Migrating JWE decrypt/verify from 2.0.5 to 4.5.0

[federico-moretti]

Hello!
I've been trying to convert the following script to the latest release, but I don't find a migration guide and everything that I've tried failed miserably.

Old script:

// the "token" var is a string that I receive as query string
const decryptKey = <JWT.OKPKey>JWT.asKey(privateKey, { alg: 'ECDH-ES', use: 'enc' });
const jws = JWE.decrypt(token, decryptKey, { keyManagementAlgorithms: ['ECDH-ES'] }).toString();
const verifyKey = <JWT.ECKey>JWT.asKey(publicKey, { alg: 'ES256', use: 'sig' });
return JWE.verify(jws, verifyKey, { algorithms: ['ES256', 'HS256', 'EdDSA'] });

Is there anyone that can help me? Thank you.

[federico-moretti]

I resolved with the following code:

// the "token" var is a string that I receive as query string
const publicKey = await jose.importSPKI(PUBLIC_KEY, 'ES256');
const privateKey = await jose.importPKCS8(PRIVATE_KEY, 'ECDH-ES');
const decrypted = await jose.compactDecrypt(token, privateKey, { keyManagementAlgorithms: ['ECDH-ES'] });
return await jose.jwtVerify(decrypted.plaintext, publicKey, { algorithms: ['ES256'] });

[panva]

That's wrong, it might work in Node, but not universally. The JWA algorithm identifiers are flipped. I've edited your response to be correct.

[federico-moretti]

Oh I see. Thank you for the help, really appreciated!