> > If you have JOSE EC2 or OKP key for encryption use, you can flag it with > "use":"enc", and it still works for single and multiple recipients — but > not for wrong things like signatures.
I don't understand what the point here is or what you're trying to say. Key representation has nothing to do with General JWE JSON syntax and its use (i.e. multiple recipient JWEs). Can you try and explain your concern in different terms? But if you have AKP encryption key for some DKA, it is impossible to > make it work for multiple recipients. If I have *any* key designated for *any* DKA usable with its key type it automatically rules out multiple recipients in a single General JWE JSON since each recipient's DKA will result in a different CEK and a General JWE has exactly one ciphertext. S pozdravem, *Filip Skokan* On Thu, 3 Jul 2025 at 18:57, Ilari Liusvaara <[email protected]> wrote: > On Thu, Jul 03, 2025 at 06:26:22PM +0200, Filip Skokan wrote: > > > > > > However, that is optional to do, and one can use "use":"enc" in JOSE > > > (don't use key_ops, it is FUBAR), which does pretty much the right > thing > > > with ECDH keys. But alg is not optional with AKP. > > > > > > What is optional to do? The key representation plays no role in whether a > > given key or its algorithm can be used for a single or multiple > recipients. > > If you have JOSE EC2 or OKP key for encryption use, you can flag it with > "use":"enc", and it still works for single and multiple recipients — but > not for wrong things like signatures. > > But if you have AKP encryption key for some DKA, it is impossible to > make it work for multiple recipients. > > > > > -Ilari > > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
