Replies: 11 comments
-
I don't know, please provide actual reproduction steps.
This works just fine, so you're doing something wrong that isn't in your issue's description. const jose = require('jose')
const privateKey = jose.JWK.generateSync('RSA')
console.log('privateKey is', privateKey.type)
const publicKey = jose.JWK.asKey(privateKey.toPEM(false))
console.log('publicKey is', publicKey.type)
const jwe = jose.JWE.encrypt(
'eyJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJqb2huZG9lIn0.T_SYLQV3A5_kFDDVNuoadoURSEtuSOR-dG2CMmrP-ULK9xbIf2vYeiHOkvTrnqGlWEGBGxYtsP1VkXmNsi1uOw',
publicKey,
{ kid: publicKey.kid },
)
console.log('jwe: ', jwe)
jose.JWE.decrypt(jwe, privateKey) |
Beta Was this translation helpful? Give feedback.
-
@panva Thank you for the quick response as always. I found that the public key I was using, 'use' property was 'sign'. I changed it to 'enc' and got it decrypted. import { JWE, JWK, JWT } from 'jose'
import { logInfo, logError } from 'logging/logger'
export const validate = async (request, response) => {
logInfo('Validate')
const pub = {
use: 'enc',
kty: 'RSA',
e: 'CA__',
n: 'wKojZengmd7dTT7YWW4v2PZDV7o_j6P-Xp94CSktuLw-bTVVTe5jCp_Pphs4Ej4aEhmXVaS97WHGU8uf4itA3jXXRzEHcJwdOBCg_u2wOXQvRuUID8AN4va1IZfpHSAfjRIAMVgAIdkN2NbhpbTjJ_Xg6wKxSNvESx3ekNEL3InHw-xVc06CKQccvPFodIwV5fzHRS6KL2MLYZgbfxV-uujYyfKkYNTJ0QDfhw-YqbUKaW2Ovb6xRbUMuTqDEN1DwzQs3-2BZw135Q-Mpb56hzxZofM6wWPERgC-KBlTUWZQPXSU3RPaPWiojzKrbTWsvXOcjZ0CRhdfeZ6oGEQ_FQ',
}
const pvt = {
p: '7qNjgBvXiFCpYLyBHnCo5WEuCVUENYovgRsMUtS9oWpF4TGOu2Kv33xGMz7RtO28ayZcv828aV3AEyilpPQg8hHtQuHyfeCQQ5_zmKqNfvoFkwvKysFkLrPz8a5xtD5nSnvuqILul3WkHzLRxQF_97_VbGBIjOp4pH9fLQusUz0',
kty: 'RSA',
q: 'zq5-4h0pqfk8pfkncj4wM-9n5XWr3ugQxwc0kPraCxPrLCOp2osL4jfOp-HAFLysF0EYDDDZmY3iwrNBRI5rdy8wkz6cwgZ9Aj3aIkVex1mdKBktvodB7ct8EqipNsSTpJJymAV0-gN1lIu6OgXGveNKqWyAKy-k6pPluVYN-Lk',
d: 'CD8Bw_pE63jIt6It767owPYYSRI_aBcE_mL5COtyzpKEdzpIpFlPrbh2QKLcLMxeXvCJIsdtB6MD-VRlhKX7_LPYrrHzdllZ-lz974uxedbwMgfwsv0IMJd1K_oFy_BW6KCAOX3r9ka1D3902TDpJa-ooLq4Arr0NCcxlsYJKkdtKPPDN79Uxboq262wkjrTdVYGqSQv8wDj1jQiuhgjfPTAKwqEXuH-5-Zu1jir7GAfhVYKZXME_K4fOOlS_XLfAzSzbOURa1PX4ySWJt2rEcEq2G7SL_SEOiUEnUW3g7xpoRHFKb3Vqe2VcmteDkNURMHZ-uf_kmWBetquYYVQHw',
e: 'CA__',
qi: 'X2Z1vrtmMS6rdu0hZi5NWfsk3VkXPv3_nYaAHiROq567fk4ttGuypb2op4ebxED34KAALl7XF3O7mudf9ijUVtiy_2a8OCz8a-SkEZuLuZHYdSZ4nJqe-t8TS5jA03R1-rFkGmJJCWPqxgKXgJ35qpatOJiM7R7zojecE02TW4c',
dp: 'ywtMeBEMs2XZX2gvk70aDynJgIevy9kzvLWCnDTHTTpqG-Xq55uO3ex-oHshNkkZ0TAgl-qEHznMpD7HN0MZQAW8xq6j8aJ7YhAhq9rq90rkTW9dCcGABHUz-jTnhprnrTCmp_MojVlmp_91VlyxKPEZST2jxkF6Y5JCRggFq48',
dq: 'x6XwVWLReCTqMT2aUBxoP6j7ZxTiZKZyfxXhleFJXJ87-k4GSNKnZ-nWFYK0dgqLgbxj4S5Q5ijKLTKC_xgGp7s06zR1dkwIPSyVvJz-hJAnj64itvUZBSBLsND6SvzME_TzO7I4_muVQv53R1sQ3UTeuxfqT4kMeFdF74hZ_I8',
n: 'wKojZengmd7dTT7YWW4v2PZDV7o_j6P-Xp94CSktuLw-bTVVTe5jCp_Pphs4Ej4aEhmXVaS97WHGU8uf4itA3jXXRzEHcJwdOBCg_u2wOXQvRuUID8AN4va1IZfpHSAfjRIAMVgAIdkN2NbhpbTjJ_Xg6wKxSNvESx3ekNEL3InHw-xVc06CKQccvPFodIwV5fzHRS6KL2MLYZgbfxV-uujYyfKkYNTJ0QDfhw-YqbUKaW2Ovb6xRbUMuTqDEN1DwzQs3-2BZw135Q-Mpb56hzxZofM6wWPERgC-KBlTUWZQPXSU3RPaPWiojzKrbTWsvXOcjZ0CRhdfeZ6oGEQ_FQ',
}
try {
const publicKey = JWK.asKey(pub)
const privateKey = JWK.asKey(pvt)
const token = JWE.encrypt(
'eyJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJqb2huZG9lIn0.T_SYLQV3A5_kFDDVNuoadoURSEtuSOR-dG2CMmrP-ULK9xbIf2vYeiHOkvTrnqGlWEGBGxYtsP1VkXmNsi1uOw',
publicKey,
{ kid: publicKey.kid },
)
const decrypt = JWE.decrypt(token, privateKey)
if (decrypt) {
return response.sendStatus(200)
}
response.sendStatus(400)
} catch (error) {
logError(error)
return response.sendStatus(400)
}
} I got one last question. Is it possible to verify and decode the JWE? A google search did not yield anything so I presume not. |
Beta Was this translation helpful? Give feedback.
-
I don't follow the question |
Beta Was this translation helpful? Give feedback.
-
@panva the last question was how to if I can verify the JWE. I found that to verify it, I have to convert the buffered JWE into a sting and use JWS.verify to verify and decode. I have one more question. I generated two keys using ssh keygen. However, I am having an issue decrypting the token. I am getting the following error: const { JWK, JWE } = require('jose')
// Keys
const publicKeyPEM = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCq1Jp6YqfWV47YOgmYuG7GUusuR3mqOqJ6U7+a+gLv8bP+lfuIhg9FJ0KPyvUax6OqBOVqdAPK9AxEdZEB0CvA1sDrhZW1Y0XTSCSnTVIqhCgVFtRkbOyR3iC0DR2CgT+QA+JctyQ3C+R1+f4BZZKCkM2/IzEaCi1E8L39J3XbhuyfbGwdLwZY73Xjqf04TYCrod+ZfHfig22zNyO1ZY9EZsYLOB3rjPA+og/L/Rqq6vTcqedFVeLrQ6QcE8hBBQ6IU/Z6M3uWG3PTRN0WJdihAZfY1ENg4pap/p2wjQk2kgWRIup58vOLzTiwGk4h038txGxQY2UZDeV6gOG/HumL'
const privateKeyPEM = `-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAqtSaemKn1leO2DoJmLhuxlLrLkd5qjqielO/mvoC7/Gz/pX7
iIYPRSdCj8r1GsejqgTlanQDyvQMRHWRAdArwNbA64WVtWNF00gkp01SKoQoFRbU
ZGzskd4gtA0dgoE/kAPiXLckNwvkdfn+AWWSgpDNvyMxGgotRPC9/Sd124bsn2xs
HS8GWO9146n9OE2Aq6HfmXx34oNtszcjtWWPRGbGCzgd64zwPqIPy/0aqur03Knn
RVXi60OkHBPIQQUOiFP2ejN7lhtz00TdFiXYoQGX2NRDYOKWqf6dsI0JNpIFkSLq
efLzi804sBpOIdN/LcRsUGNlGQ3leoDhvx7piwIDAQABAoIBAArj9t0qgOynNFIQ
kSANUfKOwrN2lwkFJ+qIgESO/7TwQbtPMHPpp/uOny2vkKSeaY6jNUTuFHfRyx5q
KE5nSQLILhBVuc+QfpkTllKcGUrglfWSOQQV9ZbvBEK2O1Vgi/7QYJPskQB5X50t
zMWmBgsQ1C0FP1Ibp/snJdWHuHnAK5Jfk4XghRAYNxe4t2PVz5SLlFptLq10hqFR
xJeDf38rl6M8du/K8vsP5maDMTxandTApupgG1ouW2HUd+SIJNxOpc6s3pOccdVf
rg1YxrAPtsE5QHDofX9TNcehAfdkXPJrv7mrHx746b0mTW0A0CQWaoWKJzHlub4C
SgeKt6ECgYEA2YYhiJ3k5r+0fG6G+Rf/FgULseHwJa+cdQwQyShGx1H8XOtW8Ukp
YozSJervoSDLSqRZxlDO4w7mTZSyGi1JXshXn2y13VcpOmBa+WgJ2oOFg2zMlm29
0vxhw5Q2ZY9tylY1y6+nYzBxoRKzqpz5nbbj+dLuskOnSO4mw5uF6WkCgYEAyQwc
FQoh3ts0aB7/iDKdX1rIH2Dvo4fgOdtz7mL1a8A6M0aZGzeJAWDBPaz+yNrkGIz2
kUR82EK1ec+SGljY4838dKDAFZOvl9IphroRc5YLxupAripa57fc/65dpjOusDbW
7izFU7DFTnNdaZjPwwSBrmsIUoJB/f03MIgKSNMCgYEAq7vO68okttyxRPAKFc0R
MjRHmGfVrhsoPeyJsBbhUmnzAPU4TgTB7LFbFF6YU7DNbx+0VPLlc7QGtUdpGWuZ
moA3VYGBT7+JqDH8gR3XcbIWjb0vBLCdhl6FXOC91Y7YUj+f9zC1yYSsoUtfl5qZ
JCAJeupCU3FAOD71UceOgMkCgYEAriWPLapZLHE0M/yl25P8PVylfIi7CyvnTjaJ
dTTC4VLhFwlQFgNE6ayltobjK5hve9Sev7ZTbgBaseja5XeQZ8NFqsCToh0LPLcO
wWTrOPP/v42p+TM3CwB4rgCbnhumdX0LL8QYKSY1wn6rq4xyarq8mhicXNv3zcpI
xAES54ECgYAmvE8BfjK/kQCA+P7rio3bZ4Ar9r7u/MQS+sV5FpwZomDriuCtbEZx
kjND5QfOjMUWwCiWyJCtgoFXSZDxaxTPAWcBQF8WiPe+zFzv/BAB92dWLi+sV8Qv
V9DvVhP+o0S4LPIhrevw7CAQflAPkUy531aohVOQsqUjHz1R2Eco6w==
-----END RSA PRIVATE KEY-----`
const publicKey = JWK.asKey(publicKeyPEM)
const privateKey = JWK.asKey(privateKeyPEM)
const payload = 'decryt me'
const encrpyted = JWE.encrypt(payload, publicKey)
try {
const decryted = JWE.decrypt(encrpyted, privateKey)
console.log(decryted)
} catch (err) {
console.log(err)
} The public key is what we are passing to a third party to be used to encrypt the token. When I tried consoling the public key type, it comes as secret. But my colleague is adamant that it is a public key. |
Beta Was this translation helpful? Give feedback.
-
That's not a public RSA key in a PEM format mate. Look at the instance you get back from |
Beta Was this translation helpful? Give feedback.
-
Yes, you are correct there. I did see that the asKey returns a oct symmetric key. I have previously explained to my colleague and he said it was. |
Beta Was this translation helpful? Give feedback.
-
https://blog.oddbit.com/post/2011-05-08-converting-openssh-public-keys/ It technically is, but it's neither of the supported public key encodings (pkcs1 or spki) |
Beta Was this translation helpful? Give feedback.
-
I did manage to convert it using the library too. You can use the |
Beta Was this translation helpful? Give feedback.
-
@yuvigrg |
Beta Was this translation helpful? Give feedback.
-
@panva legend. |
Beta Was this translation helpful? Give feedback.
-
No problem, please consider supporting the library if it provides value and the support was of help to you and/or your company/project. |
Beta Was this translation helpful? Give feedback.
-
Expected behaviour
Get a JWE
Environment:
"jose": "^1.16.0",
node version: v12.0.0
I am trying to decrypt a JWE token. I have got public key and the private key. However, the sample JWE token that I received from a third party was throwing JWEInvalid.
To test whether my key was in fault, I tried creating an encrypted token using the public key. But the token is not being generated and throwing the JWEInvalid error on JWE.encrypt.
The string parameter, I took it from the https://github.com/panva/jose encrypt example.
Where am i going wrong?
Beta Was this translation helpful? Give feedback.
All reactions