Security
The following contents describe how to generate JWT (JSON Web Token).
It follows RFC 7519 specification. For more details, refer to 'https://jwt.io'
Card Data Token
For secure data inter-communication, the token must be encrypted and signed using security factors.
See a chapter Security factors for details.
JWT Details
JWE Format
[JWE Header]
| JWE Header | Requirement | Description |
|---|---|---|
| alg | Mandatory | Cryptographic algorithm used to encrypt the Content Encryption Key (CEK). e.g., RSA1_5 |
| enc | Mandatory | Content encryption algorithm used to perform authenticated encryption on the plaintext to produce the ciphertext. |
[JWE Payload]
| JWE Payload | Requirement | Description |
|---|---|---|
| encrypted_key | Mandatory | Contains the BASE64URL (JWE Encrypted Key) value. The Content Encryption Key is encrypted with the Public Key. |
| iv | Mandatory | Contains the BASE64URL (JWE Initialization Vector) value. Initialization vector used in the encryption algorithm. |
| ciphertext | Mandatory | Ciphertext value resulting from authenticated encryption of the ‘cdata’ object, which is encrypted using ‘encrypted_key’ and ‘iv’. |
| authentication tag | Mandatory | Contains the BASE64URL (JWE Authentication Tag) value, used for verifying the integrity of the ciphertext. |
[JWE Example]
BASE64URL (UTF8 (JWE Header)) + '.' +
BASE64URL (JWE encrypted_key) + '.' +
BASE64URL (JWE iv) + '.' +
BASE64URL (JWE ciphertext) + '.' +
BASE64URL (JWE authentication tag)
JWE Header
{"enc":"A128GCM","alg":"RSA1_5"}
JWE Payload: ciphertext
Refer to sheets on ‘Add to Wallet’ interfaces, and Attributes
Result
eyJraWQiOiJXTFQuUFVCS0VZIiwiZW5jIjoiQTEyOEdDTSIsImFsZyI6IlJTQTFfNSJ9.ABO_Ci81BtJ2d1a8TCgKfWBx9WpRI4TkhHZwmS8swct_2nNZHAsI_nKLmj3wnKM5gwaoUny14ZX_6EoZhJ6TdIicUQ-raIRs6woESu8XA2dT1sC5l17wu9WdsgOK4anJ0KIUNII4PLeR3d-4foX1Hx1fok9sIwWqqFql4vnqg3hE-i4J6cyWOYBphzNYBMKyyNkIqFczl6lbTTEhc4TDAOrPKWra3VMB0BBz5NyzF1axzFk-17tZ0GfhS82A7GL9REj1K5B10_2qfGmhTtfFVcyYTMKv3InMaHQ0b48L3SK1oPPmFCuqigYMVLUDbg_QWdnBl9eIlInOjjt8Ar2NUA.ZviyGHUSi5Fb2Rl2.gm5ivizrQQdR8NPK1N2qREyAI4MD-FISfWTBBBgEbhNhjMnu-c_o1YUYRvdhCm0Ki_rvcDNZKDLcP_g7shSkMRoYin3bI92qgtkFh2V4Y-kCuG2DvGV9UIV3oxaWvlIKfcNtmZiZj3ThV_FUE7JrNrbwf2XMVIwsQo5b0lmoUsKbHuHasqIlRE0RtC1fgn03qFE_E-B87vht5En2PnBYDJv-6_8g3aesSyodvHyzYaYonLxW_KWqiF-i5AUwFiIgK5LgVmUz9DSl6-QKgYiz5pl9nyydJjjpIlibtuaLYvzB1CH-gskwEUhiMl62ZR-Chz2Ado8Vn0SRoCcJHcaX6PBSP3x6FhyXHr65BJZAn4lMDfSsKN92bcFycLX8J_pgRLM4VUI_-Kx1lWpArkwRtYxmEbKMJ-2w8NUMRNnpGt2ERLo_hVtZ8Xh1kopvqjLdjdG_QqfU_OEWO3HvuNKGQeu3QhI6EyWvarb7OZsIsz-F95O7K-KQtJhfBWz_YrA2NxD2Bcgc9uA966_9uQ4oMBwA-8FccAWPxYYU4vZBz_ycV25j8GrdqHHTw6n9TKZy4Nu07jIT4cCoFVu5N_Gsyn1qoWD11-_lMk8aMF-L5dDipvrun7DEalJD8Me4NsAAkESLQfKz_sddSu0-05icfKm33qUQP6fzn5OcY6Dmn5kZBVQXZHgHCG_A_K1xQQlX_kuPL4JSAxCNCiUYPTDqbc0HxXwUiYrM3tCDe6piCymGCbPKC205NiylD-6eN43dI4yKC029YQx8rSLDOAA6RWvp-ZEHdKxyNyIlJA-_8Fw4iOqp6vK98AjZ5T-ajQDK1h6n_opt-ZCJkJZz-7r2x07BSa_5ng7iwamBRSv1deFxhIyV-EsCe1MEif-na_411hGpJA-GwCzp_wsSWlqra0RPDq208lY70XPPu4H_3EH_6q8cy5YhHnS93VfUO0NSQfNiKeR25zwNID39zoiyj_de9gZjaWXa3k0TPrPn5MfdpXVTD0-ro4oqI34ab62-rUBCdYdsmTGgIHZY3sHLGtyAfrBzHMPMDKAUOJ9BUIRaSqpnr4NaHfq_S1m1Uy5pEEQ3j0bOzmcc4UAsNQQnrreLqm8bKFQI41GgJRJm9UvkCR-PMFOnSHeOqjmce6ZKua1qTOEFXYcdFOejBjqDBcyCNoqGuGoDlqn2-3MkGGrpVQVYAolOMyKC_Sl8kpDvjXNtKggzQB9VnlnlQ9_fY3hmyor0ZEExyTajfua-4IlsFKG3crQkx3scCSp-W6rf7vfzX5vDhqbHFZbHbuXYpFj1bDmIs_w-xQDVr1KgblzMsW9gRBwM2MK8rt9QPziNHcaQfV2dQaGQth4VyUCcq0mJCS5QgnBKwdiGGVxfk7BhwHK2jrW3K4egjQNa9LSSNhCjhQZ69M16iVBffktnz5oT0L-nPKcQEIfiA-rjmwYy6BEodZi8S7S4l4YvLmvjjiDuJxKB7ZsQUSVrVizPljMk1RsbvgwW7rfOJLcI9ed-mHpsMxvepj2UxEZXU95Z_vX7i8xGSZxmlWrmSI0EEPA5TL7GQfxfIMtV4V_O8RjIIPQtDJMkENKFlNVkn8Wio7nosfYAk1gplxkPR2SCIElTCIRPweu_4y56Yq3wxbVnwCAX7yyjyTuBIRk30zNW84oMYYlJC67wntyBEqi3TY1vz6Wxraenn_dNwIku-RY_bvC9BJWZPgDNpZdTdqnDhiJLEyK9zhZcwvjHVom7VMS4CLJs6NdqVm9yeilk55H-EJn22-1n1u6pMjeyFBvtY0zFrf57sidTcItsEEJMhbM1UqdSK3RpFxv2HC0DYY9Ok7uAsDsIFWhKCZMue4QyUrd3Y4WvZHjjAPRXqEQoJfaVZ-Vt-331jVaJGkzIifMPuYFck-kYRqbQ193UYa9SY6E-7EreId3Cy7GYlP9-TFSUgoBPULNyDiEAmtQI1zaepwJKjqS9LJoFdOOjhXbqZy0-spItgLnBMtuxpxQH6phH34vdb2fCgjtTC8h1vp3_A0LvxxzuMdU3JYpc9ltqMXxG7XZ4h4UQrvIS2qm3XQwUB1uTO9SyhfNPf16h0-U8BQdOFG-YYbA-QN_AWN4UFS2FTFY-7yD1isp0G31LIFmORpLeHz0pcgEfO-MayacxsVGIOptn67EnMwe_GrdwKzV27DeoczTmCn_Fb7QVTDsLE881RFz7LrhMiTIUITdo4E0FkWUaZ1CoHrBpBhZmG30tLjbxYdB-lFq74rXfdC1eOBJ0vPcdAxomyA9EOXCNt70ttI16FR3lxjdYSGQv_iHtfkdauMMFYOJjH_W9ZagIWb2uxMhNG0A3MpT8R80HZBPpvH3HSb2uezWw8AqTlmkAlqF0g6nZqM181z46gNKZ7w3h8a29-yCi0yPz_m0POFIhnWjrEndjKew6aZoDEHwyUPsnO7y93QDc8kHhPzb84bkAhBC2SYe8wGvgMrhFIwSigfht_G3M8Nlt3vfAsQe98two0Tzu3K72KmoD8khdw6Xq6OalXobA1M9wfi51Wmjji8yr4TY-7pqDc51OmbxSQUrAO0-6Puja5DUFUIOQ3yZM0iWR1YJciqAoFp-XWN9CrH287vJZhW2s4Ges8S-Wuda9yu61u3b1pwR0fYsEOUzQuaY_t3qkZiaGhvZ0A2nEFdY2wkTmaonidqtsku8rhPKnqaLRC_ydnvyQOOxnrDwJRXxILuTVlaaQmYgTl0zesSRvpkH4InkIU0ikBDCeQVnLCJqNuYMc5u_DTIc-pb7E9H4zWxm3TAlMLzoC-v1u0sHzaqok3tvIXA9uy9i3qvPz1reALWg7w1yqQUhPd-6PGolbddFqWXEkb43JtRy3wnxJIZCGZoqwiUvPdHpzm0CyfzLx71cBcpyC3Lkg_pDUWKB2qJV2HjodUSvStv8.bv9p-aoAIt1mfIJsWZevSg
JWS Format
[JWS Header]
| JWS Header | Requirement | Description |
|---|---|---|
| alg | Mandatory | Cryptographic algorithm used to generate signature e.g., RS256 |
| cty | Mandatory | Payload content type Set as ‘CARD’ |
| ver | Mandatory | Token version. Set as 2. |
| partnerId | Mandatory | Partner identifier. |
| utc | Mandatory | Creation time. To prevent repeated use, the token expires after a certain period of time. Unix timestamp in milliseconds. *Time offset from UTC of +00:00 |
[JWS Payload]
| JWS Payload | Requirement | Description |
|---|---|---|
| JWE compact serialization | Mandatory | Contains BASE64URL (JWE) value. |
[JWS Signature]
| JWS Signature | Requirement | Description |
|---|---|---|
| JWS Signature | Mandatory | BASE64URL ( Signature of( BASE64URL(UTF8(JWS Header)) + '.' + BASE64URL(JWS Payload)) ) ) |
[JWS Example]
BASE64URL (UTF8 (JWS Header)) +'.' +
BASE64URL (JWS Payload) + '.' +
BASE64URL (JWS Signature)
JWS Header:
{"cty":"CARD","ver":2,"partnerId":"1234567890","utc":1631776245876,"alg":"RS256"}
JWS Payload
JWE Result
Result:
eyJjdHkiOiJQQVNTIiwidmVyIjoxLCJwYXJ0bmVySWQiOiIxMjM0NTY3ODkwIiwidXRjIjoxNjM1ODQ1ODU2MjQ0LCJhbGciOiJSUzI1NiIsImtpZCI6IlBUTi5QUklLRVkifQ.ZXlKcmFXUWlPaUpYVEZRdVVGVkNTMFZaSWl3aVpXNWpJam9pUVRFeU9FZERUU0lzSW1Gc1p5STZJbEpUUVRGZk5TSjkuQUJPX0NpODFCdEoyZDFhOFRDZ0tmV0J4OVdwUkk0VGtoSFp3bVM4c3djdF8ybk5aSEFzSV9uS0xtajN3bktNNWd3YW9VbnkxNFpYXzZFb1poSjZUZElpY1VRLXJhSVJzNndvRVN1OFhBMmRUMXNDNWwxN3d1OVdkc2dPSzRhbkowS0lVTklJNFBMZVIzZC00Zm9YMUh4MWZvazlzSXdXcXFGcWw0dm5xZzNoRS1pNEo2Y3lXT1lCcGh6TllCTUt5eU5rSXFGY3psNmxiVFRFaGM0VERBT3JQS1dyYTNWTUIwQkJ6NU55ekYxYXh6RmstMTd0WjBHZmhTODJBN0dMOVJFajFLNUIxMF8ycWZHbWhUdGZGVmN5WVRNS3YzSW5NYUhRMGI0OEwzU0sxb1BQbUZDdXFpZ1lNVkxVRGJnX1FXZG5CbDllSWxJbk9qanQ4QXIyTlVBLlp2aXlHSFVTaTVGYjJSbDIuZ201aXZpenJRUWRSOE5QSzFOMnFSRXlBSTRNRC1GSVNmV1RCQkJnRWJoTmhqTW51LWNfbzFZVVlSdmRoQ20wS2lfcnZjRE5aS0RMY1BfZzdzaFNrTVJvWWluM2JJOTJxZ3RrRmgyVjRZLWtDdUcyRHZHVjlVSVYzb3hhV3ZsSUtmY050bVppWmozVGhWX0ZVRTdKck5yYndmMlhNVkl3c1FvNWIwbG1vVXNLYkh1SGFzcUlsUkUwUnRDMWZnbjAzcUZFX0UtQjg3dmh0NUVuMlBuQllESnYtNl84ZzNhZXNTeW9kdkh5ellhWW9uTHhXX0tXcWlGLWk1QVV3RmlJZ0s1TGdWbVV6OURTbDYtUUtnWWl6NXBsOW55eWRKampwSWxpYnR1YUxZdnpCMUNILWdza3dFVWhpTWw2MlpSLUNoejJBZG84Vm4wU1JvQ2NKSGNhWDZQQlNQM3g2Rmh5WEhyNjVCSlpBbjRsTURmU3NLTjkyYmNGeWNMWDhKX3BnUkxNNFZVSV8tS3gxbFdwQXJrd1J0WXhtRWJLTUotMnc4TlVNUk5ucEd0MkVSTG9faFZ0WjhYaDFrb3B2cWpMZGpkR19RcWZVX09FV08zSHZ1TktHUWV1M1FoSTZFeVd2YXJiN09ac0lzei1GOTVPN0stS1F0SmhmQld6X1lyQTJOeEQyQmNnYzl1QTk2Nl85dVE0b01Cd0EtOEZjY0FXUHhZWVU0dlpCel95Y1YyNWo4R3JkcUhIVHc2bjlUS1p5NE51MDdqSVQ0Y0NvRlZ1NU5fR3N5bjFxb1dEMTEtX2xNazhhTUYtTDVkRGlwdnJ1bjdERWFsSkQ4TWU0TnNBQWtFU0xRZkt6X3NkZFN1MC0wNWljZkttMzNxVVFQNmZ6bjVPY1k2RG1uNWtaQlZRWFpIZ0hDR19BX0sxeFFRbFhfa3VQTDRKU0F4Q05DaVVZUFREcWJjMEh4WHdVaVlyTTN0Q0RlNnBpQ3ltR0NiUEtDMjA1Tml5bEQtNmVONDNkSTR5S0MwMjlZUXg4clNMRE9BQTZSV3ZwLVpFSGRLeHlOeUlsSkEtXzhGdzRpT3FwNnZLOThBalo1VC1halFESzFoNm5fb3B0LVpDSmtKWnotN3IyeDA3QlNhXzVuZzdpd2FtQlJTdjFkZUZ4aEl5Vi1Fc0NlMU1FaWYtbmFfNDExaEdwSkEtR3dDenBfd3NTV2xxcmEwUlBEcTIwOGxZNzBYUFB1NEhfM0VIXzZxOGN5NVloSG5TOTNWZlVPME5TUWZOaUtlUjI1endOSUQzOXpvaXlqX2RlOWdaamFXWGEzazBUUHJQbjVNZmRwWFZURDAtcm80b3FJMzRhYjYyLXJVQkNkWWRzbVRHZ0lIWlkzc0hMR3R5QWZyQnpITVBNREtBVU9KOUJVSVJhU3FwbnI0TmFIZnFfUzFtMVV5NXBFRVEzajBiT3ptY2M0VUFzTlFRbnJyZUxxbThiS0ZRSTQxR2dKUkptOVV2a0NSLVBNRk9uU0hlT3FqbWNlNlpLdWExcVRPRUZYWWNkRk9lakJqcURCY3lDTm9xR3VHb0RscW4yLTNNa0dHcnBWUVZZQW9sT015S0NfU2w4a3BEdmpYTnRLZ2d6UUI5Vm5sbmxROV9mWTNobXlvcjBaRUV4eVRhamZ1YS00SWxzRktHM2NyUWt4M3NjQ1NwLVc2cmY3dmZ6WDV2RGhxYkhGWmJIYnVYWXBGajFiRG1Jc193LXhRRFZyMUtnYmx6TXNXOWdSQndNMk1LOHJ0OVFQemlOSGNhUWZWMmRRYUdRdGg0VnlVQ2NxMG1KQ1M1UWduQkt3ZGlHR1Z4Zms3Qmh3SEsyanJXM0s0ZWdqUU5hOUxTU05oQ2poUVo2OU0xNmlWQmZma3RuejVvVDBMLW5QS2NRRUlmaUEtcmptd1l5NkJFb2RaaThTN1M0bDRZdkxtdmpqaUR1SnhLQjdac1FVU1ZyVml6UGxqTWsxUnNidmd3VzdyZk9KTGNJOWVkLW1IcHNNeHZlcGoyVXhFWlhVOTVaX3ZYN2k4eEdTWnhtbFdybVNJMEVFUEE1VEw3R1FmeGZJTXRWNFZfTzhSaklJUFF0REpNa0VOS0ZsTlZrbjhXaW83bm9zZllBazFncGx4a1BSMlNDSUVsVENJUlB3ZXVfNHk1NllxM3d4YlZud0NBWDd5eWp5VHVCSVJrMzB6Tlc4NG9NWVlsSkM2N3dudHlCRXFpM1RZMXZ6Nld4cmFlbm5fZE53SWt1LVJZX2J2QzlCSldaUGdETnBaZFRkcW5EaGlKTEV5Szl6aFpjd3ZqSFZvbTdWTVM0Q0xKczZOZHFWbTl5ZWlsazU1SC1FSm4yMi0xbjF1NnBNamV5RkJ2dFkwekZyZjU3c2lkVGNJdHNFRUpNaGJNMVVxZFNLM1JwRnh2MkhDMERZWTlPazd1QXNEc0lGV2hLQ1pNdWU0UXlVcmQzWTRXdlpIampBUFJYcUVRb0pmYVZaLVZ0LTMzMWpWYUpHa3pJaWZNUHVZRmNrLWtZUnFiUTE5M1VZYTlTWTZFLTdFcmVJZDNDeTdHWWxQOS1URlNVZ29CUFVMTnlEaUVBbXRRSTF6YWVwd0pLanFTOUxKb0ZkT09qaFhicVp5MC1zcEl0Z0xuQk10dXhweFFINnBoSDM0dmRiMmZDZ2p0VEM4aDF2cDNfQTBMdnh4enVNZFUzSllwYzlsdHFNWHhHN1haNGg0VVFydklTMnFtM1hRd1VCMXVUTzlTeWhmTlBmMTZoMC1VOEJRZE9GRy1ZWWJBLVFOX0FXTjRVRlMyRlRGWS03eUQxaXNwMEczMUxJRm1PUnBMZUh6MHBjZ0VmTy1NYXlhY3hzVkdJT3B0bjY3RW5Nd2VfR3Jkd0t6VjI3RGVvY3pUbUNuX0ZiN1FWVERzTEU4ODFSRno3THJoTWlUSVVJVGRvNEUwRmtXVWFaMUNvSHJCcEJoWm1HMzB0TGpieFlkQi1sRnE3NHJYZmRDMWVPQkowdlBjZEF4b215QTlFT1hDTnQ3MHR0STE2RlIzbHhqZFlTR1F2X2lIdGZrZGF1TU1GWU9KakhfVzlaYWdJV2IydXhNaE5HMEEzTXBUOFI4MEhaQlBwdkgzSFNiMnVleld3OEFxVGxta0FscUYwZzZuWnFNMTgxejQ2Z05LWjd3M2g4YTI5LXlDaTB5UHpfbTBQT0ZJaG5XanJFbmRqS2V3NmFab0RFSHd5VVBzbk83eTkzUURjOGtIaFB6Yjg0YmtBaEJDMlNZZTh3R3ZnTXJoRkl3U2lnZmh0X0czTThObHQzdmZBc1FlOTh0d28wVHp1M0s3Mkttb0Q4a2hkdzZYcTZPYWxYb2JBMU05d2ZpNTFXbWpqaTh5cjRUWS03cHFEYzUxT21ieFNRVXJBTzAtNlB1amE1RFVGVUlPUTN5Wk0waVdSMVlKY2lxQW9GcC1YV045Q3JIMjg3dkpaaFcyczRHZXM4Uy1XdWRhOXl1NjF1M2IxcHdSMGZZc0VPVXpRdWFZX3QzcWtaaWFHaHZaMEEybkVGZFkyd2tUbWFvbmlkcXRza3U4cmhQS25xYUxSQ195ZG52eVFPT3huckR3SlJYeElMdVRWbGFhUW1ZZ1RsMHplc1NSdnBrSDRJbmtJVTBpa0JEQ2VRVm5MQ0pxTnVZTWM1dV9EVEljLXBiN0U5SDR6V3htM1RBbE1Mem9DLXYxdTBzSHphcW9rM3R2SVhBOXV5OWkzcXZQejFyZUFMV2c3dzF5cVFVaFBkLTZQR29sYmRkRnFXWEVrYjQzSnRSeTN3bnhKSVpDR1pvcXdpVXZQZEhwem0wQ3lmekx4NzFjQmNweUMzTGtnX3BEVVdLQjJxSlYySGpvZFVTdlN0djguYnY5cC1hb0FJdDFtZklKc1daZXZTZw.BwqNQ5n8apKEs9fbB4htdQBtErdKlAZTmphx6r_h7k7og4lx3gMgdS3FEp6o4CS6jTTUTOSt6gDmuDWZOzZtpTWeTj64P4oF1WLzKF6tX8alrkaiQR2npTXh_ah87BkW69myzaKb4D9obNgp7qdk7IzgkpQ180olmBtPxIV-wkiN92F6n2fpOI5Bt1wS_hH8wxGlA6NKm0s-ROaYL7GtvgBS6gOHKhvGaXnhesQY7KZgQTE9OrCc_fliqyyRABHtpgyBwb7Wp0hPodZQ0dPaduMKkprs05VidFZJUfxduYc7ZbZE-g_tiXrJK3Linf4rNZXyI0gOhBW5GRPHu3wlTg
Authorization Token
Restful API needs to include an authentication token (JWT). Samsung and partners can use the token to authenticate API
calls.
JWT Details
[JWS Header]
| JWS Header | Requirement | Description |
|---|---|---|
| alg | Mandatory | Cryptographic algorithm used to sign the payload. e.g., RS256 |
| cty | Mandatory | Payload content type *such as 'AUTH' |
| ver | Mandatory | Token version. Set as 2. |
| partnerId | Mandatory | Partner ID. |
| utc | Mandatory | Creation time. To prevent repeated use, the token expires after a certain period of time. Unix timestamp in milliseconds. *Time offset from UTC of +00:00 |
[JWS Payload]
| JWE Payload | Requirement | Description |
|---|---|---|
| API | Mandatory | Current API information. |
| API.method | Mandatory | API method. |
| API.path | Mandatory | API path. |
| refId | Optional | A unique content identifier defined by the content provider |
[Authentication Token Example]
JWS Header:
{"cty":"AUTH","ver":1,"partnerId":"1234567890","utc":1631775948348,"alg":"RS256"}
JWS Payload:
*Samsung Server API > Update Notification
{
"API": {
"method": "POST",
"path": "/wltex/cards/12584806754/notification"
},
"refId": " ref-20230304-0003"
}
*Partner Server API > Get Card Data
{
"API": {
"method": "GET",
"path": "/cards/12584806754/ref-20230304-0003"
},
"refId": "ref-20230304-0003"
}
JWS Result:
eyJjdHkiOiJBVVRIIiwidmVyIjoxLCJwYXJ0bmVySWQiOiIxMjM0NTY3ODkwIiwidXRjIjoxNjMxNzc1OTQ4MzQ4LCJhbGciOiJSUzI1NiIsImtpZCI6IldMVC5QUklLRVkifQ.ewogICAgIkFQSSI6IHsKICAgICAgICAibWV0aG9kIjogIkdFVCIsCiAgICAgICAgInBhdGgiOiAiL2NhcmQvQ1MxNjEzODM1MzIxMjU4NDgwNjc1NCIKICAgIH0sCiAgICAicmVmSWQiOiAiQ1MxNjEzODM1MzIxMjU4NDgwNjc1NCIKfQo.AscAwII-aMbJKoly_AuZagxrwUUmKfUhBZnrLk0YkvByOg2dSLJs-_xyQ9toOh4cWSfpKeJ0VqkWBYROKABkhwMRdbKjrAjeAQ-87s-bQp1RCBeLNzMFq66gCmbg9xpD6dmwWlnRAzySZjrcyZklLu9si5qYKrkyUOz34MCWzwdNeOs3z3Gl1xft42M2-cDUxKQWi0WfrYAnxIEdWboIYu12SDnPsRBWlb7liW4oMM6fg01diRTbK6AYumbf7Zqjl_oygeLv9JFDYOzE0TQykLtTSHGdws7IMyamhA5nhaGPlhqIVzAQooSA14gBCm1U0zDqw4JQa4-1Vgjr_i5XEA
[Sample code implementation]
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.RSAKey;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
public class JwtManager {
public String generate(String partnerId, PublicKey samsungPubKey, PublicKey partnerPubkey, PrivateKey partnerPrivKey, String data) {
EncryptionMethod jweEnc = EncryptionMethod.A128GCM;
JWEAlgorithm jweAlg = JWEAlgorithm.RSA1_5;
JWEHeader jweHeader = new JWEHeader.Builder(jweAlg, jweEnc).build();
RSAEncrypter encrypter = new RSAEncrypter((RSAPublicKey) samsungPubKey);
JWEObject jwe = new JWEObject(jweHeader, new Payload(data));
try {
jwe.encrypt(encrypter);
} catch (JOSEException e) {
e.printStackTrace();
}
String payload = jwe.serialize();
JWSAlgorithm jwsAlg = JWSAlgorithm.RS256;
String cty = "CARD";
String ver = "1";
Long utc = System.currentTimeMillis();
JWSHeader jwsHeader = new JWSHeader.Builder(jwsAlg)
.contentType(cty)
.customParam("partnerId", partnerId)
.customParam("ver", ver)
.customParam("utc", utc)
.build();
JWSObject jwsObj = new JWSObject(jwsHeader, new Payload(payload));
RSAKey rsaJWK
= new RSAKey.Builder((RSAPublicKey)partnerPubkey)
.privateKey(partnerPrivKey)
.build();
JWSSigner signer = null;
try {
signer = new RSASSASigner(rsaJWK);
jwsObj.sign(signer);
} catch (JOSEException e) {
e.printStackTrace();
}
return jwsObj.serialize();
}
}
*Refer to Java and Android library 'Nimbus JOSE+JWT'