Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWS to JWE usage with SymmetricKey #13

Closed
jhuet opened this issue Jun 12, 2019 · 6 comments
Closed

JWS to JWE usage with SymmetricKey #13

jhuet opened this issue Jun 12, 2019 · 6 comments
Labels
bug question

Comments

@jhuet
Copy link

jhuet commented Jun 12, 2019
edited
Loading

Hello,

First of all, thanks for this JWT library, it looks like to be the easiest one to use that also supports encryption.

I think i'm a bit confused as to how to create a JWE from a JWS though. I keep getting a Key not found or is invalid error when decrypting the JWE. Here's how i'm trying to do it :

<?php

    $keys = \SimpleJWT\Keys\KeySet::createFromSecret('secret123');
    $headers_jwt = ['alg' => 'HS512', 'typ' => 'JWT'];
    $claims = [
        'iss' => 'me',
        'iat' => time(),
        'exp' => time() + (24 * 60 * 60),
    ];
    $jwt = new \SimpleJWT\JWT($headers_jwt, $claims);
    $encoded = $jwt->encode($keys);

    $headers_jwe = ['alg' => 'PBES2-HS512+A256KW', 'enc' => 'A256CBC-HS512'];
    $jwe = new \SimpleJWT\JWE($headers_jwe, $encoded);
    $encrypted = $jwe->encrypt($keys);

    $decrypted = $jwe->decrypt($encrypted, $keys, 'PBES2-HS512+A256KW'); // Key not found or is invalid

    $decoded = $jwt->decode($decrypted->getPlaintext(), $keys, 'HS512');

Am i missing something regarding keys usage ?
@kelvinmo
Copy link
Owner

decrypt() and decode() are static functions. Try:

$decrypted = \SimpleJWT\JWE::decrypt($encrypted, $keys, 'PBES2-HS512+A256KW'); 
$decoded = \SimpleJWT\JWT::decode($decrypted, $keys, 'HS512');

@jhuet
Copy link
Author

jhuet commented Jun 12, 2019

Hi @kelvinmo, unfortunately, the output is the same either way.

@kelvinmo kelvinmo added the bug label Jun 13, 2019
@kelvinmo
Copy link
Owner

OK. I've looked at it again, and there is a bug in the code whereby it is inserting a kid parameter in the header when it shouldn't (kid is only used for asymmetric encryption). If you comment out line 86 of src/SimpleJWT/Crypt/AESKeyWrap.php, where it says

$headers['kid'] = $key->getKeyId();  // comment out this line

it should work

kelvinmo added a commit that referenced this issue Jun 13, 2019
@kelvinmo
Fix for #13
2627fd3
@jhuet
Copy link
Author

jhuet commented Jun 13, 2019
edited
Loading

Yes, it works, thanks a lot! Is this an easy fix for you? I'm not very familiar with JWT or your implementation so i'm not sure i could propose a correct PR.

edit: Nevermind, Github didnt update with your fix when i wrote this, so i see it's already done and there was nothing else to take care of on top of removing the line :)

@kelvinmo
Copy link
Owner

I've got a PR prepared at #14. If it works I can merge it into master

kelvinmo added a commit that referenced this issue Jun 13, 2019
@kelvinmo
Fix for #13
ef4a631
@makarandchavan

This comment has been minimized.

Sign in to view
@kelvinmo kelvinmo mentioned this issue Sep 7, 2019
Closed
@artifex-media artifex-media mentioned this issue Jun 16, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jhuet @kelvinmo @makarandchavan