diff --git a/__crypto/jose-test/Cargo.lock b/__crypto/jose-test/Cargo.lock
index 7a3332f..01fdccc 100644
--- a/__crypto/jose-test/Cargo.lock
+++ b/__crypto/jose-test/Cargo.lock
@@ -462,12 +462,6 @@ dependencies = [
  "serde",
 ]
 
-[[package]]
-name = "jose-jwe"
-version = "0.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da37393583c7f15d664109cbfb1c451601766e95850d3b3963292a6763fcb9e8"
-
 [[package]]
 name = "jose-jwk"
 version = "0.1.2"
@@ -491,7 +485,6 @@ dependencies = [
  "aes-kw",
  "base64",
  "biscuit",
- "jose-jwe",
  "jose-jwk",
  "josekit",
  "rand",
@@ -499,6 +492,7 @@ dependencies = [
  "rust_util",
  "serde",
  "serde_json",
+ "sha1",
  "sha2",
 ]
 
@@ -978,6 +972,17 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "sha1"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
 [[package]]
 name = "sha2"
 version = "0.10.8"
diff --git a/__crypto/jose-test/Cargo.toml b/__crypto/jose-test/Cargo.toml
index fcd376b..2ff44d1 100644
--- a/__crypto/jose-test/Cargo.toml
+++ b/__crypto/jose-test/Cargo.toml
@@ -8,7 +8,7 @@ aes-gcm-stream = "0.2.3"
 aes-kw = { version = "0.2.1", features = ["alloc"] }
 base64 = "0.22.1"
 biscuit = "0.7.0"
-jose-jwe = "0.0.0"
+#jose-jwe = "0.0.0"
 jose-jwk = { version = "0.1.2", features = ["rsa"] }
 josekit = "0.10.0"
 rand = { version = "0.8.5", features = [] }
@@ -16,4 +16,5 @@ rsa = "0.9.6"
 rust_util = "0.6.47"
 serde = "1.0.214"
 serde_json = "1.0.132"
+sha1 = "0.10.6"
 sha2 = "0.10.8"
diff --git a/__crypto/jose-test/src/jose.rs b/__crypto/jose-test/src/jose.rs
index 410abf4..6c7795e 100644
--- a/__crypto/jose-test/src/jose.rs
+++ b/__crypto/jose-test/src/jose.rs
@@ -10,14 +10,14 @@ use josekit::jwk::alg::rsa::RsaKeyPair;
 use josekit::jwk::Jwk;
 use rand::random;
 use rand::rngs::OsRng;
-use rsa::RsaPrivateKey;
+use rsa::{Oaep, RsaPrivateKey};
 use rust_util::XResult;
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
+use sha1::Sha1;
 
 const LOCAL_KMS_PREFIX: &str = "LKMS:";
 
-
 // JWE format:
 // BASE64URL(UTF8(JWE Protected Header)) || '.' ||
 // BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector)
@@ -69,6 +69,33 @@ pub fn serialize_jwe_rsa(payload: &[u8], jwk: &Jwk) -> XResult<String> {
     Ok(format!("{}{}", LOCAL_KMS_PREFIX, jwe::serialize_compact(payload, &header, &encrypter)?))
 }
 
+pub fn deserialize_jwe_rsa_2(jwe: &str, rsa: &RsaPrivateKey) -> XResult<(Vec<u8>, JweHeader2)> {
+    let jwe_parts = jwe.split(".").collect::<Vec<&str>>();
+    if jwe_parts.len() != 5 {
+        panic!("Invalid jwe");
+    }
+    let header_bytes = URL_SAFE_NO_PAD.decode(jwe_parts[0].as_bytes()).unwrap();
+    let header: JweHeader2 = serde_json::from_slice(&header_bytes).unwrap();
+    println!("{:?}", jwe_parts);
+    println!("{:?}", header);
+    let key_wrap = URL_SAFE_NO_PAD.decode(jwe_parts[1].as_bytes()).unwrap();
+    let nonce = URL_SAFE_NO_PAD.decode(jwe_parts[2].as_bytes()).unwrap();
+    let ciphertext = URL_SAFE_NO_PAD.decode(jwe_parts[3].as_bytes()).unwrap();
+    let tag = URL_SAFE_NO_PAD.decode(jwe_parts[4].as_bytes()).unwrap();
+
+    let data_key = rsa.decrypt(Oaep::new::<Sha1>(), &key_wrap).unwrap();
+    let data_key_b32 = bytes_to_32(&data_key);
+
+    let mut decryptor = Aes256GcmStreamDecryptor::new(data_key_b32, &nonce);
+    decryptor.init_adata(jwe_parts[0].as_bytes());
+    let mut p1 = decryptor.update(&ciphertext);
+    let p2 = decryptor.update(&tag);
+    let pf = decryptor.finalize().unwrap();
+    p1.extend_from_slice(&p2);
+    p1.extend_from_slice(&pf);
+    Ok((p1, header))
+}
+
 pub fn deserialize_jwe_rsa(jwe: &str, jwk: &Jwk) -> XResult<(Vec<u8>, JweHeader)> {
     let decrypter = RsaesJweAlgorithm::RsaOaep.decrypter_from_jwk(jwk)?;
     Ok(jwe::deserialize_compact(&get_jwe(jwe), &decrypter)?)
diff --git a/__crypto/jose-test/src/main.rs b/__crypto/jose-test/src/main.rs
index 276af0d..cb7840b 100644
--- a/__crypto/jose-test/src/main.rs
+++ b/__crypto/jose-test/src/main.rs
@@ -1,6 +1,6 @@
 mod jose;
 
-use crate::jose::{deserialize_jwe_aes, deserialize_jwe_aes_2, serialize_jwe_aes_2};
+use crate::jose::{deserialize_jwe_aes, deserialize_jwe_aes_2, deserialize_jwe_rsa_2, serialize_jwe_aes_2, serialize_jwe_rsa};
 use base64::engine::general_purpose::STANDARD;
 use base64::Engine;
 use jose_jwk::{Jwk, Key, Rsa};
@@ -36,10 +36,17 @@ fn main() {
         key: Key::Rsa(public_rsa),
         prm: Default::default(),
     };
-    println!("{}", serde_json::to_string(&jwk).unwrap());
-
+    let jwk_str = serde_json::to_string(&jwk).unwrap();
+    println!("{}", &jwk_str);
+    // let rsa: Rsa = serde_json::from_str(&jwk_str).unwrap();
+    let josekitjwk = josekit::jwk::Jwk::from_bytes(jwk_str.as_bytes()).unwrap();
+    let rsa_jwe = serialize_jwe_rsa(b"hello world 001", &josekitjwk).unwrap();
     // let rsa_key_2: RsaPrivateKey = rsa.try_into().unwrap();
-    // println!("{:?}", rsa_key_2);
+    println!(">>> {}", rsa_jwe);
+    let rsa_jwe = rsa_jwe.chars().skip(5).collect::<String>();
+    let (dd, hh) = deserialize_jwe_rsa_2(&rsa_jwe, &rsa_key).unwrap();
+    println!("DD: {}", String::from_utf8_lossy(&dd));
+    println!("HH: {:?}", hh);
 
     main2();
 }