The nrich API provides the ability to encrypt sensitive information like credentials and authentication challenge responses with JSON Web Encryption. This is an additional security mechanism to the usual transport layer encryption of the data.

A common use-case is when a client application communicates through an intermediate server with the nrich API. To avoid privacy and security issues, the sensitive data can be encrypted with JWE on the client application side to conceal them from the intermediate server.

Please note that the plaintext to be encrypted has to be a valid JSON value. This means especially that string literals have to be surrounded by double quotes (e.g. "123456").

Public key

The public key that can be used for encryption on the nrich API's shared environments is shown below in PEM format.

Supported algorithms

Key encryption	Content encryption
`RSA-OAEP`	`A128CBC-HS256`
	`A256CBC-HS512`