jwt / ruby-jwe Goto Github PK

Hi, I found an issue while trying to decrypt something with enc: A256CBC-HS512 which was encrypted by another library. I was getting 'Authentication tag verification failed' with this library but not on others.

After hunting down the differences on how the tag was calculated I narrowed it down to this line

According to RFC 7516 JSON Web Encryption (JWE)

The octet string AL, which is the number of bits in AAD expressed as a big-endian 64-bit unsigned integer

I made the changes to both decrypt and encrypt in my fork, but was unable to figure out how to fix all the failing tests in spec/jwe/enc_spec.rbso haven't raised a PR.

With the updated openssl library within ruby 2.4 you get this error:
key must be 16 bytes (ArgumentError)

I am ready with a quick rspec test case but it fails on anything > 2.4

Does it make sense to make a release under the new ruby-jwe name?

I'm trying to use the encrypt method. When I call JWE.encrypt it throws the error

(undefined method `public_encrypt' for #<String:0x00007f8fa78b75c0>)

require 'json'
require 'open-uri'
require 'jwe'

URL = 'https://gist.githubusercontent.com/.../my_json_file.json'.freeze
KEY = "-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----".freeze

data = JSON.load(open(URL))
encrypted = JWE.encrypt(JSON.dump(data), KEY)
puts encrypted
IO.popen('pbcopy', 'r+') { |clipboard| clipboard.puts encrypted }

When using the zip: DEF option on large payloads it failed to deflate properly. Output appears to be truncated.

Several of the class names under JWE::Alg aren't cased correctly to match the output from JWE.param_to_class_name. This mismatch means that perfectly valid algs throw a NotImplementedError.

For example:
With JWE.encrypt(jwt, secret, alg: 'A256KW'), JWE.param_to_class_name converts the alg to "A256kw". Then const_get looks for a matching class name, but doesn't find one because the class is A256Kw.

This should be a real quick fix.

I think this is a feature request, as I haven't really seen it in the docs.

I'd like to able to pass an "enc" JWK (or an array of them) instead of the decryption key.

The "jwt" gem knows how to build and load a JWK key, so maybe this is a feature that makes more sense as an extension of "jwt", as it could be used in the "JWT.verify" method.

I tried encrypting custom headers however i found that version 0.3.0 that I installed from rubygems.org does not reflect what is in master.

Hi there,
Installed the gem and got a syntax error.
No ruby version restrictions described on rubygems.org.
Looks like you use keyword arguments which is a feature in Ruby 2.0 and higher.
Could you confirm this?

Uncaught exception: /.../gems/jwe-0.1.1/lib/jwe.rb:22: syntax error, unexpected tLABEL
def self.encrypt(payload, key, alg: 'RSA-OAEP', enc: 'A128GCM', zip: nil)

Regards

Hi and thanks a lot

How to use this gem as a container to a JWT (e.g created with ruby-jwt)?
Should the JWT output of the ruby-jwt be the payload for the encrypt function?

Thanks a lot

Issue

When using the algorithm "dir" and not giving a encryption key, the lib allow me to encrypt the message anyway (without knowing the encryption key)

pry(main)> JWE.encrypt('plain', nil, alg: 'dir')
=> "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4R0NNIn0..gOyySHAV-rYOmDd1.zfWUxIY.W7YvYlp7I01ZEJe3ZGntJw"

# How should I decipher it?

The issue is more pernicious and prod like in the following case:

pry(main)> cipher = JWE.encrypt('plain', ENV['ENCRYPTION_KEY'], alg: 'dir')
pry(main)> JWE.decrypt(cipher, ENV['ENCRYPTION_KEY'])
=> JWE::InvalidData: Invalid ciphertext or authentication tag

When using an ENV variable to hold the key, and forgetting to set that variable on the server.

Expected Behavior

An error raised, when not providing an encryption key when trying to encrypt the message

Reason

In https://github.com/jwt/ruby-jwe/blob/master/lib/jwe.rb#L31 we set the key directly if the alg is "dir"

cipher.cek = key if alg == 'dir'

In https://github.com/jwt/ruby-jwe/blob/master/lib/jwe/enc/aes_gcm.rb#L45-L47

the attr accessor set the variable @cek on the instance and when calling :cek afterward the variable @cek is set to random_bytes. That is used to encrypt the plain text.

   attr_accessor :cek
   ...
   def cek
     @cek ||= SecureRandom.random_bytes(key_length)
   end

When deciphering the cipher, the cipher key (random bytes) and the encryption key (nil) does not match an we get a CipherError

While trying to consume ruby-jwe generated tokens in Clojure's buddy-sign library, I raised this issue with the buddy developers.

They've investigated and found that when ruby-jwe calls Zlib::Deflate, it produces a byte stream that doesn't conform with RFC7516 4.1.3. Turns out you have to go out of your way to make it comply with RFC1951 rather than RFC1950.

More details are in the issue I raised :)

Is this still being actively maintained? Am requiring RSA-OAEP-256 support for JWE and would like to use this library along with the ruby-jwt library as opposed to finding alternatives.

Am considering forking and exploring adding the support but am just wondering if it's still actively maintained, and would it be complex to add this support (have not explored code in-depth yet) ?