无法使用github.com/web-token/jwt-framework解密JWE令牌

时间:2019-09-05 10:17:17

标签: php jwt jwe jose

按照https://github.com/ndi-trusted-data/myinfo-demo-app/blob/master/lib/security/security.js上的指南

我设法在节点js环境中解密了JWE令牌,但没有对php解密。

但是,使用PHP中的相同实现,我无法使用相同的密钥来解密相同的JWE。

下面的代码有什么问题吗?尝试了2天,我被卡住了。我的代码或两个库的实现都不标准吗?

这是来自成功解密的nodejs的输出。 

Decrypting JWE (Format: header.encryptedKey.iv.cipherText.tag)

eyJhbGciOiJSU0ENvbS5z.........

{"alg":"RSA-OAEP","enc":"A256GCM","kid":"aa.sample.com"}

Person Data (JWS):
"eyJhbGciOiJSUzI1NiIsImtpZCI6IkM2US0wYnNIYzRxeU5xNk1CRXRmdH......

Person Data (Decoded):
{"uinfin":{.........} }

遵循文档https://web-token.spomky-labs.com/components/encrypted-tokens-jwe/jwe-loading 

use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Algorithm\KeyEncryption\RSAOAEP;
use Jose\Component\Encryption\Algorithm\ContentEncryption\A256GCM;
use Jose\Component\Encryption\Compression\CompressionMethodManager;
use Jose\Component\Encryption\Compression\Deflate;
use Jose\Component\Encryption\Serializer\JWESerializerManager;
use Jose\Component\Encryption\Serializer\CompactSerializer;
use Jose\Component\Encryption\JWEDecrypter;

$jwtString = "eyJhbGciOiJSU0EtT0FFU....";

// The serializer manager. We only use the JWE Compact Serialization Mode.
    $serializerManager = new JWESerializerManager([
        new CompactSerializer(),
    ]);


    // The key encryption algorithm manager with the A256KW algorithm.
    $keyEncryptionAlgorithmManager = new AlgorithmManager([
        new RSAOAEP()
    ]);



    // The content encryption algorithm manager with the A256CBC-HS256 algorithm.
    $contentEncryptionAlgorithmManager = new AlgorithmManager([
        new A256GCM(),
    ]);

    // The compression method manager with the DEF (Deflate) method.
    $compressionMethodManager = new CompressionMethodManager([
        new Deflate()
    ]);



    $privateKey = JWKFactory::createFromKeyFile(
        base_path('keys/'.env("MYINFO_PRIVATE_KEY_PATH")), 
        '',                   // Secret if the key is encrypted
        [
             'use' => 'enc',         // Additional parameters
        ]
    );



    $signatureKey = JWKFactory::createFromCertificateFile(
        base_path('keys/'.env("MYINFO_ISSUED_PUBLIC_KEY_PATH")),         
        [
             'use' => 'sig',         // Additional parameters
        ]
    );

    // We instantiate our JWE Decrypter.
    $jweDecrypter = new JWEDecrypter(
        $keyEncryptionAlgorithmManager,
        $contentEncryptionAlgorithmManager,
        $compressionMethodManager
    );

    // We try to load the token.
    $jwe = $serializerManager->unserialize($jwtString);  

    // We decrypt the token. This method does NOT check the header.
    $success = $jweDecrypter->decryptUsingKey($jwe, $privateKey, 0,$signatureKey);

    dd($success);


--- false

期待已解码的JWT有效负载,但是请务必保持为假。

1 个答案:

答案 0 :(得分:0)

我遇到了同样的问题。在深入研究代码执行时,我发现 CompressionManager 是空的。文档中的代码:

// The compression method manager with the DEF (Deflate) method.
$compressionMethodManager = new CompressionMethodManager([
    new Deflate()
]);

标准构造函数已被弃用,不应再使用。就我而言,它是空的,所以没有注册任何 CompressionMethod。我使用 create mehtod 让它工作:

// The compression method manager with the DEF (Deflate) method.
$compressionMethodManager = CompressionMethodManager::create([
    new Deflate()
]);

BR,

奥雷利安

相关问题
最新问题