Developer Guidance: Use Standard JOSE Implementations (Recommended)

This subsection provides implementation guidance to reduce cryptographic serialization errors.

Implementations SHOULD use a standards-compliant JOSE/JWT implementation (RFC 7515 JWS, RFC 7516 JWE) to generate and validate Compact Serialization tokens.

While this document describes the JWE compact serialization components (e.g., encrypted_key, iv, ciphertext, tag), implementations SHOULD NOT manually construct or parse these components unless there is a strong, validated reason to do so. A JOSE library can correctly produce and validate JWE/JWS tokens when provided with:

the protected header (e.g., alg, enc, cty, ver, identifiers)
the plaintext payload (Card object / authentication object)
the recipient public key (for JWE key management) and the signing private key (for JWS signing)

Note:The normative requirements of this specification are the token formats, algorithms, and validation rules. This guidance is informational and intended to reduce implementation errors.

Essential Cookies

These cookies are essential as they enable you to move around the website. This category cannot be disabled.

Analytical/Performance Cookies

These cookies collect information about how you use our website. for example which pages you visit most often. All information these cookies collect is used to improve how the website works.

Functionality Cookies

These cookies allow our website to remember choices you make (such as your user name, language or the region your are in) and tailor the website to provide enhanced features and content for you.

Developer Guidance: Use Standard JOSE Implementations (Recommended)

Manage Your Cookies

Essential Cookies

Analytical/Performance Cookies

Functionality Cookies

Preferences Submitted