kjwt-cryptography-kotlin-processor-ext/co.touchlab.kjwt.cryptography.ext/encryptWith

encryptWith

suspend fun JwtBuilder.encryptWith(key: ByteArray, keyAlgorithm: EncryptionAlgorithm.Dir, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = null): JwtInstance.Jwe(source)

Encrypts the JWT using a direct (dir) symmetric key supplied as raw bytes.

Return

the resulting JwtInstance.Jwe compact serialization

Parameters

key

the raw symmetric content encryption key bytes

keyAlgorithm

the direct key encryption algorithm (EncryptionAlgorithm.Dir)

contentAlgorithm

the content encryption algorithm to apply to the JWT payload

keyId

optional key ID to embed in the token header's kid field. Defaults to null.

suspend fun JwtBuilder.encryptWith(key: RSA.OAEP.PublicKey, keyAlgorithm: EncryptionAlgorithm.OAEPBased, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = null): JwtInstance.Jwe(source)

Encrypts the JWT using an RSA-OAEP (RSA-OAEP / RSA-OAEP-256) public key.

Return

the resulting JwtInstance.Jwe compact serialization

Parameters

key

the RSA OAEP public key used to wrap the content encryption key

keyAlgorithm

the OAEP-based key encryption algorithm (RSA-OAEP or RSA-OAEP-256)

contentAlgorithm

the content encryption algorithm to apply to the JWT payload

keyId

optional key ID to embed in the token header's kid field. Defaults to null.

suspend fun JwtBuilder.encryptWith(key: EncryptionKey.EncryptionOnlyKey, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = key.identifier.keyId): JwtInstance.Jwe(source)

Builds and returns a JWE compact serialization using a pre-built EncryptionKey.EncryptionOnlyKey.

Return

the resulting JwtInstance.Jwe compact serialization

Parameters

key

the encryption key used to wrap the content encryption key

contentAlgorithm

the content encryption algorithm used to encrypt the payload

keyId

optional key ID to embed in the JWE header's kid field. Defaults to the key ID stored in key's identifier.

suspend fun JwtBuilder.encryptWith(key: EncryptionKey.EncryptionKeyPair, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = key.identifier.keyId): JwtInstance.Jwe(source)

Builds and returns a JWE compact serialization using a pre-built EncryptionKey.EncryptionKeyPair.

Return

the resulting JwtInstance.Jwe compact serialization

Parameters

key

the encryption key used to wrap the content encryption key

contentAlgorithm

the content encryption algorithm used to encrypt the payload

keyId

optional key ID to embed in the JWE header's kid field. Defaults to the key ID stored in key's identifier.

suspend fun JwtBuilder.encryptWith(jwk: Jwk.Rsa, keyAlgorithm: EncryptionAlgorithm.OAEPBased, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = jwk.kid, cryptoProvider: CryptographyProvider = CryptographyProvider.Default): JwtInstance.Jwe(source)

Encrypts the JWT using an RSA OAEP public key derived from the given Jwk.Rsa JWK.

Return

the encrypted JwtInstance.Jwe token

Parameters

jwk

the RSA JWK containing the public key parameters n and e

keyAlgorithm

the OAEP-based key encryption algorithm (RSA-OAEP or RSA-OAEP-256)

contentAlgorithm

the content encryption algorithm to use for the JWE payload

keyId

optional key ID override; when set, it is embedded in the token header's kid field. Defaults to the JWK's own kid field.

cryptoProvider

the CryptographyProvider used to decode the key; defaults to CryptographyProvider.Default

suspend fun JwtBuilder.encryptWith(key: String, keyAlgorithm: EncryptionAlgorithm.Dir, contentAlgorithm: EncryptionContentAlgorithm, keyId: String? = null): JwtInstance.Jwe(source)

Encrypts the JWT using the direct key algorithm (dir) with a key supplied as a UTF-8 String.

The string is converted to bytes using UTF-8 encoding before being used as the symmetric key.

Return

the encrypted JwtInstance.Jwe token.

Parameters

key

the symmetric key as a UTF-8 string.

keyAlgorithm

the direct key encryption algorithm (EncryptionAlgorithm.Dir).

contentAlgorithm

the content encryption algorithm to apply to the JWT payload.

keyId

optional key ID to embed in the token header's kid field. Defaults to null.

Generated by Dokka
© 2026 Touchlab