JSON Web Encryption (JWE) with XChaCha20 / Poly 1305 (XC20P) authenticated content encryption

XChaCha20 / Poly 1305 is a content encryption method that was recently specified for use in JSON Web Encryption (JWE) and given the JWE "enc" XC20P identifier.

Example JWE header for direct symmetric encryption with XC20P:

  "alg" : "dir",
  "enc" : "XC20P"

With 256 bit encryption it is intended to provide an alternative to the existing AES-based algorithms for JWE, A256CBC-HS512 and A256GCM. Because it allows for efficient implementation in software, applications on constrained devices that lack dedicated CPU instructions for AES may achieve performance and power saving advantages by switching to XC20P.

The new encryption method can be used with any of the supported JWE algorithms, such as RSA-OAEP-256, ECDH-ES+A128KW, ECDH-1PU or dir. Just create a new JWEEncrypter for the desired family of JWE algs and set the JWE enc header parameter to XC20P.

Example encryption with RSA-OAEP-256 and XC20P:

import com.nimbusds.jose.*;
import com.nimbusds.jose.crypto.*;

// Compose the JWE secured object to encrypt
JWEObject jweObject = new JWEObject(
    new JWEHeader(
    new Payload("Hello, world!")

// Create a JWE encrypter for some public RSA key as
// java.security.interfaces.RSAPublicKey or
// com.nimbusds.jose.jwk.RSAKey
JWEEncrypter encrypter = new RSAEncrypter(publicKey);

// Perform the encryption

// Serialise the JWE to compact form
String jweString = jweObject.serialize();

Note, in order to use XC20P content encryption your application must import the optional Google Tink dependency:

    <version>[ version ]</version>

Support for XC20P was introduced in Nimbus JOSE+JWT version 9.13.