- changed status to resolved
Integrating with JOSE JS
Issue #357
resolved
I'm trying to let Nimbus JOSE JWT interact with Javascript JWK (more specifically the JOSE JS library), using RSA-OAEP-256 (key encryption) combined with AES256GCM (message encryption). Using a server side (nimbus) generated key pair I can encrypt and decrypt server side fine. Using the same keypair in JOSE JS also works fine as long as I stay client side Now the use case is to
- let the server provide the public RSA key
- then the JOSE JS lib encrypt a message using this public key (on the fly creating an AES key to encrypt the message)
- the resulting JOSE JS cypher is handed to to server
- On the server I extract the 5 components (header, cek, vector, cypher and tag) from the JOSE JS cypher and feed this to the nimbus library to decrypt using the private key.
- All seams fine until AES decrypting the cypher (so the RSA decripting of the cek succeeded). The error I get is: "AES/GCM/NoPadding decryption failed: Tag mismatch!" signed int comparison of the JOSE JS cyper client and server sided is perfect, so no info seems to be lost along the way. Any idea what I am doing wrong, or could you reccommend a client side lib that has proven to work with Nimbus Jose JWT?
Regards and I like your lib.
Comments (1)
-
- Log in to comment
For JS check out this lib: https://github.com/panva/jose