How to decrypt a JWT, in java, which is encrypted with JWE when the encrypted token is present in form of String?

Question

I have a token in String format such as:

eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhHQ00ifQ.K52jFwAQJH-DxMhtaq7sg5tMuot_mT5dm1DR_01wj6ZUQQhJFO02vPI44W5nDjC5C_v4pW1UiJa3cwb5y2Rd9kSvb0ZxAqGX9c4Z4zouRU57729ML3V05UArUhck9ZvssfkDW1VclingL8LfagRUs2z95UkwhiZyaKpmrgqpKX8azQFGNLBvEjXnxxoDFZIYwHOno290HOpig3aUsDxhsioweiXbeLXxLeRsivaLwUWRUZfHRC_HGAo8KSF4gQZmeJtRgai5mz6qgbVkg7jPQyZFtM5_ul0UKHE2y0AtWm8IzDE_rbAV14OCRZJ6n38X5urVFFE5sdphdGsNlA.gjI_RIFWZXJwaO9R.oaE5a-z0N1MW9FBkhKeKeFa5e7hxVXOuANZsNmBYYT8G_xlXkMD0nz4fIaGtuWd3t9Xp-kufvvfD-xOnAs2SBX_Y1kYGPto4mibBjIrXQEjDsKyKwndxzrutN9csmFwqWhx1sLHMpJkgsnfLTi9yWBPKH5Krx23IhoDGoSfqOquuhxn0y0WkuqH1R3z-fluUs6sxx9qx6NFVS1NRQ-LVn9sWT5yx8m9AQ_ng8MBWz2BfBTV0tjliV74ogNDikNXTAkD9rsWFV0IX4IpA.sOLijuVySaKI-FYUaBywpg

Now I want to decrypt this String through some java library and ultimately want to access the payload. Anyone done this so far ?

score 8 · Answer 1 · edited Oct 07 '21 at 08:14

The assertion you shared with us is a JWE serialized in its compact representation. It has 5 parts separated by a dot (.) which are:

Part 1: the header (eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhHQ00ifQ)
Part 2: the encrypted key - depending on the algorithm, it may be an empty string - (K52jFwAQJH-DxMhtaq7sg5tMuot_mT5dm1DR_01wj6ZUQQhJFO02vPI44W5nDjC5C_v4pW1UiJa3cwb5y2Rd9kSvb0ZxAqGX9c4Z4zouRU57729ML3V05UArUhck9ZvssfkDW1VclingL8LfagRUs2z95UkwhiZyaKpmrgqpKX8azQFGNLBvEjXnxxoDFZIYwHOno290HOpig3aUsDxhsioweiXbeLXxLeRsivaLwUWRUZfHRC_HGAo8KSF4gQZmeJtRgai5mz6qgbVkg7jPQyZFtM5_ul0UKHE2y0AtWm8IzDE_rbAV14OCRZJ6n38X5urVFFE5sdphdGsNlA)
Part 3: the initialisation vector - IV depending on the algorithm, it may be an empty string - (gjI_RIFWZXJwaO9R)
Part 4: the cyphertext (oaE5a-z0N1MW9FBkhKeKeFa5e7hxVXOuANZsNmBYYT8G_xlXkMD0nz4fIaGtuWd3t9Xp-kufvvfD-xOnAs2SBX_Y1kYGPto4mibBjIrXQEjDsKyKwndxzrutN9csmFwqWhx1sLHMpJkgsnfLTi9yWBPKH5Krx23IhoDGoSfqOquuhxn0y0WkuqH1R3z-fluUs6sxx9qx6NFVS1NRQ-LVn9sWT5yx8m9AQ_ng8MBWz2BfBTV0tjliV74ogNDikNXTAkD9rsWFV0IX4IpA)
Part 5: the Additional Authentication Data - AAD - (sOLijuVySaKI-FYUaBywpg)

The header indicates at least the

Key Encryption Algorithm (alg) used to encrypt the content encryption key (CEK)
Content Encryption Algorithm (enc) used in conjunction with the CEK to encrypt the content.

In your case, The alg is RSA-OAEP and the enc is A128GCM. According to these algorithm, you should have a RSA private key to decrypt the CEK and then use it to decrypt the cyphertext.

https://jwt.io mentioned in the accepted answer will not be useful as it does not support JWE, but JWS. The result shown with a JWE input will not give you the decrypted payload. However, the https://connect2id.com/products/nimbus-jose-jwt resource will help you as it seems that the algorithms used for your token are supported.

Nicely explained.....I figured out this library of connect2id nimbus.....now the prob is I have 512 bits Key for A256GCM......us this possible in anyway. — Haseb Ansari, Feb 28 '17 at 10:22
To get the CEK, you have to decode it first (Base64UrlSafe => binary string) then decrypt it using the RSA-OAEP algorithm and the decoded IV. Normally, with the A256GCM algorithm, the decrypted CEK should be a 256 bit string. We can discuss [in private if needed](https://gitter.im/Spomky). — Spomky-Labs, Feb 28 '17 at 11:34
is it somehow possible to decrypt this String to JWT format ? — Haseb Ansari, Mar 01 '17 at 15:41

David Liaw · Accepted Answer · 2017-02-27T11:55:51.190

0

You probably don't necessarily need a library:

String token = eyJ....;
String[] splitToken = JWTEncoded.split("\\.");

// splitToken[0] is the header, splitToken[1] is the payload and
// splitToken[2] is the signature
byte[] decodedBytes = Base64.decode(splitToken[1], Base64.URL_SAFE);

// You don't have to convert it to string but it really depends on what type
// data you expect
String payload = new String(decodedBytes, "UTF-8");

https://jwt.io has a nice little decrypter for you to test data

In regards to JWE the only library I could find is this and an example to unencrypted JWE tokens can be found at the bottom of this page.
Note: I haven't tested this library so I won't be of much use beyond this, but it seems fairly straight forward.

edited Feb 27 '17 at 11:55

answered Feb 27 '17 at 11:20

David Liaw

3,193
2
18
28

Yes, but this is encrypted JWT with JWE and hence would have 5 parts like splitToken[0], [1], [2], [3], [4]. – Haseb Ansari Feb 27 '17 at 11:40
@HasebAnsari I've updated my answer for JWE. Good luck! – David Liaw Feb 27 '17 at 11:56

How to decrypt a JWT, in java, which is encrypted with JWE when the encrypted token is present in form of String?

2 Answers2