1. Brian Campbell Avatar Brian Campbell
  2. Untitled project
  3. jose4j
  4. Issues

encrypting a simple text using RSA-OAEP-256 as algorithm and encrypting using A256CBC-HS512

Issue #124 invalid
ashley shookhye created an issue

0 down vote favorite I am using the library jose.4.j to do an encryption of a password using JWE with the RSA-OAEP-256 algorithm and A256CBC-HS512 encryption method. There is a public key that is used for the encryption is a certificate.

 JsonWebEncryption jwe = new JsonWebEncryption();
         jwe.setPayload("Hello World!");
         jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.RSA_OAEP_256);
         jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_256_CBC_HMAC_SHA_512);

         FileInputStream fin = new FileInputStream("C:/xxx.cer");
         CertificateFactory f = CertificateFactory.getInstance("X.509");
         X509Certificate certificate = (X509Certificate)f.generateCertificate(fin);
         RSAPublicKey pk = (RSAPublicKey) certificate.getPublicKey();
         jwe.setKey(pk);
         //jwe.setCertificateChainHeaderValue(certificate);
         String serializedJwe = jwe.getCompactSerialization();
         System.out.println("Serialized Encrypted JWE: " + serializedJwe);

I am getting the following error though

RSA-OAEP-256 is an unknown, unsupported or unavailable alg algorithm (not one of [RSA1_5, RSA-OAEP, dir, A128KW, A192KW, A256KW, ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW]).

Comments (6)

  2. Brian Campbell repo owner

    RSA-OAEP-256 needs a JCA provider that supports RSA/ECB/OAEPWithSHA-256AndMGF1Padding and an OAEPParameterSpec that indicates SHA-256 for MGF1. That error suggests that your JVM doesn't have that.

    The debug logging from when jose4j Initializes itself might give a little more insight. That starts with something like, DEBUG o.jose4j.jwa.AlgorithmFactoryFactory - Initializing jose4j (running with Java ... and ends with something like DEBUG o.jose4j.jwa.AlgorithmFactoryFactory - Initialized jose4j in 7m.

    You could also just use RSA-OAEP.

  3. ashley shookhye reporter

    Hello, Thanks for your reply. Appreciate it. I have downloaded the JCE Unlimited Strength Jurisdiction Policy package from Oracle and replaced some files in the lib folder of the JRE. Should it have worked or JCA is something entirely different? Thanks

  4. Brian Campbell

    Shouldn't have anything to do with Unlimited Strength Jurisdiction Policy files (those are mostly about symmetric key length). It's just a matter of what the underlying JCA providers support. As far as I know it should just work with recent versions of Oracle's Java and the providers that it ships with.

  7. Log in to comment
Assignee
Type
bug
Priority
major
Status
invalid
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!