Decrypting a JWE token using JOSE with A256GCM

Asked Jul 31 '19 at 12:35

Active Aug 23 '19 at 10:03

Viewed 2,280 times

I'm curious about this and wanted to see if anyone understands it.

I am encoding a payload using the jose-jwt nuget in .NET:

Jose.JWT.Encode(
    payload, 
    keyBytes, 
    JweAlgorithm.A256GCMKW, 
    JweEncryption.A256GCM, 
    extraHeaders: extraHeaders)

and this returns a token that looks correct.

When I use JOSE to decrypt the same payload:

Jose.JWT.Decode(payload, keyBytes, JweAlgorithm.A256GCMKW, JweEncryption.A256GCM);

It throws an error:

BCrypt.BCryptDecrypt(): authentication tag mismatch

Is this normal? Is the JWE encryption supposed to be unable to be decrypted or can someone explain why this error is happening?

Thanks

edited Jul 31 '19 at 13:08

asked Jul 31 '19 at 12:35

Nick

Are you encoding with the public key and decoding with the private key? – DavidG Jul 31 '19 at 12:58
Yes. The decrypt method is giving an exception due to the data not being encrypted in the same method that is being used to decrypt. – jdweng Jul 31 '19 at 13:30
Is it possible to have sample jwe generated by jose-jwt and associated keys? – Spomky-Labs Aug 12 '19 at 05:55
AesGcmKeyWrapManagement management algorithm expected key of size 256 bits. I think you are using a Symmetric key. Check the source code https://github.com/dvsekhvalnov/jose-jwt/blob/master/jose-jwt/JWT.cs – Nikhil Feb 23 '21 at 04:24

0 Answers0