Example: JWE w/ AES encryption, RSA alg

Comments (10)

1. 

   m

   I created this issue, prior to logging in. Whoops!

   • 2016-08-01T16:33:26+00:00
2. 

   Connect2id OSS

   • changed component to Documentation
   • marked as enhancement

   • 2016-08-02T05:49:17+00:00
3. 

   Connect2id OSS

   This is a JWT example where an RSA key is used for the key encryption:

   http://connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-rsa-encryption

   List of the available RSA algorithms: http://static.javadoc.io/com.nimbusds/nimbus-jose-jwt/4.23/com/nimbusds/jose/JWEAlgorithm.html

   • 2016-08-02T05:59:27+00:00
4. 

   m

   Appreciate the help, but how do I apply encryption to a JWE object? Is there an equivalent to EncryptedJWT? I tried subclasses of JWEEncrypter but they only encrypt the plaintext, they don't touch the content key at all.

   • 2016-08-02T15:38:35+00:00
5. 

   Connect2id OSS

   Check out the JWEObject class which EncryptedJWT extends.

   http://static.javadoc.io/com.nimbusds/nimbus-jose-jwt/4.23/com/nimbusds/jose/JWEObject.html

   • 2016-08-02T15:44:17+00:00
6. 

   Connect2id OSS

   Check out the JWEObject class which EncryptedJWT extends.

   • 2016-08-02T15:45:30+00:00
7. 

   m

   Cool, thanks for your help. I found that jose4j made it easier to construct the object I wanted (in particular, it has utilities for generating random bytes to make an IV, and it creates the intermediate AES key when constructing a JWE with RSA + AES encryption).

   Feel free to close this issue.

   • 2016-08-02T16:30:39+00:00
8. 

   Connect2id OSS

   • changed status to resolved

   You're welcome.

   Jose4j is another fine library and is also JOSE compliant.

   Our approach is to hide IV and AES key gen (handled by package private utils), so users can't mess these up by accident. You can set dedicated JCA providers for each crypto op though.

   • 2016-08-02T16:45:50+00:00
9. 

   Vladimir Dzhuvinov

   Added explanations and JWA RFC refs to JavaDocs regarding what the individual encrypers / decrypters do: 5c4934b

   • 2016-08-02T17:56:38+00:00
10. 

    m

    I didn't realize how simple you'd made this. I actually like it quite a bit. The docs you added will help a lot, but the examples should also be updated. Here's a minimum scala program for doing RSA/AES encryption:

    // Uses  '"org.bitbucket.b_c" % "jose4j" % "0.5.1"' 
    // and '"com.nimbusds" % "nimbus-jose-jwt" % "4.23"'
    
    object Nimbus extends App {
      import java.security.KeyPairGenerator
      import java.security.interfaces.RSAPublicKey
    
      import com.nimbusds.jose._
      import com.nimbusds.jose.crypto.RSAEncrypter
      import org.jose4j.jwe.JsonWebEncryption
    
      val gen = KeyPairGenerator.getInstance("RSA")
      gen.initialize(3072)
      val keyPair = gen.generateKeyPair()
      val jwe = new JWEObject(
        new JWEHeader(JWEAlgorithm.RSA1_5, EncryptionMethod.A256GCM),
        new Payload("Hello, world!")
      )
      jwe.encrypt(new RSAEncrypter(keyPair.getPublic.asInstanceOf[RSAPublicKey]))
    
      val str: String = jwe.serialize()
      println(s"JWE: ${str}")
    
      // Decrypt with jose4j
      val jwe2 = new JsonWebEncryption()
      jwe2.setCompactSerialization(str)
      jwe2.setKey(keyPair.getPrivate)
      println(s"Message: ${jwe2.getPlaintextString}")
    }
    

    • 2016-08-02T20:45:10+00:00
11. Log in to comment