Public Key Authenticated Encryption for JOSE: ECDH-1PU

Document Type Expired Internet-Draft (individual)
Author Neil Madden 
Last updated 2020-08-14 (latest revision 2020-02-11)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes the ECDH-1PU public key authenticated encryption algorithm for JWE. The algorithm is similar to the existing ECDH-ES encryption algorithm, but adds an additional ECDH key agreement between static keys of the sender and recipient. This additional step allows the recipient to be assured of sender authenticity without requiring a nested signed-then-encrypted message structure.


Neil Madden (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)