1

Followed the guide on https://github.com/ndi-trusted-data/myinfo-demo-app/blob/master/lib/security/security.js

I managed to decrypt the JWE token in node js environment but not php.

However with the same implementation in PHP, I am not able to decrypt the same JWE using the same keys.

Is there anything wrong with my code below? Tried for 2 days and I'm stuck. Is there anything wrong with my code or implementation of both library not standard?

This is the output from nodejs with successful decryption. 

Decrypting JWE (Format: header.encryptedKey.iv.cipherText.tag)

eyJhbGciOiJSU0ENvbS5z.........

{"alg":"RSA-OAEP","enc":"A256GCM","kid":"aa.sample.com"}

Person Data (JWS):
"eyJhbGciOiJSUzI1NiIsImtpZCI6IkM2US0wYnNIYzRxeU5xNk1CRXRmdH......

Person Data (Decoded):
{"uinfin":{.........} }

followed the docs https://web-token.spomky-labs.com/components/encrypted-tokens-jwe/jwe-loading

use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Algorithm\KeyEncryption\RSAOAEP;
use Jose\Component\Encryption\Algorithm\ContentEncryption\A256GCM;
use Jose\Component\Encryption\Compression\CompressionMethodManager;
use Jose\Component\Encryption\Compression\Deflate;
use Jose\Component\Encryption\Serializer\JWESerializerManager;
use Jose\Component\Encryption\Serializer\CompactSerializer;
use Jose\Component\Encryption\JWEDecrypter;

$jwtString = "eyJhbGciOiJSU0EtT0FFU....";

// The serializer manager. We only use the JWE Compact Serialization Mode.
    $serializerManager = new JWESerializerManager([
        new CompactSerializer(),
    ]);


    // The key encryption algorithm manager with the A256KW algorithm.
    $keyEncryptionAlgorithmManager = new AlgorithmManager([
        new RSAOAEP()
    ]);



    // The content encryption algorithm manager with the A256CBC-HS256 algorithm.
    $contentEncryptionAlgorithmManager = new AlgorithmManager([
        new A256GCM(),
    ]);

    // The compression method manager with the DEF (Deflate) method.
    $compressionMethodManager = new CompressionMethodManager([
        new Deflate()
    ]);



    $privateKey = JWKFactory::createFromKeyFile(
        base_path('keys/'.env("MYINFO_PRIVATE_KEY_PATH")), 
        '',                   // Secret if the key is encrypted
        [
             'use' => 'enc',         // Additional parameters
        ]
    );



    $signatureKey = JWKFactory::createFromCertificateFile(
        base_path('keys/'.env("MYINFO_ISSUED_PUBLIC_KEY_PATH")),         
        [
             'use' => 'sig',         // Additional parameters
        ]
    );

    // We instantiate our JWE Decrypter.
    $jweDecrypter = new JWEDecrypter(
        $keyEncryptionAlgorithmManager,
        $contentEncryptionAlgorithmManager,
        $compressionMethodManager
    );

    // We try to load the token.
    $jwe = $serializerManager->unserialize($jwtString);  

    // We decrypt the token. This method does NOT check the header.
    $success = $jweDecrypter->decryptUsingKey($jwe, $privateKey, 0,$signatureKey);

    dd($success);


--- false

Expect a decoded JWT payload however keep getting false.

Denny Labs SG
  • 21
  • 2

1 Answers1

0

I have been facing the same issue. While digging into the code execution, I found that the CompressionManager was empty. Code from documentation :

// The compression method manager with the DEF (Deflate) method.
$compressionMethodManager = new CompressionMethodManager([
    new Deflate()
]);

The standard constructor is deprecated and should no be used anymore. In my case, it was empty, so not registering any CompressionMethod. I make it working using the create mehtod :

// The compression method manager with the DEF (Deflate) method.
$compressionMethodManager = CompressionMethodManager::create([
    new Deflate()
]);

BR,

Aurélien

René Höhle
  • 26,716
  • 22
  • 73
  • 82
Aurélien
  • 1