Closed Guervyl closed 9 months ago
Hi,
I do not understand the problem here. The cyphertext (encrypted payload) is clearly visible in the example you shared.
Hi, From this image you can see there is no payload. Its not well created comparing to other JWE.
From the generated token: eyJjdHkiOiJKV1QiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..iiS7qw
you can see ..
. It was supposed to be eyJjdHkiOiJKV1QiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0.**Payload here**.iiS7qw
You are building an encrypted token (JWE), but jwt.io only supports signed tokens (JWS).
With JWE, the ciphertext is located on the 4th part, not on the second one. The empty part here corresponds to the encrypted key that is empty with the dir
algorithm.
Thanks for your answers. I'm learning a little bit from your answers. My confusion now is from your JWE example, the generated token has a payload even if the algorithm is different from dir
here https://web-token.spomky-labs.com/the-components/encrypted-tokens-jwe/jwe-creation.
Also is it possible to have the ENCRYPTED KEY in my token?
I think you are mixing signed tokens (JWS) and encrypted ones (JWE). As you are referring to jwt.io, I guess what you really want is JWS. You should read this page instead of the one you mentioned.
What I need is JWE, I have read all the documentation. And I understand that JWt.io is not for JWE.
Is just from your JWE example the generated token has a different schema. it's [HEADER].[PAYLOAD].[SIGNATURE] instead of [HEADER].[ENCRYPTED KEY].[IV].[CIPHERTEXT].[TAG] here https://web-token.spomky-labs.com/the-components/encrypted-tokens-jwe/jwe-creation.
Also can I have the [ENCRYPTED KEY] from the JWE using the dir
algorithm?
What I need is JWE, I have read all the documentation. And I understand that JWt.io is not for JWE.
OK. Screenshots from jwt.io confused me.
Is just from your JWE example the generated token has a different schema.
The token has 5 parts separated by dots so it is a JWE with the correct structure.
Also can I have the [ENCRYPTED KEY] from the JWE using the dir algorithm?
It is not possible. With this algorithm the key is directly used for decrypting the token and there is no encrypted key. It is always an empty string. See https://datatracker.ietf.org/doc/html/rfc7518#section-4.5
An empty octet sequence is used as the JWE Encrypted Key value.
Great. Thanks for your answer. It's clear now.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Version(s) affected
3.2
Description
I want to generate a JWE with this header
But the serialized token does not have the payload.
How to reproduce
Create a key from shared secret
$jwk = JWKFactory::createFromSecret($signKey);
Create the algoritm objectsBuild the JWE and serialize:
The output does not have the payload:
eyJjdHkiOiJKV1QiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..iiS7qwucotnyt0BEHofIFA.JavxFIAYYiWmafC0lVX5tMLjKN4eypP3xfGG2_pj_V4BVrM1nbtJo3AnuWEjf9tb3n3SzutELcc7BjP1dgwzSCO33KqR0MgKqBFrYVtjKpfvomQ-wXQYPsF1klB3lIPUkJHJO_5SIAQwVH1OgNBkNcTnSSIufOy8ZKNczRqwiq6rGRyyEjWL-vB8jM2O1b2_-EyTQPucoA0LthkG3IHIEl79mIVWTriOfvK4y6msMMebTU7y7CODrmCT_Hwc3WM33hDFc6rFZggunOcHGPCMr51y_rk1ft8sxjAcCBBSjgagG_9rw3nORhETbA59GrrvAKta4NrglOa3sMdtinzlEnFMNXNTq_KvVLCy9gwmK9Fg8Qf9CqzfetAJYa7vG_ONAvDYpco7hln1ukFUaqz44_i8ZjS_F-a3CkJs_yJZiobZjrQ4KHgpv7iOxOIr6op3OhoauFrycKLjYuz5eYlgQioKnBFvehcCcScozTg1n_OkxNn6652wpitaPUMTRtg03es6v-FOSesSSx_9KkVfLa6kn5MMQkaODvpFerrX5qmtF5XWtfAcDqRazXn_W5wBjSu2ZCqs_8bpQHxSvicqJNO7AzC0Gqe9zCTyq9OD5u4IuVN-om7F5my6OTn5UMep9HcQAnmNjYdJIu-DheroIXkUBmtrBGSSFaJPqU_TXbgPTWkpeP9pl9PvY3U0PZc9spQcJmTXbGDR2_7ZcD3Z-YceGMTPF3oDzDEp1KPfmDfPRjpAOG8RXayuwoEy5nBCfxJJFKMQ4L1K9UnnlRMPLdXHSYRhbVfAdCa4deiT_4ZYHgaM-Ut0wk9rI3I6dGfu6oIlW54T_OPsOvElZXN221thFDfeF1tfPHYmDkEdwT4-M6iPz4TLc9g1bAP9rGk9umqmLmR3W1BDDYrzkqPPChwVj0_LgA0WfbI9xlV9HpCYYBE175zb5jb6kTNLxAbV8o5xCXqrux8kOsGpB3GyXg.2lKPzTnpnJOmtGZDiEW-fg
When I change the
Dir
toA256KW
I got the payload from the token.Possible Solution
No response
Additional Context
No response