Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Compact JWE decode and RSA-OAEP decrypt #117

Closed
wants to merge 2 commits into from

Conversation

kaol
Copy link

@kaol kaol commented Oct 18, 2023

I needed JWE handling for our project. This adds decode from compact form, a flattened/generic split to JWE like JWS does and a decrypt function, along with a convenience function that turns it into compact JWS in one go. It's not a full implementation yet, obviously, but enough to cover our use case.

The integrity check was still failing in my testing. I'm not sure if it's applying hashing correctly. Other than that the decrypt worked in my testing. I copied the hashing from the encrypt code that was already implemented but seeing how it got the keys in the wrong order I suspect it's not that tested either. (MAC key is first, see https://datatracker.ietf.org/doc/html/rfc7518#section-5.2.2.1). But since there's no implementation for this part as of yet either case I'm submitting the pull request regardless.

Addendum 2023-12-01: I had a second look at the tag check code and got it working. While RFC 7516 allows having an empty AAD, looks like the way it is used in the wild is that the protected header is used as a part of it, even if the AAD would otherwise be empty, like with compact JWE representation.

This needs access to the private key so I exported it from Crypto.JOSE.JWA.JWK. That may or may not be a concern.

@kaol
Copy link
Author

kaol commented Oct 20, 2023

For reference, here's an example how I'm using the changes on openid-connect's side: https://github.com/KSF-Media/openid-connect/tree/jwe-decrypt-identity-token

@kaol kaol mentioned this pull request Dec 4, 2023
@kaol
Copy link
Author

kaol commented Dec 13, 2023

Closed in favor of greatly expanded #120

@kaol kaol closed this Dec 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant