pbes2HmacSha256Aes128KW Field
PBES2 with HMAC SHA-256 and AES-128 Key Wrap (RFC 7518 Section 4.8).
public const string Pbes2HmacSha256Aes128KW = "PBES2-HS256+A128KW";
Field Value
Remarks
NOT CURRENTLY SUPPORTED: requires PBKDF2 plus AES Key Wrap (RFC 3394), neither of which is exposed natively by .NET in the form RFC 7518 mandates.
EncryptionAlgorithms.KeyManagement.Pbes2HmacSha384Aes192KW Field
PBES2 with HMAC SHA-384 and AES-192 Key Wrap (RFC 7518 Section 4.8).
public const string Pbes2HmacSha384Aes192KW = "PBES2-HS384+A192KW";
Field Value
Remarks
NOT CURRENTLY SUPPORTED. See Pbes2HmacSha256Aes128KW.
EncryptionAlgorithms.KeyManagement.Pbes2HmacSha512Aes256KW Field
PBES2 with HMAC SHA-512 and AES-256 Key Wrap (RFC 7518 Section 4.8).
public const string Pbes2HmacSha512Aes256KW = "PBES2-HS512+A256KW";
Field Value
Remarks
NOT CURRENTLY SUPPORTED. See Pbes2HmacSha256Aes128KW.
EncryptionAlgorithms.KeyManagement.Rsa1_5 Field
RSAES-PKCS1-v1_5 key encryption (RFC 7518 Section 4.2). Backed by .NET RSA
with RSAEncryptionPadding.Pkcs1.
Kept for interoperability with legacy peers; OAEP variants should be preferred
because PKCS#1 v1.5 padding is vulnerable to chosen-ciphertext attacks (Bleichenbacher).
public const string Rsa1_5 = "RSA1_5";
Field Value
EncryptionAlgorithms.KeyManagement.RsaOaep Field
RSAES-OAEP with SHA-1 and MGF1-SHA-1 (RFC 7518 Section 4.3). Backed by .NET RSA
with RSAEncryptionPadding.OaepSHA1.
Use when interoperating with peers that have not adopted RSA-OAEP-256;
otherwise prefer RsaOaep256.
public const string RsaOaep = "RSA-OAEP";
Field Value
EncryptionAlgorithms.KeyManagement.RsaOaep256 Field
RSAES-OAEP with SHA-256 and MGF1-SHA-256 (RFC 7518 Section 4.3). Backed by .NET RSA
with RSAEncryptionPadding.OaepSHA256. Recommended choice for new RSA-based JWE deployments.
public const string RsaOaep256 = "RSA-OAEP-256";