Ability to use public key to do jwtDecrypt

[mariotoffia]

Hi, is it possible to use a public key in jwtDecrypt? I would like to use the JWE format for customers to set certain attributes and use their public key to decrypt the JSON payload (JWT).

I know this is not what the library was intended, but is it possible?

I want to recieve out-of-band public keys from customers and they keep their private keys.

I've tried the following (unsuccessfully).

    const { publicKey, privateKey } = generateKeyPairSync('ec', {
        namedCurve: 'secp384r1',
        publicKeyEncoding: {
            type: 'spki',
            format: 'pem'
        },
        privateKeyEncoding: {
            type: 'pkcs8',
            format: 'pem',
        }
    });

    // Use private key to encrypt JWT -> JWE -> Success
   const key = await jose.importPKCS8(privateKey, 'ECDH-ES');
 
    const jwe = await new jose.EncryptJWT({'var':'data'})
        .setProtectedHeader({ alg: 'ECDH-ES', enc: 'A256GCM' })
        .setIssuedAt()
        .setSubject(sub)
        .setIssuer('urn:crossbreed:v1:issuer')
        .setAudience('urn:example:audience')
        .setExpirationTime('1h')
        .encrypt(key);

    // --> Send to my API

    // In my API: Use public key to decrypt the JWE -> JWT -> Failure
    const key2 = await jose.importSPKI(publicKey, 'ECDH-ES');

    // Fail here due requires symmetric or private key!
    const { payload, protectedHeader } = await jose.jwtDecrypt(jwe, key2);

[panva]

is it possible to use a public key in jwtDecrypt?

No, that is not how these algorithms in JOSE are defined.