9. Distinguishing between JWS and JWE Objects

There are several ways to distinguish whether an object is a JWS or JWE. All of these methods will yield the same result for all legal input values; for malformed inputs, they may yield different results.

• Compact Serialization - Number of Segments: If the object is using the JWS Compact Serialization or the JWE Compact Serialization, the number of base64url-encoded segments separated by period ('.') characters differs between the two. JWSs have three segments, separated by two period ('.') characters. JWEs have five segments, separated by four period ('.') characters.

• JSON Serialization - Members: If the object is using the JWS JSON Serialization or the JWE JSON Serialization, the members used will be different. JWSs have a "payload" member, whereas JWEs do not. JWEs have a "ciphertext" member, whereas JWSs do not.

• alg Parameter Value: The JOSE Header for a JWS can be distinguished from the JOSE Header for a JWE by examining the "alg" (algorithm) Header Parameter value. If the value represents a digital signature or MAC algorithm, or is the value "none", it is for a JWS; if it represents a Key Encryption, Key Wrapping, Direct Key Agreement, Key Agreement with Key Wrapping, or Direct Encryption algorithm, it is for a JWE. (Extracting the "alg" value for examination is straightforward when using the JWS Compact Serialization or the JWE Compact Serialization and may be more difficult when using the JWS JSON Serialization or the JWE JSON Serialization.)

• enc Member Presence: The JOSE Header for a JWS can also be distinguished from the JOSE Header for a JWE by determining whether an "enc" (encryption algorithm) member exists. If the "enc" member exists, it is a JWE; otherwise, it is a JWS.