Support for JWE Algorithims in LocalJWKSet?

[jdjkelly]

Since this library is so well maintained and written, I assume that I must be attempting to do something non-standard.

That said, I am curious why LocalJWKSet could not support getKey(protectedHeader: JWSHeaderParameters | JWEHeaderParameters, token: FlattenedJWSInput | FlattenedJWE) or something similar, that allowed for the support of matching a JWE against a JWKS.

The use case here is storing a set of EC private keys (using ECDH and specifically ECDH-ES+A256KW) in a JWKS, and then using function compactDecrypt(jwe: string | Uint8Array, getKey: CompactDecryptGetKey, options?: DecryptOptions): Promise<CompactDecryptResult & ResolvedKey>; to automatically decrypt a JWE with the correct key.

Would the extension of the type signature + a case for EC returning EC below, not work? Or are there other considerations at play?

jose/src/jwks/local.ts

Lines 18 to 30 in 8b99555

	function getKtyFromAlg(alg: unknown) {
	switch (typeof alg === 'string' && alg.slice(0, 2)) {
	case 'RS':
	case 'PS':
	return 'RSA'
	case 'ES':
	return 'EC'
	case 'Ed':
	return 'OKP'
	default:
	throw new JOSENotSupported('Unsupported "alg" value for a JSON Web Key Set')
	}
	}

[panva]

The existing bundled implementations of the getKey function are intended only for JWS verification because that's the most common and sought after scenario.

It is unlikely that a getKey implementation that's meant to be for JWS can also do JWE without dropping some if its intended validations.

But it just that, an implementation, so you're free to do one of your own and e.g. release it as a standalone module if you want.