1. connect2id Avatar connect2id
  2. Crypto
  3. Nimbus-JOSE-JWT
  4. Issues

JWK alg field not matched with JWEDecryptionKeySelector when JWE header uses RSA-OAEP-256

Issue #251 invalid
Former user created an issue

Note the key information below is just demo keys and so are not sensitive. I used the command line JWK utility to generate my RSA keys to use when encrypting a JWEObject that has an embedded JWS Object.

The key:

  {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "4ed15d81-4fee-4cfa-89d0-ae58fdc26698",
      "alg": "RS256",
      "n": "twYvIZC29Bq9yoffwkaF4736HQaREsjqlOc0rjTSpyuurAFWJP_bwaZAYHVUf5tAORZrR0QqxdQ0R8lHOSkjK6ulqQf9PHFBRRkrFZkbCpxlSQiJq7l8Vk04_Cz-KLykTqQVoTcoTLH5iD5l-6LjZZcRGAAZkcdW7jBiJH58CLYka1bE61yb-TW4J0sDyDgjOfW18nazapz2WyVd8Qw4JTDTa-Fqdwov6VYhkEu8JlnHAdpDzcTdbPLulsBukinzZDoTef--GhJaZgQ0WxhX7EC9fDADO1vlhcVNwrI2rEV6ga1PdUTSpq3aHYPkhzFYfkdPb0QdPD7e7fLCN7STlw"
    }

Note the "alg" parameter is RS256. The utility will not let me specify the alg as RSA_OAEP_256.

I followed the examples on your site to create a signed then encrypted JWE. Its header: 

{
    "kid": "4ed15d81-4fee-4cfa-89d0-ae58fdc26698",
    "cty": "JWT",
    "enc": "A256GCM",
    "alg": "RSA-OAEP-256"
}

When receiving the token, I create the JWEDecryptionKeySelector and try to find the correct key. Note the kid coming in the header matches the kid in my key set above.

selector = new JWEDecryptionKeySelector<C>(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A256GCM, config.getInternalKeySource());

keyCandidates = selector.selectJWEKeys(encryptedJWT.getHeader(), context);

This returns no keys. The selector above is looking for a key with an "alg" of RSA-OAEP-256 instead but my key key in my key set has alg=RS256.

I can manually edit my JWK JSON to change the alg parameter to RSA-OAEP-256 and then it matches.

Is this the correct approach? I question it because the utility won't let me build this type of JWK.

Or is this a bug in the JWEDecryptionKeySelector where it doesn't translate from the JWEAlgorithm to a corresponding key algorithm?

Thanks! Great library!

  • Mac

Comments (2)

  1. Vladimir Dzhuvinov

    Hi,

    You can use the -a command line switch to set the intended algorithm for the RSA key pair to be generated:

    java -jar json-web-key-generator-0.4-SNAPSHOT-jar-with-dependencies.jar -t RSA -s 2048 -i 1 -u enc -a RSA-OAEP-256

    This will output an RSA key formatted like

    {
  "p": "8tB-vA1j4PVLRdJ7x2JRqbVb15B6sTHP71ij841bqu3fWSBHLTgAYfvpwLNuPSQlVA09j2PuEMtvPAS--0sPn5KGfFXNtOtKjpmQfu1F_-ePB3g5tprm6Fe_wBUwG7y8wf-PjI20HwEkHC1MWke2u42u3Dfr8REQb0RhpJKlhwE",
  "kty": "RSA",
  "q": "w5ipw9dWisWJWRxuqgPhZpMwn3a5LQFnTh60udWMUvta-yXjl8QQGqDY2dVg6G2Eg_sg_I3ZFOHT2lqJoHkQ9VDMoIEOgxaBWRyUPLNe6NIZouWt71AeviBOF4qOweddv7CwJ3x3sYHEqc7l4-Ib0P7K_eyTZRohXRIPHEjWnHk",
  "d": "iWAweUu3-E6Lgl9Cfdtc8iSDXDtQGJJhCk3TVphwvaOK1UTbUY4mabviTYC5NEw_AMULkh0NG8XJ8LYFOEXbKv4-4P5S8rzvZh3Krn_zLAOp2Z0C8Gf_0YsekCABahoNivpXtt2uVOe7u3q1btvIWLaI1ZHtz_5FjxaVnsnqIzoZeB0QQRqLl7FLQ3y3EJXe5uyNjiYK6nqmevWMIIsV2GM_gv3_lxmJqfHxvkX5rrT6BiQJa9YxLB37prVeHltqceeSw9JgjNFtjeL0C5xYIml20snfI7e080FjbVl9Ix_6sAF2M9ORiILLv2V-20Vb63v5uW5rTH5tCMJC3VrIAQ",
  "e": "AQAB",
  "use": "enc",
  "kid": "1",
  "qi": "R3jjHGCdIMjADph74r5JJC1EwoQ2CLewoGWLrxcmRcDpMr4A_j18M-8EdDMYV9L5Dk9gy3OmMclsyttUQBXpzJ0NTIcy0iMC-uOhv8MZp6yteLqVxoKtb88UaJaorHV55Atax3ZkR_0qDyzalfjOlazqFSK4NA4JwENd8LwEoJE",
  "dp": "0pxP4TNIF98L3FM2s_mu1aIOOIsEMOAA-R0MkHtjMH7FRNw_gJRbmKHV3iSEkRniGualJ9PIsd6S7B89vGAd_A4vAne2Rp_z-n5um_mYxuAF6re4b5AqiwtZsfVu1hA-NZNC4uoieuYVeS89U-1yLXo2WqNSzrU7aReKDiJ42wE",
  "alg": "RSA-OAEP-256",
  "dq": "XPoH0Ole4Q5vcKWcUUMQ9UKIfXThJ2ygX7km7aN-Vb_YCsSDAJSZlx7YlgvhSfstX9OTZZpEE7IZk5UwENEb55DmBHH0pQmgqOx15rjZJ9EfkJifar_qLTSMCpK5s6C4prNluQ9okj9-bb3E9-N2l41WjwfTNN8L9wLrneVd5vk",
  "n": "uYWdWeKU5dfQBYsC4YDZ1NMvQP0bC5pIGCzupvAMsUpQbg9gAWaAjlDZDMw6SSdNQrc1mMnuL0ql1W3QOrf22MPo2TJcq3F5uFvK6XZhArtPmqsDpF_ySumo_Kc7Wg-Ei3RZHXAL1IBGaL8ivtTUMS4WRb37objd7JPV-XeDs4nn7MWaJiUVbG9tL9_bynxi2YTNeKC0xtWnbqnfohE4NFeELe4jsi5A4kObX9MeZfj0XyWJCYJM9nuL7aaVzb8sjo1m3kMXo7KLP-BS5ZERVnI0ouXGaT2qc5fRkmzdjJ_PUBqZQPlVMDDOu4CmPz2rDJFX-q_cmJnDuWeZUVdreQ"
}

    Editing the "alg" in the JWK is also fine.

    The JWK generator is actually maintained in a different project, by Justin Richer, at https://github.com/mitreid-connect/json-web-key-generator.

    The JWEDecryptionKeySelector is quite strict, and if a JWK is marked for some other algorithm, it will be skipped.

    Hope this helped. Thanks for the feedback!

    Vladimir

  3. Log in to comment
Assignee
Type
bug
Priority
minor
Status
invalid
Component
JOSE Core
Milestone
Votes
0
Watchers
None
Jira: the preferred issue tracker for Bitbucket. Join the team!