New post
Question
· Feb 17, 2023

Decrypting JWE - ERROR #9723: Unsupported JOSE algorithm: A256GCM

#Encryption #JSON #InterSystems IRIS

I have a compactJWE that I want to decrypt using a key. I read the key from a .pem file and create a JWK with "RSA-OAEP" algorithm. I have the code below in a routine (.mac) file.

decryptJWE
    #include %msql
    s file = ##class(%Stream.FileBinary).%New()
    s file.Filename = "mycert.pem"
    s rsaKey = file.Read($$$MaxLocalLength)
    zw rsaKey
    s compactJWE = "en.cry.pted.jwe"
    s jwk = ##class(%Net.JSON.JWK).%New()
    s jwkStatus = jwk.Create("RSA-OAEP", rsaKey , .privJWK, .pubJWK)
    zw jwkStatus

    s jwks = ##class(%Net.JSON.JWKS).%New()
    s jwksStatus = jwks.InitializeJWKS(.myJWKS)
    zw jwksStatus
    
    s jwksStatusPut = jwks.PutJWK(.privJWK, .myJWKS)
    zw jwksStatusPut
    
    s jwe = ##class(%Net.JSON.JWE).%New()
    s jweDecryptStatus = jwe.Decrypt(compactJWE, myJWKS, .plainTxt, .deTxt)
    zw jweDecryptStatus
    q

When I run it in the terminal, the previous status checks return "1" and I can also see the Objects, until the jwe.Decrypt part (jweDecryptStatus), where it returns "0" with the error message "ERROR #9723: Unsupported JOSE algorithm: A256GCM". The encrypted JWT comes from the other source, and I have no choice but to use the A256GCM algorithm. 

Please tell me if there is a way out, and don't hesitate to correct me if I'm wrong at any point. Thank you.

Product version: IRIS 2022.2
$ZV: IRIS for Windows (x86-64) 2022.2 (Build 368U) Fri Oct 21 2022 16:44:33 EDT
Discussion (1)1
Log in or sign up to continue
Vitaliy Serdtsev · Feb 20, 2023 
#include %occInclude

alg,algInfo

alg="RSA-OAEP","A256KW","A256CBC-HS512","A256GCM" {
  algInfo=##class(%Net.JSON.JWA).GetAlgInfo(alg)
  alg," = ",$s(algInfo'="":algInfo.%ToJSON(),1:$system.Status.GetErrorText($$$ERROR($$$UnsupportedJOSEAlg,alg))),!
}

Output:

RSA-OAEP = {"alg":"RSA-OAEP","kty":"RSA","use":"enc","key_ops":["wrapKey","unwrapKey"],"keysize":2048,"hashsize":0}
A256KW = {"alg":"A256KW","kty":"oct","use":"enc","key_ops":["wrapKey","unwrapKey"],"keysize":256,"hashsize":0}
A256CBC-HS512 = {"alg":"A256CBC-HS512","kty":"oct","use":"enc","key_ops":["encrypt","decrypt"],"keysize":256,"hashsize":512}
A256GCM = Error #9723: Unsupported JOSE algorithm: A256GCM

Since this algorithm is not supported, it remains either to try to modify the GetAlgInfo method or to work directly with the OpenSSL library or similar.

1 0