[英]Unable to decrypt JWE token using github.com/web-token/jwt-framework
按照https://github.com/ndi-trusted-data/myinfo-demo-app/blob/master/lib/security/security.js上的指南進行操作
我設法在節點 js 環境中解密了 JWE 令牌,但沒有在 php 中解密。
但是,使用 PHP 中的相同實現,我無法使用相同的密鑰解密相同的 JWE。
我下面的代碼有什么問題嗎? 嘗試了 2 天,我被卡住了。 我的代碼或兩個庫的實現不標准有什么問題嗎?
這是解密成功的 nodejs 輸出。
Decrypting JWE (Format: header.encryptedKey.iv.cipherText.tag)
eyJhbGciOiJSU0ENvbS5z.........
{"alg":"RSA-OAEP","enc":"A256GCM","kid":"aa.sample.com"}
Person Data (JWS):
"eyJhbGciOiJSUzI1NiIsImtpZCI6IkM2US0wYnNIYzRxeU5xNk1CRXRmdH......
Person Data (Decoded):
{"uinfin":{.........} }
遵循文檔https://web-token.spomky-labs.com/components/encrypted-tokens-jwe/jwe-loading
use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Algorithm\KeyEncryption\RSAOAEP;
use Jose\Component\Encryption\Algorithm\ContentEncryption\A256GCM;
use Jose\Component\Encryption\Compression\CompressionMethodManager;
use Jose\Component\Encryption\Compression\Deflate;
use Jose\Component\Encryption\Serializer\JWESerializerManager;
use Jose\Component\Encryption\Serializer\CompactSerializer;
use Jose\Component\Encryption\JWEDecrypter;
$jwtString = "eyJhbGciOiJSU0EtT0FFU....";
// The serializer manager. We only use the JWE Compact Serialization Mode.
$serializerManager = new JWESerializerManager([
new CompactSerializer(),
]);
// The key encryption algorithm manager with the A256KW algorithm.
$keyEncryptionAlgorithmManager = new AlgorithmManager([
new RSAOAEP()
]);
// The content encryption algorithm manager with the A256CBC-HS256 algorithm.
$contentEncryptionAlgorithmManager = new AlgorithmManager([
new A256GCM(),
]);
// The compression method manager with the DEF (Deflate) method.
$compressionMethodManager = new CompressionMethodManager([
new Deflate()
]);
$privateKey = JWKFactory::createFromKeyFile(
base_path('keys/'.env("MYINFO_PRIVATE_KEY_PATH")),
'', // Secret if the key is encrypted
[
'use' => 'enc', // Additional parameters
]
);
$signatureKey = JWKFactory::createFromCertificateFile(
base_path('keys/'.env("MYINFO_ISSUED_PUBLIC_KEY_PATH")),
[
'use' => 'sig', // Additional parameters
]
);
// We instantiate our JWE Decrypter.
$jweDecrypter = new JWEDecrypter(
$keyEncryptionAlgorithmManager,
$contentEncryptionAlgorithmManager,
$compressionMethodManager
);
// We try to load the token.
$jwe = $serializerManager->unserialize($jwtString);
// We decrypt the token. This method does NOT check the header.
$success = $jweDecrypter->decryptUsingKey($jwe, $privateKey, 0,$signatureKey);
dd($success);
--- false
期待已解碼的 JWT 有效負載,但不斷出錯。
我一直面臨同樣的問題。 在深入研究代碼執行時,我發現 CompressionManager 是空的。 文檔中的代碼:
// The compression method manager with the DEF (Deflate) method.
$compressionMethodManager = new CompressionMethodManager([
new Deflate()
]);
標准構造函數已被棄用,不應再使用。 就我而言,它是空的,所以沒有注冊任何 CompressionMethod。 我使用 create mehtod 讓它工作:
// The compression method manager with the DEF (Deflate) method.
$compressionMethodManager = CompressionMethodManager::create([
new Deflate()
]);
BR,
奧雷連
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.