logo标签列表

如何使用私钥在Java中解密JWE(Json Web Encryption)数据

javaencryptionnimbusjose4jjwe
4

I have a private key similar to below

e.g.

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGBRdsiDqKPGyH
gOpzxmSU2EQkm+zYZLvlPlwkwyfFWLndFLZ3saxJS+LIixsFhunrrUT9ZZ0x+bB6
MV55o70z4ABOJRFNWx1wbMGqdiC0Fyfpwad3iYpRVjZO+5etHA9JEoaTPoFxv+kt
QwBjBRAJ3Y5jtrESprGdUFRb0oavDHuBtWUt2XmXspWgtRn1xC8sXZExDdxmJRPA
ADTO3rrGo9hicG/WKGzSHD5l1f+IO1SfmUN/6i2JjcnE07eYArNrCfbMgkFavj50
2ne2fSaYM4p0o147O9Ty8jCyY9vuh/ZGid6qUe3TBI6/okWfmYw6FVbRpNfVEeG7
kPfkDW/JdH7qkWTFbh3eH1k=
-----END PRIVATE KEY-----

我有一个JWE数据,它使用上述私钥/证书生成的公钥进行加密,具体如下:
aaaaa.bbbbb.ccccc.ddddd.eeeee

有人能给我一些Java代码,让我可以使用我的私钥解密这个JWE吗? 我在互联网上找不到明确的答案。我对JWE概念还不是很了解。

1
这取决于使用了哪种加密算法。它出现在jwe的第一部分(在你的例子中是aaaaa)。无论如何,我建议你查看:https://bitbucket.org/b_c/jose4j/wiki/Home。在那里你可以找到源代码以及解释说明。 - aviad
它是SHA256withRSA和X509证书2048密钥。 - Roshanck
你可以查看RFC - gusto2
JOSE代表什么? - samshers
@Roshanck 你好,我也在寻找答案。你解决了吗? - tnkh
3个回答
3

根据您的其他问题和此问题的标签,我假设您选择了Nimbus JOSE + JWT库。无论您使用什么JWT框架,我建议您使用提供的加密/解密令牌的方法,因为它们验证了令牌的结构。

RSAPrivateKey privateKey; //initialize with your key
String jwtTokenAsString = "aaaaa.bbbbb.ccccc.ddddd.eeeee"; //your token
EncryptedJWT encryptedJWT = EncryptedJWT.parse(jwtTokenAsString);
RSADecrypter decrypter = new RSADecrypter(privateKey);
encryptedJWT.decrypt(decrypter);

//Access content with diffrent methods
JWTClaimsSet claims = encryptedJWT.getJWTClaimsSet();
Payload payload = encryptedJWT.getPayload();
1
你能解释一下你的第一行代码 RSAPrivateKey privateKey; //initialize with your key 吗? - tnkh
1

一些让你开始的内容:

public static void main(String[] args) throws Exception
{
    Key privateKey = KeyFactory
            .getInstance("RSA")
            .generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode("your base64 private key")));

    Cipher decrypt = Cipher.getInstance("RSA/ECB/PKCS1Padding");

    decrypt.init(Cipher.DECRYPT_MODE, privateKey, new IvParameterSpec(Base64.getDecoder().decode("ccccc")));

    String decryptedMessage = new String(decrypt.doFinal(Base64.getDecoder().decode("ddddd")), StandardCharsets.UTF_8);
}
0
这是我使用的东西。
    public String verifyAndDecrypt(String senderJws) throws ParseException, KeyStoreException, JOSEException, NoSuchAlgorithmException, UnrecoverableKeyException, JsonProcessingException {
    String paJson = null;
    JWSObject jwsObject = JWSObject.parse(senderJws);
    RSASSAVerifier verifier = new RSASSAVerifier(getPublicKeyFromString());

    if (jwsObject.verify(verifier)) {
        JWEObject jweObject = JWEObject.parse(jwsObject.getPayload().toString());
        JWEHeader jweHeader = (JWEHeader) jweObject.getHeader();
        RSADecrypter decrypter = getDecrypter();
        jweObject.decrypt(decrypter);
        if (jweObject.getState() == JWEObject.State.DECRYPTED) {
            paJson = jweObject.getPayload().toString();
        }

    }
    return paJson;
}



public RSAPublicKey getPublicKeyFromString() throws IOException, GeneralSecurityException {
    try {
        byte[] encoded = Base64.getDecoder().decode(certString); //certString is string not include ---BEGIN--- and ---END---
        InputStream certstream = new ByteArrayInputStream(encoded);
        Certificate certder = CertificateFactory.getInstance("X.509").generateCertificate(certstream);
        return (RSAPublicKey) certder.getPublicKey();
    } catch (GeneralSecurityException e) {
        e.printStackTrace();
        throw e; 
    }
}

public RSAPrivateKey getMyPrivateKey() throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
    byte[] encoded = Base64.getDecoder().decode(privateKeyString);
    KeyFactory kf = KeyFactory.getInstance("RSA");
    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
    RSAPrivateKey privKey = (RSAPrivateKey) kf.generatePrivate(keySpec);
    return privKey;
}
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接