0

Feel kind of out of my depth here.

I have a message that I'm trying to encrypt on a react front end using a public key and the jose library. Then that message will be sent to the java back end and needs to be decrypted by the same public key so that the message can be read.

On the front end, this is my code:

  const secret = jose.base64url.decode('zH4NRP1HMALxxCFnRZABFA7GOJtzUAgIj02alfL1lvI');
  const jwt = await new jose.EncryptJWT({ foo: 'bar' })
    .setProtectedHeader({ alg: 'dir', enc: 'A128CBC-HS256' })
    .setIssuedAt()
    .setIssuer('urn:example:issuer')
    .setAudience('urn:example:audience')
    .setExpirationTime('2h')
    .encrypt(secret);

And then this is my attempt at decrypting on the backend

         byte[] encoded = Base64.getUrlDecoder().decode("zH4NRP1HMALxxCFnRZABFA7GOJtzUAgIj02alfL1lvI");
         
         PublicKey pk = null;
         
          try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
              X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
              pk = keyFactory.generatePublic(keySpec);
            } catch (NoSuchAlgorithmException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (InvalidKeySpecException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
          
         
         JwtConsumer jwtConsumer = new JwtConsumerBuilder()
                 .setRequireExpirationTime()
                 .setVerificationKey(pk)
                 .build();
         
         try {
            JwtClaims jwtDecoded = jwtConsumer.processToClaims(forwardKey);
            System.out.println(jwtDecoded.getStringClaimValue("foo"));
        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

However Java doesn't seem to have the HS256 algorithm available when creating the PublicKey object using the keyfactory, but then I can't find any information on what algorithms to use for the encryption on the front end.

Decrypting on the front end using the same secret works fine. But when trying to do the same thing in JAVA its like 20 more lines and I'm not sure what those lines are supposed to be at all

stor314
  • 384
  • 1
  • 5
  • 21

2 Answers2

3

A128CBC-HS256 stands for AES_128_CBC_HMAC_SHA_256. This algorithm encrypts with AES-128 in CBC mode, authentication is done with HMAC/SHA256. A 32 bytes key is required as primary key (from which two secondary keys are derived: the first 16 bytes are used for authentication, the second for encryption).

The current Java code tries to import the key with X509EncodedKeySpec. This class is intended for importing a DER encoded SPKI key in the context of RSA, so it is completely wrong here.

Instead, a possible Java implementation is:

import java.security.Key;
import java.util.Base64;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.keys.HmacKey;

...
 
String jwt = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..WhLXSXBUTRSERZuRTMBLrw.PqYS4ZoVHEnLA3nKyurYtO8oPRI9ncnd9gWftneUQmbdV1y8EaL3rBFYCxp1MFm7c5kZe4hx98uHpdAAkrznhmqiQ7Z2MGNlmp9aqZquo8dq1HJOUj-DoqSdsVGx7a1XoAR35bNW7rhru62zYMJfeA.-18U12AoCxO9NNOG6mHnNQ"; // encrypted JWT
byte[] encoded = Base64.getUrlDecoder().decode("zH4NRP1HMALxxCFnRZABFA7GOJtzUAgIj02alfL1lvI"); // primary key
Key key = new HmacKey(encoded); // import primary key
    
JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setKey(key);
jwe.setCompactSerialization(jwt);
String payload = jwe.getPayload(); // decrypt

JwtClaims claims = JwtClaims.parse(payload);
String fooClaim = claims.getStringClaimValue("foo"); // get foo claim

System.out.println(payload);  // {"foo":"bar","iat":1692645846,"iss":"urn:example:issuer","aud":"urn:example:audience","exp":1692653046}
System.out.println(fooClaim); // bar

Here, the encrypted token (jwt) was created using the posted NodeJS code.

Topaco
  • 40,594
  • 4
  • 35
  • 62
  • thank you, i ended up using slightly different code but tested this and it works also. thanks for the explanation too. – stor314 Aug 22 '23 at 15:05
0

For people in the future who view this, try either @Topaco 's answer or the following code which I ended up using before the answer was posted

    private static JwtClaims decryptMessage(String msg) throws JoseException, InvalidJwtException {

        byte[] encoded = Base64.getUrlDecoder().decode("zH4NRP1HMALxxCFnRZABFA7GOJtzUAgIj02alfL1lvI");

        JsonWebEncryption receiverJwe = new JsonWebEncryption();

        AlgorithmConstraints algConstraints = new AlgorithmConstraints(ConstraintType.PERMIT, KeyManagementAlgorithmIdentifiers.DIRECT);
        receiverJwe.setAlgorithmConstraints(algConstraints);
        AlgorithmConstraints encConstraints = new AlgorithmConstraints(ConstraintType.PERMIT, ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256);
        receiverJwe.setContentEncryptionAlgorithmConstraints(encConstraints);

        receiverJwe.setCompactSerialization(msg);
  
        SecretKeySpec secretKeySpec = new SecretKeySpec(encoded, "AES");

        receiverJwe.setKey(secretKeySpec);

        return JwtClaims.parse(receiverJwe.getPayload());
    }
stor314
  • 384
  • 1
  • 5
  • 21