3

我能够获得解密的数据(有效载荷),但无法验证数据在传输中没有改变。

使用您的 RSA 私钥和标头中指定的“alg”算法对加密密钥进行解密,以生成对称密钥。接下来,使用 JWE 解密库使用对称密钥、初始化向量、标签和 ascii 编码的 Header 来解密 Cipher Text,在 Header 中使用“enc”算法。

JavaScript 工作代码


// Decrypt JWE using private key
security.decryptJWE = function decryptJWE(header, encryptedKey, iv, cipherText, tag, privateKey) {
  console.log("Decrypting JWE".green + " (Format: " + "header".red + "." + "encryptedKey".cyan + "." + "iv".green + "." + "cipherText".magenta + "." + "tag".yellow + ")");
  console.log(header.red + "." + encryptedKey.cyan + "." + iv.green + "." + cipherText.magenta + "." + tag.yellow);
  return new Promise((resolve, reject) => {

    var keystore = jose.JWK.createKeyStore();

    console.log((new Buffer(header,'base64')).toString('ascii'));

    var data = {
      "type": "compact",
      "ciphertext": cipherText,
      "protected": header,
      "encrypted_key": encryptedKey,
      "tag": tag,
      "iv": iv,
      "header": JSON.parse(jose.util.base64url.decode(header).toString())
    };
    keystore.add(fs.readFileSync(privateKey, 'utf8'), "pem")
      .then(function(jweKey) {
        // {result} is a jose.JWK.Key
        jose.JWE.createDecrypt(jweKey)
          .decrypt(data)
          .then(function(result) {
            resolve(JSON.parse(result.payload.toString()));
          })
          .catch(function(error) {
            reject(error);
          });
      });

  })
  .catch (error => {
    console.error("Error with decrypting JWE: %s".red, error);
    throw "Error with decrypting JWE";
  })
}

以下Java代码缺少验证部分,因为我不知道该怎么做。

Java 代码

private String decryptJWT(String token) {
    JWEObject jweObject;
    try {
        jweObject = JWEObject.parse(token);
        // Decrypt with shared key
        byte[] b1 = Base64.getDecoder().decode(PRIVATE_KEY);
        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(b1);
        KeyFactory kf = KeyFactory.getInstance("RSA");
        RSADecrypter decrypter = new RSADecrypter(kf.generatePrivate(spec));
        jweObject.decrypt(decrypter);
        // Extract payload
        SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
        return signedJWT.getPayload().toJSONObject().toString();
    } catch(Exception e) {
        e.printStackTrace();
        throw new RuntimeException(e);
    }

}

/*I have tried this code to verify but it's not working.*/
RSAKey serverPublicKey = RSAKey.parse(signedJWT.getHeader().getJWK().toJSONObject());
if (signedJWT.verify(new RSASSAVerifier(serverPublicKey))) {
    return signedJWT.getPayload().toJSONObject().toString();
}
4

0 回答 0