Call to undefined method SimpleJWT\Crypt\RSAES::getSigningKey()
juniorov opened this issue · 14 comments
Hi, I am getting this error when I use the package with Laravel 10:
Call to undefined method SimpleJWT\Crypt\RSAES::getSigningKey()
This is my code:
$key_pem = base64_decode($serverTransportKey); // $serverTransportKey = public key enconde in base 64
$set = new KeySet();
$key = new RSAKey($key_pem, 'pem');
$set->add($key);
$headers = [
'alg' => 'RSA-OAEP-256',
'enc' => 'A256GCM',
];
$jwt = new JWT($headers, $card); // $card is an array with data
try {
return $jwt->encode($set);
} catch (Exception $e) {
print_r('Exception Message: '. $e->getMessage());
print_r('Exception Code: '. $e->getCode());
print_r('Exception String: '. $e->__toString());
return false;
}RSA-OAEP-256 is not a valid algorithm for creating JWTs. RSA-OAEP-256 is a key encryption algorithm that is used for JWEs rather than JWTs. If you want to use an RSA key to produce JWTs, change the $headers variable to the following (the enc key is not required):
$headers = [ 'alg' => 'RS256' ]; // or RS384 or RS512Thanks for the help.
Before try that I had this but it does not work. For that reason I used JWT.
These is my first code:
$key_pem = base64_decode($serverTransportKey);
$set = new KeySet();
$key = new RSAKey($key_pem, 'pem');
$set->add($key);
$headers = [
'alg' => 'RSA-OAEP-256',
'enc' => 'A256GCM',
];
$jwe = new JWE($headers, $card);
try {
return $jwe->encrypt($set);
} catch (Exception $e) {
pr('Exception Message: '. $e->getMessage());
pr('Exception Code: '. $e->getCode());
pr('Exception String: '. $e->__toString());
return false;
}This is the result:
Algorithm not supported: A256GCM
I don't know What I am missing.
If you are getting an "Algorithm not supported" error for A256GCM when trying to create a JWE, this may be due to an old version of PHP, or the openssl PHP extension not supporting AES GCM.
To check, you can run the following code to list out all the encryption methods supported by your OpenSSL extension:
echo implode("\n", openssl_get_cipher_methods());If you can't find aes-256-gcm in that list, then A256GCM is not supported by your PHP installation.
I ran that code and aes-256-gcm is in the list:
Array
(
[0] => aes-128-cbc
[1] => aes-128-cbc-hmac-sha1
[2] => aes-128-cbc-hmac-sha256
[3] => aes-128-ccm
[4] => aes-128-cfb
[5] => aes-128-cfb1
[6] => aes-128-cfb8
[7] => aes-128-ctr
[8] => aes-128-ecb
[9] => aes-128-gcm
[10] => aes-128-ocb
[11] => aes-128-ofb
[12] => aes-128-xts
[13] => aes-192-cbc
[14] => aes-192-ccm
[15] => aes-192-cfb
[16] => aes-192-cfb1
[17] => aes-192-cfb8
[18] => aes-192-ctr
[19] => aes-192-ecb
[20] => aes-192-gcm
[21] => aes-192-ocb
[22] => aes-192-ofb
[23] => aes-256-cbc
[24] => aes-256-cbc-hmac-sha1
[25] => aes-256-cbc-hmac-sha256
[26] => aes-256-ccm
[27] => aes-256-cfb
[28] => aes-256-cfb1
[29] => aes-256-cfb8
[30] => aes-256-ctr
[31] => aes-256-ecb
[32] => aes-256-gcm
[33] => aes-256-ocb
[34] => aes-256-ofb
[35] => aes-256-xts
[36] => aria-128-cbc
[37] => aria-128-ccm
[38] => aria-128-cfb
[39] => aria-128-cfb1
[40] => aria-128-cfb8
[41] => aria-128-ctr
[42] => aria-128-ecb
[43] => aria-128-gcm
[44] => aria-128-ofb
[45] => aria-192-cbc
[46] => aria-192-ccm
[47] => aria-192-cfb
[48] => aria-192-cfb1
[49] => aria-192-cfb8
[50] => aria-192-ctr
[51] => aria-192-ecb
[52] => aria-192-gcm
[53] => aria-192-ofb
[54] => aria-256-cbc
[55] => aria-256-ccm
[56] => aria-256-cfb
[57] => aria-256-cfb1
[58] => aria-256-cfb8
[59] => aria-256-ctr
[60] => aria-256-ecb
[61] => aria-256-gcm
[62] => aria-256-ofb
[63] => bf-cbc
[64] => bf-cfb
[65] => bf-ecb
[66] => bf-ofb
[67] => camellia-128-cbc
[68] => camellia-128-cfb
[69] => camellia-128-cfb1
[70] => camellia-128-cfb8
[71] => camellia-128-ctr
[72] => camellia-128-ecb
[73] => camellia-128-ofb
[74] => camellia-192-cbc
[75] => camellia-192-cfb
[76] => camellia-192-cfb1
[77] => camellia-192-cfb8
[78] => camellia-192-ctr
[79] => camellia-192-ecb
[80] => camellia-192-ofb
[81] => camellia-256-cbc
[82] => camellia-256-cfb
[83] => camellia-256-cfb1
[84] => camellia-256-cfb8
[85] => camellia-256-ctr
[86] => camellia-256-ecb
[87] => camellia-256-ofb
[88] => cast5-cbc
[89] => cast5-cfb
[90] => cast5-ecb
[91] => cast5-ofb
[92] => chacha20
[93] => chacha20-poly1305
[94] => des-cbc
[95] => des-cfb
[96] => des-cfb1
[97] => des-cfb8
[98] => des-ecb
[99] => des-ede
[100] => des-ede-cbc
[101] => des-ede-cfb
[102] => des-ede-ofb
[103] => des-ede3
[104] => des-ede3-cbc
[105] => des-ede3-cfb
[106] => des-ede3-cfb1
[107] => des-ede3-cfb8
[108] => des-ede3-ofb
[109] => des-ofb
[110] => desx-cbc
[111] => id-aes128-CCM
[112] => id-aes128-GCM
[113] => id-aes128-wrap
[114] => id-aes128-wrap-pad
[115] => id-aes192-CCM
[116] => id-aes192-GCM
[117] => id-aes192-wrap
[118] => id-aes192-wrap-pad
[119] => id-aes256-CCM
[120] => id-aes256-GCM
[121] => id-aes256-wrap
[122] => id-aes256-wrap-pad
[123] => id-smime-alg-CMS3DESwrap
[124] => idea-cbc
[125] => idea-cfb
[126] => idea-ecb
[127] => idea-ofb
[128] => rc2-40-cbc
[129] => rc2-64-cbc
[130] => rc2-cbc
[131] => rc2-cfb
[132] => rc2-ecb
[133] => rc2-ofb
[134] => rc4
[135] => rc4-40
[136] => rc4-hmac-md5
[137] => seed-cbc
[138] => seed-cfb
[139] => seed-ecb
[140] => seed-ofb
[141] => sm4-cbc
[142] => sm4-cfb
[143] => sm4-ctr
[144] => sm4-ecb
[145] => sm4-ofb
)To diagnose further, can you please check the list of algorithm that SimpleJWT detects with this code:
use SimpleJWT\Crypt\AlgorithmFactory;
echo implode("\n", AlgorithmFactory::getSupportedAlgs('enc'));This provides a list of valid values to for enc. Please check whether A256GCM is in the list.
This is the result, A256GCM is not in the list:
A128CBC-HS256
A192CBC-HS384
A256CBC-HS512
It would appear that for whatever reason (possible PHP version), A256CGM is not supported in your installation. If you are not insistent on using A256GCM, you can use A256CBC-HS512. Your JWE headers will become the following:
$headers = [
'alg' => 'RSA-OAEP-256',
'enc' => 'A256CBC-HS512',
];I am trying on two servers, both have the same error and different versions of PHP:
I am using A256GCM because is a requirement for the client to send the info to his server.
But I am going to try changing the headers.
I tried with the enc A256CBC-HS512, but I got an error:
$key_pem = base64_decode($serverTransportKey);
$set = new KeySet();
$key = new RSAKey($key_pem, 'pem');
$set->add($key);
$headers = [
'alg' => 'RSA-OAEP-256',
'enc' => 'A256CBC-HS512',
];
$jwt = new JWE($headers, $card);
print_r($jwt->encrypt($set));I tried with the enc
A256CBC-HS512, but I got an error:$key_pem = base64_decode($serverTransportKey); $set = new KeySet(); $key = new RSAKey($key_pem, 'pem'); $set->add($key); $headers = [ 'alg' => 'RSA-OAEP-256', 'enc' => 'A256CBC-HS512', ]; $jwt = new JWE($headers, $card); print_r($jwt->encrypt($set));
In the code above, is $card an array or a string? JWEs can only be created with a string plaintext. If $card is an array, you will need to serialise it into a string.
I understand, and this should be as json_encode or with serialize?
The method of serialisation is outside the scope of the spec. You will need to agree with the recipient (i.e. the consumer of the JWE) what data format they are expecting.
It would appear that for whatever reason (possible PHP version), A256CGM is not supported in your installation. If you are not insistent on using A256GCM, you can use A256CBC-HS512. Your JWE headers will become the following:
$headers = [ 'alg' => 'RSA-OAEP-256', 'enc' => 'A256CBC-HS512', ];
I continue working on this. I have one last question. Do you know which version of PHP can I use to have support to A256CGM ?
Your PHP installation requires an openssl extension that links (either statically or dynamically) to an openssl library that supports AES GCM.
I have been using PHP 8.1 for testing (both locally and on Github Actions servers) without any issues.