A128CBC-HS256

[jondeandres]

Hi,

in the draft in http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14 i can read this:

Replaced "A128CBC+HS256" and "A256CBC+HS512" with "A128CBC-HS256" and "A256CBC-HS512". The new algorithms perform the same cryptographic computations as [I-D.mcgrew-aead-aes-cbc-hmac-sha2], but with the Initialization Vector and Authentication Tag values remaining separate from the Ciphertext value in the output representation. Also deleted the header parameters "epu"(encryption PartyUInfo) and "epv" (encryption PartyVInfo), since they are no longer used.

Will you update the gem to work properly with this change in the draft? If you know what changes should be made in JSON::JWE perhaps i'll be able to code them.

An example of the problem i have. Trying to decode with A128CBC+HS256 i have this error when calling JSON::JWE#decrypt! method:

OpenSSL::Cipher::CipherError Exception: wrong final block length

Thanks.

[nov]

JWE implementation isn't following the latest spec, since JWE spec isn't solid yet.

[nov]

GCM now working. CBC isn't yet.

I need to read the latest JWE spec to understand what I need to update. It seems CBC flow changed a lot.

[jondeandres]

Thanks for the effort Nov.

I'm looking at the specification and your code, trying to understand something. Really i don't know what to change, but i'm researching.

This seems to be the key perhaps?

o Replaced "A128CBC+HS256" and "A256CBC+HS512" with "A128CBC-HS256" and "A256CBC-HS512". The new algorithms perform the same cryptographic computations as [I-D.mcgrew-aead-aes-cbc-hmac-sha2 http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-17#ref-I-D.mcgrew-aead-aes-cbc-hmac-sha2], but with the Initialization Vector and Authentication Tag values remaining separate from the Ciphertext value in the output representation. Also deleted the header parameters "epu" (encryption PartyUInfo) and "epv" (encryption PartyVInfo), since they are no longer used.

o Changed from using the term "Integrity Value" to "Authentication Tag".

On Thu, Oct 24, 2013 at 11:41 AM, Nov Matake notifications@github.comwrote:

GCM now working. CBC isn't yet.

I need to read the latest JWE spec to understand what I need to update. It seems CBC flow changed a lot.

— Reply to this email directly or view it on GitHubhttps://github.com/nov/json-jwt/issues/14#issuecomment-26978850 .

Jon de Andrés

[nov]

I've managed to follow the latest spec. Now all tests passed, so json-jwt is Nimbus JOSE+JWT compatible. (Nimbus JOSE+JWT is the most stable JOSE implementation I know)

Please try json-jwt v0.6.0 and tell me if you have any troubles. Since I'm also not crypto expert, I need more feedback on JWE implementation.

[nov]

BTW, for what are you using JWE?

[jondeandres]

Nov,

i work in Wuaki.tv, www.wuaki.tv, a video on demand service in Spain and UK, we are part of the Rakuten group, i supose you know. We are developing the Wuaki.tv application for Microsoft Xbox One and they use JWT to send us some user authentication tokens in a JWT claim.

Thank you very much cause the changes!! I'm sure it can be useful for us.

I'm having still some problems with this, perhaps we have an error in our code. Do you have any inconvenient to review this code?

We have this class that we use to decode the token we receive:

module XboxOne class JWT attr_reader :private_key

def initialize(private_key = nil)
  @private_key = private_key || default_private_key
end

# Decrypts the received data and returns a
# {JSON::JWE} object. The data received should be
 # a JWT token from the Xbox console
#
# @param [String] data the data to decrypt
# @return [JSON::JWE] the decrypted object
def decrypt!(data)
  jwe = JSON::JWE.new(data)
  jwe.enc = encryption_type
  jwe.alg =  algorithm

  jwe.decrypt!(private_key)
end

# This is the encryption type defined by the xbox documentation
def encryption_type
  :'A128CBC-HS256'
end

def algorithm
  :'RSA-OAEP'
end

def default_private_key
  OpenSSL::PKey::RSA.new(File.new(default_private_key_path))
end

def default_private_key_path
  ::Rails.application.config.wuaki_private_key_path
end

end end

And i'm trying to test this:

  let(:encrypted_data) do

"eyJlbmMiOiJBMTI4Q0JDK0hTMjU2IiwiYWxnIjoiUlNBLU9BRVAiLCJjdHkiOiJKV1QiLCJ6aXAiOiJERUYiLCJ4NXQiOiJfTXU5V3JJb2Yyb0w5b3BzUFhTYjd0RE1IMzAifQ.Pnzzn7bLi6_MGPRJzoS60Z248QNWK6CBCVTdv_XhHMQ3a9rCaKGVHDw_llavnbRo3RP5qT5E-QXuK8NACwDET6Jm1ZDdJ1v1YhJwZoULzHarWDY15W23gkAjCQDkJfqG4OG252Yj8Qy5xSC1HYf01NKJNHj1MgLyizAEgUrRRWFbrXxhCbLOHNabgs4kLsE5Zph-TtvAGH6Fieu1bkYYo3v0MT2jWsqhYKnumTzvuRespNg1GQioBo8-Os5VwkmveeTpn7KlxjDS4HeD-czC4KzrgxaUWu9desxpgK_ft8irxL_HArNfVdm8kg3dFvcaruaPrtNfeP_aUZ9fKB8Lbg.eTtVTOf6wPeKNkk6ABOPRA.3xTYtlHrryXrK4iBURxIS1WaBq9Lu1fn7V6e9D5D8XRPcE0T9DIyRLkhZS1bVDMFu_vr5cjqxBKh4z3MChV0yQsIKES6EXlsDmFpBg7dKloiIlAuQdDBra8h_3dTna8Tmxn9iJh-nbSVnn80lq8YC44iFB9neKZUg0IO5Tm6fpsTlk-09NIhq16v4Wm5_c1_CUs0kfQxLg9ACPEQD2Il_wTWCSVfyS1vCY081EuV51RyIZQH0U9TdvpSj6JgkxO-wv1NnuQUUQ2DKLqsbgr7hXhXNM5WbulkPtNk7I3hQmUybLPC5sQO8QrLvGn61zfvx-xwKj0qTVg0uBECvamyliChYgV5KbpW3NIkMjljZvh9VZuQ0_sa37YFGTpMWbmz1p7aDQ_bbupWfM2SkLlCPDQ6OJYw_QkqkCuQOz7FuKxCj4mMBi0vxUxGCgoIdXqV_EyQ-4wehu7185JxyvNFxhEXM8YG8CFi6XX6YqZx9LQ5lOIDhvMq6uXjan7JPXT8kNIjt32TmyL7PDGloMCItDAs_GGcT_Zqu0JMgeTpvWB4LhQcIBigifQOk8an6PcOyQLN-SNmuCjmS-CxJvv_dhtrxuiMIQjcAHZqbuWytsZOCDdB8v83aaQWU-hMTl1Zy7ZOXO" end

  subject { XboxOne::JWT.new }

  it 'decrypts the data' do
    subject.decrypt!(encrypted_data).to_s
  end

I have this error when calling cipher.final in your code:

OpenSSL::Cipher::CipherError Exception: wrong final block length

Thank you Nov! Regards.

On Thu, Oct 24, 2013 at 1:32 PM, Nov Matake notifications@github.comwrote:

BTW, for what are you using JWE?

— Reply to this email directly or view it on GitHubhttps://github.com/nov/json-jwt/issues/14#issuecomment-26984741 .

Jon de Andrés

[jondeandres]

Nov,

the Microsoft guys tell me that the token we receive should be first signed and last crypted. Do you have any idea of how can I use your gem to do this?

On Thu, Oct 24, 2013 at 1:47 PM, Jon de Andrés jondeandres@gmail.comwrote:

Nov,

i work in Wuaki.tv, www.wuaki.tv, a video on demand service in Spain and UK, we are part of the Rakuten group, i supose you know. We are developing the Wuaki.tv application for Microsoft Xbox One and they use JWT to send us some user authentication tokens in a JWT claim.

Thank you very much cause the changes!! I'm sure it can be useful for us.

I'm having still some problems with this, perhaps we have an error in our code. Do you have any inconvenient to review this code?

We have this class that we use to decode the token we receive:

module XboxOne class JWT attr_reader :private_key

def initialize(private_key = nil)
  @private_key = private_key || default_private_key
end

# Decrypts the received data and returns a
# {JSON::JWE} object. The data received should be
 # a JWT token from the Xbox console
#
# @param [String] data the data to decrypt
# @return [JSON::JWE] the decrypted object
def decrypt!(data)
  jwe = JSON::JWE.new(data)
  jwe.enc = encryption_type
  jwe.alg =  algorithm

  jwe.decrypt!(private_key)
end

# This is the encryption type defined by the xbox documentation
def encryption_type
  :'A128CBC-HS256'
end

def algorithm
  :'RSA-OAEP'
end

def default_private_key
  OpenSSL::PKey::RSA.new(File.new(default_private_key_path))
end

def default_private_key_path
  ::Rails.application.config.wuaki_private_key_path
end

end end

And i'm trying to test this:

  let(:encrypted_data) do

"eyJlbmMiOiJBMTI4Q0JDK0hTMjU2IiwiYWxnIjoiUlNBLU9BRVAiLCJjdHkiOiJKV1QiLCJ6aXAiOiJERUYiLCJ4NXQiOiJfTXU5V3JJb2Yyb0w5b3BzUFhTYjd0RE1IMzAifQ.Pnzzn7bLi6_MGPRJzoS60Z248QNWK6CBCVTdv_XhHMQ3a9rCaKGVHDw_llavnbRo3RP5qT5E-QXuK8NACwDET6Jm1ZDdJ1v1YhJwZoULzHarWDY15W23gkAjCQDkJfqG4OG252Yj8Qy5xSC1HYf01NKJNHj1MgLyizAEgUrRRWFbrXxhCbLOHNabgs4kLsE5Zph-TtvAGH6Fieu1bkYYo3v0MT2jWsqhYKnumTzvuRespNg1GQioBo8-Os5VwkmveeTpn7KlxjDS4HeD-czC4KzrgxaUWu9desxpgK_ft8irxL_HArNfVdm8kg3dFvcaruaPrtNfeP_aUZ9fKB8Lbg.eTtVTOf6wPeKNkk6ABOPRA.3xTYtlHrryXrK4iBURxIS1WaBq9Lu1fn7V6e9D5D8XRPcE0T9DIyRLkhZS1bVDMFu_vr5cjqxBKh4z3MChV0yQsIKES6EXlsDmFpBg7dKloiIlAuQdDBra8h_3dTna8Tmxn9iJh-nbSVnn80lq8YC44iFB9neKZUg0IO5Tm6fpsTlk-09NIhq16v4Wm5_c1_CUs0kfQxLg9ACPEQD2Il_wTWCSVfyS1vCY081EuV51RyIZQH0U9TdvpSj6JgkxO-wv1NnuQUUQ2DKLqsbgr7hXhXNM5WbulkPtNk7I3hQmUybLPC5sQO8QrLvGn61zfvx-xwKj0qTVg0uBECvamyliChYgV5KbpW3NIkMjljZvh9VZuQ0_sa37YFGTpMWbmz1p7aDQ_bbupWfM2SkLlCPDQ6OJYw_QkqkCuQOz7FuKxCj4mMBi0vxUxGCgoIdXqV_EyQ-4wehu7185JxyvNFxhEXM8YG8CFi6XX6YqZx9LQ5lOIDhvMq6uXjan7JPXT8kNIjt32TmyL7PDGloMCItDAs_GGcT_Zqu0JMgeTpvWB4LhQcIBigifQOk8an6PcOyQLN-SNmuCjmS-CxJvv_dhtrxuiMIQjcAHZqbuWytsZOCDdB8v83aaQWU-hMTl1Zy7ZOXO" end

  subject { XboxOne::JWT.new }

  it 'decrypts the data' do
    subject.decrypt!(encrypted_data).to_s
  end

I have this error when calling cipher.final in your code:

OpenSSL::Cipher::CipherError Exception: wrong final block length

Thank you Nov! Regards.

On Thu, Oct 24, 2013 at 1:32 PM, Nov Matake notifications@github.comwrote:

BTW, for what are you using JWE?

— Reply to this email directly or view it on GitHubhttps://github.com/nov/json-jwt/issues/14#issuecomment-26984741 .

Jon de Andrés

Jon de Andrés

[nov]

Your encrypted_data has only 3 dots, though the latest format of JWE should have 4 dots. So what's wrong is your fixture data.

[nov]

For signed and encrypted JWT, you can find exact sample code in README.

[nov]

require 'json/jwt'

claim = {
  iss: 'nov',
  exp: 1.week.from_now,
  nbf: Time.now
}

# No signature, no encryption
jwt = JSON::JWT.new(claim).to_s

# With signiture, no encryption
jws = JSON::JWT.new(claim).sign(key, algorithm) # algorithm is optional. default HS256
jws.to_s # => header.payload.signature

# With signature & encryption
jwe = jws.encrypt(key, algorithm, encryption_method) # algorithm & encryption_method are optional. default RSA1_5 & A128CBC-HS256
jws.to_s # => header.encrypted_key.iv.cipher_text.integrity_value

[nov]

BTW, it's great to hear Xbox uses JOSE so deeply :)

[jondeandres]

Nov, thanks for your example, but that's the way to encrypt the data, no?

How should I decrypt signed and encrypted data?

Thank you!

On Fri, Oct 25, 2013 at 3:47 AM, Nov Matake notifications@github.comwrote:

BTW, it's great to hear Xbox uses JOSE so deeply :)

— Reply to this email directly or view it on GitHubhttps://github.com/nov/json-jwt/issues/14#issuecomment-27050179 .

Jon de Andrés

[nov]

Ah, then try

# decrypt here
jwe = JSON::JWE.decode(jwe_string, your_private_key)

# plain text of JWE is a JWS
jws_string = jwe.to_s

# verify the JWS signature
jws = JSON::JWS.decode(jws_string, microsoft_public_key) 

[jondeandres]

Hi Nov,

we've been able to capture what we think that is the whole packet, but when I decode the token to get the jwe string i get this data: "=S\xD7\x96\xAB8\x10\xFC\xA2\xB9\x87\x1C\x1Em\xA2\x18$\x86 \xD2\xCB=\x06a,a0\x1E\a\xC2\xD7\xAF\xC4\xEE\xD9\xC7\x92ZU\xD5\xD5\xADzv\xA5:;R\x9F\xBA\xDF\x89\x1CPOw\xAF\xA5]\t\x1C\xE1\x05\xC8\x88\x82'\xE8\e\x99\xE8\v\x98\x85\xE3\x14\x15i\xB7\x9F\xC9m\xB8\xC4\x9DuOS\xED\x8Ee W\x8B\xBB\xA9X\x12\x04\x91{\xF8S\xCF\xEE\x95\xA4\x81 \xB9\x13'\x1C}\xBA\xFF\xD4\xB6\xFB\xA9uM%\xA9\xF5{\x8E4\x89\xD0\xBD\x10\e\x15\x8A\xBAM\xA5\x86\x8B\xD7Y2\xB1\x9B\xF7ZkO\x03\xE9\xF0;W\x0E/@GZvn\a\xD8}\x82K\xB3\xC0\x18\xCE\x90a\x89\xBF\xBF\xD5\x0E7\xCF\xCC\xC57\xE0\x84\x8C\Aq\xC0\r\xDBs\x04\xB6\xDCGKz\xC0\xF9\x81\xE21\xF0\x86\xF1q\xF2\x8D\xFC\ru\xDET\x17\x8E\xA2\x06\xB4\x85\xEEcd\x06,1\x11sO\x81\x94\x8F\xBE\t4$\x15:4\xCC\rZ,\x1DIp\x0E[\xACB\x83\x9C \xBB\xD9_xo\x89\xD3\n\xEFy\xDE\x1D6\xB1\xA2\xDD@ /\tm\xE9?m\xE9\xBCf\x00\xB8&\x98\x11\x03\x134\xDAE\xF4B\x9Cb\xE6\xBDP\x18mF\x8F\x1D\xB9\x1F\xF7\xC0\xF9\x96\xBCo\x04_\x96\xCB\xE3\xE7B\x83\x95]N\xFD\xFEI\xCF=\xF9\x05l\xD8\x81\xCEz\xF2\xD7\xDCw\x12\xF3\f\x14\xC1wVCM\xF0\x85x\xF5%W\n\x16<\xCB9\xADV\x8E\xAA\xCF\x05\x0E\xBC\xF8\xFF\x81\n_r\xD2\x93\xA9\xB2\x8Am\x805\x0F\xC5\x96U\xA7\xD2t\xE6\x83,\x97j\xACT\xE2\xC5\xD6\xC9\x8C\xEC\xC3\xD3O\xE0r^\x8AM\xA9T\x13\xB4\x06Uh\xD6\"\xBB\x9E\xA4g\xA3RQ7\x19qr\xB3+l\xE5aoQ\x84\xB5\xFE,\x87\xB70\xBD\xC1@ \xBE\x8F\xA1dJ\xBE\x85\xCEE7<P\xFA\x92_\a\xD2K\xB6f%\x8B\xACR\xF5IIz]\xD6L\xF8\x8C\xA0q\x94\xE1\xD2\xAA\x88a\r\xC6\xF9\b\x8D\Cq\xFEoo\xB6\xC8\x1Cl\xC2\xB8\xE1\xF3n%\xD8\xBA6d\xC8D\x06P}3<\xF9F\xA8#f_!\x03\x12\xC4p\t\x96\x86\v\x9EB\xA3\xD0\xD7\xEC\xB3p\xD5\t\xB3\xABTd\xEE;OG\xC1\xFB,\xBBj\x9D\x95\xA8\xC9S\xBE5\xBC&HC\xB9t\xD6O\xC1\x88\xB3\xEE\xD1\x02#\x91\xDFi&T|\bS\x833\xDF\xA98o`\xDCj\xC0\x00#\xD4\x8F3\xDF\x9B\x06\xB2\xA3,\xB0\xBF\xE2\x96c\xA0r<\xAFxi8\x0E\xC4\xBD\x84\xE6\xE3\x8C\xD6{<q,C\xCAq\x8C\xE9%\x91\x0F\x7F\xD87\xB2\xFD}\xBA\xBD<?Q\xFEv\x89u\xFF{\x1D$\xC9)\x9D;L\xF7\x04\xD7\xB1\xAC;\xC9\x05\x15Jd<\xFA\x9F\xA3\xFE\xCE\x1E\xBB\xEB\xE7\x15W\xD0\xD1\xFF~F<\x95\xED.\xB6\x92r\xB4b\xE2}O\xE6\xE8\ro\xF2\xB2<\xCB\x9F\xBC\xA0\xF2[\xC7\xEFvQ\xB3\x9D\xF9\xB0~~\xB7\x9D\x03\x9E4[R\xCB\xDF\xD0\xED\xB6\xA8w\xD4>\xBE\xDE\x95b\xE6\x8E\xB7\xBDm\x1C\xAF\x94_\xE5\x84\xBD\xBC\x93~\xF4\r\x1C3\xB8\xA3?\x12ye~\xD5O\xDA\xA1\xC1\xB5c\xAA\xCF~s\xF9\xAA\x8F\xAC\xEA.!\xA9\xA6\xCE\xD7\x7Fr\x00)\xFD\x1A\xDC\xC7P'\x90\xC7y\xEB\x82D\xD2[\xE7\xE4\xC3}\xB0\xCCV/5\x9A\xD7\xEE\xDB]\x1F\xC4\x1F\xFD\xFD\xF8\xBD'\x8F\xAC\x18\xE1\xF8\xADL\xA5\e1h\xC8\xA7K\xB9\xBB\xEC/\x8CN\xCF\xF1\xC6\xC2\xE1\x94\xECI\xA8\xA1\xCC0\xCBB\x01l\xEA\xEC\xE6\xFEe\a\xC5\a\xFB\xD7\xF6\x8D\xDC\x9AO9-\xF6\xBA:\x05\xFAr\x88\xF0p\xC5\xBF\xFB\xCF\x03\x97\xF7\xC3\xF1\x1F"

Something is wrong here...but i don't know if it's a problem with encoding or what. I got this output with JSON::JWT.decode(encrypted_data, subject.default_private_key).to_s.

Thanks!

On Fri, Oct 25, 2013 at 10:45 AM, Nov Matake notifications@github.comwrote:

Ah,

jwe = JSON::JWE.decode(jwe_string, your_private_key)jws_string = jwe.to_s jws = JSON::JWS.decode(jws_string, microsoft_public_key)

— Reply to this email directly or view it on GitHubhttps://github.com/nov/json-jwt/issues/14#issuecomment-27074376 .

Jon de Andrés

[nov]

Hum... is the JWE input binary data? Without the raw JWE nor the private key, debugging is almost impossible :(

[jondeandres]

The token we receive is this one: eyJlbmMiOiJBMTI4Q0JDK0hTMjU2IiwiYWxnIjoiUlNBLU9BRVAiLCJjdHkiOiJKV1QiLCJ6aXAiOiJERUYiLCJ4NXQiOiJfTXU5V3JJb2Yyb0w5b3BzUFhTYjd0RE1IMzAifQ.zblV1FW_6U_G_aEgvtL1cSGpZIc21WxiOMZWtwRgC-OLIWgzsCjYqQF5Cec8LBjU1DJixgwA2Mn9uO8c3rPxmVRC4nhFXHbr14zPnM0V3jY8YQE2nPX2gbGVAjEbB2cmRDhQkddJWeNQK8_RgD3pDviFsavWuGFWker1xS9Fn3n3pR21tIZgQnj6_ZFNzXTzWcIsCn6UExq0zghe7ztWohstK5_U30c_uB17lrrOVevk1TTs8B489wxMyNtsc0mn4SY0Rxk3yFoV541gWHQTmqKxe7KPakaY_1KkQk8S30Tn35EYavzoVktfu7SU5a51ZENBc0SqzZAizdeEjkk7bw.DxPxDqjF47SF7IBtLbrlBA.jH2AVY0kDIi3mE32Bd0lWzsd-fZVDhVhEKP-ePBeFKrozZA3zGhwmww4XbLPBS0iz87MNh_B2ytibobuhnJ3e3nGshEXYoNH-bz7qoS6-Han8lWl5fWoBcs0k9UuxhAe8pwF6f7vKookSFmc9Su925Magvr10cjyPHt0ka23ELb-0O970m4QI-PDNMvEAf9DDBX5AOPh6kuM4L6OBUQP5xdNYKbVkbNbdzPH8MzLHP_w8e8Q1Rg3OaM1SuL9oxfQM7eZFjcNyzZPluoYIGxkTFBdChXy1Wck2tj1ZfnkNjI2gzfh_Z_mHNVwHMIawXfhf1ojIMrPOkmulaoQ2LqtmAsjd1bNLNc5BEoT9ltGlYluw0zyE7mMnCbhnu0J87FEP0cllpLc3ve8ZNV4BqOSzqz8tHmIpxjCHOrcnK7w-16BkBvERNJyF3aEEpLcVNKP-SKMLhenYI4QrDBXpoE1TA8hskI9WPsi5a5qprm5TKq7ZWV9d1jzgSCxF6vD1J8alvhL_y97qbAT9VFScthM850ZoTdBFm62BfLvSwY3ZS7bzx2L8KBRU4V7Bn4stZT8QumLz9iz7XCTX0daC63ayQ_5NArzVea9Xttl9XigP-mzKQNjsngGUxanBdmpr7BUDiggAgQ8je1kedoVhEMzrnYHvQ_gL32-7h_jp5Fa_S750eZQZSt-88PNV73bqBCJMhbdB0YjfagKSjUrlsPjSSprOXKpObylt92MLQIoOoZ6nJTN8DdeaXoLu-aajw-F6aDeOBgVZF9vo_MW_gjfhS_Kf7uGTvZyb23KEgWEQfGdwRYfJXJSrSHiZzssberKgOKdyTJ1blN4jOYirTNF0BsX4kHUEJC0g891lCwNPDPfX5-ihJ8L3dFBkuDkuwhpfoP3aErj9M560iEvz7FQcV4pLWHRjGSCNoLSc1CETQMVLPhvCz5WKnal3RELT7RWdlFI0o0IFiqfboUh1n1jQvdFdxNZcHKuC58jOBOZmQpdCcV1loq-RnQv94Y57r_uHZqlD3Uo7lmXCmHkA8z30b5rhlo7TkO4Q86P09lFbVk_QHFRDYiYjSq4MKGyWNEKUEjMlPpQHXcoMAbuGLXeNSUpjcseCCbGUCPuBY2oGW3ThMvwSJYyzbgjs4jE9aj6iOcf77qyLkCi7wWW7SPWnUwdLvfXyhJaHmuaaGuVzxi4vy7YkPuNz6Ew95GLL1RR.ESaY6ZcilPYcm3Mpz3AyKzmqK4JLl3JDhx2ZCZuXygo

It seems to be correct, although finally they are not using A128CBC-HS256 and they are using A128CBC+HS256, so i'm doing this tests with your 0.5.6 version of the gem. It's strange cause the output should be in base64 no?

Thanks for this Nov ;-).

On Wed, Oct 30, 2013 at 1:36 PM, Nov Matake notifications@github.comwrote:

Hum... is the JWE input binary data? Without the raw JWE nor the private key, debugging is almost impossible :(

— Reply to this email directly or view it on GitHubhttps://github.com/nov/json-jwt/issues/14#issuecomment-27385095 .

Jon de Andrés

[nov]

Ah, it's compressed. This gem isn't supporting compressed JWE yet.

nov@tov ~$ irb
irb(main):001:0> require 'url_safe_base64'
=> true
irb(main):002:0> UrlSafeBase64.decode64 'eyJlbmMiOiJBMTI4Q0JDK0hTMjU2IiwiYWxnIjoiUlNBLU9BRVAiLCJjdHkiOiJKV1QiLCJ6aXAiOiJERUYiLCJ4NXQiOiJfTXU5V3JJb2Yyb0w5b3BzUFhTYjd0RE1IMzAifQ'
=> "{\"enc\":\"A128CBC+HS256\",\"alg\":\"RSA-OAEP\",\"cty\":\"JWT\",\"zip\":\"DEF\",\"x5t\":\"_Mu9WrIof2oL9opsPXSb7tDMH30\"}"

[nov]

Probably you can get the unzipped data by just simply unzip jwe.to_s output.

[jondeandres]

Hi!

I'll try to unzip the data, thank you Nov!!!! I tell you if it works ;-). On Oct 30, 2013 1:59 PM, "Nov Matake" notifications@github.com wrote:

Probably you can get the unzipped data by just simply unzip jwe.to_soutput.

— Reply to this email directly or view it on GitHubhttps://github.com/nov/json-jwt/issues/14#issuecomment-27386524 .

[bensw]

Figured out the solution to being able to unzip the data.

From the spec, JWE's use DEFLATE, which are headerless and checksumless. In order to have Zlib ignore these things you need to set the window size of the inflate stream to -15.

def inflate_jwe(jwe_string)
  zstream = Zlib::Inflate.new(-15)
  buf = zstream.inflate(string)
  zstream.finish
  zstream.close
  buf
end

inflate_jwe(jwe.to_s)

In this particular case (MSFT tokens) it is still necessary to use version 0.5.6 of this library (because of the dependency on A128CBC+HS256).

Hopefully this helps others who run into this specific use case!

[nov]

:+1:

[kkarras]

@bensw I believe I'm running into the same thing with a MSFT JWE.

Been trying to decrypt but not having success.

Should I still try and use older version of this gem and decompress as mentioned above?

[alexandru-calinoiu]

I was facing a similar problem, using version 0.5.6 of the gem, my code is:

def inflate_jwe(jwe_string)
  zstream = Zlib::Inflate.new(-15)
  buf = zstream.inflate(jwe_string)
  zstream.finish
  zstream.close

  buf
end

def decrypt!(data)
  jwe = JSON::JWT.decode(data, default_private_key).to_s
  inflate_jwe(jwe)
end

output = UrlSafeBase64.decode64(decrypt!(data))

The part that I was missing was to decode64 the data after it was inflated.