CODEWITHSUNDEEP
c#jweecdh
slav4ik51493
slav4ik51493

Reputation: 27

Decrypt JWE ECDH-ES+A256KW A256GCM

I'm trying to decrypt a JWE

eyJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiRUNESC1FUytBMjU2S1ciLCJraWQiOiI3VGt5TWFqV0JYUlo3aVpmZ3lQUGZmMmdMMzloMlh0ZkpEemNzNXRjZXJNIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibXo1c3FfQi1YbFNYTW1oQm9YWDdmR0ZfME5wOFJqS3F0VUF3cXphU3dMZyIsInkiOiJJUVFRYzhpQVpMbzhiY2NfNUxEWW5kVEJIVXY0Rlc3T3loUHdwakZISmlJIn19.p81T3WizOuNm1XvU-PjksrrDvSExL93EBiC3tUYyJnpPSECXrCdAag.rxpe3T3vPcqenJpF.l29eduC5ZO4MzDsGzXoU-qqNHrWbdZbQulHM43-a0OxRl2NaqVJcyEP3v4JVmNFWZbSHp5IWS1lvM4Sr68l17qSq-voCKrUnqm-7HgEC2QP7pjP3waftgHTyvFYSoc3yXkTSvdL_5OUPcauW1Gay62d-iJWoJqO014VLoSicboMfiCc2bEn1J8iNeC4uWo2yuUgBjo-WR13xRTVi8-8kIjssrIB6aIJpTCdX7cghZ6O3SZZ0Cq8RWx0jcFy41fvxxko-8Z-d16MHqtnzGn4t12Hkjv9ux3KdiWUCy8w7nRvPyClS87pk5C_tqXyaT5vEa2t45JJk1mFbJIuco5C2idHCfDfYQUoBh-8cqvi-MAr9oncQMr5FrZtKmW5HBKCdK6FXZcDZrK0q6YFZXz0t-kc7-pJN6EGZLoRaVuQQ1GzQjpKmimvZ2eqOicBm8nJjT1ppd0NS-ypM_aaPbTtASeSvGQBwgLqxWAccZXbWXRPiqWTKkgRre6oumQtRabfPkdTAjNs7G4wosLDs4K4Qxse5lwvUubOVd4hPTZ8uzUJy3KbaUug3xtJ1ovYIEiA2cbJOhNapSqo3Xu3SKq1orw7eqO6ZfHrSEUb7B2io-ubgYYhTtPzRw3u_2jJVHfLbeszMKWEM291GDaz9_jyuaqGGtglJmeHQ2AUn-tjCVyQdn-txsTzT8gxK4QgK-3J7jnsrecXsiI9gLj1xcG4PTtmJXUtqz07-jaNok-w1H05XbVME3QaFk3tMeA0OYjNhOXpOzhL4AlDxQWwNQ-ulZKZHs1zPUlVDv0nlcpAsOfUqXlBJncAMJ1mvyHxvNMOZsTeLQav2aKr6S2c6uFknXOKAAI-E1x5WHB4SBs79MrWk8ipcMFrjmWhczQtFd2IYI2r820B_4VbBRsD7i-2D-oTO9JjRinxmvCrcT15z8yWP9b9GSbycsR3jkVXvjYKIaOHzcirq6TdufjPAp_ynyoSMg4EEWelRtzpTqzV253ZCK8HstIbHJm185TZh6hJdAQJpyVfKTjMH014U5jmbZTT3ik43WTD3VF_Uf_VWdXdBN-p5KboiNiC0VoTv8f0jAgU_dvYGNPuUJzytZXGYaTrkaSHqVgVLceqjFB8Q6OUTU7nVJ0d0S_vlEtioKGV6uAsLSSp8q_7B3DI1tZlVklAWfyw-GYpCBF09VU755ZcTiSe2wALp_P7-aAH14-2btknjrMAlQQrF9ZpDqzGT_vgQyDRTORrOdTN26AMCznr58ygmiSCfwFV0dmEKEI6dt7WNvVEuaFk8sKicUQlQFlQpX-YYFhaYGbulCZCuTUqDzQifi_D1VNqedGzfgbDclgVtDF7xLH6Sz7cwMIYsuWPttierh82QdFro0jDuNnbPZwU7TQBC2x8k8tn5nSH8SHd8yjR5uyQXtNTkLKaM_-NU_gJrX6Atalku3dIFUUKMB692vPw4Y154Eh8gYoYwgkwzZUJFgnjU3p2M139DFMMJyvTbiaPtKXx1Go_j8yEkgZpqG7nr7V_AisPCOQxu7Ewk3zi4_e3TQxhU3BcXMZCo8TApGpcoFa2lJIRpDK-KMHuyLnQK930OjdpvujhzDFynI7M36hA8msRVx3G2G2LNpDU4Hqd9FmVOwsmhZLdrcMUVxdB-l_bl9aYdHGjOMcAP_7A_VYX8fH5NlI9wTlPKiqwa23vdBuiaOjlZHjhDifK66s0TrOj7fQYmkAN4qn1AfjH5DTTa52U6z2g.8qcaLnQtJAdbUWAO8NiPMA

It has "header.encryptedKey.iv.ciphertext.tag" structure. I've tried to use Jose-jwt NuGet package and it's working perfectly, but only on Windows, because it's using CngKey.Import which throws exception that Platform not supported. I need to use it in Linux (Docker).

I've tried to use BountyCastle code snippets from ChatGPT, but it did not help me.
My last attempt was to use System.IdentityModel.Tokens.Jwt 7.4.0. And yes, I'm using .NET 8.

My code:

using Microsoft.IdentityModel.Logging;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Cryptography;

IdentityModelEventSource.ShowPII = true;
IdentityModelEventSource.LogCompleteSecurityArtifact = true;

//header.encryptedKey.iv.ciphertext.tag
string encryptedToken = "myjwt";
string encryptionPrivateKey = File.ReadAllText("encryption_private_key.pem");
var ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
ecdsa.ImportFromPem(encryptionPrivateKey);
var handler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters
{
    TokenDecryptionKey = new ECDsaSecurityKey(ecdsa),
    ValidateIssuer = false, // установите значения в true, если нужна валидация этих параметров
    ValidateAudience = false,
    ValidateLifetime = false,
};

var jsonToken = handler.ReadToken(encryptedToken) as JwtSecurityToken;
var claims = handler.ValidateToken(encryptedToken, validationParameters, out var validatedToken);
Console.WriteLine(validatedToken);

Exception StackTrace:

Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException
  HResult=0x80131500
  Message=IDX10618: Key unwrap failed using decryption Keys: 'Microsoft.IdentityModel.Tokens.ECDsaSecurityKey, KeyId: '', InternalId: '7TkyMajWBXRZ7iZfgyPPff2gL39h2XtfJDzcs5tcerM'.
'.
Exceptions caught:
 'Microsoft.IdentityModel.Tokens.SecurityTokenKeyWrapException: IDX10659: UnwrapKey failed, exception from cryptographic operation: 'System.InvalidOperationException: IDX10665: Data is not authentic
   at Microsoft.IdentityModel.Tokens.SymmetricKeyWrapProvider.UnwrapKeyPrivate(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at Microsoft.IdentityModel.Tokens.SymmetricKeyWrapProvider.UnwrapKey(Byte[] keyBytes)'
   at Microsoft.IdentityModel.Tokens.SymmetricKeyWrapProvider.UnwrapKey(Byte[] keyBytes)
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.GetContentEncryptionKeys(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
'.
token: 'eyJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiRUNESC1FUytBMjU2S1ciLCJraWQiOiI3VGt5TWFqV0JYUlo3aVpmZ3lQUGZmMmdMMzloMlh0ZkpEemNzNXRjZXJNIiwiZXBrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoibXo1c3FfQi1YbFNYTW1oQm9YWDdmR0ZfME5wOFJqS3F0VUF3cXphU3dMZyIsInkiOiJJUVFRYzhpQVpMbzhiY2NfNUxEWW5kVEJIVXY0Rlc3T3loUHdwakZISmlJIn19.p81T3WizOuNm1XvU-PjksrrDvSExL93EBiC3tUYyJnpPSECXrCdAag.rxpe3T3vPcqenJpF.l29eduC5ZO4MzDsGzXoU-qqNHrWbdZbQulHM43-a0OxRl2NaqVJcyEP3v4JVmNFWZbSHp5IWS1lvM4Sr68l17qSq-voCKrUnqm-7HgEC2QP7pjP3waftgHTyvFYSoc3yXkTSvdL_5OUPcauW1Gay62d-iJWoJqO014VLoSicboMfiCc2bEn1J8iNeC4uWo2yuUgBjo-WR13xRTVi8-8kIjssrIB6aIJpTCdX7cghZ6O3SZZ0Cq8RWx0jcFy41fvxxko-8Z-d16MHqtnzGn4t12Hkjv9ux3KdiWUCy8w7nRvPyClS87pk5C_tqXyaT5vEa2t45JJk1mFbJIuco5C2idHCfDfYQUoBh-8cqvi-MAr9oncQMr5FrZtKmW5HBKCdK6FXZcDZrK0q6YFZXz0t-kc7-pJN6EGZLoRaVuQQ1GzQjpKmimvZ2eqOicBm8nJjT1ppd0NS-ypM_aaPbTtASeSvGQBwgLqxWAccZXbWXRPiqWTKkgRre6oumQtRabfPkdTAjNs7G4wosLDs4K4Qxse5lwvUubOVd4hPTZ8uzUJy3KbaUug3xtJ1ovYIEiA2cbJOhNapSqo3Xu3SKq1orw7eqO6ZfHrSEUb7B2io-ubgYYhTtPzRw3u_2jJVHfLbeszMKWEM291GDaz9_jyuaqGGtglJmeHQ2AUn-tjCVyQdn-txsTzT8gxK4QgK-3J7jnsrecXsiI9gLj1xcG4PTtmJXUtqz07-jaNok-w1H05XbVME3QaFk3tMeA0OYjNhOXpOzhL4AlDxQWwNQ-ulZKZHs1zPUlVDv0nlcpAsOfUqXlBJncAMJ1mvyHxvNMOZsTeLQav2aKr6S2c6uFknXOKAAI-E1x5WHB4SBs79MrWk8ipcMFrjmWhczQtFd2IYI2r820B_4VbBRsD7i-2D-oTO9JjRinxmvCrcT15z8yWP9b9GSbycsR3jkVXvjYKIaOHzcirq6TdufjPAp_ynyoSMg4EEWelRtzpTqzV253ZCK8HstIbHJm185TZh6hJdAQJpyVfKTjMH014U5jmbZTT3ik43WTD3VF_Uf_VWdXdBN-p5KboiNiC0VoTv8f0jAgU_dvYGNPuUJzytZXGYaTrkaSHqVgVLceqjFB8Q6OUTU7nVJ0d0S_vlEtioKGV6uAsLSSp8q_7B3DI1tZlVklAWfyw-GYpCBF09VU755ZcTiSe2wALp_P7-aAH14-2btknjrMAlQQrF9ZpDqzGT_vgQyDRTORrOdTN26AMCznr58ygmiSCfwFV0dmEKEI6dt7WNvVEuaFk8sKicUQlQFlQpX-YYFhaYGbulCZCuTUqDzQifi_D1VNqedGzfgbDclgVtDF7xLH6Sz7cwMIYsuWPttierh82QdFro0jDuNnbPZwU7TQBC2x8k8tn5nSH8SHd8yjR5uyQXtNTkLKaM_-NU_gJrX6Atalku3dIFUUKMB692vPw4Y154Eh8gYoYwgkwzZUJFgnjU3p2M139DFMMJyvTbiaPtKXx1Go_j8yEkgZpqG7nr7V_AisPCOQxu7Ewk3zi4_e3TQxhU3BcXMZCo8TApGpcoFa2lJIRpDK-KMHuyLnQK930OjdpvujhzDFynI7M36hA8msRVx3G2G2LNpDU4Hqd9FmVOwsmhZLdrcMUVxdB-l_bl9aYdHGjOMcAP_7A_VYX8fH5NlI9wTlPKiqwa23vdBuiaOjlZHjhDifK66s0TrOj7fQYmkAN4qn1AfjH5DTTa52U6z2g.8qcaLnQtJAdbUWAO8NiPMA'.
  Source=System.IdentityModel.Tokens.Jwt
  StackTrace:
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.GetContentEncryptionKeys(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.DecryptToken(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
   at Program.<Main>$(String[] args) in C:\Users\Vyacheslav\source\repos\ConsoleApp7\ConsoleApp7\Program.cs:line 23

My header of JWE:

{
  "enc": "A256GCM",
  "alg": "ECDH-ES+A256KW",
  "kid": "7TkyMajWBXRZ7iZfgyPPff2gL39h2XtfJDzcs5tcerM",
  "epk": {
    "kty": "EC",
    "crv": "P-256",
    "x": "mz5sq_B-XlSXMmhBoXX7fGF_0Np8RjKqtUAwqzaSwLg",
    "y": "IQQQc8iAZLo8bcc_5LDYndTBHUv4FW7OyhPwpjFHJiI"
  }
}

Have you any ideas how to solve it?

Upvotes: -1

Views: 409

Answers (1)

Trần Nguy&#234;n Trường
Trần Nguy&#234;n Trường

Reputation: 19

You can install Jose-JWT, read the document in link i refer for more information.

Upvotes: -1

Related Questions