在 python 上使用算法 RSA-OAEP-256 解密和加密 java JWEObject

Question

我有一條在 java 上使用以下代碼加密的 kafka 消息：

    private String decryptedMessage(String key, String encryptedMessage) throws NoSuchAlgorithmException, InvalidKeySpecException, ParseException, JOSEException {

        PrivateKey privateKey = <some way to generate a private key from key>;

        JWEDecrypter decrypter = new RSADecrypter(privateKey);
        JWEObject decryptedJweObj = JWEObject.parse(encryptedMessage);
        decryptedJweObj.decrypt(decrypter);
        return decryptedJweObj.getPayload().toJSONObject().toJSONString();
    }

現在我正在嘗試使用 python 在我已經知道私鑰的解碼消息上對其進行解碼。 我嘗試使用jwcrypto （因為我使用的是 python3，而jeso僅適用於 2.x），就像在他們的文檔中一樣使用此代碼，但它沒有用：

enc = '<encrypted message>'
private = '<private key>'
jwetoken = jwe.JWE()
jwetoken.deserialize(enc, key=private_key)
payload = jwetoken.payload

我得到了這個錯誤代碼： jwcrypto.jwe.InvalidJWEData: No recipient matched the provided key["Failed: [ValueError('key is not a JWK object',)]"]我試着尋找一種方法來制作私鑰JWK object 但找不到。

我知道我的消息是 JWE，因為它被 4 個點分開，當我 base64 解碼第一部分時，我得到這個 json: b'{"alg":"RSA-OAEP-256","enc":"A256GCM","kid":"<some key id>"}'

所以我有點卡在如何解碼我的消息上。

解密后的字符串： {"value":"Object Encryption"}

加密字符串：

eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIiwia2lkIjoiYjFhOWVmNzAtYjQ4Yy00YzdiLWI0ZTQtODU2YzQyNGIyYzZlIn0.XzLgQTzESD7mg-DtiwFaOQQIfJjQOox5Efbq3Cn8n4H0OZUNvNFWuLr2gPH4WqhWZFYvYh6Mx3--bKiYA_kGplPaJUdPfuYx3OgOug9fuYMrZesE-9stJFd4TnQOJcrTfehJkI_QKPqfWgbEgh1Zn8r7DuIBbABmNK4OHa0edwUA0Lu4mUxzRW6UPaNdWtfEGL9ZVR4lzUx6QX6nweKdbi8tkDnQrSNcQ4eZKIn8mVl5rL3s-qa2VC1Zvo4R-eA4jTKs6WQrkPChJkfoECcYcLx7SIHdxP6VB9DAhW-TwRizr5OZUVLLLH3UEOF77Rtc6MLL4Al5mo29sE-E1faywQ.R1QE-zY29Ed7yfqX.-soXsfltkJL0AXk_q5tPn9hagCBG_1c03VKdh2A.-oteTYv0SHzE4yBmZlterg

解密密鑰（需要用base64解碼）：

MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQChyho54VxOGYDxrN2pjM8/pA94kcqlMNZ0NSIoSHhasAm72X66XN9GI2IapQETy7+gNBKBWszWn4JsNuAbLLNp5zeTlmzHp09ee4L+g8s/NIKMwA5Mgx9wGu2Hi0foh0pErAMKQV6CLBJUfB5JUu9PX2MED7Z2XGG0RYClSMEO8L7iHXm1ooCr83rU/U5xXwpuTrp4L9nYD9eB6EptCgOWEi98lq5oeQXNyWfti3/gckathUi8WINlI+5/fPv7ZWd9Z60VXAVfb5u861/erIhEIJRkqbDXc/ULAQsAeEKVYzHpStM9In30mQdp6EdY48imZiHj1GNgPvY+MD3wPmdTAgMBAAECggEAE3IcJtrMYmK0WdfiKI/RFSAd7+ruBV7SV9NPELJtLNE9ykNA9RtWhrKYBwXQFFYH6TR5CO0l86HmZiVOWFXOFquAxY9t8a1NX9jOjNLAag9gpZQr48xayfmilQkLkoo4Rfq6vs/OkSzE4zyr0zpRoyOe3g0ZbC58W9OCu9r7wVTDV+KKE8ChU39Ae8HLfMEQXWSIUqxbrpw+mLeFX1qh5ILNBDA9M6vD+JuoiuIZltW4djnlU4hxYPVwTyuPBCQ3AwJsRGcddfxWTI+kIm2/6k8HzhdpB1ajBrZX/XVeXAp7VlvyHzBZ5ri1NDpr/Cyh6o2ysdB8qGCnlDcsNHLl+QKBgQDTORonO1FrIAo2VnsQS0Lq6EdxRzzP9q9mHttJNJK5eEXP7sNSdTDrudk4tpr3zvXtK4b+4SiCDriA5VTJHhdGF3wwqhR76XT3gLoXZLGYlx+4RvMbuIFDGkUee+39T2//MztEZgt3TM3LcBFEjTRV8gzpFJsj8wea3E4B8lOEZQKBgQDEFkfdgIBNu/3wH+z2uq40kYlkMRb4wQq8CjmwXYxGu1WR3SYn2zNQTsZR6BtiHFzx/37W279dO87u9rAbNuY5V9VYQKjxZD2lidYQ/0w07kO1PhNuISLpqn2AbiLczlLluX8dHpLpb5UG+JWlqih5VBCDFktmVUlMVteHPa21VwKBgCkpEHqiqYwJk1PhaFvVfrXOC9X8PtJ7zNRGoQ7T6t+vm1MYwQE5iw30imrt0qcFspDEEatrbvxhJ/0eM3Z5oalr/CxziEhZRwzQDfNvENieYnUDhm5Zdv7/iIaXOdpJ95YwgpUimYtm8Rd6wDKunYs9/twQwuavfkTkN2NTuIitAoGBAJu0NYylpTwUsyghscCZrAsCJd7xPBR69VMrq3NoVSM1TlVtDgdIAA8c/k27yUK20vc2sjladTJLc549NMnnZhjSrg5OCdjkiC8SrHECyDifmhQpHrSsi1SQlOeOjRBYpWrVSSKOTIogmG3YprvNyiXNou70nRq9Tl7X9nzldTIxAoGBAJ3qo/epO7xAs6Vhp+8na0Tv93Ji2kCvA14iOE+P08saldspB4NEVitGahuvrTx8CKDyL1PDH5X1MTabvI/LYw6k/gnzOhSX3MTP3qMepNEq1A5chvMJHhMS72/tAPKIXux+AgDkSvq8+G02DFWDpF9bcBoINL/89wOUcEfOQty0

Answer 1

可以使用發布的 RSA 密鑰和 Python 庫 JWCrypto 解密發布的加密令牌。 也許由於關鍵導入錯誤，它對您不起作用。

發布的 RSA 密鑰是 DER 編碼的 PKCS#8 密鑰（Base64 編碼）。 JWCrypto 不直接支持這種編碼，只支持 PEM 編碼，這還不算太糟糕，因為從 DER 到 PEM 的轉換很簡單： Base64 字符串必須格式化（每 64 個字符后換行）和 header ( -----BEGIN PRIVATE KEY----- ) 和頁腳 ( -----END PRIVATE KEY----- ) 必須分別添加到單獨的行中。

或者，可以將密鑰轉換為 JWK 並以此格式導入。

以下 Python 代碼根據發布的數據顯示了這兩個變體。 為此，JWK 是使用在線工具從發布的 PKCS#8 密鑰派生的：

pkcs8pem = b'''-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQChyho54VxOGYDx
rN2pjM8/pA94kcqlMNZ0NSIoSHhasAm72X66XN9GI2IapQETy7+gNBKBWszWn4Js
NuAbLLNp5zeTlmzHp09ee4L+g8s/NIKMwA5Mgx9wGu2Hi0foh0pErAMKQV6CLBJU
fB5JUu9PX2MED7Z2XGG0RYClSMEO8L7iHXm1ooCr83rU/U5xXwpuTrp4L9nYD9eB
6EptCgOWEi98lq5oeQXNyWfti3/gckathUi8WINlI+5/fPv7ZWd9Z60VXAVfb5u8
61/erIhEIJRkqbDXc/ULAQsAeEKVYzHpStM9In30mQdp6EdY48imZiHj1GNgPvY+
MD3wPmdTAgMBAAECggEAE3IcJtrMYmK0WdfiKI/RFSAd7+ruBV7SV9NPELJtLNE9
ykNA9RtWhrKYBwXQFFYH6TR5CO0l86HmZiVOWFXOFquAxY9t8a1NX9jOjNLAag9g
pZQr48xayfmilQkLkoo4Rfq6vs/OkSzE4zyr0zpRoyOe3g0ZbC58W9OCu9r7wVTD
V+KKE8ChU39Ae8HLfMEQXWSIUqxbrpw+mLeFX1qh5ILNBDA9M6vD+JuoiuIZltW4
djnlU4hxYPVwTyuPBCQ3AwJsRGcddfxWTI+kIm2/6k8HzhdpB1ajBrZX/XVeXAp7
VlvyHzBZ5ri1NDpr/Cyh6o2ysdB8qGCnlDcsNHLl+QKBgQDTORonO1FrIAo2VnsQ
S0Lq6EdxRzzP9q9mHttJNJK5eEXP7sNSdTDrudk4tpr3zvXtK4b+4SiCDriA5VTJ
HhdGF3wwqhR76XT3gLoXZLGYlx+4RvMbuIFDGkUee+39T2//MztEZgt3TM3LcBFE
jTRV8gzpFJsj8wea3E4B8lOEZQKBgQDEFkfdgIBNu/3wH+z2uq40kYlkMRb4wQq8
CjmwXYxGu1WR3SYn2zNQTsZR6BtiHFzx/37W279dO87u9rAbNuY5V9VYQKjxZD2l
idYQ/0w07kO1PhNuISLpqn2AbiLczlLluX8dHpLpb5UG+JWlqih5VBCDFktmVUlM
VteHPa21VwKBgCkpEHqiqYwJk1PhaFvVfrXOC9X8PtJ7zNRGoQ7T6t+vm1MYwQE5
iw30imrt0qcFspDEEatrbvxhJ/0eM3Z5oalr/CxziEhZRwzQDfNvENieYnUDhm5Z
dv7/iIaXOdpJ95YwgpUimYtm8Rd6wDKunYs9/twQwuavfkTkN2NTuIitAoGBAJu0
NYylpTwUsyghscCZrAsCJd7xPBR69VMrq3NoVSM1TlVtDgdIAA8c/k27yUK20vc2
sjladTJLc549NMnnZhjSrg5OCdjkiC8SrHECyDifmhQpHrSsi1SQlOeOjRBYpWrV
SSKOTIogmG3YprvNyiXNou70nRq9Tl7X9nzldTIxAoGBAJ3qo/epO7xAs6Vhp+8n
a0Tv93Ji2kCvA14iOE+P08saldspB4NEVitGahuvrTx8CKDyL1PDH5X1MTabvI/L
Yw6k/gnzOhSX3MTP3qMepNEq1A5chvMJHhMS72/tAPKIXux+AgDkSvq8+G02DFWD
pF9bcBoINL/89wOUcEfOQty0
-----END PRIVATE KEY-----'''

jwkey = {"p":"0zkaJztRayAKNlZ7EEtC6uhHcUc8z_avZh7bSTSSuXhFz-7DUnUw67nZOLaa98717SuG_uEogg64gOVUyR4XRhd8MKoUe-l094C6F2SxmJcfuEbzG7iBQxpFHnvt_U9v_zM7RGYLd0zNy3ARRI00VfIM6RSbI_MHmtxOAfJThGU","kty":"RSA","q":"xBZH3YCATbv98B_s9rquNJGJZDEW-MEKvAo5sF2MRrtVkd0mJ9szUE7GUegbYhxc8f9-1tu_XTvO7vawGzbmOVfVWECo8WQ9pYnWEP9MNO5DtT4TbiEi6ap9gG4i3M5S5bl_HR6S6W-VBviVpaooeVQQgxZLZlVJTFbXhz2ttVc","d":"E3IcJtrMYmK0WdfiKI_RFSAd7-ruBV7SV9NPELJtLNE9ykNA9RtWhrKYBwXQFFYH6TR5CO0l86HmZiVOWFXOFquAxY9t8a1NX9jOjNLAag9gpZQr48xayfmilQkLkoo4Rfq6vs_OkSzE4zyr0zpRoyOe3g0ZbC58W9OCu9r7wVTDV-KKE8ChU39Ae8HLfMEQXWSIUqxbrpw-mLeFX1qh5ILNBDA9M6vD-JuoiuIZltW4djnlU4hxYPVwTyuPBCQ3AwJsRGcddfxWTI-kIm2_6k8HzhdpB1ajBrZX_XVeXAp7VlvyHzBZ5ri1NDpr_Cyh6o2ysdB8qGCnlDcsNHLl-Q","e":"AQAB","kid":"79635991-092f-4576-a23a-4cbab618e8a8","qi":"neqj96k7vECzpWGn7ydrRO_3cmLaQK8DXiI4T4_TyxqV2ykHg0RWK0ZqG6-tPHwIoPIvU8MflfUxNpu8j8tjDqT-CfM6FJfcxM_eox6k0SrUDlyG8wkeExLvb-0A8ohe7H4CAORK-rz4bTYMVYOkX1twGgg0v_z3A5RwR85C3LQ","dp":"KSkQeqKpjAmTU-FoW9V-tc4L1fw-0nvM1EahDtPq36-bUxjBATmLDfSKau3SpwWykMQRq2tu_GEn_R4zdnmhqWv8LHOISFlHDNAN828Q2J5idQOGbll2_v-Ihpc52kn3ljCClSKZi2bxF3rAMq6diz3-3BDC5q9-ROQ3Y1O4iK0","dq":"m7Q1jKWlPBSzKCGxwJmsCwIl3vE8FHr1Uyurc2hVIzVOVW0OB0gADxz-TbvJQrbS9zayOVp1Mktznj00yedmGNKuDk4J2OSILxKscQLIOJ-aFCketKyLVJCU546NEFilatVJIo5MiiCYbdimu83KJc2i7vSdGr1OXtf2fOV1MjE","n":"ocoaOeFcThmA8azdqYzPP6QPeJHKpTDWdDUiKEh4WrAJu9l-ulzfRiNiGqUBE8u_oDQSgVrM1p-CbDbgGyyzaec3k5Zsx6dPXnuC_oPLPzSCjMAOTIMfcBrth4tH6IdKRKwDCkFegiwSVHweSVLvT19jBA-2dlxhtEWApUjBDvC-4h15taKAq_N61P1OcV8Kbk66eC_Z2A_XgehKbQoDlhIvfJauaHkFzcln7Yt_4HJGrYVIvFiDZSPuf3z7-2VnfWetFVwFX2-bvOtf3qyIRCCUZKmw13P1CwELAHhClWMx6UrTPSJ99JkHaehHWOPIpmYh49RjYD72PjA98D5nUw"}

enc = 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIiwia2lkIjoiYjFhOWVmNzAtYjQ4Yy00YzdiLWI0ZTQtODU2YzQyNGIyYzZlIn0.XzLgQTzESD7mg-DtiwFaOQQIfJjQOox5Efbq3Cn8n4H0OZUNvNFWuLr2gPH4WqhWZFYvYh6Mx3--bKiYA_kGplPaJUdPfuYx3OgOug9fuYMrZesE-9stJFd4TnQOJcrTfehJkI_QKPqfWgbEgh1Zn8r7DuIBbABmNK4OHa0edwUA0Lu4mUxzRW6UPaNdWtfEGL9ZVR4lzUx6QX6nweKdbi8tkDnQrSNcQ4eZKIn8mVl5rL3s-qa2VC1Zvo4R-eA4jTKs6WQrkPChJkfoECcYcLx7SIHdxP6VB9DAhW-TwRizr5OZUVLLLH3UEOF77Rtc6MLL4Al5mo29sE-E1faywQ.R1QE-zY29Ed7yfqX.-soXsfltkJL0AXk_q5tPn9hagCBG_1c03VKdh2A.-oteTYv0SHzE4yBmZlterg'

from jwcrypto import jwk, jwe

# Import of a PEM encoded PKCS#8 key
private_key = jwk.JWK.from_pem(pkcs8pem)
jwetoken = jwe.JWE()
jwetoken.deserialize(enc, key=private_key)
payload = jwetoken.payload
print(payload.decode('utf-8'))

# Import of a JWK
private_key = jwk.JWK(**jwkey)
jwetoken = jwe.JWE()
jwetoken.deserialize(enc, key=private_key)
payload = jwetoken.payload
print(payload.decode('utf-8'))

使用 output：

{"value":"Object Encryption"}
{"value":"Object Encryption"}