Stack Overflow
Stack Overflow

Questions tagged [jose]

JOSE (Javascript Object Signing and Encryption) is a framework intended to provide a method to securely transfer claims (such as authorization information) between parties

JOSE (Javascript Object Signing and Encryption) is a framework intended to provide a method to securely transfer claims (such as authorization information) between parties

The JOSE framework provides a collection of specifications to serve this purpose. A JSON Web Token (JWT) contains claims that can be used to allow a system to apply access control to resources it owns.

One potential use case of the JWT is as the means of authentication and authorization for a system that exposes resources through an OAuth 2.0 model.

Official Website

131 questions
0
votes
0 answers

How to encrypt json data in to JWE Token with jose

I want to encrypt my JSON object into a JWE token. I am using the JOSE NuGet SDK with C# language. I am using A256KW JweAlgorithm for secret key and A256GCM for JweEncryption. Could anyone please help me find out what I am doing wrong? string key =…
Kryp2 Gemini
  • 11
  • 2
0
votes
1 answer

Is some format mandatory for the plaintext/payload of JOSE JWE/JWS packets?

I want to transfer and share some data inside JOSE JWE/JWS packets between different endpoints running differing os/libraries. Therefore I want to adhere to the relevant Standards (RFCs) as closely as possible, for interoperability. Sadly I did not…
gaiuscosades
  • 1
  • 2
0
votes
3 answers

jest fails with error: Cannot find module 'jose-node-cjs-runtime/jwt/sign'

I am testing my Node.js API using jest. This API is an Express app used for managing tasks. It has signup/login feature to allow only authenticated users to use the app. It has an endpoint for signing up new user and many endpoints are present which…
nlern
  • 910
  • 1
  • 8
  • 15
0
votes
0 answers

How do I consume an encrypted payload in Spring boot

I have tried to handle it using: @RequestMapping(method = RequestMethod.POST,produces="application/json",consumes= "application/jose;charset=UTF-8") I get the below error: org.springframework.web.HttpMediaTypeNotSupportedException: Content type…
Ravi Ranjan
  • 1
  • 2
0
votes
2 answers

subtle crypto with ECDSA : Cannot create a key using the specified key usages

I wanted to import an ECDSA private key in Chrome to sign some data, tried yet with crypto.subtle.importKey: feeded the importKey with a derivated private key using secp256k1. When trying to use the lib, I got stuck with the following error: Cannot…
Johan
  • 277
  • 4
  • 17
0
votes
1 answer

Error: no importer for key when importing "pem" key

The app follows the instruction on node-jose 2.0.0 for import .pem key. Here is the documentation: To import and existing Key from a PEM or DER: // input is either a: // * String serialization of a JSON JWK/(base64-encoded) PEM/(binary-encoded)…
user938363
  • 9,990
  • 38
  • 137
  • 303
0
votes
1 answer

Is options ignoreExpiration still valid in node-jose?

In jasonwebtoken, the option ignoreExpiration can be used as below for HS256: const jwt = require("jsonwebtoken"); const decoded = await jwt.verify(jwt_token, process.env.jwtPrivateKey, {ignoreExpiration: true}); Now the app is migrating to…
user938363
  • 9,990
  • 38
  • 137
  • 303
0
votes
0 answers

Private key in CngKey format using jose-jwt - EccKey.New(x, y, d, CngKeyUsages.KeyAgreement) not working in production but fine in local

I'm trying to read get the x, y and d parameter values from a pem file generated using https://mkjwk.org/ with P 256 curve, Encryption, ECDH-ES+A128KW with X509 set to true. The values for x, y , d are retrieved using below: using (var reader = new…
Abhishek Roy
  • 1
0
votes
1 answer

Empty keys when generating JSON Web Key Set (JWKS)

I'm trying to create a JSON web key set for use with a node.js API client. However when logging my keys they seem to be empty. const {JWKS} = require("jose"); const keyAlg = "RSA"; const keySize = 2048; const keyUse = "sig"; const alg =…
Sami
  • 1,374
  • 1
  • 16
  • 43
0
votes
2 answers

How to encode private key as JSON WEB TOKEN in RS256 format using python

Well I have gone through a lot of questions, and their respective answers, mostly instead of private key (which starts from -----BEGIN RSA PRIVATE KEY-----) to encode in jwt, public key was being sent (which does not begin from -----BEGIN RSA…
Huwaiza
  • 77
  • 2
  • 13
0
votes
0 answers

Can I use JOSE for Signed and Encrypted API Request and Response for Server to Server API communication?

As the documentation says: JOSE 1 is a framework intended to provide a method to securely transfer claims (such as authorization information) between parties. Doc Is JOSE is only used for Authentication and Authorization activities or can it be…
mnhmilu
  • 2,327
  • 1
  • 30
  • 50
0
votes
1 answer

Using Delphi JOSE & JWT library, how do you sign a JWT using RS256

All their examples use HS*** with none in RS*** and trying to change the examples to suite dont seem to be working. My problem seems to be getting the private key loaded for signing. I'm using a PEM in a string, setting up the claims, using…
Andrew
  • 113
  • 2
  • 8
0
votes
0 answers

How to validate JWS using square/go-jose package

I am generating a JSON web signature in JavaScript using node-jws package (https://www.npmjs.com/package/jws). In Headers, I am giving crit: ["exp"] and exp: someTimeStamp. The snippet given below is used in generating the JWS: let token =…
Abdullah Danyal
  • 1,106
  • 1
  • 9
  • 25
0
votes
0 answers

Ruby JWE with A256GCMKW Algorithm and Encryption with A256GCM

I have encrypt the Plain text in JWE using alg:"A256GCMKW", enc:"A256GCM" and channelSecurityContext:"SHARED_SECRET". I am using Jose Gem for this. I have generated a payload which I can decrypt but other party unable to decrypt. They are using…
Usman Arshad
  • 75
  • 6
0
votes
0 answers

How to implement RSA Encryption with OAEP-256 padding in iOS 8 onwards?

I'm trying to implement Json Web Encryption aka JWE by JOSE standards. I have tried encryption with CommonCrypto lib available in iOS but it doesn't support OAEP-256 padding. I can't use iOS Security framework since it's classes like…
iphondroid
  • 498
  • 7
  • 19
1 2 3
8
9