square/js-jose

Encrypt in JOSE JS decrypt in JAVA

pslingerland-diligent opened this issue · 3 comments

pslingerland-diligent commented

I'm trying to let JOSE JS interact with Java (more specifically the Nimbus JOSE JWT library), using RSA-OAEP-256 (key encryption) combined with AES256GCM (message encryption).
Using a server side (nimbus) generated key pair I can encrypt and decrypt server side fine.
Using the same keypair in JOSE JS also works fine as long as I stay client side
Now the use case is to

  • let the server provide the public RSA key
  • then the JOSE JS lib encrypt a message using this public key (on the fly creating an AES key to encrypt the message)
  • the resulting JOSE JS cypher is handed to to server
  • On the server I extract the 5 components (header, cek, vector, cypher and tag) from the JOSE JS cypher and feed this to the nimbus library to decrypt using the private key.
  • All seams fine until AES decrypting the cypher (so the RSA decripting of the cek succeeded). The error I get is: "AES/GCM/NoPadding decryption failed: Tag mismatch!" signed int comparison of the JOSE JS cyper client and server sided is perfect, so no info seems to be lost along the way.

Any idea what I am doing wrong, or could you reccommend a server side lib that has proven to work with JOSE JS?

Regards and I like your lib.

estherelle commented

I've also been facing issues attempting to decrypt JS JOSE encrypted payloads with Nimbus JOSE JWT. I keep getting decryption padding errors- I thought it might have been an issue with Base64URL encoding but it looks like JS JOSE encodes in Base64URL already and Nimbus also decodes in Base64URL. The weirdest thing is that I'm able to encrypt with Nimbus and then decrypt with JS JOSE but not the other way around. Not sure what I'm missing here.

estherelle commented

I've also been facing issues attempting to decrypt JS JOSE encrypted payloads with Nimbus JOSE JWT. I keep getting decryption padding errors- I thought it might have been an issue with Base64URL encoding but it looks like JS JOSE encodes in Base64URL already and Nimbus also decodes in Base64URL. The weirdest thing is that I'm able to encrypt with Nimbus and then decrypt with JS JOSE but not the other way around. Not sure what I'm missing here.

Actually, my issue was that I hadn't configured the cryptographer. By default, it was using RSA-OAEP rather than RSA-OAEP-256. Once that was set, the decryption in Java worked.

estherelle commented

@Outside1925 The datatypes provide interfaces you can use to construct the JWE: https://github.com/square/js-jose/blob/93d20f8cbaf725168d0ffecd7391f86bf13b5a61/jose-jwe-jws.d.ts I used IEncrypter and IHeaders.