I'm having a hard time authenticating a token using a x5c. (MS OAuth/Azure) Using jsonwebtoken in Rust.
Below is the code...
// Trying to isolate the problem by only checking the signature.
let validation_config = jsonwebtoken::Validation {
algorithms: vec![jsonwebtoken::Algorithm::RS256],
leeway: 0,
validate_exp: false,
validate_iat: false,
validate_nbf: false,
aud: None,
iss: None,
sub: None
};
let token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIn...";
let x5c_cert = "MIIDBTCCAe2gAwIBAgIQKOfEJNDyDplBSXKYcM...";
let raw_der = base64::decode_config(der, base64::STANDARD).unwrap();
let d = jsonwebtoken::decode::<MsOAuthPayload>(&token, &raw_der, &validation_config);
The above always returns InvalidSignature.
RS265 is the correct algo.
The cert is correct. I tried it on jwt.io by adding a BEGIN/END cert and it validates fine.
I used openssl to convert the BEGIN/END pem to DER and the bytes match up from the base 64 decode.
The key URL is: https://login.microsoftonline.com/common/discovery/v2.0/keys but my specific tenant returns the same keys.
Anyone have some insight on what I'm doing wrong here?
Thanks
EDIT: Minimal working example here. https://pastebin.com/RqqRaKkU
Related
I have a header, payload, and a public/private key. I can plug these all into JWT.io and it works as expected, but I'm struggling how to use these same variables with a node library like jsonwebtoken or other similar options. They seem to take a secret and sign a payload as far as I can see, which doesn't seem to line up with my inputs. I need to dynamically generate this token request so I must have the function in Node.
Thanks for any tips.
Have a look at the jsonwebtoken NPM package, which offers amongst other methods, a sign method:
var jwt = require('jsonwebtoken');
var privateKey = fs.readFileSync('private.key');
var payload = { foo: 'bar' };
var token = jwt.sign(payload, privateKey, { algorithm: 'RS256' });
As #jps has pointed out, you need the private key to sign and the public key to verify.
The header will be automatically generated and will include both properties (alg and typ) you have mentioned in your comment. You can add additional properties by passing them in the options.header parameter.
I'm struggling how to use these same variables with a node library
import * as jose from 'jose';
const privateKey = await jose.importPKCS8(privateKeyPEM); // private key just like on jwt.io
const jwt = await new jose.SignJWT(payload) // payload just like on jwt.io
.setProtectedHeader(header) // header just like on jwt.io
.sign(privateKey);
Of course there's more to be discovered if you need it.
I am trying to encrypt a value on my server with a private key to store it on the client within an httpOnly cookie.
I am having trouble with the encryption/decryption lifecycle
function encrypt(input) {
const encryptedData = crypto.privateEncrypt(
privateKey,
Buffer.from(input)
)
return encryptedData.toString('base64')
}
function decrypt(input) {
const decryptedData = crypto.privateDecrypt(
{ key: privateKey },
Buffer.from(input, 'base64'),
)
return decryptedData.toString()
}
const enc = encrypt('something moderately secret')
const dec = decrypt(enc)
console.log(dec) // 'something moderately secret'
However the crypto.privateDecrypt function is throwing with
Error: error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error
Side question, is it safe to reuse the same private key the server uses to sign JWTs. It's an rsa key generated using ssh-keygen -t rsa -b 4096 -m PEM -f RS256.key
So, you don't use crypto.privateEncrypt() with crypto.privateDecrypt(). That's not how they work. Those functions are for asymmetric encryption, not for symmetric encryption. You use either of these two pairs:
crypto.publicEncrypt() ==> crypto.privateDescrypt()
crypto.privateEncrypt() ==> crypto.publicDecrypt()
So, that's why you're getting the error you're getting. The nodejs doc for crypto.privateDecript() says this:
Decrypts buffer with privateKey. buffer was previously encrypted using the corresponding public key, for example using crypto.publicEncrypt().
If what you really want is symmetric encryption, there are a bunch of options in the crypto module for that. There are some examples shown here: https://www.section.io/engineering-education/data-encryption-and-decryption-in-node-js-using-crypto/ and https://fireship.io/lessons/node-crypto-examples/#symmetric-encryption-in-nodejs.
In short : the token generated using below code gives the correct headers and payload(when I paste the generated token in JWT.io).
It only works when I insert the secret and press the secret encoded checkbox in jwt.io. After that I get valid token.
But var token = jwt.sign(payload, privateKEY, signOptions); this step should do the same thing I guess.
My code.
var jwt = require('jsonwebtoken');
var payload = {
"userId" : 'YYYYYYYYYYYYYYYYYYYYYYY',
"iat" : new Date().getTime(),
};
var signOptions = {
algorithm: "HS512"
};
var privateKEY = 'XXXXXXXXXXXXXXXXXXXXXXXX';
var token = jwt.sign(payload, privateKEY, signOptions);
console.log("Token :" + token);
This gives me an invalid token but when i paste that token in jwt.io I get the correct Headers and Payload.
And if I insert my secret and press the checkbox I get the correct token.
What I am I doing wrong. Thanks
When you check the checkbox on jwt.io, it base64 decodes your secret. Since you don't base64 encode your secret in your code, you shouldn't check that box on jwt.io. Both tokens are correct, but for different secrets. If you want the same token that you got from jwt.io with the box checked, you can use this:
var decodedSecret = Buffer.from(privateKEY, 'base64');
Then use that to sign your token instead of privateKEY. However, this doesn't really make sense, as your key isn't base64 encoded to begin with.
I'm using node-jose v0.11.0 (https://www.npmjs.com/package/node-jose) for JWK and JWE operations. I have an RSA key in JWK format that I can load into a JWK key store and also extract again. However, when I try to encrypt anything, I get into the "error2", "unsupported algorithm". How is it possible that RSA is an unsupported algorithm?
import * as jose from "node-jose";
const webkey = {
"keys": [
{
"kty": "RSA",
"e": "AQAB",
"kid": "a024254d-0321-459f-9530-93020ce9d54a",
"key_ops": [
"encrypt"
],
"n": "jkHgYN98dlR2w7NX-gekCWaCdbxs7X4XXh52DVQrK--krwUYqRbBIUEw1bV8KX0ox6TLt-e6wpYsYYFUItSd5ySqohHRMq1IhyE2zpEC95BA9V7VrFUYnczf1bd5c-aR079aoz5JPXfqx01TzNfxWBb04SlRjsmJeY1v6JrDUI5U0FSOmnJTb3tSS6Szrvi_qOyViYp4v9V2_OVYy45kF_LQQy-pr-kP4gapXL235cieeTW6UvkhzaPT2D-JKyzVjjjgnfRXr8Ox9I9c4wpef2-5nPPeafB5EnOMpJE11KzO_8xxiTGUywPPLQagBvY35gkhQbYS2dv3NGIVSLZHFw"
}
]
};
console.log("webkey", webkey);
//generate key store from public JWK
jose.JWK.asKeyStore(webkey)
.then((result) => {
console.log("Key Store", JSON.stringify(result.toJSON()));
let keyStore = result;
//get the key to encrypt
const encryptionKey: jose.JWK.Key = keyStore.get(webkey.keys[0].kid);
const output = jose.util.base64url.encode("Hello World");
const output2 = jose.util.asBuffer(output);
//encrypting content
jose.JWE.createEncrypt(encryptionKey)
.update(output2)
.final()
.then((jweInGeneralSerialization) => {
console.log("Encryption result", JSON.stringify(jweInGeneralSerialization));
}, (error) => {
console.log("error2", error.message);
});
}, (error) => {
console.log("error1", error.message);
})
The output is as follows:
'webkey', Object{keys: [Object{kty: ..., e: ..., kid: ..., key_ops: ..., n: ...}]}
'Key Store', '{"keys":[{"kty":"RSA","kid":"a024254d-0321-459f-9530-93020ce9d54a","key_ops":["encrypt"],"e":"AQAB","n":"jkHgYN98dlR2w7NX-gekCWaCdbxs7X4XXh52DVQrK--krwUYqRbBIUEw1bV8KX0ox6TLt-e6wpYsYYFUItSd5ySqohHRMq1IhyE2zpEC95BA9V7VrFUYnczf1bd5c-aR079aoz5JPXfqx01TzNfxWBb04SlRjsmJeY1v6JrDUI5U0FSOmnJTb3tSS6Szrvi_qOyViYp4v9V2_OVYy45kF_LQQy-pr-kP4gapXL235cieeTW6UvkhzaPT2D-JKyzVjjjgnfRXr8Ox9I9c4wpef2-5nPPeafB5EnOMpJE11KzO_8xxiTGUywPPLQagBvY35gkhQbYS2dv3NGIVSLZHFw"}]}'
'error2', 'unsupported algorithm'
Update
I digged around a bit in the actual code and found in "basekey.js" that the error is thrown because the algorithms of the library are empty.
Object.defineProperty(this, "encrypt", {
value: function(alg, data, props) {
// validate appropriateness
if (this.algorithms("encrypt").indexOf(alg) === -1) {
console.log("Algorithm USED", alg
);
console.log("All algorithms", this.algorithms("encrypt"))
return Promise.reject(new Error("unsupported algorithm"));
}
The output here is:
'Algorithm USED', 'A128CBC-HS256'
'All algorithms', []
I have an example that I added to another question:
node-jose explanation / example?
I used node-jose in a research proof, for a reflection of my c# code, I only created signed and Encrypted tokens for decryption and verification, on my server ( written in c#).
I need to use symetric secret key or asymetric public private key pair
?
I used RSA keys for Asymmetric signatures and key wrapping the Symmetric encryption details of the content. The Encryption algorithm for content encryption is a Symmetric one. The node-jose package generated the Symmetric key. The Key Wrap algorithm encrypted the Symmetric key.
The C# code I have decrypts and validates the token signature. Please note: I used the functions of the package to do all the work.
Here are my runkit notebooks for my workups:
for signing (JWS) https://runkit.com/archeon2/5bd66a8e7ee3b70012ec2e39
for encrypting (JWE) https://runkit.com/archeon2/5bd6736ff36b39001313262a
In my final, I combined the two, creating a signed token, then used the output as the payload for the encrypted one (JWS + JWE). I was successful using the c# server code in decrypting, and validating the created tokens.
JWS + JWE : https://runkit.com/archeon2/jws-jwe-integration
How i need to generate and where i need to store keys in my server
node app to then allow me to sign and verify my tokens ?
var store = jose.JWK.createKeyStore();
await store.generate("RSA",2048,{alg:"RS256", key_ops:["sign", "decrypt", "unwrap"]});
lkey = (await store.get());
var key = lkey.toJSON(); //get public key to exchange
key.use = "sig";
key.key_ops=["encrypt","verify", "wrap"];
var pubKey = await jose.JWK.asKey(key);
key = null;
The Keystore can be serialized to JSON, so my concept would be to store this in Session Storage, or Local storage in a browser. Then retrieve the JSON representation and read in the Keystore.
var store= await jose.JWK.asKeyStore({"keys":[{"kty":"RSA","kid":"h9VHWShTfENF6xwjF3FR_b-9k1MvBvl3gnWnthV0Slk","alg":"RS256","key_ops":["sign","decrypt","unwrap"],"e":"AQAB","n":"l61fUp2hM3QxbFKk182yI5wTtiVS-g4ZxB4SXiY70sn23TalKT_01bgFElICexBXYVBwEndp6Gq60fCbaBeqTEyRvVbIlPlelCIhtYtL32iHvkkh2cXUgrQOscLGBm-8aWVtZE3HrtO-lu23qAoV7cGDU0UkX9z2QgQVmvT0JYxFsxHEYuWBOiWSGcBCgH10GWj40QBryhCPVtkqxBE3CCi9qjMFRaDqUg6kLqY8f0jtpY9ebgYWOmc1m_ujh7K6EDdsdn3D_QHfwtXtPi0ydEWu7pj1vq5AqacOd7AQzs4sWaTmMrpD9Ux43SVHbXK0UUkN5z3hcy6utysiBjqOwQ","d":"AVCHWvfyxbdkFkRBGX225Ygcw59fMLuejYyVLCu4qQMHGLO4irr7LD8EDDyZuOdTWoyP7BkM2e7S367uKeDKoQ6o1LND2cavgykokaI7bhxB0OxhVrnYNanJ1tCRVszxHRi78fqamHFNXZGB3fr4Za8frEEVJ5-KotfWOBmXZBvnoXbYbFXsKuaGo121AUCcEzFCGwuft75kPawzNjcdKhItfFrYh45OQLIO08W0fr_ByhxzWMU7yFUCELHSX5-4GT8ssq1dtvVgY2G14PbT67aYWJ2V571aSxM8DTwHrnB9tI8btbkXWt9JyVoQq13wDdo5fVN-c_5t07HBIaPoAQ","p":"8nLGa9_bRnke1w4paNCMjpdJ--eOUpZYbqEa8jnbsiaSWFwxZiOzUakIcpJ3iO0Bl28JEcdVbo7DE7mZ4M3BkOtm577cNuuK8243L7-k1a71X_ko2mQ3yF4rG2PzWAH_5P4wca1uk0Jj3PmhbkXDI6f_btm1X7Vw_U1K6jRhNbE","q":"oCe94Bed1Wzh-xgNq0hz52Z6WLf9eQlNxLzBbYkpLc_bGj9vMeGNO10qdxhWPi8ClkW9h5gBiFEk2s6aEWYRvIoZjrMYXD7xzyTNC5zcsikjNhM3FVj-kVdqUJy25o9uqgn2IwTvQr5WSKuxz37ZSnItEqK5SEgpCpjwEju_XhE","dp":"jAe2ir-0ijOSmGtZh2xMgl7nIFNRZGnpkZwDUDwSpAabJ-W3smKUQ2n5sxLdb3xUGv7KojYbJcvW6CGeurScQ_NycA9QaXgJvSe_QBjUP4bZuiDSc7DGdzfMdfl4pzAgeEZH_KBK6UrDGvIjRumMF6AEbCXaF_lX1TU7O6IdM0E","dq":"fDU2OjS2sQ5n2IAYIc3oLf-5RVM0nwlLKhil_xiQOjppF9s4lrvx96dSxti2EjYNUJQ34JBQJ_OenJ_8tx-tA8cq-RQHAYvDp75H1AjM1NO4vjh60PCbRgdAqdJQu1FkJzXgkdpC4UWSz3txRJaBWQ5hzIEtJ1Tnl5NzJQD3crE","qi":"3EoKqhKh5mwVGldSjwUGX7xnfQIfkQ4IETsQZh9jcfOFlf9f8rT2qnJ7eeJoXWlm5jwMnsTZAMg4l3rUlbYmCdg10zGA5PDadnRoCnSgMBF87d0mVYXxM1p2C-JmLJjqKhJObr3wndhvBXUImo_jV6aHismwkUjc1gSx_b3ajyU"},{"kty":"RSA","kid":"h9VHWShTfENF6xwjF3FR_b-9k1MvBvl3gnWnthV0Slk","use":"verify","alg":"RS256","key_ops":["encrypt","verify","wrap"],"e":"AQAB","n":"l61fUp2hM3QxbFKk182yI5wTtiVS-g4ZxB4SXiY70sn23TalKT_01bgFElICexBXYVBwEndp6Gq60fCbaBeqTEyRvVbIlPlelCIhtYtL32iHvkkh2cXUgrQOscLGBm-8aWVtZE3HrtO-lu23qAoV7cGDU0UkX9z2QgQVmvT0JYxFsxHEYuWBOiWSGcBCgH10GWj40QBryhCPVtkqxBE3CCi9qjMFRaDqUg6kLqY8f0jtpY9ebgYWOmc1m_ujh7K6EDdsdn3D_QHfwtXtPi0ydEWu7pj1vq5AqacOd7AQzs4sWaTmMrpD9Ux43SVHbXK0UUkN5z3hcy6utysiBjqOwQ","use":"sig"}]});
How can i know which one use between OCT, EC, RSA etc ?
For this, the need your token serves may dictate this. I needed the receiver to be the one who could see the contents, so I chose RSA, for Asymmetric keys. Forgery is a bit harder.
These notebooks are somewhat a work in progress. Please review with care, as this is my interpretation and how I worked out what I needed. My hope is that they give some guidance.
In implementing an oauth2 stack utilizing passport and oauth2orize, in this case the issue is specifically in utilizing the oauth2orize jwt bearer. The oauth2orize jwt bearer is great in getting everything going, however it has the RSA SHA pieces marked as to do.
In attempting to put in the pieces for the RSA SHA encryption handling, I cannot get the signature to verify as verifier.verify always seems to return false. If anyone has cleared this hurdle, a little help would be super.
What I've done:
Created the private / public keys:
openssl genrsa -out private.pem 1024
//extract public key
openssl rsa -in private.pem -out public.pem -outform PEM -pubout
now the data to sign:
{"alg":"RS256","typ":"JWT"}{"iss": "myclient"}
I've tried multiple ways as to how to sign this, too many to list here, but my understanding of the correct signature is to sign the bas64 encoding of these items, so i ran base64 on {"alg":"RS256","typ":"JWT"} and base64 on {"iss": "myclient"} then ran base64 on those encodings. So the result is:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9
eyJpc3MiOiAibXljbGllbnQifQ
then encode:
{eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9}.{eyJpc3MiOiAibXljbGllbnQifQ}
which gives me:
e2V5SmhiR2NpT2lKU1V6STFOaUlzSW5SNWNDSTZJa3BYVkNKOX0ue2V5SnBjM01pT2lBaWJYbGpiR2xsYm5RaWZRfQ
At this point I sign the above base64 by doing:
openssl sha -sha256 -sign priv.pem < signThis > signedData
Then I run base64 on that to get the data to pass into the signature part of the assertion.
I then pass in the object:
{
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
"assertion": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiAibXljbGllbnQifQ.signedData"
}
now in the code base I have:
var crypto = require('crypto')
, fs = require('fs')
, pub = fs.readFileSync('/path/to/pub.pem')
, verifier = crypto.createVerify("RSA-SHA256");
verifier.update(JSON.stringify(data));
var result = verifier.verify(pub, signature, 'base64');
console.log('vf: ', result);
however, result is always false.
I do properly receive the data, the signature variable in the code is a match for what I'm passing in, I just always receive false and have exhausted all options I can think of on how to tweak this to get verifier.verify to return true. Thank you for the time and help!
I am not sure if this is exactly what you were looking for, but this will successfully create a JWT in a google api fashion using jwt-simple (which uses crypto and such):
var fs = require('fs')
, jwt = require('jwt-simple')
, keypath = '/path/to/your.pem'
, secret = fs.readFileSync( keypath, { encoding: 'ascii' })
, now = Date.now()
, payload = {
scope: 'https://www.googleapis.com/auth/<service>',
iss : '<iss_id>#developer.gserviceaccount.com',
aud : 'https://accounts.google.com/o/oauth2/token',
iat : now,
exp : now+3600
}
, token = jwt.encode( payload, secret, 'RS256' )
, decoded = jwt.decode( token, secret, 'RS256' );
console.log( token );
console.log( decoded );
I think this code sample is completely unsecure. If you look at the latest JWT code, it doesn't event use the secret on your decode call.
https://github.com/hokaccha/node-jwt-simple/blob/master/lib/jwt.js
It basically just decodes the second segment and returns it which means anyone could have changed the value and its not verified.