kjwt-cryptography-kotlin-processor-ext/co.touchlab.kjwt.cryptography.ext/encryptWith

encryptWith

suspend fun JwtBuilder.encryptWith(key: SimpleKey, keyAlgorithm: EncryptionAlgorithm.Dir, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = null): JwtInstance.Jwe(source)

Encrypts the JWT using a direct (dir) SimpleKey symmetric key.

Return

the resulting JwtInstance.Jwe compact serialization

Parameters

key

the SimpleKey wrapping the raw symmetric content encryption key

keyAlgorithm

the direct key encryption algorithm (EncryptionAlgorithm.Dir)

contentAlgorithm

the content encryption algorithm to apply to the JWT payload

keyId

optional key ID to embed in the token header's kid field. Defaults to null.

suspend fun JwtBuilder.encryptWith(key: RSA.OAEP.PublicKey, keyAlgorithm: EncryptionAlgorithm.OAEPBased, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = null): JwtInstance.Jwe(source)

Encrypts the JWT using an RSA-OAEP (RSA-OAEP / RSA-OAEP-256) public key.

Return

the resulting JwtInstance.Jwe compact serialization

Parameters

key

the RSA OAEP public key used to wrap the content encryption key

keyAlgorithm

the OAEP-based key encryption algorithm (RSA-OAEP or RSA-OAEP-256)

contentAlgorithm

the content encryption algorithm to apply to the JWT payload

keyId

optional key ID to embed in the token header's kid field. Defaults to null.

suspend fun JwtBuilder.encryptWith(key: Key, keyAlgorithm: EncryptionAlgorithm, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = null): JwtInstance.Jwe(source)

Encrypts the JWT using any EncryptionAlgorithm and raw Key.

Prefer the strongly typed overloads (e.g. encryptWith accepting RSA.OAEP.PublicKey or SimpleKey) when possible, as they enforce the correct key type at compile time.

Return

the resulting JwtInstance.Jwe compact serialization

Parameters

key

the raw cryptography-kotlin key to use for key encryption; must be compatible with keyAlgorithm

keyAlgorithm

the JWE key-encryption algorithm to use

contentAlgorithm

the content encryption algorithm to apply to the JWT payload

keyId

optional key ID to embed in the token header's kid field. Defaults to null.

suspend fun JwtBuilder.encryptWith(key: EncryptionKey.EncryptionOnlyKey, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = key.identifier.keyId): JwtInstance.Jwe(source)

Builds and returns a JWE compact serialization using a pre-built EncryptionKey.EncryptionOnlyKey.

Return

the resulting JwtInstance.Jwe compact serialization

Parameters

key

the encryption key used to wrap the content encryption key

contentAlgorithm

the content encryption algorithm used to encrypt the payload

keyId

optional key ID to embed in the JWE header's kid field. Defaults to the key ID stored in key's identifier.

suspend fun JwtBuilder.encryptWith(key: EncryptionKey.EncryptionKeyPair, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = key.identifier.keyId): JwtInstance.Jwe(source)

Builds and returns a JWE compact serialization using a pre-built EncryptionKey.EncryptionKeyPair.

Return

the resulting JwtInstance.Jwe compact serialization

Parameters

key

the encryption key used to wrap the content encryption key

contentAlgorithm

the content encryption algorithm used to encrypt the payload

keyId

optional key ID to embed in the JWE header's kid field. Defaults to the key ID stored in key's identifier.

suspend fun JwtBuilder.encryptWith(jwk: Jwk.Rsa, keyAlgorithm: EncryptionAlgorithm.OAEPBased, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = jwk.kid, cryptoProvider: CryptographyProvider = CryptographyProvider.Default): JwtInstance.Jwe(source)

Encrypts the JWT using an RSA OAEP public key derived from the given Jwk.Rsa JWK.

Return

the encrypted JwtInstance.Jwe token

Parameters

jwk

the RSA JWK containing the public key parameters n and e

keyAlgorithm

the OAEP-based key encryption algorithm (RSA-OAEP or RSA-OAEP-256)

contentAlgorithm

the content encryption algorithm to use for the JWE payload

keyId

optional key ID override; when set, it is embedded in the token header's kid field. Defaults to the JWK's own kid field.

cryptoProvider

the CryptographyProvider used to decode the key; defaults to CryptographyProvider.Default

suspend fun JwtBuilder.encryptWith(key: ByteArray, keyAlgorithm: EncryptionAlgorithm.Dir, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = null): JwtInstance.Jwe(source)

Encrypts the JWT using the direct key algorithm (dir) with a raw key supplied as a ByteArray.

Return

the encrypted JwtInstance.Jwe token.

Parameters

key

the raw symmetric key bytes used for direct encryption.

keyAlgorithm

the direct key encryption algorithm (EncryptionAlgorithm.Dir).

contentAlgorithm

the content encryption algorithm to apply to the JWT payload.

keyId

optional key ID to embed in the token header's kid field. Defaults to null.

suspend fun JwtBuilder.encryptWith(key: String, keyAlgorithm: EncryptionAlgorithm.Dir, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = null): JwtInstance.Jwe(source)

Encrypts the JWT using the direct key algorithm (dir) with a key supplied as a UTF-8 String.

The string is converted to bytes using UTF-8 encoding before being used as the symmetric key.

Return

the encrypted JwtInstance.Jwe token.

Parameters

key

the symmetric key as a UTF-8 string.

keyAlgorithm

the direct key encryption algorithm (EncryptionAlgorithm.Dir).

contentAlgorithm

the content encryption algorithm to apply to the JWT payload.

keyId

optional key ID to embed in the token header's kid field. Defaults to null.

Generated by Dokka
© 2026 Touchlab