Hi,
I have the following sample code that generates compact encoded output:
@Test
public void testShortFormatEncodingExample() throws Exception {
InputStream publicKeyStream = getClass().getResourceAsStream("test.pem");
byte[] pemKey = IOUtils.toByteArray(publicKeyStream);
PEMReader pemReader = new PEMReader(new InputStreamReader(new
ByteArrayInputStream(pemKey)));
KeyPair keyPair = (KeyPair) pemReader.readObject();
PublicKey publicKey = keyPair.getPublic();
JweEncryptionProvider encrypter =
JweUtils.createJweEncryptionProvider(publicKey, KeyAlgorithm.RSA_OAEP_256,
ContentAlgorithm.A128GCM, null);
String encrypted = encrypter.encrypt(CONTENT.getBytes(StandardCharsets.UTF_8),
null);
System.out.println(encrypted);
}
And it is generating an output similar to:
eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4R0NNIn0.RWG-
90nILhlBELaC7HANazRS5OAqoJV5lzMYX_96ZGCuWLWNR7xxuVyr6
uYkTPyesPHfJ4Byye47a5RLuLtCIi85LPECswJ7ADboXgyMyk_rJy4_B
xVEwjmnWhzOImlBbtHoQBLE8vPAs9DkHmt5cWMpWojkKmsXrjOOz
hSP85FdalmQlC5rifgPUkNkSP3zTsAokJofIw93D17Q8jYQx5ByCaAXb
5Ygla5xvKn8JNnkWNNqrSmsPQe2NuPBq-csKGDjFOIFlHhE7s2n68H
682tsLXD3wcGDd-ywTxMcTzp_MOJRMe-x67FzDNFEVRcHKDtI3ULv
aHuw65A9d24o6A.1J7oFaJkZCgPQwtt.bW6rEcGb9I7V13iEiQ.as6_TZ
ia3dCP9pQoOGymfA
I wanted to convert this to generate JWE JSON output, but the example on
http://cxf.apache.org/docs/jax-rs-jose.html#JAX-RSJOSE-JWEJSON as well as the
test cases in org.apache.cxf.rs.security.jose.jwe.JweJsonProducerTest are a
little bit confusing to me.
Basically in the example code in
http://cxf.apache.org/docs/jax-rs-jose.html#JAX-RSJOSE-JWEJSON:
1. What do WRAPPER_BYTES1 and WRAPPER_BYTES2 represent? Are they public keys
for two different recipients? Why are they so short (i.e. 16 bytes each)? A
public key that I am using for testing purposes is about 280 bytes as reported
by java.security.publicKey.getEncoded().length. What are wrapperKey1 and
wrapperKey2 representing?
final String text = "The true sign of intelligence is not knowledge but
imagination.";
SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES");
SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES");
If I have two java.security.PublicKey objects, how can I convert them to the
form expected by CryptoUtils.createSecretKeySpec?
2. What is the purpose of JsonWebKeysUrls? Why we didn't need it in the compact
form? Is it mandatory?
3. What is the purpose of
sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(KeyAlgorithm.A128KW);?
Aren't the keys encrypted with the public keys of the recipients (i.e.
wrapperKey1 and wrapperKey2)?
4. Ideally I was hoping for an API like this:
public String encrypt(String payload, List<PublicKey> publicKeys) {
}
Where payload is the content that I need to be encrypted and publicKeys
contains public keys of recipients.
The example on http://cxf.apache.org/docs/jax-rs-jose.html#JAX-RSJOSE-JWEJSON
is confusing and as it is not compilable a, makes understanding it even more
difficult.
Thanks in advance.
