Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

RSA-OAEP-256 not in SupportedAlgorithms.IsSupportedRsaAlgorithm()

See original GitHub issue

I’m trying to decrypt a JWE + JWS token and here is the first part of the token :

eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0

which after a base64ToString is giving :

{"zip":"DEF","enc":"A256CBC-HS512","alg":"RSA-OAEP-256"}

The problem is that when I’m trying to decrypt the token it goes down to the method SupportedAlgorithms.IsSupportedRsaAlgorithm() but RSA-OAEP-256 isn’t listed and I can’t decrypt my token. Do you plan to support it any time soon or I’m missing something ?

Thanks !

Issue Analytics

  • State:open
  • Created 4 years ago
  • Comments:7 (1 by maintainers)

github_iconTop GitHub Comments

1reaction
jlodomcommented, Jun 26, 2021

+1 This was one of two issues I ran into in the question below (I will be updating the entry in the next 24 hours to reflect solution/workaround hopefully). https://stackoverflow.com/questions/68106472/decrypting-jsonwebtoken-using-jsonwebkey-or-jsonwebkeyset-in-c-sharp Since the alg does have cross-platform support in dotnet generally, it would be good to have: https://docs.microsoft.com/en-us/dotnet/standard/security/cross-platform-cryptography

0reactions
lapo-luchinicommented, Mar 24, 2023

(I will be updating the entry in the next 24 hours to reflect solution/workaround hopefully

I tried the work-around and it works for OAEP-256.

(AES-GCM decryption works fine without any change, so in the end I decided it wasn’t worth it to add support for AES-GCM encryption to the provider.)

using System.Security.Cryptography;
using Microsoft.IdentityModel.Tokens;

// inspired to: https://stackoverflow.com/a/68272468/166524
public class OAEP256CryptoProvider : ICryptoProvider
{
    public const string OAEP_256 = "RSA-OAEP-256";

    public bool IsSupportedAlgorithm(string algorithm, params object[] args)
    {
        return (algorithm == OAEP_256);
    }

    public object Create(string algorithm, params object[] args)
    {
        return new RsaOaepKeyWrapProvider(args[0] as SecurityKey, algorithm);
    }

    public void Release(object cryptoInstance)
    {
    }

    private class RsaOaepKeyWrapProvider : KeyWrapProvider
    {
        public RsaOaepKeyWrapProvider(SecurityKey key, string algorithm)
        {
            Key = (RsaSecurityKey) key;
            Algorithm = algorithm;
        }

        protected override void Dispose(bool disposing)
        {
        }

        public override byte[] UnwrapKey(byte[] keyBytes)
        {
            return Key.Rsa.Decrypt(keyBytes, RSAEncryptionPadding.OaepSHA256);
        }

        public override byte[] WrapKey(byte[] keyBytes)
        {
            return Key.Rsa.Encrypt(keyBytes, RSAEncryptionPadding.OaepSHA256);
        }

        public override string Algorithm { get; }
        public override string Context { get; set; }
        public override RsaSecurityKey Key { get; }
    }

}
Read more comments on GitHub >

github_iconTop Results From Across the Web

Untitled
Decrypt rsa-oaep-256 WebMay 2, 2023 · Webex is inherently secure by default, and we hold a main key for encrypting all your organization's...
Read more >
Padding mode not valid when try do decrypt a JWE ...
You use the RSA-OAEP-256 algorithm to encrypt the content encryption key to the recipient to generate the JWE encryption key, and then use...
Read more >
Key types, algorithms, and operations - Azure Key Vault
RSA-OAEP-256 – RSAES using Optimal Asymmetric Encryption Padding ... Keys created by the BACKUP operation are not usable outside Key Vault.
Read more >
JSON Web Token (JWT) with RSA encryption
Use of this algorithm is generally not recommended due to a security ... The following example demonstrates RSA-OAEP-256 with A128GCM encryption of a...
Read more >
authentication - In regard to using RSA-OAEP-256 in JWE ...
And the reason that RSA-OAEP-256 doesn't provide authenticity is that it's an asymmetric key algorithm, where the public key used for encryption ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

CTY header is not set for JWE

Next page

X.509 Certificates with ECDSA based keys supported?