EncryptionAlgorithm Property
The key encryption algorithm.
Syntax
jwt.getEncryptionAlgorithm([callback]) jwt.setEncryptionAlgorithm( encryptionAlgorithm, [callback])
Possible Values
0 (eaRSA1_5), 1 (eaRSA_OAEP), 2 (eaRSA_OAEP_256), 3 (eaA128KW), 4 (eaA192KW), 5 (eaA256KW), 6 (eaDir), 7 (eaECDH_ES), 8 (eaECDH_ES_A128KW), 9 (eaECDH_ES_A192KW), 10 (eaECDH_ES_A256KW), 11 (eaA128GCMKW), 12 (eaA192GCMKW), 13 (eaA256GCMKW), 14 (eaPBES2_HS256_A128KW), 15 (eaPBES2_HS384_A192KW), 16 (eaPBES2_HS512_A256KW)
Default Value
0
Callback
The 'callback' parameter specifies a function which will be called when the operation completes (or an error is encountered). If the 'callback' parameter is not specified, then the method will block and will not return until the operation completes (or an error is encountered).
The callback for the getEncryptionAlgorithm([callback]) method is defined as:
function(err, data){ }
'err' is the error that occurred. If there was no error, then 'err' is 'null'.
'data' is the value returned by the method.
The callback for the setEncryptionAlgorithm([callback]) method is defined as:
function(err){ }
'err' is the error that occurred. If there was no error, then 'err' is 'null'.
'err' has 2 properties which hold detailed information:
err.code err.message
Remarks
This property specifies the algorithm used to encrypt the randomly generated content encryption key.
When using an AES algorithm Key must be specified. When using an RSA or ECDH algorithm RecipientCert must be specified. When using a PBES algorithm KeyPassword must be specified;. Possible values are:
Algorithm | Description | Key Location |
0 (eaRSA1_5 - default) | RSAES-PKCS1-v1_5 | Certificate |
1 (eaRSA_OAEP) | RSAES OAEP using default parameters | Certificate |
2 (eaRSA_OAEP_256) | RSAES OAEP using SHA-256 and MGF1 with SHA-256 | Certificate |
3 (eaA128KW) | AES Key Wrap with default initial using 128-bit key | Key |
4 (eaA192KW) | AES Key Wrap with default initial using 192-bit key | Key |
5 (eaA256KW) | AES Key Wrap with default initial using 256-bit key | Key |
6 (eaDir) | Direct use of a shared symmetric key as the CEK | Key |
7 (eaECDH_ES) | Elliptic Curve Ephemeral Static key agreement using Concat KDF | Certificate |
8 (eaECDH_ES_A128KW) | ECDH-ES using Concat KDF and CEK wrapped with A128KW | Certificate |
9 (eaECDH_ES_A192KW) | ECDH-ES using Concat KDF and CEK wrapped with A192KW | Certificate |
10 (eaECDH_ES_A256KW) | ECDH-ES using Concat KDF and CEK wrapped with A256KW | Certificate |
11 (eaA128GCMKW) | Key wrapping with AES GCM using 128-bit key | Key |
12 (eaA192GCMKW) | Key wrapping with AES GCM using 192-bit key | Key |
13 (eaA256GCMKW) | Key wrapping with AES GCM using 256-bit key | Key |
14 (eaPBES2_HS256_A128KW) | PBES2 with HMAC SHA-256 and A128KW | KeyPassword |
15 (eaPBES2_HS384_A192KW) | PBES2 with HMAC SHA-384 and A192KW | KeyPassword |
16 (eaPBES2_HS512_A256KW) | PBES2 with HMAC SHA-512 and A256KW | KeyPassword |
When set to an ECDH algorithm the following settings are also applicable:
When set to a PBES algorithm the following settings are also applicable:
Data Type
Integer