How does JWE secure the Content Encryption Key
I apologise in advance if this is a dumb question. But this seems like one of those straight forward things that are so straight forward that its not even mentioned and I am not getting it.
Perhaps I am too used to the simplistic client / server model where the client is like a web browser or a native mobile client which can't be trusted.
As far as i know with JWE's there is a symmetric content encryption key that encrypts the payload. The same key will be used to decrypt the payload. This key is securely transferred through asymmetric key encryption. For this I assume the public key is used to encrypt the secret key ? I assume this because from what i know in public key encryption, the public key is used to encrypt and the private key to decrypt (opposite of digital signatures)
But this is what I see from the JWT handbook:
So if the above statements and assumptions are correct, I can't make sense of:
- Is it possible for the private key to both encrypt and decrypt ?
If yes, it would answer the rest of my questions because if a private key can both encrypt and decrypt then it makes sense a server can encrypt it and sent it out in the public. But if only one key can be used for encryption and the other for decryption then I struggle to understand how the CEK can ever be secure?
- Who generates the symmetric CEK ? Surely it can't be a public client, If it is a server with a private key, how is this encrypted and sent for the first time ?
- How can the symmetric CEK ever be secure when the public key is encrypting it ?
- Even if a secure server nests the JWE inside a JWS and the public key verifies that the token comes from a verified source, can't anyone just use the secret key and encrypt anything ?