CODEWITHSUNDEEP
node.jsjwtecdsajwkjose
priyanka mane
priyanka mane

Reputation: 45

creating JWK and JWS using jose, however getting error "unsupported algorithm"

I have to encrypt the payload using ES256 algorithm. Also have to use kid in JWK as described in below code. I am using the jose libraries for creating signature. Below is the code:

var jose = require("node-jose");

async function a1(){
    try {
    const keystore = [
  {
    kty: 'EC',
    kid: '6d858102402dbbeb0f9bb711e3d13a1229684792db4940db0d0e71c08ca602e1',
    use: 'sig',
    alg:'ES256'
  }
]
const ks = await jose.JWK.asKeyStore(keystore);
const rawKey = ks.get(keystore[0].kid)
const key =  await jose.JWK.asKey(rawKey);

const payload =JSON.stringify({"sub": "1234567890",  "name": "Eric D.",  "role": "admin","iat": 1516239022});
    
const token =await jose.JWS.createSign({alg: "ES256", format: 'compact'}, key).update(payload, "utf8").final();

    }catch (err) {
    console.log(err);
  }
    
}
a1();

But I am getting error:

unsupported algorithm.

Please let me know why is this issue coming.

Upvotes: 2

Views: 12898

Answers (1)

jps
jps

Reputation: 22525

The alg parameter ({alg: 'ES256'}) is correct but the provided JWK is not complete, it's missing some parameters.

You have to provide the curve (crv), x and y coordinates (x, y) and ECC Private Key (d).

  const keystore = [
  {
    kty: 'EC',
    kid: '6d858102402dbbeb0f9bb711e3d13a1229684792db4940db0d0e71c08ca602e1',
    use: 'sig',
    alg:'ES256',
    crv: "P-256",
    x  : "SVqB4JcUD6lsfvqMr-OKUNUphdNn64Eay60978ZlL74",
    y  : "lf0u0pMj4lGAzZix5u4Cm5CMQIgMNpkwy163wtKYVKI",
    d  : "0g5vAEKzugrXaRbgKG0Tj2qJ5lMP4Bezds1_sTybkfk"    
  }]

The values for x, y, and d in the above example are taken from this article, but usally you have to generate your own key, which is also described in the linked article or by using an online key generator.

The result will be a signed token:

eyJhbGciOiJFUzI1NiIsImtpZCI6IjZkODU4MTAyNDAyZGJiZWIwZjliYjcxMWUzZDEzYTEyMjk2ODQ3OTJkYjQ5NDBkYjBkMGU3MWMwOGNhNjAyZTEifQ.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkVyaWMgRC4iLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE1MTYyMzkwMjJ9.gmVcj7rcENUDesVOSKRzvcMbxT_3zf2Sz771pdy3E1t4P-aKFxV1Vkcry2gvoQ1k11xvE0RSs3jYa13qsjFAzg

Note: the token is a signed token, the payload is not encrypted. If you need/require payload encryption, consider creating an encrypted token (JWE).

Upvotes: 3

Related Questions