diff --git a/packages/file-handling/package.json b/packages/file-handling/package.json
index b9076885c02c540d8400223530ca93ee35e2e584..fd748e43a1132db6ceafa6ff3d43e6d804d4499b 100644
--- a/packages/file-handling/package.json
+++ b/packages/file-handling/package.json
@@ -37,7 +37,7 @@
     "@open-wc/scoped-elements": "^1.3.3",
     "file-saver": "^2.0.2",
     "i18next": "^20.0.0",
-    "jose": "^3.16.1",
+    "jose": "^4.0.0",
     "jszip": "^3.5.0",
     "lit-element": "^2.1.0",
     "lit-html": "^1.3.0",
diff --git a/packages/file-handling/rollup.config.js b/packages/file-handling/rollup.config.js
index c26f3f26b23d2f2fbc032c91283b035757d4714e..08d780b0e123fe91d18fc9c42a91b79351455b9b 100644
--- a/packages/file-handling/rollup.config.js
+++ b/packages/file-handling/rollup.config.js
@@ -7,6 +7,7 @@ import json from '@rollup/plugin-json';
 import serve from 'rollup-plugin-serve';
 import del from 'rollup-plugin-delete';
 import {getPackagePath, getDistPath} from '../../rollup.utils.js';
+import path from "path";
 
 const pkg = require('./package.json');
 const build = (typeof process.env.BUILD !== 'undefined') ? process.env.BUILD : 'local';
@@ -29,7 +30,7 @@ export default (async () => {
             del({
                 targets: 'dist/*'
             }),
-            resolve(),
+            resolve({browser: true}),
             commonjs(),
             json(),
             (build !== 'local' && build !== 'test') ? terser() : false,
diff --git a/packages/file-handling/src/crypto.js b/packages/file-handling/src/crypto.js
index 195a685d3f6f3e26760a8401e87ead033816263d..0412990e551e0e25a8bc0ed78520ad116d9c6ea3 100644
--- a/packages/file-handling/src/crypto.js
+++ b/packages/file-handling/src/crypto.js
@@ -1,21 +1,8 @@
-import { CompactEncrypt } from 'jose/jwe/compact/encrypt';
-import { compactDecrypt } from 'jose/jwe/compact/decrypt';
-import { parseJwk } from 'jose/jwk/parse';
-import {encode} from 'jose/util/base64url';
+import { CompactEncrypt, compactDecrypt, importJWK, base64url } from 'jose';
 
 /**
- * This "encrypts" the additional information string using the current oauth2
- * token, using A256GCM and PBES2-HS256+A128KW.
- *
- * Since we can't do any server side validation the user needs to confirm in the
- * UI that he/she won't abuse the system.
- *
- * By using the token we make replaying an older requests harder and by using
- * JOSE which needs crypto APIs, abusing the system can't reasonably be done by
- * accident but only deliberately.
- *
- * This doesn't make things more secure, it just makes the intent of the user
- * more clear in case the API isn't used through our UI flow.
+ * This encrypts the payload using the token,
+ * using A256GCM and PBES2-HS256+A128KW.
  *
  * @param {string} token
  * @param {string} payload
@@ -23,40 +10,36 @@ import {encode} from 'jose/util/base64url';
  */
 export async function encrypt(token, payload) {
     const encoder = new TextEncoder();
-    const key = await parseJwk({kty: 'oct', k: encode(token)}, 'PBES2-HS256+A128KW');
+    const key = await importJWK({kty: 'oct', k: base64url.encode(token)}, 'PBES2-HS256+A128KW');
     const jwe = await new CompactEncrypt(encoder.encode(payload))
         .setProtectedHeader({alg: 'PBES2-HS256+A128KW', enc: 'A256GCM'})
         .encrypt(key);
     return jwe;
 }
 
-
 /**
- * This "encrypts" the additional information string using the current oauth2
- * token, using A256GCM and PBES2-HS256+A128KW.
- *
- * Since we can't do any server side validation the user needs to confirm in the
- * UI that he/she won't abuse the system.
- *
- * By using the token we make replaying an older requests harder and by using
- * JOSE which needs crypto APIs, abusing the system can't reasonably be done by
- * accident but only deliberately.
- *
- * This doesn't make things more secure, it just makes the intent of the user
- * more clear in case the API isn't used through our UI flow.
+ * This creates a key from the given token and
+ * decrypts the payload using the token,
+ * using A256GCM and PBES2-HS256+A128KW.
  *
  * @param {string} token
  * @param {string} payload
  * @returns {string}
  */
 export async function decrypt(token, payload) {
-    const key = await parseJwk({kty: 'oct', k: encode(token)}, 'PBES2-HS256+A128KW');
+    const key = await importJWK({kty: 'oct', k: base64url.encode(token)}, 'PBES2-HS256+A128KW');
     const decryption = await compactDecrypt(payload, key, {alg: 'PBES2-HS256+A128KW', enc: 'A256GCM'});
     const secret = new TextDecoder().decode(decryption.plaintext);
 
     return secret;
 }
-
+/*
+/**
+ * This parses a given json webtoken to its different parts
+ *
+ * @param {string} token
+ * @returns {string}
+ */
 export function parseJwt (token) {
     if (!token)
         return null;
diff --git a/yarn.lock b/yarn.lock
index d7b86e14584c88a4aa994af6ca9fecfb413afcdf..048c5ae5d312b36eeb0287fb818407ba68e0bb1c 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5155,6 +5155,11 @@ jest-worker@^26.2.1:
     merge-stream "^2.0.0"
     supports-color "^7.0.0"
 
+jose@^4.0.0:
+  version "4.2.0"
+  resolved "https://registry.yarnpkg.com/jose/-/jose-4.2.0.tgz#eb3dfe4926514a99f325ba604d32e41589394f6d"
+  integrity sha512-7nlU7qankWiES1WmZXAJl0jiGusoouXhjiGR12yc+0/SIDi+4uhEGzqcfONtDI7g66K4IyqA44botXGpi9EBWA==
+
 jquery@>=1.7, jquery@^3.4.1:
   version "3.6.0"
   resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.0.tgz#c72a09f15c1bdce142f49dbf1170bdf8adac2470"