Closed jedlyq closed 3 years ago
Hi @jedlyq ,
this means token validation failed. May be you using wrong key?
Hi, DV,
I double confirmed a few time, I was able to decode the same token with the same set of key using another programming languange
Well, if you want to share your key and payload i can try to test myself. At the moment i can't say more using given information.
Based on error message you getting, i think it is pretty clear, it can't decode content encryption key, that can happen in 2 cases:
@jedlyq , check this https://github.com/dvsekhvalnov/jose-jwt#notes also. Just noticed you are using P-521 curve.
Is your incoming token generated by some other library that do not rely on Microsoft Window crypto implementations? You may be running into elliptic curve math compatibility issue then.
Thanks so much. I think that's the cause.
Well, you can confirm by trying with P-256 curve - if it works, but others don't - that's it.
Unfortunately i can't do much about it. Was contacted twice by Microsoft, gave them all details and unit tests, never heard back :(
Closed due to inactivity, feel free to re-open.
Token Header: { "epk": { "kty": "EC", "crv": "P-521", "x": ".......", "y": "....." }, "kid": kid_enc", "cty": "JWT", "enc": "A256CBC-HS512", "alg": "ECDH-ES+A128KW" }
Below is the code extract (VS 2019, .Net4.61) CngKey cngKey = EccKey.New(receiverX, receiverY, receiverD, CngKeyUsages.KeyAgreement); string result= Jose.JWT.Decode(tokenB64Url, cngKey, Jose.JweAlgorithm.ECDH_ES_A128KW, Jose.JweEncryption.A256CBC_HS512);
An Exception thrown from AesKeyWrap's Unwrap(byte[] encryptedCek, byte[] kek) Exception: Jose.IntegrityException: 'AesKeyWrap integrity check failed.'