Encryption with "alg" ECDH_ES* #197
-
Hi Panva, I'm sorry for bothering you, but I don't understand how can I encrypt a JWT with this alg. PS: for derivation I'm using 'elliptic' because 'crypto.createECDH' does not support 'secp256r1' (?) import * as ec from 'elliptic'
import crypto from 'crypto'
import CompactEncrypt from 'jose/jwe/compact/encrypt'
const ecKey = new ec.ec('p256')
const clientGen = ecKey.keyFromPublic(/*hex of publicKey*/)
const providerGen = ecKey.keyFromPrivate(/*hex of privateKey*/)
clientGen.validate()
const providerSecret = providerGen.derive(clientGen.getPublic()) // return BN
const secretKey = crypto.createSecretKey(providerSecret.toArrayLike(Buffer))
const id_token = await new CompactEncrypt(new TextEncoder().encode(/*jwt*/))
.setProtectedHeader({
alg: "ECDH_ES_A128KW",
enc: "A128GCM",
epk: /*providerPublicJwk*/,
})
.encrypt(secretKey) |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
A little bit in everything.
import { parseJwk } from 'jose/jwk/parse'
import { CompactEncrypt } from 'jose/jwe/compact/encrypt'
const recipientPublicKey = {
"kty": "EC",
"crv": "P-256",
"x": "Eb3RtGgBGOEz33yu46aha_RU6pyBaYNlu6SawlWGGHQ",
"y": "tUncttzF6Ud4Abfn1N2A1Rz2MBbJSdI0zuKS28BNb-U"
}
const alg = 'ECDH-ES'
const publicKey = await parseJwk(recipientPublicKey, alg)
const token = await new CompactEncrypt(new TextEncoder().encode('Hello World!'))
.setProtectedHeader({
alg: alg,
enc: 'A128GCM',
})
.encrypt(publicKey)
console.log(token) |
Beta Was this translation helpful? Give feedback.
A little bit in everything.
ECDH_ES_A128KW
is not a registered algorithm,ECDH-ES+A128KW
is.secp256r1
is not a curve registered for JOSE use.