search

dvsekhvalnov / jose-jwt

Ultimate Javascript Object Signing and Encryption (JOSE), JSON Web Token (JWT) and Json Web Keys (JWK) Implementation for .NET and .NET Core
MIT License
936 stars 184 forks source link

AesKeyWrap integrity check failed for ECDH-ES+A256KW alg #186

Closed Nizam-tch closed 1 year ago

Nizam-tch commented 2 years ago

Hi @dvsekhvalnov, The below code throws 'AesKeyWrap integrity check failed' exception while decrypt the 'idToken'. im using 'P-521' curve for enc keys.

JsonTextReader reader = new JsonTextReader(new StringReader(EncryptionKey)); var jwk = JsonSerializer.CreateDefault().Deserialize(reader); var publicECCKey = EccKey.New(Base64Url.Decode(jwk.x), Base64Url.Decode(jwk.y), Base64Url.Decode(jwk.d), usage: CngKeyUsages.KeyAgreement);

        //---get the decrypted token
        string token = Jose.JWT.Decode(IdToken, publicECCKey, JweAlgorithm.ECDH_ES_A128KW, JweEncryption.A256CBC_HS512);

image

dvsekhvalnov commented 2 years ago

Hi @Nizam-tch ,

https://github.com/dvsekhvalnov/jose-jwt#notes , see second. Is it your case?

Nizam-tch commented 2 years ago

Hi @dvsekhvalnov
Thank you for your prompt response Currently, https://[mkjwk.org](https://mkjwk.org/)/ is not accessible. I'll generate the key with P-256 and try again

rakeshfern commented 1 year ago

Is this solved am facing same issue

rakeshfern commented 1 year ago

what changes resolved this issue @dvsekhvalnov and @Nizam-tch

rakeshfern commented 1 year ago

image This is my code for decryption, var privateKey = new Jwk( "P-521", "AD2J_17wpqY7wVi9ag-P5X13OL6asPqaOHMNQi0ek3aE2SNOiOdTBAADEApVsZLzf5zS4XM6qttvEaRIOOJyeG9e", "AONkenNl5HXzZ6LRPXW0e1-kH5ZnLxl2cZeWh49B551L_hWE4IHZbrrI5sk1d3t8bFUtnFNgOSNRbQIPW54Knc-r", "AC9azvDLPpwr53MuzUj1Zgwdmhdg9ytE_nknqAwvQMi1b03bH9_Vlhn-dXDVQzHSgur8bpMCMAXgvzJ-zohQ3ahx"         );

 

        

           // JwtSettings settings = new JwtSettings().RegisterJwe(JweEncryption.A256CBC_HS512, encAlg);             var toks = JWT.Decode(token.id_token, privateKey,JweAlgorithm.ECDH_ES_A256KW, JweEncryption.A256CBC_HS512, new JwtSettings().RegisterJweAlias("A256CBC-HS512_ALIAS", JweEncryption.A256CBC_HS512));

dvsekhvalnov commented 1 year ago

Hello @rakeshfern ,

what kind of problem you are facing?

Also please check notes: https://github.com/dvsekhvalnov/jose-jwt#notes

rakeshfern commented 1 year ago

AESWrapIntegrity Error @dvsekhvalnov but now i changed the curve to p-256 it worked. Thanks for the prompt reply.

dvsekhvalnov commented 1 year ago

Ok folks, i'll close this one out, sounds like everybody just happy with P-256, blame Microsoft otherwise :)