2

JWE Decryption 的新事物。我有一台服务器执行 JWE 并根据服务器和客户端之间共享的密钥将其发送到客户端。

我正在使用 Jose4j 进行解密并收到此错误

java.lang.NullPointerException:JWE 的明文负载尚未设置。

我正在使用此链接中显示的示例代码,接收器部分

https://bitbucket.org/b_c/jose4j/wiki/JWE%20Examples

我对服务器没有任何见解,只是在编写客户端。如果paylaod本身没有到来或者该框架正在尝试解密,我会感到困惑。

任何调试问题的指针表示赞赏

问候, 阿拉文德

4

2 回答 2

1

getCompactSerialization()只有在没有设置有效负载时才会从方法中抛出该特定异常-getCompactSerialization()是发送/加密端创建 JWE 的最后一步。如果您正在解密,则不应调用它。也许你在某个地方接到了一个意外的电话?否则,您使用的代码以及示例原始 JWE 值可能有助于解决问题(以及密钥,如果它只是一个测试并且您可以共享它们)。

于 2016-02-10T20:01:11.043 回答
0

JWE 在获取纯文本有效负载之前需要 2 级解密。

所以首先从 JWE 到 JWS。然后在验证签名后从 JWS 到 JWT。下面的代码将做到这一点。

  // That other party, the receiver, can then use JsonWebEncryption to decrypt the message.
        JsonWebEncryption receiverJwe = new JsonWebEncryption();

        // Set the compact serialization on new Json Web Encryption object
        //This is the received payload JWE payload 
        receiverJwe.setCompactSerialization(result.toString());


        // Symmetric encryption, like we are doing here, requires that both parties have the same key.
        // The key will have had to have been securely exchanged out-of-band somehow.
        receiverJwe.setKey(secretKeySpec);

        // Set the "alg" header, which indicates the key management mode for this JWE.
        // In this example we are using the direct key management mode, which means
        // the given key will be used directly as the content encryption key.
        //receiverJwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.DIRECT);

        //receiverJwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256);

        // Get the message that was encrypted in the JWE. This step performs the actual decryption steps.
        String jwsPayload = receiverJwe.getPlaintextString();

        // And do whatever you need to do with the clear text message.
        System.out.println("plaintext: " + jwsPayload);

        // Create a new JsonWebSignature object
        JsonWebSignature jws = new JsonWebSignature();

        jws.setCompactSerialization(jwsPayload);

        jws.setKey(secretKeySpec);

        boolean signatureVerified = jws.verifySignature();

        // Do something useful with the result of signature verification
        System.out.println("JWS Signature is valid: " + signatureVerified);

        // Get the payload, or signed content, from the JWS
        String payload = jws.getPayload();

        // Do something useful with the content
        System.out.println("JWS payload: " + payload);
于 2016-02-10T22:03:15.233 回答