Reputation: 9285
Implementing JSON Web Encryption in Node.js
I'm looking for a way to use JSON Web Encryption (JWE) in a Node.js service. I have however only managed to find implementations of the related standard JWS. There are however several libraries for other languages, such as jose4j.
Did anyone successfully implement JWE in Javascript? I'm afraid I'm gonna gave to resort to implementing the spec myself using lower level primitives. Is there a better approach?
Upvotes: 13
Views: 11862
Answers (3)
Reputation: 18535
Using Node's crypto library, below uses a 256 bit (GCM) AES Key in a direct encryption scheme.
import { Buffer } from 'node:buffer';
import fs from "node:fs";
import url from 'node:url';
import path from "node:path";
const {createCipheriv, createDecipheriv, createSecretKey, randomFill, generateKey} = await import('node:crypto');
var aesKey;
var claims = {name:"Joe",roles:["member","admin"]};
(async function () {
console.log("\x1b[31mInvalid Token")
aesKey = await generateSecretKey();
let jwe = await returnJWE(claims);
console.log("\x1b[37mYour JWE token is: " + consoleString(jwe));
console.log("Paste JSON Web Token In Terminal Then Press Enter.")
})();
async function decryptJWE(jwe) {
try {
let parts = jwe.split(".");
let encodedJWEProtectedHeader = parts[0];
let protectedHeaderBuffer = Buffer.from(encodedJWEProtectedHeader,'base64url');
let cipherText = parts[3];
let tag = parts[4];
let tagBuffer = Buffer.from(tag,'base64url');
let iv = Buffer.from(parts[2],'base64url');
const decipher = createDecipheriv('aes-256-gcm', aesKey, iv);
decipher.setAAD(protectedHeaderBuffer);
decipher.setAuthTag(tagBuffer);
let decrypted = decipher.update(cipherText,'base64url','utf8');
decrypted += decipher.final('utf8');
return JSON.parse(decrypted);
} catch (e) {
return "\x1b[31mInvalid Token!\x1b[37m";
}
}
function generateInitializationVector () {
return new Promise(function(resolve, reject) {
let buf = Buffer.alloc(32); //makes 256 bit
randomFill(buf, (err, buf) => {
if (err) reject (err);
resolve(buf);
});
});
}
function generateSecretKey () {
return new Promise(function(resolve, reject) {
generateKey('aes', { length: 256 }, (err, key) => {
if (err) {
reject (err);
}
resolve (key)
});
});
}
async function returnJWE(claimsObject){
let headerObject = {"alg":"dir","enc":"A256GCM"};
let headerString = JSON.stringify(headerObject);
let iv = await generateInitializationVector();
let claimsString = JSON.stringify(claimsObject);
let claimsBase64URLEncoded = Buffer.from(claimsString).toString('base64url');
let cipher = createCipheriv('aes-256-gcm', aesKey, iv);
cipher.setAAD(Buffer.from(headerString));
cipher.setAutoPadding();
let encrypted = cipher.update(claimsString,'utf8','base64url');
encrypted += cipher.final('base64url');
let tag = cipher.getAuthTag().toString('base64url');
let encryptedKey = "";
let ivString = Buffer.from(iv).toString('base64url');
let encodedJWEProtectedHeader = Buffer.from(headerString).toString('base64url');
let result = encodedJWEProtectedHeader + "." + encryptedKey + "." + ivString + "." + encrypted + "." + tag;
return result;
}
export default {decryptJWE, returnJWE};
process.stdin.setEncoding('utf8');
process.stdin.on('readable', async () => {
let chunk;
while ((chunk = process.stdin.read()) !== null) {
console.log(await decryptJWE(chunk));
}
});
function consoleString(token){
let tokenParts = token.split(/(\.)/);
let colors = ["32m","31m","33m","34m","36m"];
let color = "\x1b[X";
let str = ""
//str += color
tokenParts.forEach(function(part,index){
if(part != "."){
str += color.replace("X",colors.shift())
}
str += part;
str += "\x1b[37m"
})
return str;
}
Upvotes: 1
Reputation: 4174
Here is a library that can be used from Node.js also https://github.com/cisco/node-jose. They have also a very good documentation on how to use it.
Upvotes: 7
Reputation: 980
There is a library js-jose https://github.com/square/js-jose. But it works only for Chrome. It does not work for Internet Explorer nor for FireFox.
Upvotes: 2
Related Questions
- How to encrypt data that needs to be decrypted in node.js?
- Symmetric encryption with NodeJS
- Client-side encryption in NodeJS/Javascript
- Encrypt/decrypt JSON data in NodeJS
- Encrypt in Nodejs and decrypt on the client using WebCrypto API
- How to encrypt data in browser with JavaScript and decrypt on server side with Node.js
- encrypt and decrypt a string with node
- Node.js - Encryption
- NodeJS Crypto encryption to front end javascript decryption
- Encrypt/decrypt javascript object into/from string - node.js