1

I am using JOSESwift. When I use the Encrypter method it returns nil without details of any error. Below is my code sample. Can anyone please help why does the Encrypter method return nil?

Intention : I am trying to set wrapping key to my JWE object and from JOSESwift i can understand that Encrypter takes in that cek key. 

// Jose implementation.
        let joseHeader = JWEHeader(algorithm: .direct,
                                   encryptionAlgorithm: .A128CBCHS256)
        let joseEncrypter = Encrypter(keyEncryptionAlgorithm: .RSAOAEP,
                                      encryptionKey: cekKeyData,
                                      contentEncyptionAlgorithm: .A128CBCHS256)!
        let josePayload = Payload(Data(base64Encoded: jsonString)!)

        let joseJWE = try? JWE(header: joseHeader, payload: josePayload, encrypter: joseEncrypter)
Max
  • 5,380
  • 6
  • 42
  • 66
  • It returns nil because you've used `try?`. If you switch that to `try`, the error it throws will tell you what the problem is. `try?` specifically tells Swift to throw away the error and just return nil. – Rob Napier Jan 24 '20 at 16:21
  • Method Encrypter returns nil which does not have any try on it. – Max Jan 24 '20 at 17:32

1 Answers1

0

I suspect you're passing the wrong kind of key, or are incorrectly selecting .RSAOAEP as your algorithm and meant .direct.

///   - key: The key used to perform the encryption. If the `keyEncryptionAlgorithm` is `.direct`, the
///          `encryptionKey` is the shared symmetric content encryption key. Otherwise the `encryptionKey` is the
///           public key of the receiver. See [RFC-7516](https://tools.ietf.org/html/rfc7516#section-5.1) for
///           details.

nil is only returned in the following case from that code given the passed parameters:

switch (keyEncryptionAlgorithm, contentEncyptionAlgorithm) {
case (.RSA1_5, .A256CBCHS512), (.RSAOAEP, .A256CBCHS512), (.RSAOAEP256, .A256CBCHS512), (.RSA1_5, .A128CBCHS256), (.RSAOAEP, .A128CBCHS256), (.RSAOAEP256, .A128CBCHS256):
    guard type(of: key) is RSAEncrypter.KeyType.Type else {
        return nil
    }
    // ...

This indicates that the cekKeyData is not of type RSAEncrypter.KeyType. I suspect it's a generated AES key instead.

Rob Napier
  • 286,113
  • 34
  • 456
  • 610
  • The cekKeyData is a shared key created from ECDHSecret. i am trying to setWrappingKey to my JWE and that was the original intention to do this. Please help. – Max Jan 25 '20 at 12:31
  • if its AES key then does JOSESwift does not support this ? – Max Jan 27 '20 at 13:58
  • You've requested the encryptor to encrypt with RSAOAEP, and then passed it an AES key. You need to pass it an RSA key if you want to wrap using RSA-OAEP. If you're using a shared secret, then I don't understand why you're also using RSA-OAEP. Shared secrets are "direct" encryption and don't require key wrapping. I'm not familiar with JOSESwift particularly; I typically use cjose. – Rob Napier Jan 27 '20 at 14:11
  • I think your answer is right for what question i have asked. The key what i am passing is definitely not AESEncrypter.KeyType thats the reason for getting nil back. I need to now figure out what is the key type i am passing for my code to work. – Max Jan 27 '20 at 14:29
  • @Max were you able to figure out what key/algorithm configuration you need? Robs answer is likely correct and you just didn't pass a key that matches the specified algorithms. If you want to use a shared encryption key make sure to select the `.direct` key encryption key (just as you did in the JOSEHeader configuration). – dlggr Apr 26 '20 at 09:48
  • 1
    Yes Robs answer is right. What i was trying was using a EC key with JOSE Swift which is currently not supported. That was the reason for the encryptor to return nil. – Max May 12 '20 at 10:24