Compact JWE decode and RSA-OAEP decrypt #117
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I needed JWE handling for our project. This adds decode from compact form, a flattened/generic split to JWE like JWS does and a decrypt function, along with a convenience function that turns it into compact JWS in one go. It's not a full implementation yet, obviously, but enough to cover our use case.
The integrity check was still failing in my testing. I'm not sure if it's applying hashing correctly. Other than that the decrypt worked in my testing. I copied the hashing from the encrypt code that was already implemented but seeing how it got the keys in the wrong order I suspect it's not that tested either. (MAC key is first, see https://datatracker.ietf.org/doc/html/rfc7518#section-5.2.2.1). But since there's no implementation for this part as of yet either case I'm submitting the pull request regardless.Addendum 2023-12-01: I had a second look at the tag check code and got it working. While RFC 7516 allows having an empty AAD, looks like the way it is used in the wild is that the protected header is used as a part of it, even if the AAD would otherwise be empty, like with compact JWE representation.
This needs access to the private key so I exported it from
Crypto.JOSE.JWA.JWK
. That may or may not be a concern.