-
Notifications
You must be signed in to change notification settings - Fork 183
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWE Decrypt not working for RSA algorithm #235
Comments
Hi @Sathyaenn , you error log says you attempted to decrypt with wrong key type. All |
For Encoding
For Decode var newtest = JWE.Decrypt(jweNewObj, Convert.FromBase64String(decryptResponse.Result.plain), JweAlgorithm.A256KW, JweEncryption.A256CBC_HS512); decryptResponse.Result.plain Value of decryption key For encryption we have used public key of source machine key value. This will provide encrypted JWE object. Based on the JWE string "Encrypted Key" value we revoke the decode value string for the machine key file. This value in the form of Symmetric key value for the given machine key file. Decryption Key for JWE Object Decryption Key response Note: Above process works fine in JAVA based approach suing below code snip. For Encryptoon For Decryption JWEObject jweObject = JWEObject.parse(jweString); algMap.get(encConfig.getContentEncAlg()) This value in the form of Symmetric key value for the given machine key file. |
Is a value of It sounds like Btw do you really need |
hRlHJwqghdJhT+IibshwoUU++NOEwTl1LyymzSrIcQULGqCulOxvJeFZOu5cLCz+j3oA3dRlxc06p4D1Sd6GUQ== iis base 64 string of decryptResponse.Result.plain. While assigning key converting to byte[]. Need a help on the decode method for encrypted JWE Object. |
String values is AES Key value in the form of base 64string |
Ok. Can you just post a minimal unit test so i can run? |
Following approach are tried to decode the actual value string
|
THank, i'll take a look shortly. Sorry end of year, always super busy. |
Hey @Sathyaenn , took a look. // this line constructs Jwk from byte[] array, it will be of type Octet key, used for symmetric encryption
new Jwk(Convert.FromBase64String(decryptKeyBase64)); but Typically you would have something like: CngKey privateKey = CngKey.Open("decryptionKeyId", CngProvider.MicrosoftSoftwareKeyStorageProvider, CngKeyOpenOptions.MachineKey));
string json = Jose.JWT.Decode(token,privateKey);
// or if you prefer JWK
Jwk rsaKey = new Jwk(
e: "AQAB",
n: "qFZv0pea_jn5Mo4qEUmStuhlulso8n1inXbEotd_zTrQp9K0RK0hf7t0K4BjKVhaiqIam4tVVQvkmYeBeYr1MmnO_0N97dMBz_7fmvyv0hgHaBdQ5mR5u3LTlHo8tjRE7-GzZmGs6jMcyj7HbXobDPQJZpqNy6JjliDVXxW8nWJDetxGBlqmTj1E1fr2RCsZLreDOPSDIedG1upz9RraShsIDzeefOcKibcAaKeeVI3rkAU8_mOauLSXv37hlk0h6sStJb3qZQXyOUkVkjXIkhvNu_ve0v7LiLT4G_OxYGzpOQcCnimKdojzNP6GtVDaMPh-QkSJE32UCos9R3wI2Q",
p: "0qaOkT174vRG3E_67gU3lgOgoT6L3pVHuu7wfrIEoxycPa5_mZVG54SgvQUofGUYEGjR0lavUAjClw9tOzcODHX8RAxkuDntAFntBxgRM-IzAy8QzeRl_cbhgVjBTAhBcxg-3VySv5GdxFyrQaIo8Oy_PPI1L4EFKZHmicBd3ts",
q: "zJPqCDKqaJH9TAGfzt6b4aNt9fpirEcdpAF1bCedFfQmUZM0LG3rMtOAIhjEXgADt5GB8ZNK3BQl8BJyMmKs57oKmbVcODERCtPqjECXXsxH-az9nzxatPvcb7imFW8OlWslwr4IIRKdEjzEYs4syQJz7k2ktqOpYI5_UfYnw1s",
d: "lJhwb0pKlB2ivyDFO6thajotClrMA3nxIiSkIUbvVr-TToFtha36gyF6w6e6YNXQXs4HhMRy1_b-nRQDk8G4_f5urd_q-pOn5u4KfmqN3Xw-lYD3ddi9qF0NLeTVUNVFASeP0FFqbPYfdNwD-LyvwjhtT_ggMOAw3mYvU5cBfz6-3uPdhl3CwQFCTgwOud_BA9p2MPMUHG82wMK_sNO1I0TYpjm7TnwNBwiKbMf-i5CKnuohgoYrEDYLeMg3f32eBljlCFNYaoCtT-mr1Ze0OTJND04vbfLotV-BBKulIpbOOSeVpKG7gJxZHmv7in7PE5_WzaxKFVoHW3wR6v_GzQ",
dp: "KTWmTGmf092AA1euOmRQ5IsfIIxQ5qGDn-FgsRh4acSOGE8L7WrTrTU4EOJyciuA0qz-50xIDbs4_j5pWx1BJVTrnhBin9vNLrVo9mtR6jmFS0ko226kOUpwEVLgtdQjobWLjtiuaMW-_Iw4gKWNptxZ6T1lBD8UWHaPiEFW2-M",
dq: "Jn0lqMkvemENEMG1eUw0c601wPOMoPD4SKTlnKWPTlQS6YISbNF5UKSuFLwoJa9HA8BifDrD-Mfpo1M1HPmnoilEWUrfwMqqdCkOlbiJQhKY8AZ16QGH50kDXhmVVa8BRWdVQWBTUzWXS5kXMaeskVzextTgymPcOAhXN-ph7MU",
qi: "sRAPigJpl8S_vsf1zhJTrHM97xRwuB26R6Tm-J8sKRPb7p5xxNlmOBBFvWmWxdto8dBElNlydSZan373yBLxzW-bZgVp-B2RKT1B3WhTYW_Vo5DLhWi84XMncJxH7avtxtF9yksaeKe0e2n3J6TTan53mDg4KF8U0OEO2ciqO9g"
);
Jose.JWT.Decode(token,rsaKey); May be i misunderstood what you initially tried to do, but that's the thing with your unit tests. |
Have encrypted JWE Object using below approach. To encrypt used RSA PEM file for encrypt the content.
JweRecipient jweNewRecipient = new JweRecipient(JweAlgorithm.RSA_OAEP_256,rsa);
var jweNewObj = JWE.Encrypt(jseNewSource, new[] { jweNewRecipient }, JweEncryption.A256CBC_HS512);
From encrypted data, have collected "encrypted_key" from the object and retrieved actual symmetric key for the decryption.
While trying to decrypt the content using following approach
jrsakey - Symmetric key value for "encrypted_key".
JWE.Decrypt(jweNewObj, jrsakey);
JWE.Decrypt(jweNewObj,jrsakey, JweAlgorithm.RSA_OAEP_256, JweEncryption.A256CBC_HS512);
JWE.Decrypt(jweNewObj, Convert.FromBase64String(decryptResponse.Result.plain), JweAlgorithm.RSA_OAEP_256, JweEncryption.A256CBC_HS512, null);
Encrypt_Decrypt_Sample_data.txt
for all the approach receiving error. Can you guide me on the decryption part of this.
The text was updated successfully, but these errors were encountered: