無法使用 github.com/web-token/jwt-framework 解密 JWE 令牌

Question

按照https://github.com/ndi-trusted-data/myinfo-demo-app/blob/master/lib/security/security.js上的指南進行操作

我設法在節點 js 環境中解密了 JWE 令牌，但沒有在 php 中解密。

但是，使用 PHP 中的相同實現，我無法使用相同的密鑰解密相同的 JWE。

我下面的代碼有什么問題嗎？ 嘗試了 2 天，我被卡住了。 我的代碼或兩個庫的實現不標准有什么問題嗎？

這是解密成功的 nodejs 輸出。

Decrypting JWE (Format: header.encryptedKey.iv.cipherText.tag)

eyJhbGciOiJSU0ENvbS5z.........

{"alg":"RSA-OAEP","enc":"A256GCM","kid":"aa.sample.com"}

Person Data (JWS):
"eyJhbGciOiJSUzI1NiIsImtpZCI6IkM2US0wYnNIYzRxeU5xNk1CRXRmdH......

Person Data (Decoded):
{"uinfin":{.........} }

遵循文檔https://web-token.spomky-labs.com/components/encrypted-tokens-jwe/jwe-loading

use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Algorithm\KeyEncryption\RSAOAEP;
use Jose\Component\Encryption\Algorithm\ContentEncryption\A256GCM;
use Jose\Component\Encryption\Compression\CompressionMethodManager;
use Jose\Component\Encryption\Compression\Deflate;
use Jose\Component\Encryption\Serializer\JWESerializerManager;
use Jose\Component\Encryption\Serializer\CompactSerializer;
use Jose\Component\Encryption\JWEDecrypter;

$jwtString = "eyJhbGciOiJSU0EtT0FFU....";

// The serializer manager. We only use the JWE Compact Serialization Mode.
    $serializerManager = new JWESerializerManager([
        new CompactSerializer(),
    ]);


    // The key encryption algorithm manager with the A256KW algorithm.
    $keyEncryptionAlgorithmManager = new AlgorithmManager([
        new RSAOAEP()
    ]);



    // The content encryption algorithm manager with the A256CBC-HS256 algorithm.
    $contentEncryptionAlgorithmManager = new AlgorithmManager([
        new A256GCM(),
    ]);

    // The compression method manager with the DEF (Deflate) method.
    $compressionMethodManager = new CompressionMethodManager([
        new Deflate()
    ]);



    $privateKey = JWKFactory::createFromKeyFile(
        base_path('keys/'.env("MYINFO_PRIVATE_KEY_PATH")), 
        '',                   // Secret if the key is encrypted
        [
             'use' => 'enc',         // Additional parameters
        ]
    );



    $signatureKey = JWKFactory::createFromCertificateFile(
        base_path('keys/'.env("MYINFO_ISSUED_PUBLIC_KEY_PATH")),         
        [
             'use' => 'sig',         // Additional parameters
        ]
    );

    // We instantiate our JWE Decrypter.
    $jweDecrypter = new JWEDecrypter(
        $keyEncryptionAlgorithmManager,
        $contentEncryptionAlgorithmManager,
        $compressionMethodManager
    );

    // We try to load the token.
    $jwe = $serializerManager->unserialize($jwtString);  

    // We decrypt the token. This method does NOT check the header.
    $success = $jweDecrypter->decryptUsingKey($jwe, $privateKey, 0,$signatureKey);

    dd($success);


--- false

期待已解碼的 JWT 有效負載，但不斷出錯。

Answer 1

我一直面臨同樣的問題。 在深入研究代碼執行時，我發現 CompressionManager 是空的。 文檔中的代碼：

// The compression method manager with the DEF (Deflate) method.
$compressionMethodManager = new CompressionMethodManager([
    new Deflate()
]);

標准構造函數已被棄用，不應再使用。 就我而言，它是空的，所以沒有注冊任何 CompressionMethod。 我使用 create mehtod 讓它工作：

// The compression method manager with the DEF (Deflate) method.
$compressionMethodManager = CompressionMethodManager::create([
    new Deflate()
]);

BR,

奧雷連