we have remote application sending jwt. used “rsa-oaep-256” algorithm , “a256cbc-hs512” encryption , our public key encode token, , trying decrypt , parse claims. generated keys openssl rsa -in <myprivatekey> -pubout -out <mypublickey>, converted myprivatekey .der based on suggestion of post. following guide @ nimbus, came following.
@test public void testdecryptjwtwithrsa() { string filename = <myprivatekey.der>; string tokenstring = <encryptedtokenstring>; try { byte[] keybytes = files.readallbytes(new file(filename).topath()); pkcs8encodedkeyspec spec = new pkcs8encodedkeyspec(keybytes); keyfactory kf = keyfactory.getinstance("rsa"); privatekey pk = kf.generateprivate(spec); byte[] encodedpk = pk.getencoded(); jweobject jweobject = jweobject.parse(tokenstring); jweobject.decrypt(new directdecrypter(encodedpk)); signedjwt signedjwt = jweobject.getpayload().tosignedjwt(); string jsontoken = jweobject.getpayload().tojsonobject().tojsonstring(); system.out.println(jsontoken); } catch (exception e) { system.out.println(e.getmessage()); assert.fail(); } } the java.security.privatekey parses correctly, getting error @ jweobject.decrypt(new directdecrypter(encodedpk)); :
the content encryption key length must 128 bits (16 bytes), 192 bits (24 bytes), 256 bits (32 bytes), 384 bits (48 bytes) or 512 bites (64 bytes)
also, in debugger, can see jwe.payload null, though don't know if should populated before decryption.
do need generate key differently, or there step have omitted? need specify algorithm somewhere, or use different decryptor method/class?
turns out, using methods decrypting symmetric keys rather public/private. following handles decryption , allows me view claims.
@test public void decryptblazemeterjwt() { try { byte[] keybytes = files.readallbytes(new file(filename).topath()); pkcs8encodedkeyspec spec = new pkcs8encodedkeyspec(keybytes); keyfactory kf = keyfactory.getinstance("rsa"); privatekey pk = kf.generateprivate(spec); encryptedjwt jwt = encryptedjwt.parse(tokenstring); rsadecrypter decrypter = new rsadecrypter(pk); jwt.decrypt(decrypter); } catch (exception e) { system.out.println(e.getmessage()); assert.fail(); } } 
Comments
Post a Comment