santoshbt
How to convert some information to JWE token using a public key?
Hi All,
I need to convert some information to JWE token using a public key. Currently I am considering Jose GitHub - potatosalad/erlang-jose: JSON Object Signing and Encryption (JOSE) for Erlang and Elixir · GitHub. I am getting the signed output in a map. But I am not sure how to convert it to JWE token. If I decrypt it in jwt.io, not getting the proper layload what I have supplied.
Please help.
Thanks
Marked As Solved
tangui
Well the usual way is to first create a signed JWS and get the compact representation, and then to encrypt this payload as a JWE.
First create the keys:
signing_key = JOSE.JWK.generate_key({:ec, :secp256r1})
encryption_key_private = JOSE.JWK.generate_key({:rsa, 4096})
encryption_key_public = JOSE.JWK.to_public(encryption_key_private)
Of course, when encrypting, you won’t have the encryption private key.
Sign the payload and then encrypt it:
signed_payload = JOSE.JWS.sign(signing_key, "some message", %{ "alg" => "ES256" }) |> JOSE.JWS.compact |> elem(1)
encrypted_payload = JOSE.JWE.block_encrypt(encryption_key_public, signed_payload, %{ "alg" => "RSA-OAEP", "enc" => "A256GCM" }) |> JOSE.JWE.compact |> elem(1)
Finally you can decrypt and check the signature:
decrypted_payload = JOSE.JWE.block_decrypt(encryption_key_private, encrypted_payload) |> elem(0)
JOSE.JWS.verify(signing_key, decrypted_payload) |> elem(0)
Verification usually involves checking the recipient and the sender of the token, otherwise you can have some subtle but problematic security issues. See https://crypto.stackexchange.com/questions/5458/should-we-sign-then-encrypt-or-encrypt-then-sign and the first link of the first response. Again, rolling out your own crypto is dangerous if this is what you intend to do.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









