# AuthcryptJWE Encrypts a message using [ECDH-1PU](https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-03) to an array of recipients. Authenticated encryption provides only authenticity and not the stronger security properties of non-repudiation or third-party verifiability. This can be an advantage in applications where privacy, anonymity, or plausible deniability are goals. For content encryption of the message, the following algorithm MUST be used: |Algorithm(JWA) |Description | |---------------|-----------------------------------------------------| |XC20P |XChaCha20Poly1305 | **Method:** did_authcryptJWE **Params:** - `payload` - the payload to encrypt, json object or base64url encoded string. - `did` - the DID or DID URI that should authenticate the message. If a DID is used, it MUST contain a `keyAgreement` section in the DID Document that contains a X25519 key. If multiple keys are specified, the first key will be used to authenticate the message. If a DID URI is used the DID URI MUST point to a key that is directly or indirectly referenced in the `keyAgreement` section of the DID Document. - `recipients` - A json array of type string. Every entry refers to a public key of one recipient of the JWE. Each public key MUST be encoded as base58 multibase. **Returns:** - A JWE with JSON general serialization, string. The `kid` MUST be the DID URI that is expected to decrypt the message.