1

遵循https://github.com/ndi-trusted-data/myinfo-demo-app/blob/master/lib/security/security.js上的指南

我设法在节点 js 环境中解密了 JWE 令牌,但没有在 php 中解密。

但是,使用 PHP 中的相同实现,我无法使用相同的密钥解密相同的 JWE。

我下面的代码有什么问题吗?尝试了2天,我被卡住了。我的代码或两个库的实现都不是标准的有什么问题吗?

这是nodejs成功解密的输出。

Decrypting JWE (Format: header.encryptedKey.iv.cipherText.tag)

eyJhbGciOiJSU0ENvbS5z.........

{"alg":"RSA-OAEP","enc":"A256GCM","kid":"aa.sample.com"}

Person Data (JWS):
"eyJhbGciOiJSUzI1NiIsImtpZCI6IkM2US0wYnNIYzRxeU5xNk1CRXRmdH......

Person Data (Decoded):
{"uinfin":{.........} }

遵循文档https://web-token.spomky-labs.com/components/encrypted-tokens-jwe/jwe-loading

use Jose\Component\Core\JWK;
use Jose\Component\Encryption\Algorithm\KeyEncryption\RSAOAEP;
use Jose\Component\Encryption\Algorithm\ContentEncryption\A256GCM;
use Jose\Component\Encryption\Compression\CompressionMethodManager;
use Jose\Component\Encryption\Compression\Deflate;
use Jose\Component\Encryption\Serializer\JWESerializerManager;
use Jose\Component\Encryption\Serializer\CompactSerializer;
use Jose\Component\Encryption\JWEDecrypter;

$jwtString = "eyJhbGciOiJSU0EtT0FFU....";

// The serializer manager. We only use the JWE Compact Serialization Mode.
    $serializerManager = new JWESerializerManager([
        new CompactSerializer(),
    ]);


    // The key encryption algorithm manager with the A256KW algorithm.
    $keyEncryptionAlgorithmManager = new AlgorithmManager([
        new RSAOAEP()
    ]);



    // The content encryption algorithm manager with the A256CBC-HS256 algorithm.
    $contentEncryptionAlgorithmManager = new AlgorithmManager([
        new A256GCM(),
    ]);

    // The compression method manager with the DEF (Deflate) method.
    $compressionMethodManager = new CompressionMethodManager([
        new Deflate()
    ]);



    $privateKey = JWKFactory::createFromKeyFile(
        base_path('keys/'.env("MYINFO_PRIVATE_KEY_PATH")), 
        '',                   // Secret if the key is encrypted
        [
             'use' => 'enc',         // Additional parameters
        ]
    );



    $signatureKey = JWKFactory::createFromCertificateFile(
        base_path('keys/'.env("MYINFO_ISSUED_PUBLIC_KEY_PATH")),         
        [
             'use' => 'sig',         // Additional parameters
        ]
    );

    // We instantiate our JWE Decrypter.
    $jweDecrypter = new JWEDecrypter(
        $keyEncryptionAlgorithmManager,
        $contentEncryptionAlgorithmManager,
        $compressionMethodManager
    );

    // We try to load the token.
    $jwe = $serializerManager->unserialize($jwtString);  

    // We decrypt the token. This method does NOT check the header.
    $success = $jweDecrypter->decryptUsingKey($jwe, $privateKey, 0,$signatureKey);

    dd($success);


--- false

期待解码的 JWT 有效负载,但不断出错。

4

1 回答 1

0

我一直面临着同样的问题。在深入研究代码执行时,我发现 CompressionManager 是空的。文档中的代码:

// The compression method manager with the DEF (Deflate) method.
$compressionMethodManager = new CompressionMethodManager([
    new Deflate()
]);

标准构造函数已弃用,不应再使用。就我而言,它是空的,所以没有注册任何 CompressionMethod。我使用 create mehtod 使它工作:

// The compression method manager with the DEF (Deflate) method.
$compressionMethodManager = CompressionMethodManager::create([
    new Deflate()
]);

BR,

奥雷连

于 2021-06-14T09:19:38.090 回答