JWT signature verification fails with encryption

This topic has 7 replies, 4 voices, and was last updated 3 years, 2 months ago by pkesar15.

  • Author
    Posts
  • #19265
     pkesar15
    Participant

    Hi,

    I am encrypting the id_token using a base64 encoded X509 cert and getting signature verification failed for encrypted JWTs.
    Steps to reproduce:
    1. Create a realm, OIDC conf in realm, agent and get an id_token (Signed by OpenAM, by default)
    2. Verify the JWT (id_token) signature using corresponding public key of OpenAM- works!
    3. Encrypt the JWT by updating agent configuration:
    a. Check Enable ID Token Encryption
    b. Add a base64 encoded public key to Client ID Token Public Encryption Key (Public key generated as per steps in https://backstage.forgerock.com/docs/openam/13.5/admin-guide/#configure-oidc-encryption)
    4. Get an id_token and try to verify using public key in step 2- fails!
    I am using OpenAM 13.5. Any ideas will be helpful, thanks

    Cheers,
    Priya

    #19266
     Neil Madden
    Participant

    If you enable both signing and encryption then the ID token will first be signed and then encrypted (as per the OIDC spec). Therefore you will need to decrypt it using your private key before you can verify the signature.

    #19299
     pkesar15
    Participant

    Hi Neil,
    Thanks for your response and apologies for delay in follow up.
    As I understand, the JWT has three parts: header, payload and signature. When we encrypt the JWT, effectively the payload is encrypted. As I can see the payload, without decrypting, in clear text (using jwt.io to decode JWT)
    So, two questions:
    1. When you say decrypt and verify signature, you mean, I need to decrypt all three parts of JWT?
    2. Is there any public piece of code or online tool you are aware of, which I can use for decryption?
    Many thanks.
    Cheers,
    Priya

    #19332
     pkesar15
    Participant

    Correction to above statement:
    As I can see the header (not payload), without decrypting, in clear text (using jwt.io to decode JWT)

    Also, I am trying to explore the how alternatively OpenAM can pick public key of client for encryption. As per OIDC spec, the public key can be picked from: X.509 Cert, JWK, JWK_URI
    I could only find a way to use X.509 cert. Does OpenAM supports JWK and JWK_URI as well (It does to publish its own public keys for signing) for encryption?

    Cheers,
    Priya

    #19340
     Scott Heger
    Participant

    In an encrypted JWT the header is base64 encoded and the payload and signature are encrypted. The client uses the base64 decoded header information to know that what follows is encrypted and with what method and algorithm:

    {
      "typ": "JWT",
      "kid": "GkSBl5DAe0JppgudqH3OdZnUWb4=",
      "cty": "JWT",
      "enc": "A128CBC-HS256",
      "alg": "RSA1_5"
    }

    In this example the encryption method is “A128CBC-HS256” and the encryption algorithm is “RSA1_5”. That will match what you have set in your client profile.

    After base64 decoding the header the client would then decrypt the payload and signature and then verify the signature as Neil mentioned. I’m unaware of any online tools to test the decrypting of an encrypted JWT. If you find one, please share.

    #19351
     Andy Cory
    Participant

    @shegergmail-com, closest I’ve found was http://kjur.github.io/jsjws/tool_verifyanalyze.html, but I’ve never had a need to actually try it out, but it looked promising. There are various Java and/or JS libraries from which a competent developer (i.e. someone who is not me) could probably knock something up in less time than it took me to write this.

    -Andy

    #19360
     Scott Heger
    Participant

    Thanks @acorysmart421-com. I’ll check that out.

    #19412
     pkesar15
    Participant

    Thanks for response Andy and Scott.
    I checked out the tool, its works like jwt.io. It works well for decoding the JWT and verify signature using public keys. What I am looking for is, to decrypt the JWT and then verify the signature. We are trying to build that decryption logic at relying party.
    Also, I am still struggling to find if OpenAM can do JWT encryption by taking RP’s public key from a JWK_URI. As of now, I could get encrypted JWT if I pasted the RP’s public key in client profile under ‘Client ID Token Public Encryption Key’
    Let me know if you are aware of alternatives. Thanks.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?