是否可以将JSON Web加密(JWE)与Spring Security OAuth2 JWT一起使用?
现在我有以下内容JwtAccessTokenConverter:
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter() {
@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
DBUserDetails user = (DBUserDetails) authentication.getUserAuthentication().getPrincipal();
final Map<String, Object> additionalInfo = new HashMap<>();
additionalInfo.put("user_id", user.getUser().getId());
((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
OAuth2AccessToken enhancedToken = super.enhance(accessToken, authentication);
return enhancedToken;
}
};
converter.setSigningKey(jwtAccessTokenConverterSigningKey);
DefaultAccessTokenConverter accessTokenConverter = new DefaultAccessTokenConverter();
DefaultUserAuthenticationConverter userTokenConverter = new DefaultUserAuthenticationConverter();
userTokenConverter.setUserDetailsService(userDetailsService);
accessTokenConverter.setUserTokenConverter(userTokenConverter);
converter.setAccessTokenConverter(accessTokenConverter);
return converter;
}
如何在这里添加JWE支持?
spring-security jwt spring-security-oauth2 jwe spring-oauth2
我的最终目标是创建一个 JWE 字符串,为 iOS 提供一个公钥。
为了让我自己更轻松,我最紧迫地分解了我的步骤,我需要使用 RSA 加密从秘密密钥和公共密钥字符串创建一个加密密钥。
我在堆栈溢出和互联网的其他地方尝试了很多在这里找到的东西。由于各种原因,他们只是没有解决。
我被一些 Objective C 代码引导:
/* Device Data encryption - create JWE given DS publicKey */ +(NSString *)createJWE:(NSString *)payload withPublicKey:(SecKeyRef)publicKey {
// create secretKey for encryption
NSData *secret = [self generateRandom:(KEY_SIZE*2)];
NSData *hmacKey = [secret subdataWithRange:NSMakeRange(0, KEY_SIZE)]; NSData *aesKey = [secret subdataWithRange:NSMakeRange(KEY_SIZE,
KEY_SIZE)];
NSData *iv = [self generateRandom: IV_SIZE];
// create header
NSString *header = @"{\"enc\":\"A128CBC-HS256\",\"alg\":\"RSA-OAEP\"}";
// encrypt secretKey
NSData *encryptedKey = [self rsaEncrypt:secret key:publicKey];
// encrypt payload
NSData *encrypted = [self …I need to read in an RSA private key from a file to sign a JWT. I am using the openssl to generate a private key. When decrypting the private key getting length too large error
openssl genrsa -des3 -out jwt-private.pem 2048
func main() {
penbhytes := `-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,A30B805A7CC6454D
AOrhSmQZSXu1EjxeJzYlFy2nz6ScUPDqCXEnupExzqFsIFxT4EaJaT+PYSzjVfIq
RwVfzUxPpAUJ1Ch++s+0tKpKrCaPQdNJthMH1mYEb7WCH8wzVmU473Tlw/jKzrNm
BzVei4YT+xRi15+etlv0uuXBGcKcMDD13LQS5qfIrEJI6Eei0LGtKqL++eZDt/Nz
+5R7JP07R0BCXaK+4b+op1mpbbSuxoHTJBkSqd2Aqp4uCyNNGHmm6bBlBuItUYeK
DAGkUK0iqjUTtiCNsuSr0L288BFZj/y4t2b5gydeaZguVTFYta5TcDTHbZ+R7/yH
cx8GeijKzYsLoNfE3BIypNMBBClQJfSgumwky1couZTIh18ik8wQySvtbMo5zav+
zIRrbaGuGY3pInE5zE7k2okilgVnnjBzCQQOxwgXEp5pysRU06CmjbGtt66FvuoE
KNDhsHJJX1g8LkqivjVOo2ueBrmLItBJh5fS2gPQIVR7hFj3UcYLH/qY0sVqY7aR
Nf3g0RsUSJWWnJShdoI4zzQNFoZcaTvbbfQc45n1BBNwxmMDNGUL0xQFiioPiiSm
D1I01jQarKnBvSgWzK81XiaHkRC25Ni1vMjdZATsXpfjao0q1YPzqchdegW1N8rR
97JZQzirbxV4n0opupX7fs3Xqlnk9SVhr1nHdYMpia0MFfnhhoUiKLAlIzuGJqz6
5245JgJ2edecuZQ1SM2HrvLSnmq93b4OUafZrCo6vBZiw0EXFPA/BUfz9+PtFzH2
CQ4MAeJFs0L8bdPA5XVpyA6p8wTIgmKYT64TOFIzaBCtkJcDBnlNKrEZ/Qu7PUbq
Miz7uQSXBGOI5myEYR0GUhLGbImQz+RpkwNygunjFgBgC7IGFzUfEYpguaUloFPm
Xgc8/1C6XStluW7f8h7b/K/+U3sCpHKzJdvQz7rptuhs6wtvPVLJse1Ja8E0CnN6
7S/frRILd9Wal1sRrrZM7fRNYUXCM/3Fz72W55Vp3oKzas4ziBywUvg4LWC4R4yr
31pJms+fyjAxTX3eSuBsdLGrtWKxxri+oUYooR6oDAiVCVT9llZwXuOcaPzH7A2x
AbA+g/6t3Qx+zNZ9aMKrBTvsaRThW9AU6Dn9P2X7lyRtR/WMHf+R72vfcNfaGyu6
Komn4kXhbDdIMvEVSlAF3lSnA1KE/0B3vWEO8q2Vxp66/OCArzX21hUjJr21JT7U
7YJ6hHQOpdQoZA+2G7Gef1FTiyKYWN9c0UmAdiaKATwwZtu17/lT8oWRZfkp3sUz
tPLJ08GD91mWq3ExsjTUGWTKAQSp+SDTEJ0SFEw/CH2dhSY/q03eM4cNawVdfDEM
+50NwHzCiiddLGDASFxKbtkLXZa4xxhg5GTv2F9ObXzKPisM7ipTBC52/EvLU1vP
Rg92CUoBES2JEhS3M6f0hWdFjKMFaMsdOXKyEzytg31bSPDw0BoKV9a7LKSWhsUk
7U+gxl84sDUwEZ6jRqRnOrt9gR4FC/m3Z/Fv8KYy1dgyIO2vlprXfHAxlxRWnBAh
SfTAKja37lLgaMY84EBxsXKayMhWfGIKAb5WABjZcQcdntV2tIVtZjmZPeP/NA57 …我有一个字符串格式的令牌,例如:
eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhHQ00ifQ.K52jFwAQJH-DxMhtaq7sg5tMuot_mT5dm1DR_01wj6ZUQQhJFO02vPI44W5nDjC5C_v4pW1UiJa3cwb5y2Rd9kSvb0ZxAqGX9c4Z4zouRU57729ML3V05UArUhck9ZvssfkDW1VclingL8LfagRUs2z95UkwhiZyaKpmrgqpKX8azQFGNLBvEjXnxxoDFZIYwHOno290HOpig3aUsDxhsioweiXbeLXxLeRsivaLwUWRUZfHRC_HGAo8KSF4gQZmeJtRgai5mz6qgbVkg7jPQyZFtM5_ul0UKHE2y0AtWm8IzDE_rbAV14OCRZJ6n38X5urVFFE5sdphdGsNlA.gjI_RIFWZXJwaO9R.oaE5a-z0N1MW9FBkhKeKeFa5e7hxVXOuANZsNmBYYT8G_xlXkMD0nz4fIaGtuWd3t9Xp-kufvvfD-xOnAs2SBX_Y1kYGPto4mibBjIrXQEjDsKyKwndxzrutN9csmFwqWhx1sLHMpJkgsnfLTi9yWBPKH5Krx23IhoDGoSfqOquuhxn0y0WkuqH1R3z-fluUs6sxx9qx6NFVS1NRQ-LVn9sWT5yx8m9AQ_ng8MBWz2BfBTV0tjliV74ogNDikNXTAkD9rsWFV0IX4IpA.sOLijuVySaKI-FYUaBywpg
现在我想通过一些 java 库解密这个 String 并最终想要访问有效负载。到目前为止有人这样做过吗?
参考这个,我必须使用算法AGCM256-KW加密.我正在使用Java Cryptography,我没有找到任何这样的算法.我发现最接近的是AES_256/GCM/NoPadding,但它没有KW(密钥包装).
这是我的测试代码
public void testEncryption(String algo) {
String shared_secret = "LyQnklSrxsk3Ch2+AHi9HoDW@//x1LwM123QP/ln";
try {
// Step 1 - Create SHA-256 digest of the shared key
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] digest = md.digest(shared_secret.getBytes("UTF-8"));
// Step 2 - generate a 256 bit Content Encryption Key(CEK)
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(256);
SecretKey cek = kg.generateKey();
// Step 3 - encrypt the CEK using 256 bit digest generated in Step 1
// and 96 bit random IV. …只要了解JOSE,我就会知道JWE用于加密,JWS用于签名。我似乎无法找到示例的是经过加密和签名的有效负载。
假装我有一个有效载荷hello world。做这样的事情是正确的吗?JWS(JWE('hello world')加密的JWE作为JWS的有效负载?
JWE标准定义了一个称为密钥管理模式的概念。根据RFC,有五种:直接加密、密钥加密、直接密钥协商、密钥包装、密钥协商与密钥包装。
它们之间有什么区别,拥有这么多又有什么意义呢?