diff --git a/api/src/main/java/fitconnect/api/crypto/JWECryptoService.java b/api/src/main/java/fitconnect/api/crypto/JWECryptoService.java
new file mode 100644
index 0000000000000000000000000000000000000000..c23d3aebdf36dd978f4e7649ec5172575a19fbef
--- /dev/null
+++ b/api/src/main/java/fitconnect/api/crypto/JWECryptoService.java
@@ -0,0 +1,53 @@
+package fitconnect.api.crypto;
+
+import com.nimbusds.jose.jwk.RSAKey;
+import fitconnect.api.problems.DecryptionProblem;
+import fitconnect.api.problems.EncryptionProblem;
+
+/**
+ * A service that allows to encrypt and decrypt data and attachments of a submission
+ * via <a href="https://datatracker.ietf.org/doc/html/rfc7516">JSON-Web-Encryption</a>
+ */
+public interface JWECryptoService {
+
+    /**
+     * JWE encrypts a given string payload with the public key
+     *
+     * @param publicKey RSA public key the payload is encrypted with
+     * @param data json or xml data that should be encrypted
+     * @return a string serialization of the encrypted JWE object
+     * @throws EncryptionProblem if the payload cannot be encrypted or there was an issue with the key
+     */
+    String encryptString(final RSAKey publicKey, final String data) throws EncryptionProblem;
+
+    /**
+     * JWE encrypts a given byte[] payload with the public key
+     *
+     * @param publicKey RSA public key the payload is encrypted with
+     * @param bytes byte[] of the data that should be encrypted
+     * @return a string serialization of the encrypted JWE object
+     * @throws EncryptionProblem if the payload cannot be encrypted or there was an issue with the key
+     */
+    String encryptBytes(RSAKey publicKey, byte[] bytes) throws EncryptionProblem;
+
+    /**
+     * Decrypts a JWE encrypted string with the given private key
+     *
+     * @param privateKey RSA private key the encrypted JWE string is decrypted with
+     * @param encryptedData serialized encrypted JWE string that is decrypted
+     * @return a string serialization of the decrypted payload
+     * @throws DecryptionProblem if the payload cannot be decrypted or there was an issue with the key
+     */
+    String decryptString(final RSAKey privateKey, final String encryptedData) throws DecryptionProblem;
+
+    /**
+     * Decrypts a JWE encrypted byte[] with the given private key
+     *
+     * @param privateKey RSA private key the encrypted JWE string is decrypted with
+     * @param encryptedData serialized encrypted JWE string that is decrypted
+     * @return a byte[] of the decrypted string payload
+     * @throws DecryptionProblem if the payload cannot be decrypted or there was an issue with the key
+     */
+    byte[] decryptBytes(RSAKey privateKey, String encryptedData) throws DecryptionProblem;
+
+}