I'm trying to reproduce a decoding of a JWE starting from jwt.io as an example and translating into code by using library jose4j
From site jwt.io I have the following:
HEADER:
{
"alg": "HS256"
}
PAYLOAD:
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}
VERIFY SIGNATURE:
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
Fdh9u8rINxfivbrianbbVT1u232VQBZYKx1HGAGPt2I
)
the secret base64 is not encoded.
Now I try to reproduce the situation with jose4j and then having as a result the same value on the encoded field, which is:
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.jOJ7G4oijaDk9Tr4ntAXczd6PlI4oVvBU0_5cf7oaz4
Then:
Key key = new HmacKey("Fdh9u8rINxfivbrianbbVT1u232VQBZYKx1HGAGPt2I".getBytes(StandardCharsets.UTF_8));
JsonWebEncryption jwe = new JsonWebEncryption();
String payload = Json.createObjectBuilder()
.add("sub", "1234567890")
.add("name", "John Doe")
.add("iat", "1516239022")
.build()
.toString();
jwe.setPayload(payload);
jwe.setHeader("alg", "HS256");
jwe.setKey(key);
String serializedJwe = jwe.getCompactSerialization();
System.out.println("Serialized Encrypted JWE: " + serializedJwe);
However I get this error:
org.jose4j.lang.InvalidAlgorithmException: HS256 is an unknown, unsupported or unavailable alg algorithm (not one of [RSA1_5, RSA-OAEP, RSA-OAEP-256, dir, A128KW, A192KW, A256KW, ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, A128GCMKW, A192GCMKW, A256GCMKW]).
HS256 is a JWS algorithm so you'd need to use
JsonWebSignaturerather thanJsonWebEncryptionto accomplish what it looks like you're trying to do.