Created by gh-md-toc
The following examples are for JWE anoncrypt packer for encrypting the payload secret message
and aad value set as the concatenation of recipients' KIDs (ASCII sorted) joined by .
for non-compact serializations (JWE Compact serializations don't have AAD).
- all
x
andy
key coordinates values below are raw (no padding) base64URL encoded. - JWE envelopes with multi recipients use the General JWE JSON Serialization format.
- JWE envelopes with a single recipient will be shown in both serialization formats: as JWE Compact or Flattened JWE JSON.
- General JWE JSON Serialization format use. the above mentioned AAD value in their envelope.
- JWE Compact Serialization format does not support AAD values and therefore were built without it.
- all
apu
recipient header values are set to the raw (no padding) base64URL encoding of the corresponding recipient's ephemeral key'sx
value since Anoncrypt dosen't reveal the sender. - all
apv
recipient header values are set to the raw (no padding) base64URL encoding of the corresponding recipient'skid
value. - The final aad used to encrypt the payload is the concatenation of the raw (no padding) base64URL encoded protected headers and
aad
JWE header joined by a.
. - Even though flattened serialization do support
aad
, the field is omitted in the below examples to be consistent with compact JWE serialization format. Implementations should supportaad
for flattened serialization regardless.
The packer generates the following protected headers for A256GCM content encryption in the below examples:
- Generated protected headers:
{"cty":"application/didcomm-plain+json","enc":"A256GCM","typ":"application/didcomm-encrypted+json"}
- raw (no padding) base64URL encoded:
eyJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJBMjU2R0NNIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiJ9
- raw (no padding) base64URL encoded:
- Recipient 1 key JWK format:
{
"kty": "EC",
"crv": "P-256",
"x": "2fpy_fK5FCsap0EbU1Om7QXoVoyvBv8gfdHY3ufIS9w",
"y": "TtVOc9c8ejMeqeaUs1CMS79w0-Al02Fw25WdVEb0DiI",
"d": "kEWLCAyDL8mgDLNnlb1am_B8wcaGAe7ViXx1tqKWTVc"
}
- Recipient 1 kid (jwk thumbprint raw base64 URL encoded):
s6-ZhI1hpx0kM3pDgOrVQs6mRd_8KfEXUkLg8lK7XNA
- Recipient 2 key JWK format:
{
"kty": "EC",
"crv": "P-256",
"x": "S9JVfrKenXIMiEUha1k8yt7Zw8d5_bSxEt6RJesPt1g",
"y": "KMWwZzb80uoAjCcuwQ3gSeyjMsbq02AyS7g1D2i7ZwM",
"d": "bHnnqFSAFROp4kLbfBfihHUg6PIviwRCt5foN2Romw4"
}
- Recipient 2 kid (jwk thumbprint raw base64 URL encoded):
2NfcF400LLr9Wa6QbkUikYUUcdsAUkZBy6ifrrXYI0U
- Recipient 3 key JWK format:
{
"kty": "EC",
"crv": "P-256",
"x": "tqn3J0p752xWq2T4M11Q8ZcidyEWfaray-2B84hjehg",
"y": "ewcqOkZtlGBfZmP9nr44tq7_vkBJ3fJe9u6TCEyMDh8",
"d": "5XlB_SQXVpA6Id1PNL4SJfrMhCC36xa0hSHB7WpwA9Y"
}
- Recipient 3 kid (jwk thumbprint raw, no padding, base64 URL encoded):
xG9z3It37igQIB4Q9jbcKLVjcFvnXIvkuJdLNKFvRB4
- List of kids used for AAD for the above recipients (sorted
kid
values joined with.
):2NfcF400LLr9Wa6QbkUikYUUcdsAUkZBy6ifrrXYI0U.s6-ZhI1hpx0kM3pDgOrVQs6mRd_8KfEXUkLg8lK7XNA.xG9z3It37igQIB4Q9jbcKLVjcFvnXIvkuJdLNKFvRB4
- Resulting AAD value (sha256 of above list raw, no padding, base64 URL encoded):
YyqAtGX-dZTiXaZnGazezl-jBXS4uka1sOFv8cV42uM
- Finally, packing the payload outputs the following JWE (pretty printed for readability):
{
"protected": "eyJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJBMjU2R0NNIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiJ9",
"recipients": [
{
"header": {
"alg": "ECDH-ES+A256KW",
"apu": "WVU3OHhXeVZLeC1WRVpIV2pWbFN3Z2NndFRtSjBfS09YOE9hTkdnQXNlUQ",
"apv": "czYtWmhJMWhweDBrTTNwRGdPclZRczZtUmRfOEtmRVhVa0xnOGxLN1hOQQ",
"kid": "s6-ZhI1hpx0kM3pDgOrVQs6mRd_8KfEXUkLg8lK7XNA",
"epk": {
"kty": "EC",
"crv": "P-256",
"x": "YU78xWyVKx-VEZHWjVlSwgcgtTmJ0_KOX8OaNGgAseQ",
"y": "AiHDxtQBrba6g3_d0tic8LeLZRMz7rqnghQ2DvJh0Xk"
}
},
"encrypted_key": "fnofbBoie-ywDVjd_Dcdw611KWabq0RptbEybN_AParPMI0qpOwm1Q"
},
{
"header": {
"alg": "ECDH-ES+A256KW",
"apu": "NkN3ZEt3ZEotczdIZHFpUzExR0x6bS1scVhlUW1TYWJjNXBvRnBaakdZbw",
"apv": "czYtWmhJMWhweDBrTTNwRGdPclZRczZtUmRfOEtmRVhVa0xnOGxLN1hOQQ",
"kid": "2NfcF400LLr9Wa6QbkUikYUUcdsAUkZBy6ifrrXYI0U",
"epk": {
"kty": "EC",
"crv": "P-256",
"x": "6CwdKwdJ-s7HdqiS11GLzm-lqXeQmSabc5poFpZjGYo",
"y": "mVsQl_AhZoHpC86UN49k6tAU5B2YLi0HIdWeaIvSQy8"
}
},
"encrypted_key": "qN1WX7DK0k2GW4qHK0SfQFTRrOM0GFUgzqqy58QTRWi62r9iItmPxA"
},
{
"header": {
"alg": "ECDH-ES+A256KW",
"apu": "aXZzeDhaVmowbEJ1c2pLNjZSS1dVN0JDRjJzal81QWlQb1VsS21KOHZkSQ",
"apv": "czYtWmhJMWhweDBrTTNwRGdPclZRczZtUmRfOEtmRVhVa0xnOGxLN1hOQQ",
"kid": "xG9z3It37igQIB4Q9jbcKLVjcFvnXIvkuJdLNKFvRB4",
"epk": {
"kty": "EC",
"crv": "P-256",
"x": "ivsx8ZVj0lBusjK66RKWU7BCF2sj_5AiPoUlKmJ8vdI",
"y": "Ea6i7ahugWrTZoc9UMq1e3aPmHm0bkGqxTDmoEMyYMU"
}
},
"encrypted_key": "Yds0G9wYyAaGf2ky9DAT0CITzoD4qHV1fUM-cH-mmGsx8TeFjYBVYw"
}
],
"aad": "YyqAtGX-dZTiXaZnGazezl-jBXS4uka1sOFv8cV42uM",
"iv": "S9rOxQOd8H-gxZIv",
"ciphertext": "w3kl_QixTanzflQHpuM",
"tag": "4x5wmIBxrCjUpq4wxrWFDQ"
}
- Recipient 1 key JWK format:
{
"kty": "EC",
"crv": "P-384",
"x": "lb17x-OBz2i1kQbkRtSKD3TY1MwIfUMyM8YtqXZXMj884hLJH2QtxmUWKyXIprcn",
"y": "PlT4CInTrA5zAroqwyww0BL6EipnEBTrtbWID8nADz6LFpf_27qlxIARy_iU5OcN",
"d": "JJgpIqGS5JuiKRnsEgGNlYw39pz-XGrsrmniuxlSik0BLwdb8-0K8Xxuqo6yW6NE"
}
- Recipient 1 kid (jwk thumbprint raw base64 URL encoded):
8wPpWWlLiMBYltw6AoWG3Z_SfgWmXanBHSwZFpQJ0Q0
- Recipient 2 public key JWK format:
{
"kty": "EC",
"crv": "P-384",
"x": "ACZDXpzp6cKqsCcWq7sVOcCB_QZLd9ZfhoxhBKCbytrSKVKn7jV3Kv1XlsnH1RH7",
"y": "FQy3qBV-bn4K_5bQXucEPIOupMhEJS7YXCbm-fUb9ZdC59b0-5lbo7l65fkEL3ZO",
"d": "F4BlupNNnLfPOsml1MfBJgw6Oz89L6GnRiJnFi5ay5zVHTIcWzX81D060KsCjK9t"
}
- Recipient 2 kid (jwk thumbprint raw base64 URL encoded):
8l5z1lSVYFmv8QSboANWcj_UUh4bp3PlwEBNNHd2p3Q
- Recipient 3 key JWK format:
{
"kty": "EC",
"crv": "P-384",
"x": "msbHjsKVl0paXi-SWZ5_gEMgsMihBW9TEnfScKxfVlFMC6Hi5JIz1wgs58ugqaSX",
"y": "ppzaqlmAjA_iBymA2iBH56mHeTxckL8YNfmcSNa8hJoD4XYZ-4_x9mip-dh8o4gI",
"d": "YT0k8bBmPmecprG6tax6g00wG0JkprPcCqU1jvM86PAGGUU12fY7-Dfmqwhwv5U-"
}
- Recipient 3 kid (jwk thumbprint raw, no padding, base64 URL encoded):
t1KsLfBBTG9iXIzyga6xV7RAur2j34dLGB3jqTDuTMo
- List of kids used for AAD for the above recipients (sorted
kid
values joined with.
):8l5z1lSVYFmv8QSboANWcj_UUh4bp3PlwEBNNHd2p3Q.8wPpWWlLiMBYltw6AoWG3Z_SfgWmXanBHSwZFpQJ0Q0.t1KsLfBBTG9iXIzyga6xV7RAur2j34dLGB3jqTDuTMo
- Resulting AAD value (sha256 of above list raw, no padding, base64 URL encoded):
jgz9Cgt6lep5QPX0-GCkOMXujjRYgfiTslwut8BdX-0
- JWE:
{
"protected": "eyJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJBMjU2R0NNIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiJ9",
"recipients": [
{
"header": {
"alg": "ECDH-ES+A256KW",
"apu": "OVdMemtDbjBlaEFxVTlwZjdvUEFZVUdOcHhkdTR2VWZUZVZxZzlVWEZUNVNPS0dTaDFwZ294aWhOb0tWZlpsNg",
"apv": "OHdQcFdXbExpTUJZbHR3NkFvV0czWl9TZmdXbVhhbkJIU3daRnBRSjBRMA",
"kid": "8wPpWWlLiMBYltw6AoWG3Z_SfgWmXanBHSwZFpQJ0Q0",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "9WLzkCn0ehAqU9pf7oPAYUGNpxdu4vUfTeVqg9UXFT5SOKGSh1pgoxihNoKVfZl6",
"y": "Yuwe4x6Seue5pegwF9px-RQqSxARjf5mHSwVW7ft6dC5TgXdCPzm3bTRW4qxR41X"
}
},
"encrypted_key": "Dj-4zbK_WbF_5nU1rfvT0dipMtwSUQvmluCrxwu-arKU2w59hN5ecQ"
},
{
"header": {
"alg": "ECDH-ES+A256KW",
"apu": "Q2hxMTBxU0duM3JQdHVKaFcwcEF1TzIxanh4WkVFb0xVQ1hkajNTbERfelZMamQ4ZHdwSmp5UXhQeEVSQ2ZOTw",
"apv": "OHdQcFdXbExpTUJZbHR3NkFvV0czWl9TZmdXbVhhbkJIU3daRnBRSjBRMA",
"kid": "8l5z1lSVYFmv8QSboANWcj_UUh4bp3PlwEBNNHd2p3Q",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "Chq10qSGn3rPtuJhW0pAuO21jxxZEEoLUCXdj3SlD_zVLjd8dwpJjyQxPxERCfNO",
"y": "9PkX3jqgkslA2Z8rijClt-1yX5uulFcbRl7dCaSgquCfYj0ZmOEVhQqdD9yh955n"
}
},
"encrypted_key": "LpoFtDL4ac0bx16AkyE4HmpK-F_ibPm1LvyQVo-eFaPEo9HW8FWz_Q"
},
{
"header": {
"alg": "ECDH-ES+A256KW",
"apu": "T0cyZUptVU05NENDS2w4U2lGVTJNQUhVUnJiRldRSm1xd25ya2VWUFN3NTMzX3lSakFMLVNscnhvZ29uSnBzbA",
"apv": "OHdQcFdXbExpTUJZbHR3NkFvV0czWl9TZmdXbVhhbkJIU3daRnBRSjBRMA",
"kid": "t1KsLfBBTG9iXIzyga6xV7RAur2j34dLGB3jqTDuTMo",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "OG2eJmUM94CCKl8SiFU2MAHURrbFWQJmqwnrkeVPSw533_yRjAL-SlrxogonJpsl",
"y": "suMc0ckI46jPlM0dn7O_4fIpxFAD74LrkOUO_tEKeHD1opEoK7H2iE-1STzjflEm"
}
},
"encrypted_key": "sAN-AeA0ZtInrhJYtzkNnWooDmXOOYo4mD1hMps8aV2Iw84GheOuMw"
}
],
"aad": "jgz9Cgt6lep5QPX0-GCkOMXujjRYgfiTslwut8BdX-0",
"iv": "iHzMT8jUCFNsqsZY",
"ciphertext": "IiPn4-09-MFtJggB5yE",
"tag": "Na9kW8Fpw5j4IJ-fdf4jNA"
}
- Recipient 1 key JWK format:
{
"kty": "EC",
"crv": "P-521",
"x": "AHrw8TsyZzIkINFPCAS54Y7UoCI1XAlim95ROPykpjo4q2LvW_VWeBtJLU2SuqTFG4WX9VBzMg5Rq4gMj4oCpMFb",
"y": "AUs4vywsYYuRP0LhFvyI_ippvSY6Tv1S8sEzojd41Ubo86bFlCj5c_wHX2N6hplMU01WAcebPWc24plqF39pkNrK",
"d": "AEklgm76AbNl_nydbcINMgytfoZGRMI1mxfGcIiqw-KHENQMtlujImJrKMUd32njHS1M9e-WqAS8AHLoVdBZmkOo"
}
- Recipient 1 kid (jwk thumbprint raw base64 URL encoded):
9Miv3vUT2vQL0X80PyrLJm3bzGPuc_aKfPr4txRQIpA
- Recipient 2 key JWK format:
{
"kty": "EC",
"crv": "P-521",
"x": "AcJh1U3InkhEW5uvh9x3H_ZkzSRY9aoleTYH0a_ZgVKhGrQrttUgQhzvdj8Oyy389Muu0l5slkKfE_FpNXUoSlq8",
"y": "AB8lDC62GR8b7lz_mboFcrBG4uAWNqQ-E-k4tYqBu8xJOV-v68FeuJKwC9WGFOiIUaCwSGUB4-cYeFPIxq9hxD7Y",
"d": "AXTDpK0Eu6EEZliWHe-zgiY1s23sTepAgmP8KeVTOXeeCnCL12pK4mc-UR9NpEYrxBp_A5srbhzNR5x7mZ1G4kLf"
}
- Recipient 2 kid (jwk thumbprint raw base64 URL encoded):
l4-wvmALQDp4g-UpilwCHmLZ_zUGfNawYSWQMoLphIk
- Recipient 3 key JWK format:
{
"kty": "EC",
"crv": "P-256",
"x": "AA63cinH0aZ7e0sLBFx0s3MKQTfvdFjSMVMQHpp5qIF6pWaxV9TrqXkJYkR2fuMqvIRSlH5mMK73kNfEubrvsd7H",
"y": "AY88QmJlRbAbCY9UyeDK0pYFHbSxgdMCauV2GC-W2w5uJekAWoeO9KxSY215W60whRHGRctrTc7LodcV8y7UKOyx",
"d": "AU4kFJPY9rZA89-ZYvoZX_qKPglplaWZdFKU3ZzjZvNt7rBBUuKumsf_khTFF8q-LxJKd11B0rng3PIQRuob4JW-"
}
- Recipient 3 kid (jwk thumbprint raw, no padding, base64 URL encoded):
Ev1dKdei9chrjW2-l4bjdXXF5GDZ7CqTcQlGg1W_U24
- List of kids used for AAD for the above recipients (sorted
kid
values joined with.
):9Miv3vUT2vQL0X80PyrLJm3bzGPuc_aKfPr4txRQIpA.Ev1dKdei9chrjW2-l4bjdXXF5GDZ7CqTcQlGg1W_U24.l4-wvmALQDp4g-UpilwCHmLZ_zUGfNawYSWQMoLphIk
- Resulting AAD value (sha256 of above list raw, no padding, base64 URL encoded):
uLMTdeuniYvCFTQTamK0pZwFVgkJooGL37HZLm8PVkM
- JWE:
{
"protected": "eyJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJBMjU2R0NNIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiJ9",
"recipients": [
{
"header": {
"alg": "ECDH-ES+A256KW",
"apu": "QWNnNWlNaUNjNkozMFg5R3lrTXl4R0dobFFrXzFhRlhJTDQ1cF9DT2l3ODVscFVyR1BOSnNKTVRrdTRHYnlMdndlam9jVHp5ZVZjMUxrX1RWa3o0UmZ4YQ",
"apv": "OU1pdjN2VVQydlFMMFg4MFB5ckxKbTNiekdQdWNfYUtmUHI0dHhSUUlwQQ",
"kid": "9Miv3vUT2vQL0X80PyrLJm3bzGPuc_aKfPr4txRQIpA",
"epk": {
"kty": "EC",
"crv": "P-521",
"x": "Acg5iMiCc6J30X9GykMyxGGhlQk_1aFXIL45p_COiw85lpUrGPNJsJMTku4GbyLvwejocTzyeVc1Lk_TVkz4Rfxa",
"y": "AQgFgsVvOfebXZFk8TiBAJef9h6sVpQSJXed0xG3IolDYIllQ_OyQdlFpKHl2xCjgVxRihdf7mS_3SCzEtrcjEzy"
}
},
"encrypted_key": "juXV2ZGX2MjF1FgjTWke3MTkODrdpqZ_k-5IVqZ568bvN12i8W_KaQ"
},
{
"header": {
"alg": "ECDH-ES+A256KW",
"apu": "QVJLTGZTNWVoeUlacV9UWmJpbXdESndpYVBsckNMU2RqdG9aVFJSeTl0QVZQelQxbnlub1BYRWZIOHNNNklucDVKdWhvc3BHSVMxQzkzSk01Z1RkNzRtaQ",
"apv": "OU1pdjN2VVQydlFMMFg4MFB5ckxKbTNiekdQdWNfYUtmUHI0dHhSUUlwQQ",
"kid": "l4-wvmALQDp4g-UpilwCHmLZ_zUGfNawYSWQMoLphIk",
"epk": {
"kty": "EC",
"crv": "P-521",
"x": "ARKLfS5ehyIZq_TZbimwDJwiaPlrCLSdjtoZTRRy9tAVPzT1nynoPXEfH8sM6Inp5JuhospGIS1C93JM5gTd74mi",
"y": "Ad5hB3rVVxTqvSsiN7NNbClumX-AWTV6r29CHz2Jbcgo5tunFz-5-CwP6EvQNkFrzrOxQ5ViOW5F3pYV-yoksLgO"
}
},
"encrypted_key": "H-B3FBmwlGFIEtdfWti6tD8LwtuokxxPam5XO3V7wwWNoJ5sEy-LlA"
},
{
"header": {
"alg": "ECDH-ES+A256KW",
"apu": "QWRTZUxrVWxadHpXRkNDODBvNVYtYTB3Mjl3MjM2OWtLRXlPbUtiQzItVlV4ZEo0OVdBUV9rTVhTempNaE1ON1VMc25mT3pEWFp1QkhwZUVRTU1zbWF5VA",
"apv": "OU1pdjN2VVQydlFMMFg4MFB5ckxKbTNiekdQdWNfYUtmUHI0dHhSUUlwQQ",
"kid": "Ev1dKdei9chrjW2-l4bjdXXF5GDZ7CqTcQlGg1W_U24",
"epk": {
"kty": "EC",
"crv": "P-521",
"x": "AdSeLkUlZtzWFCC80o5V-a0w29w2369kKEyOmKbC2-VUxdJ49WAQ_kMXSzjMhMN7ULsnfOzDXZuBHpeEQMMsmayT",
"y": "AJKQo494spZjUW85ika3qNyLJJiv_J3FpsYnZt-Ml3q8IqXlHqQV_Nl3s7yn_pq8RWXl_yvo1NPiDWpoDMZ3sUNw"
}
},
"encrypted_key": "53dtd9R0bbGK96jsPJRu2woQJC7-yBaN-xDw5xSp-pwpCKg1idnZ5w"
}
],
"aad": "uLMTdeuniYvCFTQTamK0pZwFVgkJooGL37HZLm8PVkM",
"iv": "11_dMZoXv9OaPIR2",
"ciphertext": "ofWv6sUZdYF3rX9A-jQ",
"tag": "TyH-Abl3XTGlkUgjHCE-Vw"
}
- Recipient 1 key JWK format:
{
"kty": "OKP",
"crv": "X25519",
"x": "2kvTqkwVF-YSurN533fi-ZDF4PbLbqa7ohC--DJa0nA",
"d": "sPUMndizynb_q6_u9fkbuU8V3I062-RlL114YnJ7KWY"
}
- Recipient 1 kid (jwk thumbprint raw base64 URL encoded):
eFf9x4K6jhnmAEvveQJo5rIQl32rZooOaNwlJsLf5JQ
- Recipient 2 key JWK format:
{
"kty": "OKP",
"crv": "X25519",
"x": "cb-5cmxUy7xCfQCz0pEjYOGJOp0nf3cH7TU6siQ49wU",
"d": "oCw27m5T-QPr48F_f-CRWWqFgtFxpPISExMhSYQJmF8"
}
- Recipient 2 kid (jwk thumbprint raw base64 URL encoded):
NaUTcaFDyI3Ss48zMmeg1Dal0vhUpOYpWdwfKd2T2S8
- Recipient 3 key JWK format:
{
"kty": "OKP",
"crv": "X25519",
"x": "pW_fX347OhGgYURSvuM5-NSKw7CgHzCuOZt5ovQCa3E",
"d": "sEZYN-iNbQ22ds1fC_hYgrp7PKbzAtiHqxPhvzon9HE"
}
- Recipient 3 kid (jwk thumbprint raw, no padding, base64 URL encoded):
hzSul1PikxGRl7k_QdDfCCRMZP4POmt5eNYN0pbjSzE
- List of kids used for AAD for the above recipients (sorted
kid
values joined with.
):NaUTcaFDyI3Ss48zMmeg1Dal0vhUpOYpWdwfKd2T2S8.eFf9x4K6jhnmAEvveQJo5rIQl32rZooOaNwlJsLf5JQ.hzSul1PikxGRl7k_QdDfCCRMZP4POmt5eNYN0pbjSzE
- Resulting AAD value (sha256 of above list raw, no padding, base64 URL encoded):
7iRNh25gyaA9Bpnx7axAbyyvbh-bXaPOz8SgvgGksNc
- JWE:
{
"protected": "eyJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJBMjU2R0NNIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiJ9",
"recipients": [
{
"header": {
"alg": "ECDH-ES+A256KW",
"apu": "Q21aM1gzRFBnZFdQWjRKZFF4VVNMSjBKaEtRRXpJZWphV2cxT04tSE13WQ",
"apv": "ZUZmOXg0SzZqaG5tQUV2dmVRSm81cklRbDMyclpvb09hTndsSnNMZjVKUQ",
"kid": "eFf9x4K6jhnmAEvveQJo5rIQl32rZooOaNwlJsLf5JQ",
"epk": {
"kty": "OKP",
"crv": "X25519",
"x": "CmZ3X3DPgdWPZ4JdQxUSLJ0JhKQEzIejaWg1ON-HMwY"
}
},
"encrypted_key": "ZFibn07y4G88HTB6haGfKJLQGWi2a25UVlioG93hgjs2BDIRaWRqzw"
},
{
"header": {
"alg": "ECDH-ES+A256KW",
"apu": "cU9MdWVjZmdaamJkOVRQYV9qbG5CeFAyak9FQjdOVkZKaGZ6UEk1OFNWOA",
"apv": "ZUZmOXg0SzZqaG5tQUV2dmVRSm81cklRbDMyclpvb09hTndsSnNMZjVKUQ",
"kid": "NaUTcaFDyI3Ss48zMmeg1Dal0vhUpOYpWdwfKd2T2S8",
"epk": {
"kty": "OKP",
"crv": "X25519",
"x": "qOLuecfgZjbd9TPa_jlnBxP2jOEB7NVFJhfzPI58SV8"
}
},
"encrypted_key": "EKpcwck9zE0WjEq9E60dm_OJY0U2e1UlUAZE8LYfURo_saE2yzxx_A"
},
{
"header": {
"alg": "ECDH-ES+A256KW",
"apu": "RE1IOGFVVlpUZ2FXaFNaOUFtdFNDQ2M1aUZEbERCeDZnMC1URHpUTFZYUQ",
"apv": "ZUZmOXg0SzZqaG5tQUV2dmVRSm81cklRbDMyclpvb09hTndsSnNMZjVKUQ",
"kid": "hzSul1PikxGRl7k_QdDfCCRMZP4POmt5eNYN0pbjSzE",
"epk": {
"kty": "OKP",
"crv": "X25519",
"x": "DMH8aUVZTgaWhSZ9AmtSCCc5iFDlDBx6g0-TDzTLVXQ"
}
},
"encrypted_key": "OeemM4fMI9538IcvG3OwhuVtugrRIoIJEB5iAVZBl7Q59yRr5VZTPQ"
}
],
"aad": "7iRNh25gyaA9Bpnx7axAbyyvbh-bXaPOz8SgvgGksNc",
"iv": "9deRACZyiau7rIIc",
"ciphertext": "ombMWgwtw2QSfALdiDk",
"tag": "yRwaSiGsQCqYjIdMSwPPNg"
}
Packing a message with 1 recipient using the Flattened JWE JSON serialization and Compact JWE serialization formats as mentioned in the notes above.
- Single Recipient key JWK format:
{
"kty": "EC",
"crv": "P-256",
"x": "2fpy_fK5FCsap0EbU1Om7QXoVoyvBv8gfdHY3ufIS9w",
"y": "TtVOc9c8ejMeqeaUs1CMS79w0-Al02Fw25WdVEb0DiI",
"d": "kEWLCAyDL8mgDLNnlb1am_B8wcaGAe7ViXx1tqKWTVc"
}
- Single Recipient kid (jwk thumbprint raw base64 URL encoded):
s6-ZhI1hpx0kM3pDgOrVQs6mRd_8KfEXUkLg8lK7XNA
- Finally, packing the payload outputs the following flattened serialized JWE JSON:
{
"protected": "eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImFwdSI6IlJuY3lOa2RuVkZJME0ycHhORnB4Wm1GUlJqQkxjMk54U2poNlpFeFliMTlyVm0xZlNtRkJVbHBHVlEiLCJhcHYiOiJjell0V21oSk1XaHdlREJyVFROd1JHZFBjbFpSY3padFVtUmZPRXRtUlZoVmEweG5PR3hMTjFoT1FRIiwiY3R5IjoiYXBwbGljYXRpb24vZGlkY29tbS1wbGFpbitqc29uIiwiZW5jIjoiQTI1NkdDTSIsImVwayI6eyJjcnYiOiJQLTI1NiIsImt0eSI6IkVDIiwieCI6IkZ3MjZHZ1RSNDNqcTRacWZhUUYwS3NjcUo4emRMWG9fa1ZtX0phQVJaRlUiLCJ5IjoiNENfMk00V2dkcVp5cGdkaVVpMlZCQWsyVXFmYlJvU1AxaUQ3WHIzVGJJZyJ9LCJraWQiOiJzNi1aaEkxaHB4MGtNM3BEZ09yVlFzNm1SZF84S2ZFWFVrTGc4bEs3WE5BIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiJ9",
"encrypted_key": "l99n6MvHGvUKRrPORElnlerqmmhQc1WMzJ2pxt6H5gaSWPPsj4Gp0A",
"iv": "CKm9svwMrrXarfG2",
"ciphertext": "k_eAXa-uMtMYSVgJO0A",
"tag": "1cYhCprkvxYYfyNp_fJGUQ"
}
- The compact serialization of this envelope is:
eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImFwdSI6IlJuY3lOa2RuVkZJME0ycHhORnB4Wm1GUlJqQkxjMk54U2poNlpFeFliMTlyVm0xZlNtRkJVbHBHVlEiLCJhcHYiOiJjell0V21oSk1XaHdlREJyVFROd1JHZFBjbFpSY3padFVtUmZPRXRtUlZoVmEweG5PR3hMTjFoT1FRIiwiY3R5IjoiYXBwbGljYXRpb24vZGlkY29tbS1wbGFpbitqc29uIiwiZW5jIjoiQTI1NkdDTSIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkZ3MjZHZ1RSNDNqcTRacWZhUUYwS3NjcUo4emRMWG9fa1ZtX0phQVJaRlUiLCJ5IjoiNENfMk00V2dkcVp5cGdkaVVpMlZCQWsyVXFmYlJvU1AxaUQ3WHIzVGJJZyJ9LCJraWQiOiJzNi1aaEkxaHB4MGtNM3BEZ09yVlFzNm1SZF84S2ZFWFVrTGc4bEs3WE5BIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiJ9.l99n6MvHGvUKRrPORElnlerqmmhQc1WMzJ2pxt6H5gaSWPPsj4Gp0A.CKm9svwMrrXarfG2.k_eAXa-uMtMYSVgJO0A.1cYhCprkvxYYfyNp_fJGUQ
- The single recipient's headers are merged into the
protected
header, which base64 URL decoded equals to (pretty printed for readability):
{
"alg": "ECDH-ES+A256KW",
"apu": "RncyNkdnVFI0M2pxNFpxZmFRRjBLc2NxSjh6ZExYb19rVm1fSmFBUlpGVQ",
"apv": "czYtWmhJMWhweDBrTTNwRGdPclZRczZtUmRfOEtmRVhVa0xnOGxLN1hOQQ",
"cty": "application/didcomm-plain+json",
"enc": "A256GCM",
"epk": {
"kty": "EC",
"crv": "P-256",
"x": "Fw26GgTR43jq4ZqfaQF0KscqJ8zdLXo_kVm_JaARZFU",
"y": "4C_2M4WgdqZypgdiUi2VBAk2UqfbRoSP1iD7Xr3TbIg"
},
"kid": "s6-ZhI1hpx0kM3pDgOrVQs6mRd_8KfEXUkLg8lK7XNA",
"typ": "application/didcomm-encrypted+json"
}
- Single Recipient key JWK format:
{
"kty": "EC",
"crv": "P-384",
"x": "lb17x-OBz2i1kQbkRtSKD3TY1MwIfUMyM8YtqXZXMj884hLJH2QtxmUWKyXIprcn",
"y": "PlT4CInTrA5zAroqwyww0BL6EipnEBTrtbWID8nADz6LFpf_27qlxIARy_iU5OcN",
"d": "JJgpIqGS5JuiKRnsEgGNlYw39pz-XGrsrmniuxlSik0BLwdb8-0K8Xxuqo6yW6NE"
}
- Single Recipient kid (jwk thumbprint raw base64 URL encoded):
8wPpWWlLiMBYltw6AoWG3Z_SfgWmXanBHSwZFpQJ0Q0
- Finally, packing the payload outputs the following flattened serialized JWE JSON:
{
"protected": "eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImFwdSI6ImNWSkZUMncwWTI5bmJUUkZhWGd3TURGd04zSXpaREl5U0VaQ2FXcHZOV2hmT1RGRE9HOTNjVU5yU2pSdlZWZzFRemh6ZUdOd00zTlhTMXBEZEZaWU13IiwiYXB2IjoiT0hkUWNGZFhiRXhwVFVKWmJIUjNOa0Z2VjBjeldsOVRabWRYYlZoaGJrSklVM2RhUm5CUlNqQlJNQSIsImN0eSI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tcGxhaW4ranNvbiIsImVuYyI6IkEyNTZHQ00iLCJlcGsiOnsiY3J2IjoiUC0zODQiLCJrdHkiOiJFQyIsIngiOiJxUkVPbDRjb2dtNEVpeDAwMXA3cjNkMjJIRkJpam81aF85MUM4b3dxQ2tKNG9VWDVDOHN4Y3Azc1dLWkN0VlgzIiwieSI6Im5FbmRyZXVPNVFEWFp5eGVmWkJWRDhJeU53WkJER1AwZlJHdXN1LWZXV0NmWlJBdUVsNkZIaXMtSFRNS1puY0UifSwia2lkIjoiOHdQcFdXbExpTUJZbHR3NkFvV0czWl9TZmdXbVhhbkJIU3daRnBRSjBRMCIsInR5cCI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tZW5jcnlwdGVkK2pzb24ifQ",
"encrypted_key": "OyvZQT0HdCIgDTQKgSbnMfX6iQvPVkOlurgNRqyZlyxj6XeZROYCEQ",
"iv": "sGHLr4VNPKylOCn7",
"ciphertext": "mfnbfoMx8LfXaWSY5po",
"tag": "_FxUsJeY06_bzGJ9vaAtMA"
}
- The compact serialization of this envelope is:
eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImFwdSI6ImNWSkZUMncwWTI5bmJUUkZhWGd3TURGd04zSXpaREl5U0VaQ2FXcHZOV2hmT1RGRE9HOTNjVU5yU2pSdlZWZzFRemh6ZUdOd00zTlhTMXBEZEZaWU13IiwiYXB2IjoiT0hkUWNGZFhiRXhwVFVKWmJIUjNOa0Z2VjBjeldsOVRabWRYYlZoaGJrSklVM2RhUm5CUlNqQlJNQSIsImN0eSI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tcGxhaW4ranNvbiIsImVuYyI6IkEyNTZHQ00iLCJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTM4NCIsIngiOiJxUkVPbDRjb2dtNEVpeDAwMXA3cjNkMjJIRkJpam81aF85MUM4b3dxQ2tKNG9VWDVDOHN4Y3Azc1dLWkN0VlgzIiwieSI6Im5FbmRyZXVPNVFEWFp5eGVmWkJWRDhJeU53WkJER1AwZlJHdXN1LWZXV0NmWlJBdUVsNkZIaXMtSFRNS1puY0UifSwia2lkIjoiOHdQcFdXbExpTUJZbHR3NkFvV0czWl9TZmdXbVhhbkJIU3daRnBRSjBRMCIsInR5cCI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tZW5jcnlwdGVkK2pzb24ifQ.OyvZQT0HdCIgDTQKgSbnMfX6iQvPVkOlurgNRqyZlyxj6XeZROYCEQ.sGHLr4VNPKylOCn7.mfnbfoMx8LfXaWSY5po._FxUsJeY06_bzGJ9vaAtMA
- The single recipient's headers are merged into the
protected
header, which base64 URL decoded equals to (pretty printed for readability):
{
"alg": "ECDH-ES+A256KW",
"apu": "cVJFT2w0Y29nbTRFaXgwMDFwN3IzZDIySEZCaWpvNWhfOTFDOG93cUNrSjRvVVg1QzhzeGNwM3NXS1pDdFZYMw",
"apv": "OHdQcFdXbExpTUJZbHR3NkFvV0czWl9TZmdXbVhhbkJIU3daRnBRSjBRMA",
"cty": "application/didcomm-plain+json",
"enc": "A256GCM",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "qREOl4cogm4Eix001p7r3d22HFBijo5h_91C8owqCkJ4oUX5C8sxcp3sWKZCtVX3",
"y": "nEndreuO5QDXZyxefZBVD8IyNwZBDGP0fRGusu-fWWCfZRAuEl6FHis-HTMKZncE"
},
"kid": "8wPpWWlLiMBYltw6AoWG3Z_SfgWmXanBHSwZFpQJ0Q0",
"typ": "application/didcomm-encrypted+json"
}
- Single Recipient key JWK format:
{
"kty": "EC",
"crv": "P-521",
"x": "AHrw8TsyZzIkINFPCAS54Y7UoCI1XAlim95ROPykpjo4q2LvW_VWeBtJLU2SuqTFG4WX9VBzMg5Rq4gMj4oCpMFb",
"y": "AUs4vywsYYuRP0LhFvyI_ippvSY6Tv1S8sEzojd41Ubo86bFlCj5c_wHX2N6hplMU01WAcebPWc24plqF39pkNrK",
"d": "AEklgm76AbNl_nydbcINMgytfoZGRMI1mxfGcIiqw-KHENQMtlujImJrKMUd32njHS1M9e-WqAS8AHLoVdBZmkOo"
}
- Single Recipient kid (jwk thumbprint raw base64 URL encoded):
9Miv3vUT2vQL0X80PyrLJm3bzGPuc_aKfPr4txRQIpAs
- Finally, packing the payload outputs the following flattened serialized JWE JSON:
{
"protected": "eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImFwdSI6ImRsRjZWRnBMWTFSS2JqUlROM0Z6Y0dGMFRGVldaR3hSVTB4clQyaDJUV2RuU0ZsaFRUaEZNRzFwZWpFemJtUXphRlEwUVVoR01XUm9WRWRPYTI5M09HUnlTVFZEU200dGRsbHdlbUZYWnkxcVoxSXRhWFEwIiwiYXB2IjoiT1UxcGRqTjJWVlF5ZGxGTU1GZzRNRkI1Y2t4S2JUTmlla2RRZFdOZllVdG1VSEkwZEhoU1VVbHdRUSIsImN0eSI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tcGxhaW4ranNvbiIsImVuYyI6IkEyNTZHQ00iLCJlcGsiOnsiY3J2IjoiUC01MjEiLCJrdHkiOiJFQyIsIngiOiJBTDBNMDJTbkV5Wi1FdTZyS1dyUzFGWFpVRWk1RG9ieklJQjJHalBCTkpvczlkNTNkNFUtQUJ4ZFhZVXhqWktNUEhheU9RaVpfcjJLYzJsb1BvNEVmb3JlIiwieSI6IkFXSkxvVnNTS0l6SVF2VWtKVzIxakVmV2ZHTjhWck1tN2owSmtJb2JUVXlCSEJMa0o3SzFUU19zZ1FpOUkxb0tzRTJ5Mjh2WC1DREFKZGp3Z1FWNl9mLTIifSwia2lkIjoiOU1pdjN2VVQydlFMMFg4MFB5ckxKbTNiekdQdWNfYUtmUHI0dHhSUUlwQSIsInR5cCI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tZW5jcnlwdGVkK2pzb24ifQ",
"encrypted_key": "rK_MtxEobFF8pyYU8T26U7LRlEdjm1ndq8sZoZ2h9BaAyuhE7bcuAA",
"iv": "X1V-4vkZ1qE3_Yhn",
"ciphertext": "XDf5mmhlDaJfTOp1z_4",
"tag": "se7e3wH5grcMEuJIAJbN9A"
}
- The compact serialization of this envelope is:
eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImFwdSI6ImRsRjZWRnBMWTFSS2JqUlROM0Z6Y0dGMFRGVldaR3hSVTB4clQyaDJUV2RuU0ZsaFRUaEZNRzFwZWpFemJtUXphRlEwUVVoR01XUm9WRWRPYTI5M09HUnlTVFZEU200dGRsbHdlbUZYWnkxcVoxSXRhWFEwIiwiYXB2IjoiT1UxcGRqTjJWVlF5ZGxGTU1GZzRNRkI1Y2t4S2JUTmlla2RRZFdOZllVdG1VSEkwZEhoU1VVbHdRUSIsImN0eSI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tcGxhaW4ranNvbiIsImVuYyI6IkEyNTZHQ00iLCJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTUyMSIsIngiOiJBTDBNMDJTbkV5Wi1FdTZyS1dyUzFGWFpVRWk1RG9ieklJQjJHalBCTkpvczlkNTNkNFUtQUJ4ZFhZVXhqWktNUEhheU9RaVpfcjJLYzJsb1BvNEVmb3JlIiwieSI6IkFXSkxvVnNTS0l6SVF2VWtKVzIxakVmV2ZHTjhWck1tN2owSmtJb2JUVXlCSEJMa0o3SzFUU19zZ1FpOUkxb0tzRTJ5Mjh2WC1DREFKZGp3Z1FWNl9mLTIifSwia2lkIjoiOU1pdjN2VVQydlFMMFg4MFB5ckxKbTNiekdQdWNfYUtmUHI0dHhSUUlwQSIsInR5cCI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tZW5jcnlwdGVkK2pzb24ifQ.rK_MtxEobFF8pyYU8T26U7LRlEdjm1ndq8sZoZ2h9BaAyuhE7bcuAA.X1V-4vkZ1qE3_Yhn.XDf5mmhlDaJfTOp1z_4.se7e3wH5grcMEuJIAJbN9A
- The single recipient's headers are merged into the
protected
header, which base64 URL decoded equals to (pretty printed for readability):
{
"alg": "ECDH-ES+A256KW",
"apu": "dlF6VFpLY1RKbjRTN3FzcGF0TFVWZGxRU0xrT2h2TWdnSFlhTThFMG1pejEzbmQzaFQ0QUhGMWRoVEdOa293OGRySTVDSm4tdllwemFXZy1qZ1ItaXQ0",
"apv": "OU1pdjN2VVQydlFMMFg4MFB5ckxKbTNiekdQdWNfYUtmUHI0dHhSUUlwQQ",
"cty": "application/didcomm-plain+json",
"enc": "A256GCM",
"epk": {
"kty": "EC",
"crv": "P-521",
"x": "AL0M02SnEyZ-Eu6rKWrS1FXZUEi5DobzIIB2GjPBNJos9d53d4U-ABxdXYUxjZKMPHayOQiZ_r2Kc2loPo4Efore",
"y": "AWJLoVsSKIzIQvUkJW21jEfWfGN8VrMm7j0JkIobTUyBHBLkJ7K1TS_sgQi9I1oKsE2y28vX-CDAJdjwgQV6_f-2"
},
"kid": "9Miv3vUT2vQL0X80PyrLJm3bzGPuc_aKfPr4txRQIpA",
"typ": "application/didcomm-encrypted+json"
}
- Single Recipient key JWK format:
{
"kty": "OKP",
"crv": "X25519",
"x": "2kvTqkwVF-YSurN533fi-ZDF4PbLbqa7ohC--DJa0nA",
"d": "sPUMndizynb_q6_u9fkbuU8V3I062-RlL114YnJ7KWY"
}
- Single Recipient kid (jwk thumbprint raw base64 URL encoded):
eFf9x4K6jhnmAEvveQJo5rIQl32rZooOaNwlJsLf5JQ
- Finally, packing the payload outputs the following flattened serialized JWE JSON:
{
"protected": "eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImFwdSI6IlluQldTM1IyVDJoWGJXOVRRMUJTV21oUk1HdFVaVzlYVDNFMWVrMXZTWGxhY0RCMVlrOU9XVTVXZHciLCJhcHYiOiJaVVptT1hnMFN6WnFhRzV0UVVWMmRtVlJTbTgxY2tsUmJETXljbHB2YjA5aFRuZHNTbk5NWmpWS1VRIiwiY3R5IjoiYXBwbGljYXRpb24vZGlkY29tbS1wbGFpbitqc29uIiwiZW5jIjoiQTI1NkdDTSIsImVwayI6eyJjcnYiOiJYMjU1MTkiLCJrdHkiOiJPS1AiLCJ4IjoiYnBWS3R2T2hXbW9TQ1BSWmhRMGtUZW9XT3E1ek1vSXlacDB1Yk9OWU5WdyJ9LCJraWQiOiJlRmY5eDRLNmpobm1BRXZ2ZVFKbzVySVFsMzJyWm9vT2FOd2xKc0xmNUpRIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiJ9",
"encrypted_key": "Pe7sGWcXxY9V7xdKWdpa5GvVinr_YWITRIVY8ic7WmKwY-Lh-3OJdA",
"iv": "Rx__OGcTo72Lv6jG",
"ciphertext": "UEFI2_OqNMki1cXraJA",
"tag": "Hc6WxwF2YGvewcWFmhzkrw"
}
- The compact serialization of this envelope is:
eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImFwdSI6IlluQldTM1IyVDJoWGJXOVRRMUJTV21oUk1HdFVaVzlYVDNFMWVrMXZTWGxhY0RCMVlrOU9XVTVXZHciLCJhcHYiOiJaVVptT1hnMFN6WnFhRzV0UVVWMmRtVlJTbTgxY2tsUmJETXljbHB2YjA5aFRuZHNTbk5NWmpWS1VRIiwiY3R5IjoiYXBwbGljYXRpb24vZGlkY29tbS1wbGFpbitqc29uIiwiZW5jIjoiQTI1NkdDTSIsImVwayI6eyJrdHkiOiJPS1AiLCJjcnYiOiJYMjU1MTkiLCJ4IjoiYnBWS3R2T2hXbW9TQ1BSWmhRMGtUZW9XT3E1ek1vSXlacDB1Yk9OWU5WdyJ9LCJraWQiOiJlRmY5eDRLNmpobm1BRXZ2ZVFKbzVySVFsMzJyWm9vT2FOd2xKc0xmNUpRIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiJ9.Pe7sGWcXxY9V7xdKWdpa5GvVinr_YWITRIVY8ic7WmKwY-Lh-3OJdA.Rx__OGcTo72Lv6jG.UEFI2_OqNMki1cXraJA.Hc6WxwF2YGvewcWFmhzkrw
- The single recipient's headers are merged into the
protected
header, which base64 URL decoded equals to (pretty printed for readability):
{
"alg": "ECDH-ES+A256KW",
"apu": "YnBWS3R2T2hXbW9TQ1BSWmhRMGtUZW9XT3E1ek1vSXlacDB1Yk9OWU5Wdw",
"apv": "ZUZmOXg0SzZqaG5tQUV2dmVRSm81cklRbDMyclpvb09hTndsSnNMZjVKUQ",
"cty": "application/didcomm-plain+json",
"enc": "A256GCM",
"epk": {
"kty": "OKP",
"crv": "X25519",
"x": "bpVKtvOhWmoSCPRZhQ0kTeoWOq5zMoIyZp0ubONYNVw"
},
"kid": "eFf9x4K6jhnmAEvveQJo5rIQl32rZooOaNwlJsLf5JQ",
"typ": "application/didcomm-encrypted+json"
}
The packer generates the following protected headers for XC20P content encryption in the below examples with XC20P enc:
- Generated protected headers:
{"cty":"application/didcomm-plain+json","enc":"XC20P","typ":"application/didcomm-encrypted+json"}
- raw (no padding) base64URL encoded:
eyJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJYQzIwUCIsInR5cCI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tZW5jcnlwdGVkK2pzb24ifQ
- raw (no padding) base64URL encoded:
The same notes above apply here.
- Recipient 1 key JWK format:
{
"kty": "EC",
"crv": "P-256",
"x": "kdAHozUe6HOhNC9_jsOI60FuHa64zHSwcZa0l22rXX4",
"y": "Sj3iIz_HimnXgLRWU-x_gXjVyF2R0rh6OhuD3gzhUMw",
"d": "NTV27xYkYkwDNYePKHlh6CIYHunx-6rn80cSATOI7rI"
}
- Recipient 1 kid (jwk thumbprint raw base64 URL encoded):
Ivxk0K5tz7csR7MDXllXWd7YJTQF4pS8IHHkIdepgpk
- Recipient 2 key JWK format:
{
"kty": "EC",
"crv": "P-256",
"x": "sx1ZNsP2rUKuoN0Xe6m2_Zly8wM_-CpuCkDNaOjFYtA",
"y": "lTti40XRekPxw4IfpheZDCxilwEoEWWxyO8d77W_sOo",
"d": "WsHT1GiMy4mxsxQ7mPYtg5Mn18I8PU2wHPttVGEOnXk"
}
- Recipient 2 kid (jwk thumbprint raw base64 URL encoded):
tkAt85t250uQ3Q3d8W731YJfqF0t1cCwGwWqRxqyQhM
- Recipient 3 key JWK format:
{
"kty": "EC",
"crv": "P-256",
"x": "AQoZIqg1y0fZ1qvYM5YuinxRtOXa6dMSXfgdYBgsEks",
"y": "JRxsX-U6go0VqWtMFCPFbUNSsLJYiQH7ij2i4-FVQh0",
"d": "Joal2Lk5w6-_C_HpRr__ZtxtJccwjwHZ7RxZe1-CTjY"
}
- Recipient 3 kid (jwk thumbprint raw, no padding, base64 URL encoded):
SoySkmiLdE4c7Dp5URlH-DMVNq6-fGrkSpIgzLTYez0
- List of kids used for AAD for the above recipients (sorted
kid
values joined with.
):Ivxk0K5tz7csR7MDXllXWd7YJTQF4pS8IHHkIdepgpk.SoySkmiLdE4c7Dp5URlH-DMVNq6-fGrkSpIgzLTYez0.tkAt85t250uQ3Q3d8W731YJfqF0t1cCwGwWqRxqyQhM
- Resulting AAD value (sha256 of above list raw, no padding, base64 URL encoded):
uPokzMsXWxloZTnb2sXzz05KBc_SI1giMmHAenTyMjQ
- Finally, packing the payload outputs the following JWE (pretty printed for readability):
{
"protected": "eyJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJYQzIwUCIsInR5cCI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tZW5jcnlwdGVkK2pzb24ifQ",
"recipients": [
{
"header": {
"alg": "ECDH-ES+XC20PKW",
"apu": "R1NNbnFqcGFQMlltUlRNRTVrNVhYT3E2M3FzZjd2emVtbnY5NENVTm9faw",
"apv": "SXZ4azBLNXR6N2NzUjdNRFhsbFhXZDdZSlRRRjRwUzhJSEhrSWRlcGdwaw",
"kid": "Ivxk0K5tz7csR7MDXllXWd7YJTQF4pS8IHHkIdepgpk",
"epk": {
"kty": "EC",
"crv": "P-256",
"x": "GSMnqjpaP2YmRTME5k5XXOq63qsf7vzemnv94CUNo_k",
"y": "tDCIMv5gZqyjZmHYvbHxUQO1zN7fH0n9athoWGlO8nI"
}
},
"encrypted_key": "n63_NKMEy_KOb_34nrTX_Yvbx3Sliee9yh3ZSqs6nm5vhAuCoBMoU40fSpZMB07QLdXKfrRjB4A-WoL_MjTpcpOZnxc1v2s-"
},
{
"header": {
"alg": "ECDH-ES+XC20PKW",
"apu": "N1ZNVG00NEFqc0J3amt6WU1STDk5SURRZUh6aWZaa0Q5Q0hSajJJdGtkOA",
"apv": "SXZ4azBLNXR6N2NzUjdNRFhsbFhXZDdZSlRRRjRwUzhJSEhrSWRlcGdwaw",
"kid": "tkAt85t250uQ3Q3d8W731YJfqF0t1cCwGwWqRxqyQhM",
"epk": {
"kty": "EC",
"crv": "P-256",
"x": "7VMTm44AjsBwjkzYMRL99IDQeHzifZkD9CHRj2Itkd8",
"y": "NnVWH1gP7qdqzv4Go-1lT_U02i6fJHhmZO33jt4R0Ys"
}
},
"encrypted_key": "V3Y_kLiogDKAa4p3MNyfh1IOfexv8rLJsZf5idwI2wJDngYzhNyzaV4kqJMMW6qyMaE4bX5LY-qRP4sPcYPwntMj70LUaC6I"
},
{
"header": {
"alg": "ECDH-ES+XC20PKW",
"apu": "NzJQTnJ4a1A2V3JCcV9wUkU4VU42T0I3WHFKUXJuZEZHZ3dERVloR21kdw",
"apv": "SXZ4azBLNXR6N2NzUjdNRFhsbFhXZDdZSlRRRjRwUzhJSEhrSWRlcGdwaw",
"kid": "SoySkmiLdE4c7Dp5URlH-DMVNq6-fGrkSpIgzLTYez0",
"epk": {
"kty": "EC",
"crv": "P-256",
"x": "72PNrxkP6WrBq_pRE8UN6OB7XqJQrndFGgwDEYhGmdw",
"y": "gDy2dRBTwt1tQBBSnztN0AqvzCu07yFN9FgG109ytsc"
}
},
"encrypted_key": "2b4op-H7wPoyzno3Krv65rOal2HNmaiDHnjGTywcHAppz-EgHS7hiqANeRCipCNhPj7VvZqe1PWf2m0qLIdBuUv7ryo_nw9E"
}
],
"aad": "uPokzMsXWxloZTnb2sXzz05KBc_SI1giMmHAenTyMjQ",
"iv": "KShKEagQokU3UTGeYXw7LwWFankH-zK7",
"ciphertext": "6Z5YKgYQSmxSCtns064",
"tag": "hhW1Y5WgRM2t8-NiUMmKJw"
}
- Recipient 1 key JWK format:
{
"kty": "EC",
"crv": "P-384",
"x": "5aCpGZXwubdOSedZl1wc5PHB175a990-bRo2QKzju6uyeXD6hBKcB6vUijQRILMr",
"y": "TeUA_qsYU8YmbHPA58QJuAJiUe0BEbi8Vuq88ZEWLudhJa4Dp5mBKuFEeJQcOQCa",
"d": "wTv7Yh4bZAfCfmz0qL_lKJNlMRYuXjWzE63p7y3mZW8DRtN5LgOE25QKO9v0xgKN"
}
- Recipient 1 kid (jwk thumbprint raw base64 URL encoded):
35E0yg0TinUSym5bQ5FnUgWirIrfK81p-QCxW7VzCrE
- Recipient 2 key JWK format:
{
"kty": "EC",
"crv": "P-384",
"x": "xYFotAHw0kaqsgkW-3ZirL2p3HC0tJCrrNsK-1MfgoUahWpoDiUpEapuLZrO_hz3",
"y": "LLUQ5gRSwn5x0sQJrByWSdWdqojAhizpsx9GPjvPP9uM4gv7jKUEoi0A-2doNSQR",
"d": "OLPQ8giwvg-pKMMaYTGB3O4RGNPtlX-tRZi3ltUb305nPMsuxplI71OQfTH3-Leq"
}
- Recipient 2 kid (jwk thumbprint raw base64 URL encoded):
wnJRuK09BydTKCPX9DEsf2hxSB1uzHdHrjLTtsiPUZw
- Recipient 3 key JWK format:
{
"kty": "EC",
"crv": "P-384",
"x": "DWdQi5HdkPpUEqHtQrLU8xR6hW3_IO-8RPcOY4_aI0VACCO9e8WNCFAcjAja5Q8Y",
"y": "jTan4mkzX1uRU9FRIvZgE1NKS-fUe86cl_xmLJ2jPl-A-EXmTHExVT8q63iVnvSC",
"d": "WnCGfWiiOCglkYWQh1t-KM_A8Pb_HXgUXEJFjg7iWT3SYUL2tgMQQ5w9IUNE-D0r"
}
- Recipient 3 kid (jwk thumbprint raw, no padding, base64 URL encoded):
j9ZMlUQX9m9t8_6RmshAfMwHTIOE9_0Mv5bd5bQ4nKw
- List of kids used for AAD for the above recipients (sorted
kid
values joined with.
):35E0yg0TinUSym5bQ5FnUgWirIrfK81p-QCxW7VzCrE.j9ZMlUQX9m9t8_6RmshAfMwHTIOE9_0Mv5bd5bQ4nKw.wnJRuK09BydTKCPX9DEsf2hxSB1uzHdHrjLTtsiPUZw
- Resulting AAD value (sha256 of above list raw, no padding, base64 URL encoded):
kOd8LfamiqCqZa4kZJPR0M3k11OjHo1dQgdgaI2HreU
- JWE (pretty printed for readability):
{
"protected": "eyJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJYQzIwUCIsInR5cCI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tZW5jcnlwdGVkK2pzb24ifQ",
"recipients": [
{
"header": {
"alg": "ECDH-ES+XC20PKW",
"apu": "Zmw3NTdwRFlKVE16YlcwVmdfUWgzTDlrZlRoQ25Dd25uaU81YlBmVkwwUFgxV19LbWpfRzVIT2VDV2NyMEdacQ",
"apv": "MzVFMHlnMFRpblVTeW01YlE1Rm5VZ1dpcklyZks4MXAtUUN4VzdWekNyRQ",
"kid": "35E0yg0TinUSym5bQ5FnUgWirIrfK81p-QCxW7VzCrE",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "fl757pDYJTMzbW0Vg_Qh3L9kfThCnCwnniO5bPfVL0PX1W_Kmj_G5HOeCWcr0GZq",
"y": "moRQSUo5C95n_W5H79i_HWYAIcpmX9Iq2OcuBRe4R9pXmW_p1_dbz7YKSXbJLpEo"
}
},
"encrypted_key": "fb6sCiAeFzPcfvHdIMKm051fkVioxgBKA6w3sIkw9t_mleCHe_bjFzK9_CfMA6E0aO8Y40WonGWYZ8oKIgRvItNWJsph6zr9"
},
{
"header": {
"alg": "ECDH-ES+XC20PKW",
"apu": "ZlcyRHFxR25SaFZHOXlKckN2TWZVRmJlR1RZRl9JWjJYQ1pPcGNvei1vSDJ2aVlERU54Wi1leGJ6c0l1bkoyNQ",
"apv": "MzVFMHlnMFRpblVTeW01YlE1Rm5VZ1dpcklyZks4MXAtUUN4VzdWekNyRQ",
"kid": "wnJRuK09BydTKCPX9DEsf2hxSB1uzHdHrjLTtsiPUZw",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "fW2DqqGnRhVG9yJrCvMfUFbeGTYF_IZ2XCZOpcoz-oH2viYDENxZ-exbzsIunJ25",
"y": "Pz-1Smflo-dAFZ0awotLqF0Qh5iurbbgcCJpN5ZnrrvBlnxiKuAD6o4ytxMS17f1"
}
},
"encrypted_key": "gGqdDnlCuymQYRwIIHU0Cv4BxUYpby8cjohgbfNc-3kilzLIXN0x53amLz6sxuFvvGjPMv7BykQfoQPZgXj5B5rN--3StojC"
},
{
"header": {
"alg": "ECDH-ES+XC20PKW",
"apu": "MTY0dUFMYXVkNmFLR29EMjF0NHd2dGN3QjRxUGNNRFlid3JWemVvY055Q05RelV1NlRTSVFEcExiT3pmMjJIeQ",
"apv": "MzVFMHlnMFRpblVTeW01YlE1Rm5VZ1dpcklyZks4MXAtUUN4VzdWekNyRQ",
"kid": "j9ZMlUQX9m9t8_6RmshAfMwHTIOE9_0Mv5bd5bQ4nKw",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "164uALaud6aKGoD21t4wvtcwB4qPcMDYbwrVzeocNyCNQzUu6TSIQDpLbOzf22Hy",
"y": "SmS8y6E1V87EkDIQfZVJGdyWPRR5gSQXIhNKUF4vDB1OYcMtG4AGFhHlMVNjCipa"
}
},
"encrypted_key": "ADkTont7J6MvkqtejyCZroaLhzBq6ehDlNJyiIsoV2L-vKOYWPfW2eyhk9_Q_Kc2mdfhsJeZ6S4YN2O1OVSvnGqho3zwKE_z"
}
],
"aad": "kOd8LfamiqCqZa4kZJPR0M3k11OjHo1dQgdgaI2HreU",
"iv": "lhR0KWdWpo2TeiHgABGNLMYwGXmykQQX",
"ciphertext": "LMVb7K1-YqLUS9JtE0s",
"tag": "7UkWuQPffiWZIwS4sUc1Hg"
}
- Recipient 1 key JWK format:
{
"kty": "EC",
"crv": "P-521",
"x": "AIlOiZCrQMU83IOpoiMva75L_OqljXVakEJSjwAl5RaLmaNBZg-TXa0VKlAKTijGZAu_5gS_ZF82LRWDiltUHmX8",
"y": "AFXxgSPOlCNnHtRQE7JmngrT5jgc5kHhMJE82wvMYlyrUdB1kgjN8zJDKkMDJ_dw1U2bEKXmcoCepN654HqmCeNJ",
"d": "ASUBEC_crwIW50ke7p7EBjM0jnA3X7ziwT92TIVgHqTyFkEHKwuP_xbUSePfkhAgcEF2KHz48EgZJuDM6v4L2NXT"
}
- Recipient 1 kid (jwk thumbprint raw base64 URL encoded):
fr_FYdKBgF_lo1UzC133Tw382LhNDRk6TqwWUwYiytQ
- Recipient 2 key JWK format:
{
"kty": "EC",
"crv": "P-521",
"x": "AT71NCmSChOaf38XudcZFpb7eS6GS3rRgjIeXC5AWm9uqjgk3XloPINvlOkATR9syfonjONi4dvgu6ED0gDKyni2",
"y": "AB6EuKG0Z5mnkw_Kk08EW1igFDoZ8tUzs67AoRrLM_CqufmehumGUBAAgPPyQ43HdZQRKn6UYaRn77JZ0kcUE8ZD",
"d": "AMYS0X7aTtbFL8gcSH8h0AkH1kfgJxqe-vyahUoijuM3WtKp0z7C0j-kT717p8xV4NEnIrP7IP9ewCdh21TwCfdJ"
}
- Recipient 2 kid (jwk thumbprint raw base64 URL encoded):
z70hxN-69UU6IBsqxWMsKa5LqSnCGhd0BKMihYIeHYM
- Recipient 3 key JWK format:
{
"kty": "EC",
"crv": "P-521",
"x": "AcRZHKNmVZlxrKIcBsX-Z8KaGCJfPirBqOBWDylsVJCwvjEEMfJFS2GZtPwfQI5P561XAxjtb0ARPtucoyh5n4_Q",
"y": "AaU8wdiQUItNWJnDrgMK84HhyloKQyXWEYZoDEjppL4kXvIV4CUhfYkTXnTWACUgnVG1uXdycmJ-XhgqPGfezQVb",
"d": "AKfdXHWLY7WqaVVVLFBRyU7fd3EpfiQJW83IkuCk4tJ51PIO6Jzq17H0RI9XjK1YThz-cV1ZBXw9Q7ezDFusgL3k"
}
- Recipient 3 kid (jwk thumbprint raw, no padding, base64 URL encoded):
bU2CyYAuV1kJtU8vTE27PaOh20yTgKBSThtjrYHedf8
- List of kids used for AAD for the above recipients (sorted
kid
values joined with.
):bU2CyYAuV1kJtU8vTE27PaOh20yTgKBSThtjrYHedf8.fr_FYdKBgF_lo1UzC133Tw382LhNDRk6TqwWUwYiytQ.z70hxN-69UU6IBsqxWMsKa5LqSnCGhd0BKMihYIeHYM
- Resulting AAD value (sha256 of above list raw, no padding, base64 URL encoded):
gyaNc9X50RymOfupxfij36JjhkUG4SEiI4P8LQ0JCvI
- JWE (pretty printed for readability):
{
"protected": "eyJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJYQzIwUCIsInR5cCI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tZW5jcnlwdGVkK2pzb24ifQ",
"recipients": [
{
"header": {
"alg": "ECDH-ES+XC20PKW",
"apu": "QVdYTV9BOVF2WUZnUFYwMTRmUzk5LUNvX2dyS3BTZi1xbTJmeDdYRFpzekJrT2V3ZHlOSUp5S1gteFdQUUM1RWcwc0gtR0VnTGNWNXNRZThrNktuQWZYeA",
"apv": "ZnJfRllkS0JnRl9sbzFVekMxMzNUdzM4MkxoTkRSazZUcXdXVXdZaXl0UQ",
"kid": "fr_FYdKBgF_lo1UzC133Tw382LhNDRk6TqwWUwYiytQ",
"epk": {
"kty": "EC",
"crv": "P-521",
"x": "AWXM_A9QvYFgPV014fS99-Co_grKpSf-qm2fx7XDZszBkOewdyNIJyKX-xWPQC5Eg0sH-GEgLcV5sQe8k6KnAfXx",
"y": "ANlcV5mvTqpzGF8loKsBjC_UFkfg260SFwrabuTBn_4oi1l5wKx7yootfvqrgGG1ivbuMIZ4NndJsbreyUywddQS"
}
},
"encrypted_key": "SkZaMkjfoo-0PPQvWXottqV3dwOhcY7rCDckVkPRlxbj8jb_m4veIu-nx8jnkJMLUVqguKD_JhZ78MRAEikPg-gARUKyVRKV"
},
{
"header": {
"alg": "ECDH-ES+XC20PKW",
"apu": "SElkUWNuaGluTUhhaEw1eDNsUGYxZWlrbW13NUFxNE9SSUpwTFhiQVV4NVJZbjF2dFVSeld4UHc0aU9nY1FOWjJCbEZVU21Md0FaUmhvdlFfb2J1MmZr",
"apv": "ZnJfRllkS0JnRl9sbzFVekMxMzNUdzM4MkxoTkRSazZUcXdXVXdZaXl0UQ",
"kid": "z70hxN-69UU6IBsqxWMsKa5LqSnCGhd0BKMihYIeHYM",
"epk": {
"kty": "EC",
"crv": "P-521",
"x": "AByHUHJ4YpzB2oS-cd5T39XopJpsOQKuDkSCaS12wFMeUWJ9b7VEc1sT8OIjoHEDWdgZRVEpi8AGUYaL0P6G7tn5",
"y": "AFbfZdEiMwMy4rN0hzMl3XQgBpE98gE8A37bLLLZi-wAbyuNBhhGCWjxc2XSCRTn9IxBSV72Q8lttaIPWTRGsJPZ"
}
},
"encrypted_key": "qgNULlqzY68vVzd07nuuuCSqDewr1mu45xhzCFriEdYNvoFmGl_elZua6r0gyknDsskbLOM_zAhg86Ieafn87YT-jOKZWXvB"
},
{
"header": {
"alg": "ECDH-ES+XC20PKW",
"apu": "QWNJU1U1bVJwemJrYUs5TUs0ZVNHWXFBNFo5TFVwOF8yNHkwUnhmazExby1GazNvazZCUzk2X3REeWlfM0Y0bDhDU3VyanA3bUxhMGp4YVJ6M1NZbDRRMw",
"apv": "ZnJfRllkS0JnRl9sbzFVekMxMzNUdzM4MkxoTkRSazZUcXdXVXdZaXl0UQ",
"kid": "bU2CyYAuV1kJtU8vTE27PaOh20yTgKBSThtjrYHedf8",
"epk": {
"kty": "EC",
"crv": "P-521",
"x": "AcISU5mRpzbkaK9MK4eSGYqA4Z9LUp8_24y0Rxfk11o-Fk3ok6BS96_tDyi_3F4l8CSurjp7mLa0jxaRz3SYl4Q3",
"y": "AYfx95SYdTrF5-FFJ6DX8YIQ3-kI3zA2huvwAoE5on4tczuZtRDxAnXocVXwydU_hYFICv4F1_U2wf2MZxu5EjgO"
}
},
"encrypted_key": "N38f1rvfk00bHCRbAkMajaCmwIM6C96QNs5ck5i6EhoyONADKitu1E7FpMtwA7IBkLZXSPAz_2RRQg_yp494uh5unNgeIAsm"
}
],
"aad": "gyaNc9X50RymOfupxfij36JjhkUG4SEiI4P8LQ0JCvI",
"iv": "y3t1nlPy-e5KlPZmhH6yvXweEnB50cW9",
"ciphertext": "twYiHmEUk1QZw-XbLbY",
"tag": "WsYbX9YDCcIAorqBbS2X_w"
}
- Recipient 1 key JWK format:
{
"kty": "OKP",
"crv": "X25519",
"x": "h5iIEBNlEHEhCgYLXAOXOofqYEA9Jo0Q1NUggjdwrVw",
"d": "oEGk3DVSpzrZR6mcUF0EXmijrATej7xnPdlcPJDz53M"
}
- Recipient 1 kid (jwk thumbprint raw base64 URL encoded):
S-qQ_rRIsrscxdmzuplVLW5bqoxj08KO6BBkLZAxh-E
- Recipient 2 key JWK format:
{
"kty": "OKP",
"crv": "X25519",
"x": "xawtbSFE5QYe7KDcYRBlnyozY9uPTzlRQ3gClzHzt2Q",
"d": "yC7gzjKFdFwsCA4x7QL0S-eRhI2H966MjTdNA8IrMFw"
}
- Recipient 2 kid (jwk thumbprint raw base64 URL encoded):
m8EQ2XejsBRZ8sieSLapsS4-tO9ZQNjjxtjL6DOhP64
- Recipient 3 key JWK format:
{
"kty": "OKP",
"crv": "X25519",
"x": "cvxZ6JaCIfmrTXiyHYNyqmxRSsUF8TEabuWOcZdgLT0",
"d": "IM-XG4jc_Zyd5yWdv1i7vruFK4X2LzNTRicHvPZNznU"
}
- Recipient 3 kid (jwk thumbprint raw, no padding, base64 URL encoded):
oz3AtqUGnNpsT6OugQksyvY52HI36kCBtXqLE4joP3M
- List of kids used for AAD for the above recipients (sorted
kid
values joined with.
):S-qQ_rRIsrscxdmzuplVLW5bqoxj08KO6BBkLZAxh-E.m8EQ2XejsBRZ8sieSLapsS4-tO9ZQNjjxtjL6DOhP64.oz3AtqUGnNpsT6OugQksyvY52HI36kCBtXqLE4joP3M
- Resulting AAD value (sha256 of above list raw, no padding, base64 URL encoded):
Iri2F6uTNldPiiJNYNrlVb_Nt_c2XlPVdDKfmlnkBn4
- JWE (pretty printed for readability):
{
"protected": "eyJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJYQzIwUCIsInR5cCI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tZW5jcnlwdGVkK2pzb24ifQ",
"recipients": [
{
"header": {
"alg": "ECDH-ES+XC20PKW",
"apu": "eE9ZYmZrX0VLbmJaQmRoU1lPclI3NFVWWmlqZFU3LWg3ZF9aTkJ4VW1rMA",
"apv": "Uy1xUV9yUklzcnNjeGRtenVwbFZMVzVicW94ajA4S082QkJrTFpBeGgtRQ",
"kid": "S-qQ_rRIsrscxdmzuplVLW5bqoxj08KO6BBkLZAxh-E",
"epk": {
"kty": "OKP",
"crv": "X25519",
"x": "xOYbfk_EKnbZBdhSYOrR74UVZijdU7-h7d_ZNBxUmk0"
}
},
"encrypted_key": "gPbf9-YZLPoEoKmaU70H8O9fsKiPy8rNiNuAvKog4AhGfy1axF4LuMdAZgO4EixyS4WC9V6JnfaYxmt3tFiCx80YXZrVlTBO"
},
{
"header": {
"alg": "ECDH-ES+XC20PKW",
"apu": "eU9MMUM0blZzTzRTa1ROWDVRTlVCVl9iVmhJeVd1ZGdKOTlkRWdURDl5cw",
"apv": "Uy1xUV9yUklzcnNjeGRtenVwbFZMVzVicW94ajA4S082QkJrTFpBeGgtRQ",
"kid": "m8EQ2XejsBRZ8sieSLapsS4-tO9ZQNjjxtjL6DOhP64",
"epk": {
"kty": "OKP",
"crv": "X25519",
"x": "yOL1C4nVsO4SkTNX5QNUBV_bVhIyWudgJ99dEgTD9ys"
}
},
"encrypted_key": "dsWHHkRbT9BWdgBl5MAUgNTenqiEjR4Z2cgaOLaraCDezRb051Z_muMo70-yJx1O9YDwLHq2V87dKQJX-byYtBeIR-5BubLm"
},
{
"header": {
"alg": "ECDH-ES+XC20PKW",
"apu": "RkdtN2t4aGJFNGVBLWJpM1l2WTZPNVBCd2YtTlhEZ29YaWwzS19zLW5tSQ",
"apv": "Uy1xUV9yUklzcnNjeGRtenVwbFZMVzVicW94ajA4S082QkJrTFpBeGgtRQ",
"kid": "oz3AtqUGnNpsT6OugQksyvY52HI36kCBtXqLE4joP3M",
"epk": {
"kty": "OKP",
"crv": "X25519",
"x": "FGm7kxhbE4eA-bi3YvY6O5PBwf-NXDgoXil3K_s-nmI"
}
},
"encrypted_key": "sEygr10dbgwHRy8-ktu8jLcACTKD1g7LfEkUSV_mAZNr1P06RhijZTRq47xesJuPWF8lfkAsK-UETLJ92KGRmbgCdSHQQwaG"
}
],
"aad": "Iri2F6uTNldPiiJNYNrlVb_Nt_c2XlPVdDKfmlnkBn4",
"iv": "MWxpdCQBhVoiskZF7QD3bLzgI-iBEE3O",
"ciphertext": "FtAX4yKH2a2dZqM6Zdk",
"tag": "lR8OsOJieRydzSvI-qpy5w"
}
Packing a message with 1 recipient using the Flattened JWE JSON serialization and the Compact JWE serialization formats as mentioned in the notes above.
- Single Recipient key JWK format:
{
"kty": "EC",
"crv": "P-256",
"x": "kdAHozUe6HOhNC9_jsOI60FuHa64zHSwcZa0l22rXX4",
"y": "Sj3iIz_HimnXgLRWU-x_gXjVyF2R0rh6OhuD3gzhUMw",
"d": "NTV27xYkYkwDNYePKHlh6CIYHunx-6rn80cSATOI7rI"
}
- Single Recipient kid (jwk thumbprint raw base64 URL encoded):
Ivxk0K5tz7csR7MDXllXWd7YJTQF4pS8IHHkIdepgpk
- Finally, packing the payload outputs the following flattened serialized JWE JSON:
{
"protected": "eyJhbGciOiJFQ0RILUVTK1hDMjBQS1ciLCJhcHUiOiJUWEl4TnpCM2JqSTJXa00wY0Y5SFVDMTBNazlyVFd0ZmExOVJVRkYxY1hObk5IUlFNV0pMU0hCdk1BIiwiYXB2IjoiU1haNGF6QkxOWFI2TjJOelVqZE5SRmhzYkZoWFpEZFpTbFJSUmpSd1V6aEpTRWhyU1dSbGNHZHdhdyIsImN0eSI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tcGxhaW4ranNvbiIsImVuYyI6IlhDMjBQIiwiZXBrIjp7ImNydiI6IlAtMjU2Iiwia3R5IjoiRUMiLCJ4IjoiTXIxNzB3bjI2WkM0cF9HUC10Mk9rTWtfa19RUFF1cXNnNHRQMWJLSHBvMCIsInkiOiJ1MUMydEJuYlFwUS1YTWx0SHRFdWNJaFVod1FCeDBCbklLZFlkN3FLRVFFIn0sImtpZCI6Ikl2eGswSzV0ejdjc1I3TURYbGxYV2Q3WUpUUUY0cFM4SUhIa0lkZXBncGsiLCJ0eXAiOiJhcHBsaWNhdGlvbi9kaWRjb21tLWVuY3J5cHRlZCtqc29uIn0",
"encrypted_key": "1k4IQgN6LIiV8mnNWUI2OyNXLRHvg75qZIyHf6_wtrBIYZlic1coUL3lekvesQpmLb1A9vip-pKi0yDKZOQIMtQS3TJ81EJJ",
"iv": "6Qky6FL-Uzpi5nvaZHobo3_8xqv-LF4h",
"ciphertext": "mqQ6nsR76RMLvNLkJgU",
"tag": "5S99fa_S2c4XsVrzM2rPDw"
}
- The compact serialization of this envelope is:
eyJhbGciOiJFQ0RILUVTK1hDMjBQS1ciLCJhcHUiOiJUWEl4TnpCM2JqSTJXa00wY0Y5SFVDMTBNazlyVFd0ZmExOVJVRkYxY1hObk5IUlFNV0pMU0hCdk1BIiwiYXB2IjoiU1haNGF6QkxOWFI2TjJOelVqZE5SRmhzYkZoWFpEZFpTbFJSUmpSd1V6aEpTRWhyU1dSbGNHZHdhdyIsImN0eSI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tcGxhaW4ranNvbiIsImVuYyI6IlhDMjBQIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiTXIxNzB3bjI2WkM0cF9HUC10Mk9rTWtfa19RUFF1cXNnNHRQMWJLSHBvMCIsInkiOiJ1MUMydEJuYlFwUS1YTWx0SHRFdWNJaFVod1FCeDBCbklLZFlkN3FLRVFFIn0sImtpZCI6Ikl2eGswSzV0ejdjc1I3TURYbGxYV2Q3WUpUUUY0cFM4SUhIa0lkZXBncGsiLCJ0eXAiOiJhcHBsaWNhdGlvbi9kaWRjb21tLWVuY3J5cHRlZCtqc29uIn0.1k4IQgN6LIiV8mnNWUI2OyNXLRHvg75qZIyHf6_wtrBIYZlic1coUL3lekvesQpmLb1A9vip-pKi0yDKZOQIMtQS3TJ81EJJ.6Qky6FL-Uzpi5nvaZHobo3_8xqv-LF4h.mqQ6nsR76RMLvNLkJgU.5S99fa_S2c4XsVrzM2rPDw
- The single recipient's headers are merged into the
protected
header, which base64 URL decoded equals to (pretty printed for readability):
{
"alg": "ECDH-ES+XC20PKW",
"apu": "TXIxNzB3bjI2WkM0cF9HUC10Mk9rTWtfa19RUFF1cXNnNHRQMWJLSHBvMA",
"apv": "SXZ4azBLNXR6N2NzUjdNRFhsbFhXZDdZSlRRRjRwUzhJSEhrSWRlcGdwaw",
"cty": "application/didcomm-plain+json",
"enc": "XC20P",
"epk": {
"kty": "EC",
"crv": "P-256",
"x": "Mr170wn26ZC4p_GP-t2OkMk_k_QPQuqsg4tP1bKHpo0",
"y": "u1C2tBnbQpQ-XMltHtEucIhUhwQBx0BnIKdYd7qKEQE"
},
"kid": "Ivxk0K5tz7csR7MDXllXWd7YJTQF4pS8IHHkIdepgpk",
"typ": "application/didcomm-encrypted+json"
}
- Single Recipient key JWK format:
{
"kty": "EC",
"crv": "P-384",
"x": "5aCpGZXwubdOSedZl1wc5PHB175a990-bRo2QKzju6uyeXD6hBKcB6vUijQRILMr",
"y": "TeUA_qsYU8YmbHPA58QJuAJiUe0BEbi8Vuq88ZEWLudhJa4Dp5mBKuFEeJQcOQCa",
"d": "wTv7Yh4bZAfCfmz0qL_lKJNlMRYuXjWzE63p7y3mZW8DRtN5LgOE25QKO9v0xgKN"
}
- Single Recipient kid (jwk thumbprint raw base64 URL encoded):
35E0yg0TinUSym5bQ5FnUgWirIrfK81p-QCxW7VzCrE
- Finally, packing the payload outputs the following flattened serialized JWE JSON:
{
"protected": "eyJhbGciOiJFQ0RILUVTK1hDMjBQS1ciLCJhcHUiOiJkbkJCYkVKc1pXUXlWM0YzTUY5VVNYTk1iM1JLVmpBek4ydzNOMmxDYzA5Mk0xRnhiSEZSVWxaSGNHeGZkRWR2UVc5VFNXRnpVR0kwY0RjeGFIVTBiUSIsImFwdiI6Ik16VkZNSGxuTUZScGJsVlRlVzAxWWxFMVJtNVZaMWRwY2tseVprczRNWEF0VVVONFZ6ZFdla055UlEiLCJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJYQzIwUCIsImVwayI6eyJjcnYiOiJQLTM4NCIsImt0eSI6IkVDIiwieCI6InZwQWxCbGVkMldxdzBfVElzTG90SlYwMzdsNzdpQnNPdjNRcWxxUVJWR3BsX3RHb0FvU0lhc1BiNHA3MWh1NG0iLCJ5IjoiU0Y3VEJDVnB5dTUwQ21vMzY0TWsyS2VyWGVwYnlYSklXZF8yTHNYMnNDMENWTkV1aFVJUHhFMmQtVjFVS1hwciJ9LCJraWQiOiIzNUUweWcwVGluVVN5bTViUTVGblVnV2lySXJmSzgxcC1RQ3hXN1Z6Q3JFIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiJ9",
"encrypted_key": "y7jUbtMzOyerWyPhTgTutFH0r18Ug6uF3FYdTCyp2V-PacHeR8OTsNEh7dEOQk9o5P9mXvcGvfGr2xFNtoBw561TPv_Iw2ZK",
"iv": "DOEADxox8cUL0jQ_H4hP67ymgscn8nQc",
"ciphertext": "hSjiRkcMflJJK18cuXU",
"tag": "SHN2rmcofMmnSqQ8htiCcQ"
}
- The compact serialization of this envelope is:
eyJhbGciOiJFQ0RILUVTK1hDMjBQS1ciLCJhcHUiOiJkbkJCYkVKc1pXUXlWM0YzTUY5VVNYTk1iM1JLVmpBek4ydzNOMmxDYzA5Mk0xRnhiSEZSVWxaSGNHeGZkRWR2UVc5VFNXRnpVR0kwY0RjeGFIVTBiUSIsImFwdiI6Ik16VkZNSGxuTUZScGJsVlRlVzAxWWxFMVJtNVZaMWRwY2tseVprczRNWEF0VVVONFZ6ZFdla055UlEiLCJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJYQzIwUCIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMzg0IiwieCI6InZwQWxCbGVkMldxdzBfVElzTG90SlYwMzdsNzdpQnNPdjNRcWxxUVJWR3BsX3RHb0FvU0lhc1BiNHA3MWh1NG0iLCJ5IjoiU0Y3VEJDVnB5dTUwQ21vMzY0TWsyS2VyWGVwYnlYSklXZF8yTHNYMnNDMENWTkV1aFVJUHhFMmQtVjFVS1hwciJ9LCJraWQiOiIzNUUweWcwVGluVVN5bTViUTVGblVnV2lySXJmSzgxcC1RQ3hXN1Z6Q3JFIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiJ9.y7jUbtMzOyerWyPhTgTutFH0r18Ug6uF3FYdTCyp2V-PacHeR8OTsNEh7dEOQk9o5P9mXvcGvfGr2xFNtoBw561TPv_Iw2ZK.DOEADxox8cUL0jQ_H4hP67ymgscn8nQc.hSjiRkcMflJJK18cuXU.SHN2rmcofMmnSqQ8htiCcQ
- The single recipient's headers are merged into the
protected
header, which base64 URL decoded equals to (pretty printed for readability):
{
"alg": "ECDH-ES+XC20PKW",
"apu": "dnBBbEJsZWQyV3F3MF9USXNMb3RKVjAzN2w3N2lCc092M1FxbHFRUlZHcGxfdEdvQW9TSWFzUGI0cDcxaHU0bQ",
"apv": "MzVFMHlnMFRpblVTeW01YlE1Rm5VZ1dpcklyZks4MXAtUUN4VzdWekNyRQ",
"cty": "application/didcomm-plain+json",
"enc": "XC20P",
"epk": {
"kty": "EC",
"crv": "P-384",
"x": "vpAlBled2Wqw0_TIsLotJV037l77iBsOv3QqlqQRVGpl_tGoAoSIasPb4p71hu4m",
"y": "SF7TBCVpyu50Cmo364Mk2KerXepbyXJIWd_2LsX2sC0CVNEuhUIPxE2d-V1UKXpr"
},
"kid": "35E0yg0TinUSym5bQ5FnUgWirIrfK81p-QCxW7VzCrE",
"typ": "application/didcomm-encrypted+json"
}
- Single Recipient key JWK format:
{
"kty": "EC",
"crv": "P-521",
"x": "AIlOiZCrQMU83IOpoiMva75L_OqljXVakEJSjwAl5RaLmaNBZg-TXa0VKlAKTijGZAu_5gS_ZF82LRWDiltUHmX8",
"y": "AFXxgSPOlCNnHtRQE7JmngrT5jgc5kHhMJE82wvMYlyrUdB1kgjN8zJDKkMDJ_dw1U2bEKXmcoCepN654HqmCeNJ",
"d": "ASUBEC_crwIW50ke7p7EBjM0jnA3X7ziwT92TIVgHqTyFkEHKwuP_xbUSePfkhAgcEF2KHz48EgZJuDM6v4L2NXT"
}
- Single Recipient kid (jwk thumbprint raw base64 URL encoded):
fr_FYdKBgF_lo1UzC133Tw382LhNDRk6TqwWUwYiytQ
- Finally, packing the payload outputs the following flattened serialized JWE JSON:
{
"protected": "eyJhbGciOiJFQ0RILUVTK1hDMjBQS1ciLCJhcHUiOiJOa3hhTFd0bGNtczNTWEYzV1hCeE5FOUpYemt0U2tGSGEyMVZUVEl0ZDB0a1VtUlhUV1JxY2sxNlV6ZDVRelpuVTFnMFdHOVJWM0ZRZEdWRE1UTjVTWGxXY2tKVGNuWlJOWGhSZGtVNFVEQllOVTA1UW1GQiIsImFwdiI6IlpuSmZSbGxrUzBKblJsOXNiekZWZWtNeE16TlVkek00TWt4b1RrUlNhelpVY1hkWFZYZFphWGwwVVEiLCJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJYQzIwUCIsImVwayI6eyJjcnYiOiJQLTUyMSIsImt0eSI6IkVDIiwieCI6IkFPaTJmcEhxNU95S3NHS2F1RGlQX2ZpUUJwSmxETnZzQ25VWFZqSFk2ek0wdThndW9FbC1GNkVGcWo3WGd0ZDhpTWxhd1VxNzBPY1VMeFBEOUYtVFBRV2ciLCJ5IjoiQUVDX1VwU2poQzZlYnplSlBUc0JSb1YwNG9GdzZleDFRRzVpQW1OMm9hWVA3RVAtbU1YcEJRc2R3SEsyVFhpb1d5Q3ozZEU4d0JLUmZkcHFEaHdrRzFSaiJ9LCJraWQiOiJmcl9GWWRLQmdGX2xvMVV6QzEzM1R3MzgyTGhORFJrNlRxd1dVd1lpeXRRIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiJ9",
"encrypted_key": "bsghnB_jpcD8E7k1Q2lEizymrCDatLiMH5w9MmWtP6PkpQuonoXXoLk0T-qmC3hK7pEBHdji9YKxPT2NQ-2x7F1Tzf-juieh",
"iv": "SFKS4kMCTfU0tjUfn0YGh79rSWX9RGkP",
"ciphertext": "Fg9hiOjUvP3WU5c0tco",
"tag": "QJ2jlC_o-UiUvpFo7OF0Ew"
}
- The compact serialization of this envelope is:
eyJhbGciOiJFQ0RILUVTK1hDMjBQS1ciLCJhcHUiOiJOa3hhTFd0bGNtczNTWEYzV1hCeE5FOUpYemt0U2tGSGEyMVZUVEl0ZDB0a1VtUlhUV1JxY2sxNlV6ZDVRelpuVTFnMFdHOVJWM0ZRZEdWRE1UTjVTWGxXY2tKVGNuWlJOWGhSZGtVNFVEQllOVTA1UW1GQiIsImFwdiI6IlpuSmZSbGxrUzBKblJsOXNiekZWZWtNeE16TlVkek00TWt4b1RrUlNhelpVY1hkWFZYZFphWGwwVVEiLCJjdHkiOiJhcHBsaWNhdGlvbi9kaWRjb21tLXBsYWluK2pzb24iLCJlbmMiOiJYQzIwUCIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtNTIxIiwieCI6IkFPaTJmcEhxNU95S3NHS2F1RGlQX2ZpUUJwSmxETnZzQ25VWFZqSFk2ek0wdThndW9FbC1GNkVGcWo3WGd0ZDhpTWxhd1VxNzBPY1VMeFBEOUYtVFBRV2ciLCJ5IjoiQUVDX1VwU2poQzZlYnplSlBUc0JSb1YwNG9GdzZleDFRRzVpQW1OMm9hWVA3RVAtbU1YcEJRc2R3SEsyVFhpb1d5Q3ozZEU4d0JLUmZkcHFEaHdrRzFSaiJ9LCJraWQiOiJmcl9GWWRLQmdGX2xvMVV6QzEzM1R3MzgyTGhORFJrNlRxd1dVd1lpeXRRIiwidHlwIjoiYXBwbGljYXRpb24vZGlkY29tbS1lbmNyeXB0ZWQranNvbiJ9.bsghnB_jpcD8E7k1Q2lEizymrCDatLiMH5w9MmWtP6PkpQuonoXXoLk0T-qmC3hK7pEBHdji9YKxPT2NQ-2x7F1Tzf-juieh.SFKS4kMCTfU0tjUfn0YGh79rSWX9RGkP.Fg9hiOjUvP3WU5c0tco.QJ2jlC_o-UiUvpFo7OF0Ew
- The single recipient's headers are merged into the
protected
header, which base64 URL decoded equals to (pretty printed for readability):
{
"alg": "ECDH-ES+XC20PKW",
"apu": "NkxaLWtlcms3SXF3WXBxNE9JXzktSkFHa21VTTItd0tkUmRXTWRqck16Uzd5QzZnU1g0WG9RV3FQdGVDMTN5SXlWckJTcnZRNXhRdkU4UDBYNU05QmFB",
"apv": "ZnJfRllkS0JnRl9sbzFVekMxMzNUdzM4MkxoTkRSazZUcXdXVXdZaXl0UQ",
"cty": "application/didcomm-plain+json",
"enc": "XC20P",
"epk": {
"kty": "EC",
"crv": "P-521",
"x": "AOi2fpHq5OyKsGKauDiP_fiQBpJlDNvsCnUXVjHY6zM0u8guoEl-F6EFqj7Xgtd8iMlawUq70OcULxPD9F-TPQWg",
"y": "AEC_UpSjhC6ebzeJPTsBRoV04oFw6ex1QG5iAmN2oaYP7EP-mMXpBQsdwHK2TXioWyCz3dE8wBKRfdpqDhwkG1Rj"
},
"kid": "fr_FYdKBgF_lo1UzC133Tw382LhNDRk6TqwWUwYiytQ",
"typ": "application/didcomm-encrypted+json"
}
- Single Recipient key JWK format:
{
"kty": "OKP",
"crv": "X25519",
"x": "h5iIEBNlEHEhCgYLXAOXOofqYEA9Jo0Q1NUggjdwrVw",
"d": "oEGk3DVSpzrZR6mcUF0EXmijrATej7xnPdlcPJDz53M"
}
- Single Recipient kid (jwk thumbprint raw base64 URL encoded):
S-qQ_rRIsrscxdmzuplVLW5bqoxj08KO6BBkLZAxh-E
- Finally, packing the payload outputs the following flattened serialized JWE JSON:
{
"protected": "eyJhbGciOiJFQ0RILUVTK1hDMjBQS1ciLCJhcHUiOiJjR1JKV1dNMlNVRm9SMnN3Unpsd1VHOUxPR1ZpYWtzM1QzbEpWMDlTV25oSVdsQm9hRmhWTWxoR1RRIiwiYXB2IjoiVXkxeFVWOXlVa2x6Y25OamVHUnRlblZ3YkZaTVZ6VmljVzk0YWpBNFMwODJRa0pyVEZwQmVHZ3RSUSIsImN0eSI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tcGxhaW4ranNvbiIsImVuYyI6IlhDMjBQIiwiZXBrIjp7ImNydiI6IlgyNTUxOSIsImt0eSI6Ik9LUCIsIngiOiJwZElZYzZJQWhHazBHOXBQb0s4ZWJqSzdPeUlXT1JaeEhaUGhoWFUyWEZNIn0sImtpZCI6IlMtcVFfclJJc3JzY3hkbXp1cGxWTFc1YnFveGowOEtPNkJCa0xaQXhoLUUiLCJ0eXAiOiJhcHBsaWNhdGlvbi9kaWRjb21tLWVuY3J5cHRlZCtqc29uIn0",
"encrypted_key": "VmgHr9mZuwN1dxRqd0B9n2yE4ErM14Mhri5XpYL93UVT5ZLGkUPKMG1-hdvLDhCUUdfJg5ronQke1HnOKcLgEgEO2Uh-jNHY",
"iv": "M7A2POrqH_lcXV_fwYgYGp3any_9sKFt",
"ciphertext": "gPNQD52uPxlA2881Ct4",
"tag": "JHq2fnYwqUYc3hUgUWaMsw"
}
- The compact serialization of this envelope is:
eyJhbGciOiJFQ0RILUVTK1hDMjBQS1ciLCJhcHUiOiJjR1JKV1dNMlNVRm9SMnN3Unpsd1VHOUxPR1ZpYWtzM1QzbEpWMDlTV25oSVdsQm9hRmhWTWxoR1RRIiwiYXB2IjoiVXkxeFVWOXlVa2x6Y25OamVHUnRlblZ3YkZaTVZ6VmljVzk0YWpBNFMwODJRa0pyVEZwQmVHZ3RSUSIsImN0eSI6ImFwcGxpY2F0aW9uL2RpZGNvbW0tcGxhaW4ranNvbiIsImVuYyI6IlhDMjBQIiwiZXBrIjp7Imt0eSI6Ik9LUCIsImNydiI6IlgyNTUxOSIsIngiOiJwZElZYzZJQWhHazBHOXBQb0s4ZWJqSzdPeUlXT1JaeEhaUGhoWFUyWEZNIn0sImtpZCI6IlMtcVFfclJJc3JzY3hkbXp1cGxWTFc1YnFveGowOEtPNkJCa0xaQXhoLUUiLCJ0eXAiOiJhcHBsaWNhdGlvbi9kaWRjb21tLWVuY3J5cHRlZCtqc29uIn0.VmgHr9mZuwN1dxRqd0B9n2yE4ErM14Mhri5XpYL93UVT5ZLGkUPKMG1-hdvLDhCUUdfJg5ronQke1HnOKcLgEgEO2Uh-jNHY.M7A2POrqH_lcXV_fwYgYGp3any_9sKFt.gPNQD52uPxlA2881Ct4.JHq2fnYwqUYc3hUgUWaMsw
- The single recipient's headers are merged into the
protected
header, which base64 URL decoded equals to (pretty printed for readability):
{
"alg": "ECDH-ES+XC20PKW",
"apu": "cGRJWWM2SUFoR2swRzlwUG9LOGViaks3T3lJV09SWnhIWlBoaFhVMlhGTQ",
"apv": "Uy1xUV9yUklzcnNjeGRtenVwbFZMVzVicW94ajA4S082QkJrTFpBeGgtRQ",
"cty": "application/didcomm-plain+json",
"enc": "XC20P",
"epk": {
"kty": "OKP",
"crv": "X25519",
"x": "pdIYc6IAhGk0G9pPoK8ebjK7OyIWORZxHZPhhXU2XFM"
},
"kid": "S-qQ_rRIsrscxdmzuplVLW5bqoxj08KO6BBkLZAxh-E",
"typ": "application/didcomm-encrypted+json"
}