Decrypt JWE with jose4j - 'RSA1_5' is not a permitted algorithm

206 views Asked by At

I am trying to decrypt a JWE using jose4j. However, I stated in the title I encountered the said error.

Questions then are:

  1. Does the jose4j library does not support that said algorithm?
  2. If #1 is not true, is there a way around it?
  3. If #1 is true, is there other library I should be using instead?

Below is the exact error message

    Exception in thread "main" org.jose4j.lang.InvalidAlgorithmException: 'RSA1_5' is not a permitted algorithm.
    at org.jose4j.jwa.AlgorithmConstraints.checkConstraint(AlgorithmConstraints.java:80)
    at org.jose4j.jwe.JsonWebEncryption.getKeyManagementModeAlgorithm(JsonWebEncryption.java:172)
    at org.jose4j.jwe.JsonWebEncryption.getKeyManagementModeAlgorithm(JsonWebEncryption.java:159)
    at org.jose4j.jwe.JsonWebEncryption.decrypt(JsonWebEncryption.java:244)
    at org.jose4j.jwe.JsonWebEncryption.getPlaintextBytes(JsonWebEncryption.java:96)
    at org.jose4j.jwe.JsonWebEncryption.getPlaintextString(JsonWebEncryption.java:89)
String input = "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiUlNBMV81In0.oGr_d4RGBPZ_e_YHRQft7Y1ZNtSuN38SI0_atkT7PH0qzk108UjHd0qTxcBKOeKwo2q5dbYePog57r5OWQQaDfTFBdsUNebm7jzq8MEJRzOgeE7IQKI7kasOLl3Hh-NkqSIF2k2BZJs0HMjVrXB4PMVBSnNPDNwDTmxVUncjWL0JE4y-KdWs2bXLPqkNjsjf9tWYmTyVLMeKRqnPaHaE9mpn5Lkx8QICPggtvB_jA-B_-ZvHjZmQCslIvxucgO6iJg-9E5d3_NLkA425webh4G6V91B2t1He6UO3jv2Yh2wWvpkNCgM-xDqyYk8mvxBpkfqihISZOPJRdk6VOEnX4A.l9QqgShp_69MKm-YQhM0Fw.VhfTxavzPmZOFKdiUZaxnQhXcPGZeuqC7rX5eWWGUMwkOMR_sdZjKAESAN2kbfj_55ELO_Y8cN1MWAUHFFD6VUPpwictOw_KoUZylT5KRxN0_seltNdeE2jYK1NlHjfdpe9WZ-TFPQOYLV3oX3r-utx2uMq0B1zPLkihfmyupWP49CzI5O4hD5Hstjwb0h79x702wJEMFsvZ8BJawTUkJHVohmadQvc7fikd6J3WpDeC8PdZPQOkLuXPb5azShvKwGPycIVsURo07VJRTiL3FpNDmw_MQKFoJDro9uWSfrbZV96gcRHaj-Tm-xXQuHUehim0TVG_zlLGJDPHDQBAzJX5Tdlzs65gK98ma5gaaQFXRXcnETgVKqOrazN3uFvaX198j4NJwIsDfQL2QXHpGdWbunfBQA5EwMllT-kOWDa3I-6EiD2drYOTYyXHRbXwBwbOkXSZCC_IRCsSwKeE7KkFtpLwlyxs1Sut3YLbapVRXT43OCmU4wrVK48sZ4SzMUcjrMqAixZ_EvZr6gVHCj9q7Wq2b2yKcVnn4P21Kq2y5mD6POoDYz5_FSGj7jHwlp8FAOg-DxyOmADWdOdSJ5YCR0nVfqg8WdlH_xqBWCS2DptNiRlC9Q5CY-ECqgUqiZmfiu61F1OlG_1QQvWQtxWfywRm7mLgEz0dkCI2fBskbCCSUGH07jvfYKtq2dBJAYAni3Ga6-pwm7jhsWl2kYXxuksBSFSlUWnOPSQsroVtbY0TyJov8F6KlJfqplRYPuKG25MWXbfXF_J53Civ3J_fGtFMRVQLwmS9MPLccWLHm50YhxIV1u6iyXGRg6ANdtoeqmN3TAUCj96R4s0LTQkzjUG0gt1XiPeL26ipbGqDryBkSHcsC4JUz5kQPNiC.T88i20YLQyoaCqG1mKrB4w0";
        String keyStorePW = "password";
        String keyStore = "PFX.pfx";
        String partnerCert = "partnerCert.crt";

        KeyStore ks = KeyStore.getInstance("PKCS12");
        ks.load(new FileInputStream(keyStore), keyStorePW.toCharArray());
        String alias = ks.aliases().nextElement();
        PrivateKey privKey = (PrivateKey)ks.getKey(alias, keyStorePW.toCharArray());
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        FileInputStream fis = new FileInputStream(new File(partnerCert));
        X509Certificate signVerifyCert = (X509Certificate) certificateFactory.generateCertificate(fis);
        PublicKey pubKey = signVerifyCert.getPublicKey();

        JsonWebEncryption receiverJwe = new JsonWebEncryption();

         receiverJwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.RSA1_5);
         receiverJwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256);

         receiverJwe.setCompactSerialization(input);
         receiverJwe.setKey(privKey);

         String decrypted = receiverJwe.getPlaintextString();
         JsonWebSignature jwsignature = new JsonWebSignature();
         jwsignature.setKey(pubKey);
         jwsignature.setCompactSerialization(decrypted);
         String decryptedJson = receiverJwe.getPayload();

        System.out.println("Decrypted: \n"+decryptedJson);
1

There are 1 answers

0
Topaco On

RSA1_5 specifies RSAES-PKCS1-v1_5 (see RFC 7518, sec. 4.1), which is disabled by default as of version jose4j-0.9.3, see Release Notes, jose4j-0.9.3 - February 8, 2023.

RSA1_5 can be enabled with:

import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
...
JsonWebEncryption receiverJwe = new JsonWebEncryption();
receiverJwe.setAlgorithmConstraints(new AlgorithmConstraints(ConstraintType.PERMIT, KeyManagementAlgorithmIdentifiers.RSA1_5)); // Fix!
...

Background: RSAES-PKCS1-v1_5 is an older padding scheme for RSA that has a number of vulnerabilities (see e.g. here). For this reason, it is disabled by default (or even not supported at all) by some libraries. The alternative is the more modern RSAES-OAEP, s. RFC 8017.