Home > OS >  how to generate a JWE in node with enc A256GCM and alg RSA-OAEP
how to generate a JWE in node with enc A256GCM and alg RSA-OAEP

Time:05-30

I want to generate a JWE with

  • the content encrypted with A256GM
  • The encryption key encrypted with RSA-OAEP

As far as I've understood, what I want the following JWE header fields like this:

{“alg”:”RSA-OAEP”,”enc”:”A256GCM”}

So, I've generated a key:

const props = {
    kid: 'gBdaS-G8RLax2qgObTD94w',
    alg: 'RSA-OAEP',
    use: 'enc',
    enc: 'A256GCM',
};
  
keyStore.generate('oct', 256, props).then(function (result) {
    // generate a RSA public/private key too
    // write the keys
}

and then I encrypted/decrypted my content:

      const encrypted = await JWE.createEncrypt(
        keyStore.get(process.env.JWE_KID ?? '')
      )
        .update(JSON.stringify(myContentToEncrypt))
        .final();


...

const decryptedContent = await JWE.createDecrypt(
        keyStore.get(process.env.JWE_KID ?? '')
      ).decrypt(contentToDecrypt ?? '{}');

It works, but when I look at the decrypted header, this happens:

{ enc: 'A256GCM', alg: 'dir', kid: 'gBdaS-G8RLax2qgObTD94w' }

the alg is dir. I guess I'm not generating the key(s) properly, or I miss some information I must set when encrypting. How can I get an encrypted content with the AES' generated encryption key encrypted with RSA-OAEP?

CodePudding user response:

For key generation, not oct but RSA must be used for kty (oct applies to symmetric keys), s. here and here.
In addition, A256GCM can be chosen using contentAlg.

The following example generates an RSA key and shows an encryption and decryption with RSA-OAEP and A256GCM:

var jose = require('node-jose');

(async () => {

    // Create keystore and RSA keypair
    var keystore = jose.JWK.createKeyStore();
    var options = {use: 'enc', alg: 'RSA-OAEP', kid: 'bXkgdW5pcXVlIGtleSBraWQ'};
    var keyPair = await keystore.generate('RSA', 2048, options);

    // Optional: Export as JSON
    var publicKeyJSON = keyPair.toJSON();
    var privateKeyJSON = keyPair.toJSON(true);
    //console.log(publicKeyJSON);
    //console.log(privateKeyJSON);

    // Import public key from JSON or get key from keystore, encrypt
    var publicKey = await jose.JWK.asKey(publicKeyJSON);
    //await keystore.add(publicKey); // store key
    //var publicKey = keystore.get('bXkgdW5pcXVlIGtleSBraWQ'); // get key via keystore
    var payload = JSON.stringify({key1: 'val1', key2: 'val2'});
    var options = {compact: true, contentAlg: 'A256GCM'};
    var token = await jose.JWE.createEncrypt(options, publicKey).update(payload, 'utf8').final();
    console.log(token)

    // Import private key from JSON or get key from keystore, decrypt
    var privateKey = await jose.JWK.asKey(privateKeyJSON);
    //var privateKey = keystore.get('bXkgdW5pcXVlIGtleSBraWQ'); // get key via keystore
    var payload = await jose.JWE.createDecrypt(privateKey).decrypt(token);
    console.log(payload.plaintext.toString('utf8'))
  
})();

The base64url decoding of the token header gives:

{
  "enc": "A256GCM",
  "alg": "RSA-OAEP",
  "kid": "bXkgdW5pcXVlIGtleSBnaWQ"
}

as required.

CodePudding user response:

You can build an application from ibm cloud & transfer the code there & found errors resolved or you can install some tools from TERMINAL to resolve the issues

php artisan key:generate

Page link:https//www.codepudding.com/os/424022.html

Prev:How to ignore this error? As in stop it from sending
Next:Is there a way to listen for reaction events on a specific Discord message id
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding