2

I am Currently using two libraries for JWT . First one for server side

jose php Library

and the second one for client side

jose js library

I am creating a token based login system . All i want is to create a token at server side and after encrypting with JWE(JSON WEB ENCRYPTION) return that token to client and save to html5 local storage .

issue is to decrypt encrypted token in javascript JOSE Library

jps
  • 20,041
  • 15
  • 75
  • 79
Iññoceñt Ùšmâñ
  • 316
  • 1
  • 6
  • 16

1 Answers1

3

Because a JWE is an standard format, then there is no problem to issue JWE from a platform (PHP, Java, JS...) and read it with another one.

The only problem here is that

  • you have to find a library for each platform you want to use.
  • these libraries must have common algorithms

I do not know nov/jose-php but the code review and the tests I performed show me it supports some well-known algorithms (RSA1_5/RSA-OAEP/dir for key encryption and A128CBC-HS256/A256CBC-HS512 for content encryption).

If you use RSA-OAEP and A128CBC-HS256 or A256CBC-HS512 on your project, then you should be able to encrypt on one side and decrypt on the other side.

If you want to use other algorithms on PHP such as AxxxKW or AxxxGCM, you should have a look on the spomky-labs/jose PHP library which supports dozen of algorithms, compression and more.

You should also look at jwt.io which lists a lot of Jose implementations on several platforms.

Edit

Private/Public RSA Key Converter

With spomky-labs/jose:

<?php
use Jose\Factory\JWKFactory;
$key = JWKFactory::createFromKeyFile('/path/to/your/key.pem');
// The variable $key is a JWKInterface instance that can be easily converted into a JSON object: json_encode($key)

In pure PHP:

<?php
$res = openssl_pkey_get_private($data);
if (false === $res) {
    $res = openssl_pkey_get_public($data);
}
// Verify here that $res is not false.


$details = openssl_pkey_get_details($res);
//Verify here that the array $details has a key 'rsa' (could be 'ec')

$components = [
    'n'  => 'n',
    'e'  => 'e',
    'd'  => 'd',
    'p'  => 'p',
    'q'  => 'q',
    'dp' => 'dmp1',
    'dq' => 'dmq1',
    'qi' => 'iqmp',
];

$key = ['kty' => 'RSA'];
foreach ($details['rsa'] as $key => $value) {
    if (in_array($key, $components)) {
        $key[array_search($key, $components)] = Base64Url::encode($value); // Base64 Url Safe encoding. See https://github.com/Spomky-Labs/base64url
    }
}
// The variable $key is an array with the expected information
Community
  • 1
  • 1
Spomky-Labs
  • 15,473
  • 5
  • 40
  • 64
  • jose php library uses public key to encrypt and private key to descrypt PEM format and javascript library uses json formated RSA key . So tell me how i can convert my public or private key that is in PEM format to JSON format RSA Key – Iññoceñt Ùšmâñ Oct 26 '16 at 03:26
  • I have just updated my answer. I hope it will help you. – Spomky-Labs Oct 26 '16 at 06:34
  • i need same thing in javascript – Iññoceñt Ùšmâñ Oct 26 '16 at 10:13
  • The PHP JOSE Library has not been actively supported since the end of 2018. Its security support will terminate on 2020. The library page suggests to use the [PHP JWT Framework](https://github.com/web-token/jwt-framework). – apaderno Feb 14 '19 at 19:45