You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Temporary workaround can be achieved using "direct" encryption using the snippet below.
package main
import (
"crypto/ecdsa""crypto/elliptic""crypto/rand""encoding/base64""fmt"
jose "github.com/go-jose/go-jose/v3"
cipher "github.com/go-jose/go-jose/v3/cipher"
)
funcEncryptTest() {
// Sender's keyvarsenderKey, _=ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
// Receiver's keyvarreceiverKey, _=ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
// Define apu/apvapuPlain:="alice"apvPlain:="bob"apu:=base64.URLEncoding.EncodeToString([]byte(apuPlain))
apv:=base64.URLEncoding.EncodeToString([]byte(apvPlain))
// Define the epk (private key)jwkKey:= jose.JSONWebKey{
Key: senderKey,
KeyID: "1",
Algorithm: "ES256",
Use: "enc",
}
// epk Public partjwkPub:=jwkKey.Public()
// Derive a shared secretencKey:=cipher.DeriveECDHES("A256GCM", []byte(apuPlain), []byte(apvPlain), senderKey, &receiverKey.PublicKey, 32)
// Init a new encrypterencrypter, err:=jose.NewEncrypter(
jose.A256GCM, jose.Recipient{
Algorithm: jose.DIRECT,
Key: encKey,
}, &jose.EncrypterOptions{
ExtraHeaders: map[jose.HeaderKey]interface{}{
// Set the header claims. Important!"typ": "JWT",
"apu": apu,
"apv": apv,
"epk": jwkPub,
"alg": "ECDH-ES",
},
})
iferr!=nil {
panic(err)
}
// Content we're encryptingvarplaintext= []byte("Lorem ipsum dolor sit amet")
// Encryptobject, err:=encrypter.Encrypt(plaintext)
iferr!=nil {
panic(err)
}
// Serialiseserialised, _:=object.CompactSerialize()
fmt.Println(serialised)
// Parse the serialized, encrypted JWE object. An error would indicate that// the given input did not represent a valid message.deserialised, err:=jose.ParseEncrypted(serialised)
iferr!=nil {
panic(err)
}
// Now we can decrypt and get back our original plaintext. An error here// would indicate that the message failed to decrypt, e.g. because the auth// tag was broken or the message was tampered with.decrypted, err:=deserialised.Decrypt(receiverKey)
iferr!=nil {
panic(err)
}
fmt.Println("Decrypted: ", string(decrypted))
iferr!=nil {
panic(err)
}
}
The text was updated successfully, but these errors were encountered:
Hi,
Thank you for this great library. I ran into the following issue:
When trying to encrypt/decrypt:
decryption fails. After inspecting the encryption, it seems that DeriveECDHES ignores the apu, apv JOSE header parameters when encrypting (
go-jose/asymmetric.go
Line 399 in 66f2b1f
go-jose/asymmetric.go
Line 444 in 66f2b1f
Temporary workaround can be achieved using "direct" encryption using the snippet below.
The text was updated successfully, but these errors were encountered: