JWEDecryptionFailed error when using docker

[federico-moretti]

Hello, I'm getting this error JWEDecryptionFailed when running some tests in the CI with the docker image node:16.13-alpine3.14 while I'm having no problem on my machine with node v16.10.0.

I don't exclude that there is something wrong with my encryption method (which I use only for the tests) but I'm pretty sure the decrypt is correct as I already asked here.

This is the encrypt method I'm using:

const privateKey = await importPKCS8(params.privateKey, 'ECDH-ES');
const jwt = await new SignJWT(params.body)
    .setProtectedHeader({ alg: 'ES256' })
    .setExpirationTime(params.expirationTime)
    .sign(privateKey);
const plaintext = Buffer.from(jwt);
return await new CompactEncrypt(plaintext)
    .setProtectedHeader({
        alg: 'ECDH-ES',
        enc: 'A256GCM'
    })
    .encrypt(privateKey);

The keys for the tests are these:

export const sshKeys = {
  privateKey:
    '-----BEGIN PRIVATE KEY-----\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgDWWQhKsBhXz/Nr8s\nTHJPwhW3Ma05i0IRg9xjJBs3pNuhRANCAAR84SJzhOkjOQgf7k9QPiG6yC5Awd9t\nAQNMmDqxX1pqs+0xhMfFT1lvV/Skvr/g5sMalElhCYx05JnXI8VOpTZi\n-----END PRIVATE KEY-----\n',
  publicKey:
    '-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfOEic4TpIzkIH+5PUD4husguQMHf\nbQEDTJg6sV9aarPtMYTHxU9Zb1f0pL6/4ObDGpRJYQmMdOSZ1yPFTqU2Yg==\n-----END PUBLIC KEY-----\n',
  certificate:
    '-----BEGIN CERTIFICATE-----\nMIIBXjCCAQSgAwIBAgIGAXvykuMKMAoGCCqGSM49BAMCMDYxNDAyBgNVBAMMK3Np\nQXBNOXpBdk1VaXhXVWVGaGtjZXg1NjJRRzFyQUhXaV96UlFQTVpQaG8wHhcNMjEw\nOTE3MDcwNTE3WhcNMjIwNzE0MDcwNTE3WjA2MTQwMgYDVQQDDCtzaUFwTTl6QXZN\nVWl4V1VlRmhrY2V4NTYyUUcxckFIV2lfelJRUE1aUGhvMFkwEwYHKoZIzj0CAQYI\nKoZIzj0DAQcDQgAE8PbPvCv5D5xBFHEZlBp/q5OEUymq7RIgWIi7tkl9aGSpYE35\nUH+kBKDnphJO3odpPZ5gvgKs2nwRWcrDnUjYLDAKBggqhkjOPQQDAgNIADBFAiEA\n1yyMTRe66MhEXID9+uVub7woMkNYd0LhSHwKSPMUUTkCIFQGsfm1ecXOpeGOufAh\nv+A1QWZMuTWqYt+uh/YSRNDn\n-----END CERTIFICATE-----',
};

Thank you for the help!

[panva]

Thank you for the help!

Don't know how I could be of help. Most likely your keys are just not set correctly.

[federico-moretti]

Is the encrypt function correct then?

What do you mean by "not set correctly"? How I generated the key or the actual keys that I use for the encrypt/decrypt?

Btw you are of great help and always available, so yeah, thank you anyway :)

[panva]

Please keep in mind you encrypt with a PUBLIC key and decrypt with a PRIVATE one and you should not use the same key for signing and encryption. The encrypt key being public vs private doesn't matter in node.js because it will extract the public key out of the private one but it would matter in web crypto api runtime.

What I mean by not set correctly is that you're likely not using the private key corresponding to the public one used for encryption. Probably because, from the looks of it, the different keys confuse you. Where in #360 you use private for decrypt and public for verify, here you would use public for encrypt and private to sign. Makes sense?

[federico-moretti]

Oh now I understand! I have to use use a private key to sing and decrypt, while I use a public key to verify and decrypt.

I still can't wrap my head around on what kind of keys I have to create to generate/decrypt correctly a JWE.
In the decrypt/verify I use a public SPKI key and a private PKCS8 key, does this mean that in the encrypt/sign I have to use a public PKCS8 and a private SPKI?

Do you know where I can find some clear information regarding this argument?

[panva]

does this mean that in the encrypt/sign I have to use a public PKCS8 and a private SPKI?

umm, no. public keys are SPKI encoded, private keys are PKCS#8 encoded.

Since this is so hard to grasp, what makes you use JWE in the first place?

[panva]

#112 #114

[federico-moretti]

Thanks @panva for the support, at the end I got this working using this steps:

# create jwt keys
openssl ecparam -name prime256v1 -genkey -noout -out private-ec.pem
openssl ec -in private-ec.pem -pubout -out public-ec.pem
openssl pkcs8 -topk8 -nocrypt -in private-ec.pem -out private-ec-pcks8.pem

# create jwe keys
openssl pkey -in private-okp.pem -pubout -out public-okp.pem
openssl genpkey -algorithm x25519 -out private-okp.pem

Encrypt:

const signKey = await importPKCS8(params.signKey, 'ES256');
const encryptKey = await importSPKI(params.encryptKey, 'ECDH-ES');

const jwt = await new SignJWT(params.body)
  .setProtectedHeader({ alg: 'ES256' })
  .setExpirationTime(params.expirationTime)
  .sign(signKey);
const plaintext = Buffer.from(jwt);
return await new CompactEncrypt(plaintext)
  .setProtectedHeader({ alg: 'ECDH-ES', enc: 'A128CBC-HS256', kid: 'PRA-OKP' })
  .encrypt(encryptKey);

Decrypt:

const verifyKey = await importSPKI(params.verifyKey, 'ES256');
const decryptKey = await importPKCS8(params.decryptKey, 'ECDH-ES');

const jweDecrypted = await compactDecrypt(params.token, decryptKey, { keyManagementAlgorithms: ['ECDH-ES'] });
const { payload } = await jwtVerify(jweDecrypted.plaintext, verifyKey, { algorithms: ['ES256'] });
return payload as JWTPayload & T;

It seems that everything match up correctly and works fine. The only thing that makes me wonder is why changing the enc in the setProtectedHeader between A256GCM and A128CBC-HS256 has not impact on the result.

Again thank you for the support and patience!