v.2.18: decript JWEObject whit JWEAlgorithm.RSA_OAEP, EncryptionMethod.A128CBC_HS256

Vladimir Dzhuvinov

Thanks for reporting this.

It seems to be related to a BouncyCastle utility method for comparing arrays. Which version of the BouncyCastle library are you using?

2013-09-20T06:16:00+00:00

luca saveri

Hi, Vladimir the v. of BouncyCastle library is: bcprov-ext-jdk15-1.40.jar

regard Lucas

2013-09-20T08:37:43+00:00

Vladimir Dzhuvinov

Could you please upgrade to 1.49? 1.40 is fairly old now and doesn't seem to support the required method for constant time array comparison.

You can find the recommended dependency library versions in the pom.xml file.

2013-09-20T10:48:55+00:00

luca saveri

Hi Vladimir, at the moment I cannot upgrade to 1.49;

I also have another problem:

I get a JWToken encrypted with the following specifications: "enc": "A128CBC + HS256" "alg": "RSA-OAEP"

but the code: Credential decryptionCredential SAMLUtil.getKEKCredentialForDecrypt = (); PrivateKey = (RSAPrivateKey) decryptionCredential.getPrivateKey (); JWEObject jwe = EncryptedJWT.parse (jwtEncString); if (jwe.getState () == JWEObject.State.ENCRYPTED) { RSADecrypter decrypter = new RSADecrypter (PrivateKey); jwe.decrypt (decrypter); }

generates the following exception: The "A128CBC HS256 +" encryption method is not accepted by the JWE decrypter

I use the nimbus-jose-jwt-2.18.jar

It seems to me, reading here that A128CBC + HS256 is supported: https://bitbucket.org/nimbusds/nimbus-jose-jwt/issue/32/add-a128cbc-hs256-and-a256cbc-hs512

where am I wrong?? regard Lucas

2013-09-20T14:25:18+00:00

Vladimir Dzhuvinov

Hi Luca,

The A128CBC encryption method that uses HS256 integrity protection has not always been the same in the JOSE JWA spec.

In version -09 of the JWA spec the method was changed somewhat, which also resulted in changing the method identifier from "A128CBC+HS256" to "A128CBC-HS256":

http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-16#appendix-F

  Replaced "A128CBC+HS256" and "A256CBC+HS512" with "A128CBC-HS256"
  and "A256CBC-HS512".  The new algorithms perform the same
  cryptographic computations as [I-D.mcgrew-aead-aes-cbc-hmac-sha2],
  but with the Initialization Vector and Authentication Tag values
  remaining separate from the Ciphertext value in the output
  representation.  Also deleted the header parameters "epu"
  (encryption PartyUInfo) and "epv" (encryption PartyVInfo), since
  they are no longer used.

The current version of the Nimbus JOSE+JWT library supports the new method. The old method (with the plus sign in the identifier) was supported up until version 2.14 of the library (from April 2013).

There are two solutions to that:

Notify the JWE generating party to upgrade their library to the latest specs.
Downgrade the Nimbus JOSE+JWT library to version 2.14.

One is the recommended solution as the new JOSE drafts include a number of improvements and so does the library.

2013-09-20T15:12:29+00:00

luca saveri

All is Ok: 1) with last version of Bouncy Castle it work; 2) with downgrade nimbus I manage properly the method A256CBC+HS512

regard lucas

2013-09-20T17:53:50+00:00

Vladimir Dzhuvinov

changed status to resolved

Good, I'm closing the issue now :)

2013-09-20T20:47:03+00:00

Terry Tucker

This article on natural language processing data annotation challenges and opportunities is a must-read for anyone interested in the field. The author does an excellent job of outlining the challenges faced by data annotators and the opportunities that exist for improving the process. The use of real-world examples and case studies makes the article engaging and informative. Overall, a great resource - https://gbhackers.com/natural-language-processing-data-annotation-challenges-opportunities/ for anyone looking to deepen their understanding of natural language processing.

2023-06-20T22:35:41+00:00

Comments (8)