Encryption JWK invalid
ERR-P01-IDT-2006 - Encryption JWK invalid
Section titled “ERR-P01-IDT-2006 - Encryption JWK invalid”Summary
Section titled “Summary”The supplied X25519 encryption public key (encryption_key_jwk) is
malformed or missing.
When this is raised
Section titled “When this is raised”- On
POST /v1/agent/register(client-supplied-key path), theencryption_key_jwkfails X25519 JWK validation:- not an object,
ktynot"OKP",crvnot"X25519",xmissing / not a base64url string,xdoes not decode to exactly 32 bytes.
- Also raised when
public_key_jwkis supplied without a pairedencryption_key_jwk- the enc key is required alongside the sig key.
What to do
Section titled “What to do”- Send a well-formed X25519 public JWK:
{ "kty": "OKP", "crv": "X25519", "x": "<32-byte base64url>" }, alongside the signing JWK and the binding JWS. - Or pass
generate_keypair: trueto have the server mint both keypairs and surface the private JWKs once.
Server-side cause
Section titled “Server-side cause”- Raised by:
packages/identity/src/service/register.ts-validateX25519Jwk(and the “encryption_key_jwk is required” guard inregister). - Guard: the
kty/crv/x/length assertions, each throwingRegisterError('enc_jwk_invalid', …); mapped toIDENTITY_ERR.enc_jwk_invalid(422) inpackages/identity/src/router/register.ts.
Example response
Section titled “Example response”{ "type": "https://citizenry.id/errors/ERR-P01-IDT-2006", "title": "Unprocessable", "status": 422, "code": "ERR-P01-IDT-2006", "message": "crv must be \"X25519\"", "method": "POST", "instance": "/v1/agent/register", "request_url": "https://api.citizenry.id/v1/agent/register", "timestamp": "2026-05-17T07:00:00.000Z"}Related codes
Section titled “Related codes”ERR-P01-IDT-2001- signing JWK invalid.ERR-P01-IDT-2005- key binding invalid.
Changelog
Section titled “Changelog”- 0.1.0 - introduced.