Well, I'm trying to generate the same key with this two libraries:
- https://github.com/dvsekhvalnov/jose-jwt this is for C#
- https://github.com/Spomky-Labs/jose and this is for PHP
I have implemented both:
In C#:
public static string CypherData<T>(T payload)
{
return JWT.Encode(payload, pubkey, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM, JweCompression.DEF);
}
Console.WriteLine(Api.CypherData("hola"));
This how I load public key PEM string:
private static RSACryptoServiceProvider GetPubKey()
{
ConnPreCheck();
JObject obj = JsonConvert.DeserializeObject<JObject>(getPubKey.HttpGet());
pubkeyStr = obj["data"]["pubKey"].ToString();
return PemKeyUtils.GetRSAProviderFromPemString(pubkeyStr);
}
And this is what it returns:
eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.L3Teg2RSXXpp4jakLkl2PQgidJ5BIXyP5QZM2B4RaO0vs55aT22D9_dPl6d83KvXezM4YkOnyoF0JA0eLX3k8W4eWkHUhgoYqxgwQSWWhjrpDxcpNdXbDlB6zVb_BKf5upro5qm23nr_SOkkqhKJGrw_sIXvD1LjOburLolDqojrnvK5awGtiFwkPZjRh_wh4z4buEfYsWJCKhTLU6aG_DipmbAXq1o9u1-cqiQJC0JlPJRbh6JJDmVc9YqBv0W0rFEa7W5HA12TO-RtV42tEPApr3hNmD8QwzvxxZYKpMzoBAsSQcvSKk878qeOAcx3pZyoDZ6WzD-LRusWy7nJwOa6AC9NsL91mv8WsZxWar9AnzOsKleSJ7k8I477pXE_H1g7XnFBgmA4egF-721sa7SO2LtS440v1ytA4504sdjVYeOfWmRSU4UljnUqaYTd031fzCevzNEO0Q7mncn-sJACVHiwQB9c703SvYZaFOyzU-vdXUqBRTR6x0JvQd_lFNgSS9pOQC5BQbAKOME9fjdXiwRUKfyHXCUAUj88CJEMqxg3_VYYfUC04GahmoysR9QUpK3l84Z5TLOi47SvO-NkR-2wf7v4ko8bZIR3E6XFHFG9lWwdzR_JPz7fm0OFiYB0HN8XgWE4bQ2tasYsmFhWVfkeRZodnlqFvImSNjA.GIGFv4h_nYkpBiA5.1_66eMEb.BJTezaLucvfluWQ8VEzgCQ
In PHP:
Well, the PHP implementation is the following:
include(__DIR__ . "/../libs/jose/autoload.php");
$file = __DIR__ . '/../keys/public.key';
$contents = file_get_contents($file);
// This is the input we want to load verify.
$input = @$_GET["input"];
$key = new \Jose\KeyConverter\RSAKey($contents);
$jwe = \Jose\Factory\JWEFactory::createJWEToCompactJSON(
$input, // The message to encrypt
new \Jose\Object\JWK($key->toArray()), // The key of the recipient
[
'alg' => 'RSA-OAEP',
'enc' => 'A256GCM',
'zip' => 'DEF',
]
);
They are similar codes no?
But the output is different:
eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00iLCJ6aXAiOiJERUYifQ.jbNHUCuXYcXZWrHsJrPclV-fjYmFWwwPj4t3kAOt7PahQfsz0a1GaRrODcwKce4yRtLyjv2U7CtFMxt9ah3XTwIqm1mzzPMhO4LnFIRqMRgsxEgIijRqNOOpE85M3UPBRqjYw0wdjaqfJToLVLwaHgUPCkOqsHrdOOWkxN20fZYy4Z1PQAC0rk2WqLD0x7Za1jdV6LvVtd18iFIaRqf2uNYcRePdyInRxwHGp9JfRkVCQILTfwHlxQBKrwJxhZOzdHrjjNjxNsjAsHGMix6MAbUR0YT4hlrE59eriDVxix4uQrrChuzWVz_kY9-zvB9SDZnYDdfgONYUgTMpbkMTVWsF40JmWJ6wvGs3HaaIxN17UjQLemKgrS4-bqvbnschhZTIGi5-f8Cr_SwGo411VNYhNpD4P1H2dEjmAFpn3SdW3Oi6pPgK2tvIpEwGUS-Gi29-aCCNeuyE2m5dbFW28G9HMmvZHAky4KHE4NlNJTrH0aBxQX_Gc7eTf9q00gJtKQ5CinXaUYAB0xSEbsNACZuFLPawuxj_3FGn6dHYFOkSsatCTcqV5tiGJXG6ns-wDc682-G9Mj8HCIzYzakp-yZLIaY00fg5xQdgKJrk0QbCtvbwiQGoupyMV9f3RpEBJznPrq4STypxskdh6jksB6T_1fhPqZMVt2BHR4phCBg.9380DJUDH4TQnnr7.zEuMQwRr.BfdStBMcVnVR-2ujTLjuaA
You can see the differences here:
Left is for C# and right for PHP. You can see it there: http://qbz28b-user.freehosting.host/html/Result.html
Obviously, when I try to decrypt with PHP the text generated with C#...
... the implementation of decrypting in PHP:
include(__DIR__ . "/../libs/jose/autoload.php");
$file = __DIR__ . '/../keys/private.key';
$contents = file_get_contents($file);
// This is the input we want to load verify.
$input = @$_GET["input"];
$jwk = new \Jose\KeyConverter\RSAKey($contents);
// We create our loader.
$loader = new Jose\Loader();
$loader->load($input);
// The payload is decrypted using our key.
$jws = $loader->loadAndDecryptUsingKey(
$input, // The input to load and decrypt
new \Jose\Object\JWK($jwk->toArray()), // The symmetric or private key
['RSA-OAEP'], // A list of allowed key encryption algorithms
['A256GCM'], // A list of allowed content encryption algorithms
$recipient_index // If decrypted, this variable will be set with the recipient index used to decrypt
);
$coreData["content"] = $jws->getPayload();
The following exception occurs:
Fatal error: Uncaught InvalidArgumentException: Unable to decrypt the JWE. in C:\xampp\htdocs\z3nth10n-PHP\libs\jose\Decrypter.php:80 Stack trace: #0 C:\xampp\htdocs\z3nth10n-PHP\libs\jose\Loader.php(95): Jose\Decrypter->decryptUsingKeySet(Object(Jose\Object\JWE), Object(Jose\Object\JWKSet), NULL) #1 C:\xampp\htdocs\z3nth10n-PHP\libs\jose\Loader.php(30): Jose\Loader->loadAndDecrypt('eyJhbGciOiJSU0E...', Object(Jose\Object\JWKSet), Array, Array, NULL) #2 C:\xampp\htdocs\z3nth10n-PHP\includes\actions.php(321): Jose\Loader->loadAndDecryptUsingKey('eyJhbGciOiJSU0E...', Object(Jose\Object\JWK), Array, Array, NULL) #3 C:\xampp\htdocs\z3nth10n-PHP\api.php(9): include('C:\xampp\htdocs...') #4 {main} thrown in C:\xampp\htdocs\z3nth10n-PHP\libs\jose\Decrypter.php on line 80
I have been looking in the code for so much time, and I have realized that the problem isn't in the code, the problem is in the token generated. And I don't know what can I do, you can test it here.
... and then, decrypting it.
Any suggestions to look at?